Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RogueKiller can not Initialize


  • This topic is locked This topic is locked
12 replies to this topic

#1 ortsas

ortsas

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 27 July 2015 - 09:56 PM

Dears,
 
I have been having a problem with what I think is a Malware infection on my laptop.
 
Yesterday my office programs hangs every several minutes. After searching for some informations on bleepingcomputer I tried to install MBAM and run it.
MBAM found so many malwares, but after that the problem changes.
 
Several of the problems are : Can not connect to network printer, can not connect to outlook mail servers, WIndows Firewall Snap-in Unavailable, Windows Update can not update.
Now I think I have the same symptoms with this post : http://www.bleepingcomputer.com/forums/t/538170/usps-malware-email-opened-and-infected/
 
I tried the suggestion there to download RogueKiller but the software initialization would not run.
 
It is like this one : http://forum.adlice.com/index.php?topic=416.0
 
I tried the solution there to no avail.
 
Can you advise me on how should I proceed next?
 
Thanks a lot!

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17909 BrowserJavaVersion: 11.51.2
Run by ortsas at 10:06:40 on 2015-07-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.62.1033.18.7980.4452 [GMT 7:00]
.
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2015\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files (x86)\netcut\services\AIPS.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\Operation Technology Inc\Etap License Manager 1260\Etapslmt.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Windows\system32\hasplms.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
C:\Windows\system32\NA_Service.exe
C:\Program Files (x86)\Common Files\Schneider Electric Shared\NetmanageServer\4.1\NetmanageServerService.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\ExpressGateUtil\VAWinService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\ortsas\AppData\Local\Dropbox\Update\DropboxUpdate.exe
C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\Dual Smart Solution.exe
C:\Program Files (x86)\DENT\ELOG\ELOGLauncher.exe
C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\TestDDCCI.exe
C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\TestDDCCI.exe
C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\SmartHookTestApp.exe
C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Windows\WebCam\S6000\S6000Mnt.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\ExpressGateUtil\VAWinAgent.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Schneider Electric Shared\Sesu\SUSchedl.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
C:\Program Files (x86)\Common Files\Schneider Electric Shared\NetmanageServer\4.1\PD-NetmanageServer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Inetpub\wwwroot\broadweb\WARTCommunication\WARTCommunicationKeep.exe
C:\WebAccess\Node\webvrpcs.exe
C:\Users\ortsas\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Inetpub\wwwroot\broadweb\WARTCommunication\WARTCommunication.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\WebAccess\Node\webvkeep.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AcroDist.exe
C:\Users\ortsas\AppData\Local\Temp\nsiA71A.tmp\PEV.DAT
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
EB: Web Test Recorder 10.0: {5802D092-1784-4908-8CDB-99B6842D353D} -
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [DIMDownloading your update...1300677038363] "c:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X5\Programs\DIM.exe" "c:\programdata\corel\downloads\540215253_610005\1300677038363\dim_params.xml" -Launch=3 -uibase="c:\users\ortsas\appdata\roaming\corel\messages\540215253_610005\en\messagecache1\workflow"
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Dropbox Update] "C:\Users\ortsas\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
uRun: [KakaoTalk] "C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe" -bystartup
uRun: [GoogleChromeAutoLaunch_002FF7390138F758DDE58B996EE49616] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [RemoteControl9] "C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
mRun: [S6000Mnt] C:\Windows\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [SessionLogon] C:\ExpressGateUtil\SessionLogon.exe
mRun: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe
mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [SESoftwareUpdateScheduler] C:\Program Files (x86)\Common Files\Schneider Electric Shared\Sesu\SUSchedl.exe
