Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

some sites are redirecting


  • This topic is locked This topic is locked
41 replies to this topic

#1 hatemalware2

hatemalware2

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 12 March 2016 - 06:09 AM

Hello

Some of sites are redirecting to this domain goodmayor.com

 

Please guide me to remove this malware

 

Regards



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:02 AM

Posted 12 March 2016 - 06:45 AM

Hello hatemalware2 and Welcome to the BleepingComputer. :welcome:
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
---------------------------------------------------------------------------------------------------------
 
Please do the following.
 
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure the following option is checked: addition.png
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Sincerely  . :hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 hatemalware2

hatemalware2
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 12 March 2016 - 07:05 AM

Hi Yilmaz

 

Here is logs :

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by tony (administrator) on TONY-B4DA82999C (12-03-2016 15:35:35)
Running from C:\Documents and Settings\tony.TONY-B4DA82999C\Desktop
Loaded Profiles: tony (Available Profiles: tony & Administrator & Guest)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\WINDOWS.0\system32\smss.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\csrss.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\winlogon.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\services.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\lsass.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
() C:\WINDOWS.0\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS.0\system32\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\spoolsv.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(AnchorFree Inc.) C:\Program Files\Hotspot Shield\bin\cmw_srv.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\wbem\wmiprvse.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\alg.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\wbem\wmiprvse.exe
(Microsoft Corporation) C:\WINDOWS.0\explorer.exe
(Dell Inc.) C:\WINDOWS.0\system32\WLTRAY.EXE
(Intel Corporation) C:\WINDOWS.0\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS.0\system32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS.0\system32\igfxpers.exe
(Logitech Inc.) C:\Program Files\Common Files\Logitech\QCDriver\LVComS.exe
(Dell Inc) C:\Program Files\Dell\QuickSet\quickset.exe
(SigmaTel, Inc.) C:\WINDOWS.0\stsystra.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(iSkySoft) C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Astrill) C:\Program Files\Astrill\astrill.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\ctfmon.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\wbem\unsecapp.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Astrill) C:\Program Files\Astrill\ASProxy.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\sndvol32.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\wscntfy.exe
(Farbar) C:\Documents and Settings\tony.TONY-B4DA82999C\Desktop\FRST (4).exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS.0\system32\WLTRAY.exe [1384448 2006-06-23] (Dell Inc.)
HKLM\...\Run: [igfxtray] => C:\WINDOWS.0\system32\igfxtray.exe [98304 2005-12-14] (Intel Corporation)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS.0\system32\hkcmd.exe [77824 2005-12-14] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS.0\system32\igfxpers.exe [118784 2005-12-14] (Intel Corporation)
HKLM\...\Run: [LVCOMS] => C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE [98304 2001-09-24] (Logitech Inc.)
HKLM\...\Run: [Dell QuickSet] => C:\Program Files\Dell\QuickSet\quickset.exe [1032192 2006-08-04] (Dell Inc)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\WINDOWS.0\stsystra.exe [282624 2006-03-24] (SigmaTel, Inc.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS.0\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2000896 2014-04-04] (iSkySoft)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7137664 2016-03-09] (AVAST Software)
HKLM\...\Winlogon: [Userinit] C:\WINDOWS.0\system32\userinit.exe,
HKLM\...\Winlogon: [UIHost] C:\WINDOWS.0\system32\logonui.exe [514560 2008-04-14] (Microsoft Corporation)
Winlogon\Notify\crypt32chain: C:\WINDOWS.0\system32\crypt32.dll [2013-10-07] (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS.0\system32\cryptnet.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS.0\system32\cscdll.dll [2012-10-10] (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS.0\System32\dimsntfy.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS.0\system32\igfxdev.dll [2005-12-14] (Intel Corporation)