mRun: [BrStsInd00] C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe /AUTORUN
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\ortsas\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\ortsas\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\ortsas\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - D:\Installer\GoogleCal_v2.2\GoogleCal_v2.2\GoogleCal.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DUALSM~1.LNK - C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\Dual Smart Solution.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ELOG14~1.LNK - C:\Program Files (x86)\DENT\ELOG\ELOGLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WARTCO~1.LNK - C:\Windows\Installer\{C6FA94C1-146F-4E7B-8400-826171B37D11}\_4E77DDAAF669B2509B2FA1.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WEBACC~1.LNK - C:\WebAccess\Node\webvrpcs.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
DPF: {99C709C7-4F58-46C1-855B-90213C760395} - hxxps://v3d.kcp.co.kr/file/kcp_ansimclick.cab
DPF: {E42F7FEB-DE20-43F4-A342-47F1DA77F667} - hxxps://pgdownload.uplus.co.kr/lguplus/XPayPlugin_3.0.0.2.cab
DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxps://www.vpay.co.kr/kvpfiles_new/KVPISPCTLD_VISTA64.cab
DPF: {EBB503D5-1482-4D4C-A2D7-F498FE8A8684} - hxxps://pgdownload.uplus.co.kr/dacom/IssacWebProCMS_4_5_0_10_oovi.cab
TCP: NameServer = 61.247.0.133 61.247.0.130 202.73.99.4
TCP: Interfaces\{19A4F18C-B93A-4F22-AA56-D8E35FA47A2B} : DHCPNameServer = 61.247.0.133 61.247.0.130 202.73.99.4
TCP: Interfaces\{19A4F18C-B93A-4F22-AA56-D8E35FA47A2B}\7433F533338343 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{19A4F18C-B93A-4F22-AA56-D8E35FA47A2B}\750535D244F6E676C656 : DHCPNameServer = 192.168.100.10
TCP: Interfaces\{19A4F18C-B93A-4F22-AA56-D8E35FA47A2B}\96C6361607964716E6F6 : DHCPNameServer = 192.168.50.1
TCP: Interfaces\{19A4F18C-B93A-4F22-AA56-D8E35FA47A2B}\B6F6E66756273796 : DHCPNameServer = 167.205.23.1 167.205.22.123
TCP: Interfaces\{19A4F18C-B93A-4F22-AA56-D8E35FA47A2B}\C696E6B6379737 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [BoxSync] "C:\Program Files\Box\Box Sync\BoxSync.exe" -m
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 mpa.one.microsoft.com
Hosts: 127.0.0.1 sls.microsoft.com
Hosts: 127.0.0.1 genuine.microsoft.com
Hosts: 127.0.0.1 wat.microsoft.com
Hosts: 127.0.0.1 mpa.microsoft.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ortsas\AppData\Roaming\Mozilla\Firefox\Profiles\xw8di0rq.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: network.proxy.ftp - cache.itb.ac.id
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - cache.itb.ac.id
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - cache.itb.ac.id
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - cache.itb.ac.id
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 1
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\npaosmgr.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll
FF - plugin: C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll
FF - plugin: C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll
FF - plugin: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\initech\INISAFE SandBox V1\npSandBox.10052.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\WideLine\Easykeytec v2.0\npEZKeytecPlugin.dll
FF - plugin: C:\Program Files (x86)\WideLine\Easykeytec v2.0\npEZKeytecPlugins.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files (x86)\Wizvera\Veraport20\npveraport20.dll
FF - plugin: C:\Program Files\QVision\V3\npnetdvrv3.dll
FF - plugin: C:\Users\ortsas\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0AB9084F-0EF8-499a-A461-DE46D3C4A45B}\plugins\npCrossWeb.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2015-5-12 253408]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2015-5-7 378336]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2015-6-10 226784]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2015-3-20 40928]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2015-6-26 31376]
R1 AMonTDLH;AMonTDLH;C:\Windows\System32\drivers\AmonTDLh.sys [2015-1-13 118072]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2015-3-11 162784]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2015-6-26 293296]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2015-6-16 259040]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2015-5-12 281568]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-9-13 283064]
R2 AIPS;Arp Intelligent Protection Service;C:\Program Files (x86)\netcut\services\aips.exe [2015-7-25 262144]
R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2015-5-27 91784]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2015-6-30 3518376]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2015-6-30 314304]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-5-1 1394816]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-5-1 1772672]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
R2 Etaps LMService;Etaps Lic Mgr;C:\Program Files\Operation Technology Inc\Etap License Manager 1260\Etapslmt.exe [2014-3-3 4110336]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-1-24 1148560]
R2 hasplms;Sentinel LDK License Manager;C:\Windows\System32\hasplms.exe -run --> C:\Windows\System32\hasplms.exe -run [?]
R2 NA_Service;NetAccess Service;C:\Windows\System32\NA_Service.exe [2012-6-6 105472]
R2 Netmanage Server Service;Netmanage Server Service;C:\Program Files (x86)\Common Files\Schneider Electric Shared\NetmanageServer\4.1\NetmanageServerService.exe [2014-4-3 38648]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-9-23 1701520]
R2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [2015-4-27 145448]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-6-26 410768]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-4-17 13832]
R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-17 134928]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-1-1 2314240]
R2 VideAceWindowsService;VideAceWindowsService;C:\ExpressGateUtil\VAWinService.exe [2010-8-21 77312]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2014-9-13 282112]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2009-7-1 52264]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-1-1 35104]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-7-21 129024]
R3 EZSocketGOT;EZSocketGOT;C:\Windows\System32\drivers\EZSocketGOT.sys [2014-12-15 254976]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-1-1 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-27 158976]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-3-4 75816]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2015-1-24 38032]
R3 S6000KNT;S6000KNT_WebCam Driver;C:\Windows\System32\drivers\S6000KNT.sys [2010-5-13 190464]
S2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2011-1-1 379520]
S2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-5-29 77128]
S2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-9-23 19823248]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S2 SoMachineBasicGateway;SoMachine BASIC Gateway;C:\Program Files (x86)\Schneider Electric\SoMachine Basic\SchneiderElectric.SoMachineBasic.GatewayWindowsService.exe [2014-11-8 31992]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2010-5-3 44032]
S3 AndnetBus;LGE Mobile USB Composite Device;C:\Windows\System32\drivers\lgandnetbus64.sys [2014-5-8 19456]
S3 AndNetDiag;LGE AndroidNet USB Serial Port;C:\Windows\System32\drivers\lgandnetdiag64.sys [2014-3-28 29184]
S3 ANDNetModem;LGE AndroidNet USB Modem;C:\Windows\System32\drivers\lgandnetmodem64.sys [2014-3-28 36352]
S3 BoxSyncUpdateService;Box Sync Update Service;C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [2015-3-23 28696]
S3 CdmDrvNt;CdmDrvNt;C:\Windows\System32\drivers\CdmDrvNt.sys [2015-1-13 25656]
S3 CH341SER_A64;CH341SER_A64;C:\Windows\System32\drivers\CH341S64.SYS [2009-6-2 58368]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-9-18 110336]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2015-6-5 1315592]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2015-7-9 58056]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2014-3-31 1512640]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-7-22 114688]
S3 libusb0;libusb-win32 - Kernel Driver 01/17/2012 1.2.6.0;C:\Windows\System32\drivers\libusb0.sys [2014-10-10 52472]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-4-9 289256]
S3 MfFWEnt;MfFWEnt;C:\Program Files\AhnLab\ASP\MyFirewall 4.0\mffwent.sys [2015-1-13 127224]
S3 MfIPSEnt;MfIPSEnt;C:\Program Files\AhnLab\ASP\MyFirewall 4.0\mfipsent.sys [2015-1-13 156408]
S3 mxuwdrv2;MOXA UPort 1110/1130/1150 Windows Driver;C:\Windows\System32\drivers\mxuwdrv2.sys [2015-6-21 83480]
S3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-9-23 19600]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-1 178824]
S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2011-1-1 332272]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2014-11-15 19152]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2014-11-15 12504]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-9-20 19456]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-11 56832]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-9-18 206080]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-9-20 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-9-20 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2015-4-30 23200]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2015-4-3 441512]