Winlogon\Notify\ScCertProp: C:\WINDOWS.0\system32\wlnotify.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINDOWS.0\system32\wlnotify.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINDOWS.0\system32\sclgntfy.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINDOWS.0\system32\WlNotify.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINDOWS.0\system32\wlnotify.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\wlballoon: C:\WINDOWS.0\system32\wlnotify.dll [2008-04-14] (Microsoft Corporation)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS.0\System32\logon.scr [220672 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS.0\System32\logon.scr [220672 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-776561741-1343024091-1606980848-1003\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-776561741-1343024091-1606980848-1003\...\Run: [KiesPDLR] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-07-25] (Samsung)
HKU\S-1-5-21-776561741-1343024091-1606980848-1003\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
HKU\S-1-5-21-776561741-1343024091-1606980848-1003\...\Run: [Astrill] => C:\Program Files\Astrill\astrill.exe [5160472 2014-12-12] (Astrill)
HKU\S-1-5-21-776561741-1343024091-1606980848-1003\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [94208 2005-12-16] (Nero AG)
HKU\S-1-5-21-776561741-1343024091-1606980848-1003\...\Run: [ctfmon.exe] => C:\WINDOWS.0\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-776561741-1343024091-1606980848-1003\...\Run: [ToolwizCareFree] => C:\Program Files\ToolwizCareFree\ToolwizCares.exe [5274328 2016-02-24] (Toolwiz)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS.0\system32\logon.scr [220672 2008-04-14] (Microsoft Corporation)
AppInit_DLLs: C:\WINDOWS.0\Jaksta\AC\x86\jaudcap.dll => C:\WINDOWS.0\Jaksta\AC\x86\jaudcap.dll [264992 2015-03-19] (Jaksta Technologies Pty Ltd)
SecurityProviders: msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-02-16] (AVAST Software)
ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\sfShellTools.dll [2009-09-01] (SmartSoft Ltd)
Startup: C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\Bluetooth.lnk [2014-08-02]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\Bluetooth.lnk [2014-08-02]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Documents and Settings\Tony\Start Menu\Programs\Startup\Adobe Gamma.lnk [2013-12-30]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 01 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog5 02 C:\WINDOWS.0\system32\winrnr.dll [16896 2008-04-14] (Microsoft Corporation)
Winsock: Catalog5 03 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 01 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 02 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 03 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 04 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 05 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 06 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 07 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 08 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 09 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 10 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 11 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 12 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 13 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 14 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 15 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 16 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 17 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 18 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 19 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 20 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 21 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 22 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 23 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 24 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 25 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 26 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 27 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 28 C:\WINDOWS.0\system32\rsvpsp.dll [92672 2008-04-14] (Microsoft Corporation)
Winsock: Catalog9 29 C:\WINDOWS.0\system32\rsvpsp.dll [92672 2008-04-14] (Microsoft Corporation)
Tcpip\..\Interfaces\{26E173B9-CC9C-42D2-B61F-AEA81FB9D986}: [NameServer] 46.143.233.2,217.218.155.155
Tcpip\..\Interfaces\{E100D932-1262-48ED-ACC4-690178F8D811}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-776561741-1343024091-1606980848-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-776561741-1343024091-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm
HKU\S-1-5-21-776561741-1343024091-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-776561741-1343024091-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKU\S-1-5-21-776561741-1343024091-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-776561741-1343024091-1606980848-1003 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-776561741-1343024091-1606980848-1003 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: IDMIEHlprObj Class -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2010-11-03] (Tonec Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-12-01] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-16] (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-12-01] (Oracle Corporation)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\Mozilla\Firefox\Profiles\pppsxktn.default-1450795932312