.
=============== Created Last 30 ================
.
2015-07-28 02:35:26 -------- d-----w- C:\ProgramData\RogueKiller
2015-07-28 02:34:30 -------- d-----w- C:\Program Files\RogueKiller
2015-07-28 02:22:25 -------- d-----w- C:\Windows\SysWow64\BestPractices
2015-07-28 02:22:23 -------- d-----w- C:\Windows\System32\BestPractices
2015-07-28 01:58:07 84480 ----a-w- C:\Windows\System32\BrNetSti.dll
2015-07-27 17:30:51 -------- d-----w- C:\ProgramData\Malwarebytes
2015-07-27 09:54:11 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft
2015-07-27 09:48:44 -------- d-----w- C:\Program Files\Microsoft Analysis Services
2015-07-27 09:48:44 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2015-07-27 08:32:53 -------- d-----w- C:\Users\ortsas\AppData\Local\ElevatedDiagnostics
2015-07-26 22:17:34 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2015-07-26 10:48:36 97888 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-07-26 10:46:48 -------- d-----w- C:\ProgramData\Oracle
2015-07-26 05:08:24 -------- d-----w- C:\Program Files (x86)\predm
2015-07-26 04:45:17 -------- d-----w- C:\Program Files (x86)\22976246-f06d-4938-951c-73a2a3c08577
2015-07-26 04:44:56 -------- d-----w- C:\Users\ortsas\AppData\Local\globalUpdate
2015-07-26 04:44:56 -------- d-----w- C:\Program Files (x86)\globalUpdate
2015-07-26 04:39:11 -------- d-----w- C:\Users\ortsas\AppData\Local\Opera Software
2015-07-26 04:39:09 -------- d-----w- C:\Users\ortsas\AppData\Roaming\Opera Software
2015-07-26 04:37:15 -------- d-----w- C:\Users\ortsas\AppData\Roaming\RPEng
2015-07-26 04:36:39 -------- d-----w- C:\Users\ortsas\AppData\Roaming\DVDVideoSoft
2015-07-26 04:27:52 -------- d-----w- C:\Users\ortsas\AppData\Roaming\DesktopIconGoodgame
2015-07-25 03:28:07 389120 ----a-w- C:\Windows\SysWow64\actskn43.ocx
2015-07-25 03:28:06 -------- d-----w- C:\Program Files (x86)\netcut
2015-07-24 07:53:43 -------- d-----w- C:\Users\ortsas\AppData\Local\calibre-cache
2015-07-24 07:25:29 -------- d-----w- C:\Users\ortsas\AppData\Roaming\calibre
2015-07-24 07:24:38 -------- d-----w- C:\Program Files (x86)\Calibre2
2015-07-24 05:41:17 48648 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2015-07-22 03:48:01 -------- d-----w- C:\Users\ortsas\AppData\Local\CEF
2015-07-22 02:15:59 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-07-22 02:14:15 3180544 ----a-w- C:\Windows\System32\rdpcorets.dll
2015-07-22 02:14:15 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2015-07-22 02:09:34 729088 ----a-w- C:\Windows\System32\kerberos.dll
2015-07-22 02:08:51 2087424 ----a-w- C:\Windows\System32\ole32.dll
2015-07-22 02:08:50 1414656 ----a-w- C:\Windows\SysWow64\ole32.dll
2015-07-22 02:00:34 765440 ----a-w- C:\Windows\System32\invagent.dll
2015-07-22 02:00:34 726528 ----a-w- C:\Windows\System32\generaltel.dll
2015-07-22 02:00:34 67584 ----a-w- C:\Windows\System32\acmigration.dll
2015-07-22 02:00:34 433664 ----a-w- C:\Windows\System32\devinv.dll
2015-07-22 02:00:34 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-07-22 02:00:34 17856 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2015-07-22 02:00:34 1145856 ----a-w- C:\Windows\System32\aeinv.dll
2015-07-22 02:00:34 1085440 ----a-w- C:\Windows\System32\appraiser.dll
2015-07-15 09:36:52 48648 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2015-07-14 14:31:21 -------- d-----w- C:\Program Files (x86)\iTunes
2015-07-14 14:31:20 -------- d-----w- C:\Program Files\iPod
2015-07-14 14:31:18 -------- d-----w- C:\Program Files\iTunes
2015-07-09 17:59:59 -------- d-----w- C:\ProgramData\PreEmptive Solutions
2015-07-09 17:29:45 -------- d-----w- C:\ProgramData\VS
2015-07-09 14:19:18 -------- d-----w- C:\Users\ortsas\AppData\Local\GWX
2015-07-09 12:38:55 73064 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2015-07-09 12:38:55 109416 ----a-w- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2015-07-09 12:38:55 105832 ----a-w- C:\Windows\System32\SQSRVRES.DLL
2015-07-09 12:21:23 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-07-09 12:21:23 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-07-09 11:20:44 82944 ----a-w- C:\Windows\System32\dwmapi.dll
2015-07-09 11:20:44 67584 ----a-w- C:\Windows\SysWow64\dwmapi.dll
2015-07-09 11:20:44 1632768 ----a-w- C:\Windows\System32\dwmcore.dll
2015-07-09 11:20:44 1372160 ----a-w- C:\Windows\SysWow64\dwmcore.dll
2015-07-09 11:20:11 193536 ----a-w- C:\Windows\System32\aepic.dll
2015-07-09 11:18:33 188416 ----a-w- C:\Windows\System32\cryptsvc.dll
2015-07-09 11:18:33 143872 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2015-07-09 11:18:33 1174528 ----a-w- C:\Windows\SysWow64\crypt32.dll
2015-07-09 11:18:32 229376 ----a-w- C:\Windows\System32\wintrust.dll
2015-07-09 11:18:32 179200 ----a-w- C:\Windows\SysWow64\wintrust.dll
2015-07-09 11:18:32 1480192 ----a-w- C:\Windows\System32\crypt32.dll
2015-07-09 11:18:32 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2015-07-09 11:18:32 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2015-07-09 11:17:34 493504 ----a-w- C:\Windows\System32\mcupdate_GenuineIntel.dll
2015-07-09 11:15:02 460800 ----a-w- C:\Windows\System32\certcli.dll
2015-07-09 11:15:02 342016 ----a-w- C:\Windows\SysWow64\certcli.dll
2015-07-09 11:13:42 1647104 ----a-w- C:\Windows\System32\DWrite.dll
2015-07-09 11:11:16 2543104 ----a-w- C:\Windows\System32\wpdshext.dll
2015-07-09 11:11:16 2311168 ----a-w- C:\Windows\SysWow64\wpdshext.dll
2015-07-09 11:11:16 1195008 ----a-w- C:\Windows\System32\drivers\UMDF\WpdMtpDr.dll
2015-07-09 11:10:52 633856 ----a-w- C:\Windows\System32\comctl32.dll
2015-07-09 11:10:52 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2015-07-09 11:07:01 192000 ----a-w- C:\Windows\System32\iisRtl.dll
2015-07-09 11:07:00 55296 ----a-w- C:\Windows\System32\admwprox.dll
2015-07-09 11:07:00 154624 ----a-w- C:\Windows\SysWow64\iisRtl.dll
2015-07-09 11:06:59 50688 ----a-w- C:\Windows\SysWow64\admwprox.dll
2015-07-09 11:06:58 8192 ----a-w- C:\Windows\SysWow64\iisrstap.dll
2015-07-09 11:06:58 60928 ----a-w- C:\Windows\System32\ahadmin.dll
2015-07-09 11:06:58 26624 ----a-w- C:\Windows\SysWow64\ahadmin.dll
2015-07-09 11:06:58 16896 ----a-w- C:\Windows\System32\iisreset.exe
2015-07-09 11:06:58 15360 ----a-w- C:\Windows\SysWow64\iisreset.exe
2015-07-09 11:06:58 14848 ----a-w- C:\Windows\System32\wamregps.dll
2015-07-09 11:06:58 11264 ----a-w- C:\Windows\System32\iisrstap.dll
2015-07-09 11:06:58 10752 ----a-w- C:\Windows\SysWow64\wamregps.dll
2015-07-09 11:06:20 328704 ----a-w- C:\Windows\System32\services.exe
2015-07-09 11:05:29 72192 ----a-w- C:\Windows\System32\aelupsvc.dll
2015-07-09 11:05:29 342016 ----a-w- C:\Windows\System32\apphelp.dll
2015-07-09 11:05:29 295936 ----a-w- C:\Windows\SysWow64\apphelp.dll
2015-07-09 11:05:28 6656 ----a-w- C:\Windows\System32\shimeng.dll
2015-07-09 11:05:28 5120 ----a-w- C:\Windows\SysWow64\shimeng.dll
2015-07-09 11:05:28 23552 ----a-w- C:\Windows\System32\sdbinst.exe
2015-07-09 11:05:28 20992 ----a-w- C:\Windows\SysWow64\sdbinst.exe
2015-07-09 11:05:15 142336 ----a-w- C:\Windows\System32\poqexec.exe
2015-07-09 11:05:15 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2015-07-09 11:05:09 69888 ----a-w- C:\Windows\System32\drivers\stream.sys
2015-07-09 09:38:15 -------- d-----w- C:\ProgramData\Siemens
2015-07-09 08:29:59 98304 ----a-w- C:\Windows\SysWow64\LGProtocolEngine.dll
2015-07-09 08:29:59 49152 ----a-w- C:\Windows\SysWow64\LGErrorHandler.dll
2015-07-09 08:29:59 196608 ----a-w- C:\Windows\SysWow64\LGDeviceManager.dll
2015-07-09 08:29:59 122880 ----a-w- C:\Windows\SysWow64\LGMonitorDDCCISDK.dll
2015-07-09 08:29:59 10752 ----a-w- C:\Windows\SysWow64\LGPII2CDriver.sys
2015-07-09 08:29:56 16384 ----a-w- C:\Windows\SysWow64\LGI2CDriver.sys
2015-07-09 08:29:09 -------- d-----w- C:\Program Files (x86)\LG Soft India Pvt Ltd
2015-07-09 08:29:00 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2015-07-09 08:29:00 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2015-07-09 08:29:00 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2015-07-09 08:29:00 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2015-07-09 08:29:00 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2015-07-09 08:28:55 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2015-07-09 08:28:55 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2015-07-09 07:45:46 -------- d-----w- C:\Windows\en
2015-07-09 07:45:12 -------- d-----w- C:\Windows\ko
2015-07-09 07:42:07 58056 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2015-07-09 07:41:13 24288 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2015-07-09 07:37:45 6081224 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\cce9bb501d0ba1906\onedrivesetup.exe
2015-07-09 07:37:45 -------- d-----w- C:\Program Files (x86)\Microsoft OneDrive
2015-07-09 07:37:44 -------- d-----r- C:\Users\ortsas\OneDrive
2015-07-09 07:37:23 -------- d-----w- C:\ProgramData\Microsoft OneDrive