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS.0\system32\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-11] ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-12-01] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2010-11-05] (Yahoo! Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Extension: Astrill Proxy Switcher - C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\Mozilla\Firefox\Profiles\pppsxktn.default-1450795932312\Extensions\addon@astrill.com [2015-12-23] [not signed]
FF Extension: Video DownloadHelper - C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\Mozilla\Firefox\Profiles\pppsxktn.default-1450795932312\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-12-22]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-04-01] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-16]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-16]
FF HKU\S-1-5-21-776561741-1343024091-1606980848-1003\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\IDM\idmmzcc3
FF Extension: IDM CC - C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\IDM\idmmzcc3 [2014-08-02] [not signed]
FF HKU\S-1-5-21-776561741-1343024091-1606980848-1003\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\IDM\idmmzcc3
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\48.0.2564.116\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-09]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-17]
CHR Extension: (JavaScript Popup Blocker) - C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hiajdlfgbgnnjakkbnpdhmhfhklkbiol [2016-03-07]
CHR Extension: (Popup Blocker Pro) - C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kiodaajmphnkcajieajajinghpejdjai [2016-03-07]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Facebook Themes (Facebook Theme Gallery)) - C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\phejagnmddcjhjblnacgmejghffmhjfp [2015-08-30]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-16]
StartMenuInternet: old_chrome.exe - C:\Program Files\Google\Chrome\Application\old_chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS.0\system32\Macromed\Flash\FlashPlayerUpdateService.exe [269504 2016-03-11] (Adobe Systems Incorporated)
S4 Alerter; C:\WINDOWS.0\system32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation) [File not signed]
R3 ALG; C:\WINDOWS.0\System32\alg.exe [44544 2008-04-14] (Microsoft Corporation) [File not signed]
S3 AppMgmt; C:\WINDOWS.0\System32\appmgmts.dll [167936 2008-04-14] (Microsoft Corporation) [File not signed]
S3 ASOVPNHelper; C:\Program Files\Astrill\ASOvpnSvc.exe [434016 2014-09-08] (Astrill)
S3 aspnet_state; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [34312 2008-07-25] (Microsoft Corporation)
R3 ASProxy; C:\Program Files\Astrill\ASProxy.exe [2169368 2014-11-16] (Astrill)
R2 AudioSrv; C:\WINDOWS.0\System32\audiosrv.dll [42496 2008-04-14] (Microsoft Corporation) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-16] (AVAST Software)
R2 BITS; C:\WINDOWS.0\system32\qmgr.dll [409088 2008-04-14] (Microsoft Corporation) [File not signed]
S2 Browser; C:\WINDOWS.0\System32\browser.dll [78336 2012-10-10] (Microsoft Corporation)
R2 btwdins; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [266295 2006-05-25] (Broadcom Corporation.) [File not signed]
S3 CiSvc; C:\WINDOWS.0\system32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation) [File not signed]
S3 ClipSrv; C:\WINDOWS.0\system32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation) [File not signed]
S3 clr_optimization_v2.0.50727_32; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [69632 2008-07-25] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_32; C:\WINDOWS.0\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384 2010-03-18] (Microsoft Corporation)
R2 CryptSvc; C:\WINDOWS.0\System32\cryptsvc.dll [62464 2008-04-14] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\WINDOWS.0\system32\rpcss.dll [401408 2012-10-10] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\WINDOWS.0\System32\dhcpcsvc.dll [126976 2012-10-10] (Microsoft Corporation) [File not signed]
S3 dmadmin; C:\WINDOWS.0\System32\dmadmin.exe [224768 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
R2 dmserver; C:\WINDOWS.0\System32\dmserver.dll [23552 2008-04-14] (Microsoft Corp.) [File not signed]
R2 Dnscache; C:\WINDOWS.0\System32\dnsrslvr.dll [45568 2012-10-10] (Microsoft Corporation)
S3 Dot3svc; C:\WINDOWS.0\System32\dot3svc.dll [132096 2012-10-10] (Microsoft Corporation) [File not signed]
S3 EapHost; C:\WINDOWS.0\System32\eapsvc.dll [33792 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ERSvc; C:\WINDOWS.0\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Eventlog; C:\WINDOWS.0\system32\services.exe [110592 2012-10-10] (Microsoft Corporation) [File not signed]
R3 EventSystem; C:\WINDOWS.0\system32\es.dll [253952 2012-10-10] (Microsoft Corporation) [File not signed]
R3 FastUserSwitchingCompatibility; C:\WINDOWS.0\System32\shsvcs.dll [135168 2012-10-10] (Microsoft Corporation) [File not signed]
S3 FontCache3.0.0.0; C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [46104 2008-07-29] (Microsoft Corporation)
R2 helpsvc; C:\WINDOWS.0\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation) [File not signed]