2015-07-09 07:35:14 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c9aecf851d0ba1904\DSETUP.dll
2015-07-09 07:35:14 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c9aecf851d0ba1904\DXSETUP.exe
2015-07-09 07:35:14 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c9aecf851d0ba1904\dsetup32.dll
2015-07-09 07:35:10 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c66eb3861d0ba1903\DSETUP.dll
2015-07-09 07:35:10 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c66eb3861d0ba1903\DXSETUP.exe
2015-07-09 07:35:10 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c66eb3861d0ba1903\dsetup32.dll
2015-07-09 07:34:59 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c1c628a01d0ba1901\DSETUP.dll
2015-07-09 07:34:59 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c1c628a01d0ba1901\DXSETUP.exe
2015-07-09 07:34:59 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c1c628a01d0ba1901\dsetup32.dll
2015-07-07 01:20:08 -------- d-----w- C:\Users\ortsas\AppData\Local\Kakao
2015-07-07 01:19:15 -------- d-----w- C:\Program Files (x86)\Kakao
2015-07-05 08:08:05 -------- d-----w- C:\Users\ortsas\AppData\Local\Cyberlink
2015-07-02 02:59:55 -------- d-----w- C:\Users\ortsas\AppData\Local\WPS
2015-07-02 02:59:55 -------- d-----w- C:\Program Files (x86)\WPS
2015-07-02 02:02:14 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2015-07-02 02:02:14 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2015-07-02 02:02:14 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2015-07-02 02:02:14 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2015-07-02 02:02:14 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2015-07-02 02:02:14 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2015-07-02 02:02:14 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2015-07-02 02:02:14 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2015-07-02 02:02:14 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2015-07-02 02:02:14 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2015-06-29 06:38:26 -------- d-----w- C:\CCProxy
.
==================== Find3M ====================
.
2015-07-15 04:21:53 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-07-15 04:21:53 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-15 03:19:54 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-07-15 03:19:50 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-07-15 03:19:46 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-07-15 03:19:45 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-07-15 02:55:37 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-07-15 02:55:35 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-07-15 02:55:32 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-07-15 02:54:33 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-07-15 01:59:42 372224 ----a-w- C:\Windows\System32\atmfd.dll
2015-07-15 01:52:35 299008 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-07-09 17:58:56 192000 ----a-w- C:\Windows\System32\wuwebv.dll
2015-07-09 17:58:55 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-07-09 17:58:55 3154944 ----a-w- C:\Windows\System32\wucltux.dll
2015-07-09 17:58:34 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-07-09 17:58:25 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-07-09 17:58:20 37376 ----a-w- C:\Windows\System32\wuapp.exe
2015-07-09 17:43:25 93184 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-07-09 17:43:25 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-07-09 17:42:47 34816 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-07-02 21:08:53 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-07-02 20:40:34 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-07-01 20:56:03 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-07-01 20:56:03 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-07-01 20:49:53 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-07-01 20:49:47 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-07-01 20:49:45 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-07-01 20:49:45 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-07-01 20:49:42 342016 ----a-w- C:\Windows\System32\schannel.dll
2015-07-01 20:49:42 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-07-01 20:49:41 1216512 ----a-w- C:\Windows\System32\rpcrt4.dll
2015-07-01 20:49:23 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2015-07-01 20:49:22 315392 ----a-w- C:\Windows\System32\msv1_0.dll
2015-07-01 20:49:11 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2015-07-01 20:48:34 44032 ----a-w- C:\Windows\System32\cryptbase.dll
2015-07-01 20:48:34 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-07-01 20:47:38 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-07-01 20:47:18 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-07-01 20:43:51 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-07-01 20:43:37 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-07-01 20:39:24 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-07-01 20:30:43 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-07-01 20:30:40 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-07-01 20:30:37 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-07-01 20:30:37 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-07-01 20:30:33 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-07-01 20:30:32 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-07-01 20:30:27 552960 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-07-01 20:30:21 36864 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2015-07-01 20:30:21 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-07-01 20:29:46 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-07-01 20:29:34 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-07-01 20:29:34 665088 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2015-07-01 20:27:04 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-07-01 20:26:52 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-07-01 20:24:59 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-07-01 19:27:34 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2015-07-01 19:26:43 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2015-07-01 19:26:37 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2015-06-27 02:47:11 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-06-27 02:43:26 5923840 ----a-w- C:\Windows\System32\jscript9.dll
2015-06-27 01:58:17 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-06-27 01:39:37 4520448 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-06-26 02:49:10 293296 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2015-06-25 08:57:44 3207168 ----a-w- C:\Windows\System32\win32k.sys
2015-06-20 20:06:50 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-06-20 19:49:17 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-06-20 19:49:09 417792 ----a-w- C:\Windows\System32\html.iec
2015-06-20 19:49:08 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-06-20 19:48:29 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-06-20 19:34:46 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-06-20 19:34:45 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-06-20 19:25:28 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-06-20 19:13:07 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-06-20 18:46:53 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-06-20 18:46:48 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-06-20 18:26:01 2427392 ----a-w- C:\Windows\System32\wininet.dll
2015-06-19 18:25:41 504320 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-06-19 18:25:35 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-06-19 18:24:43 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-06-19 18:24:27 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-06-19 18:23:26 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-06-19 18:13:10 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-06-19 17:57:45 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-06-19 17:40:04 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-06-19 17:39:13 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-06-19 17:15:43 1951232 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-06-17 17:47:05 404992 ----a-w- C:\Windows\System32\gdi32.dll
2015-06-17 17:37:03 312320 ----a-w- C:\Windows\SysWow64\gdi32.dll
2015-06-17 06:48:17 937616 ----a-w- C:\Windows\System32\nvvsvc.exe
2015-06-17 06:48:16 74896 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2015-06-17 06:48:16 62792 ----a-w- C:\Windows\System32\nvshext.dll
2015-06-17 06:48:16 385168 ----a-w- C:\Windows\System32\nvmctray.dll
2015-06-17 06:48:16 2558792 ----a-w- C:\Windows\System32\nvsvcr.dll
2015-06-17 06:48:16 1059472 ----a-w- C:\Windows\System32\nv3dappshext.dll
2015-06-17 06:48:15 6873232 ----a-w- C:\Windows\System32\nvcpl.dll
2015-06-17 06:48:15 3492168 ----a-w- C:\Windows\System32\nvsvc64.dll
2015-06-17 06:03:11 571024 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2015-06-16 17:23:50 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
.
============= FINISH: 10:07:27,90 ===============

This is the DDS report....

Edited by quietman7, 28 July 2015 - 05:16 AM.
Moved from A/V software to 'Virus, trojan, etc. logs'


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:06 PM

Posted 30 July 2015 - 10:00 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Wait for further instructions.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:06 PM

Posted 04 August 2015 - 08:28 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:06 PM

Posted 05 August 2015 - 01:05 PM

This topic has been re-opened at the request of the person who originally posted.

#5 ortsas

ortsas
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 06 August 2015 - 10:41 AM

I attach the logs of the Farbar and AdwCleaner

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:06 PM

Posted 06 August 2015 - 01:36 PM

This file is problematic.
C:\Windows\AutoKMS\AutoKMS.exe

Did you install it.?
http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_programs/what-is-autokmsexe/40e0a42e-316c-41ac-b4c5-38e4a3de4a09

If not then it's malware.
https://www.virustotal.com/en/analisis//file/f54d1cfc816e1a78d2c4edfe85a2d14064dfb796a3f7e67f8420a7b29219a3e3/analysis/

Stop the process and delete the folder in bold.
C:\Windows\AutoKMS

Run the Farbar tool one more time and post a fresh FRST log for my review.

Include also the Addition.txt file that was created the first time your ran the Farbar tool.

#7 ortsas

ortsas
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 09 August 2015 - 06:45 AM

I will try to do that. Is there any other suspicious files?



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:06 PM

Posted 09 August 2015 - 07:39 AM

Run the Farbar tool as requested. I will check it.

Let me know of any issues.

Edited by nasdaq, 09 August 2015 - 07:40 AM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:06 PM

Posted 15 August 2015 - 08:41 AM

Are you still with me?

#10 ortsas

ortsas
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 15 August 2015 - 10:40 PM

Dear nasdaq,
 
Yes I'm still here. Now I am able to run roguekiller but I still got some problems when browsing. Sometimes it gave me some advertising pop ups when I click on something. I attach my roguekiller txt report here.
 
Thanks,
Fajar

 

Attached File  20150816.txt   6.88KB   1 downloads



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:06 PM

Posted 16 August 2015 - 08:12 AM


Do you still need the proxy to connect to this network?

http://imrenagi.com/connecting-the-phone-to-itb-network/
===

This tool has been revised. Please delete you version, download and run the new one.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:06 PM

Posted 22 August 2015 - 10:06 AM

Are you still with me?

#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:06 PM

Posted 28 August 2015 - 07:17 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users