R2 HidServ; C:\WINDOWS.0\System32\hidserv.dll [21504 2008-04-14] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\WINDOWS.0\System32\kmsvc.dll [61440 2008-04-14] (Microsoft Corporation) [File not signed]
R2 hshld; C:\Program Files\Hotspot Shield\bin\cmw_srv.exe [2442368 2016-02-17] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [103176 2016-02-17] ()
R3 HTTPFilter; C:\WINDOWS.0\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation) [File not signed]
S3 idsvc; C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [881664 2008-07-29] (Microsoft Corporation)
S3 Imapi Helper; C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe [163840 2006-01-05] (Alex Feinman) [File not signed]
S3 ImapiService; C:\WINDOWS.0\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-12-01] (Oracle Corporation)
R2 LanmanServer; C:\WINDOWS.0\System32\srvsvc.dll [99840 2012-10-10] (Microsoft Corporation)
R2 lanmanworkstation; C:\WINDOWS.0\System32\wkssvc.dll [134144 2012-10-10] (Microsoft Corporation) [File not signed]
R2 LmHosts; C:\WINDOWS.0\System32\lmhsvc.dll [13824 2008-04-14] (Microsoft Corporation) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 Messenger; C:\WINDOWS.0\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation) [File not signed]
S3 mnmsrvc; C:\WINDOWS.0\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\WINDOWS.0\system32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSIServer; C:\WINDOWS.0\System32\msiexec.exe [95744 2012-10-10] (Microsoft Corporation) [File not signed]
S3 napagent; C:\WINDOWS.0\System32\qagentrt.dll [291328 2008-04-14] (Microsoft Corporation) [File not signed]
S4 NetDDE; C:\WINDOWS.0\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation) [File not signed]
S4 NetDDEdsdm; C:\WINDOWS.0\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\WINDOWS.0\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Netman; C:\WINDOWS.0\System32\netman.dll [198144 2008-04-14] (Microsoft Corporation) [File not signed]
S4 NetTcpPortSharing; C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [132096 2008-07-29] (Microsoft Corporation)
R2 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [380928 2006-08-04] (Dell Inc.) [File not signed]
R3 Nla; C:\WINDOWS.0\System32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
S3 NtLmSsp; C:\WINDOWS.0\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 NtmsSvc; C:\WINDOWS.0\system32\ntmssvc.dll [435200 2008-04-14] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\WINDOWS.0\system32\services.exe [110592 2012-10-10] (Microsoft Corporation) [File not signed]
R2 PolicyAgent; C:\WINDOWS.0\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ProtectedStorage; C:\WINDOWS.0\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\WINDOWS.0\System32\rasauto.dll [88576 2008-04-14] (Microsoft Corporation) [File not signed]
R3 RasMan; C:\WINDOWS.0\System32\rasmans.dll [186368 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RDSessMgr; C:\WINDOWS.0\system32\sessmgr.exe [141312 2008-04-14] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\WINDOWS.0\System32\mprdim.dll [53248 2008-04-14] (Microsoft Corporation) [File not signed]
R2 RemoteRegistry; C:\WINDOWS.0\system32\regsvc.dll [59904 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\WINDOWS.0\system32\locator.exe [75264 2008-04-14] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\WINDOWS.0\System32\rpcss.dll [401408 2012-10-10] (Microsoft Corporation) [File not signed]
S3 RSVP; C:\WINDOWS.0\system32\rsvp.exe [132608 2008-04-14] (Microsoft Corporation) [File not signed]
R2 SamSs; C:\WINDOWS.0\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 SCardSvr; C:\WINDOWS.0\System32\SCardSvr.exe [95744 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\WINDOWS.0\system32\schedsvc.dll [192512 2008-04-14] (Microsoft Corporation) [File not signed]
R2 seclogon; C:\WINDOWS.0\System32\seclogon.dll [18944 2008-04-14] (Microsoft Corporation) [File not signed]
R2 SENS; C:\WINDOWS.0\system32\sens.dll [39424 2008-04-14] (Microsoft Corporation) [File not signed]
R2 SharedAccess; C:\WINDOWS.0\System32\ipnathlp.dll [330752 2012-10-10] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\WINDOWS.0\System32\shsvcs.dll [135168 2012-10-10] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\WINDOWS.0\system32\spoolsv.exe [58880 2012-10-10] (Microsoft Corporation)
R2 srservice; C:\WINDOWS.0\system32\srsvc.dll [171008 2008-04-14] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\WINDOWS.0\System32\ssdpsrv.dll [71680 2008-04-14] (Microsoft Corporation) [File not signed]
R2 stisvc; C:\WINDOWS.0\system32\wiaservc.dll [333824 2008-04-14] (Microsoft Corporation) [File not signed]
S3 SysmonLog; C:\WINDOWS.0\system32\smlogsvc.exe [89600 2008-04-14] (Microsoft Corporation) [File not signed]
R3 TapiSrv; C:\WINDOWS.0\System32\tapisrv.dll [249856 2012-10-10] (Microsoft Corporation) [File not signed]
R3 TermService; C:\WINDOWS.0\System32\termsrv.dll [296960 2012-10-10] (Microsoft Corporation) [File not signed]
R2 Themes; C:\WINDOWS.0\System32\shsvcs.dll [135168 2012-10-10] (Microsoft Corporation) [File not signed]
S3 TlntSvr; C:\WINDOWS.0\system32\tlntsvr.exe [73216 2008-04-14] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\WINDOWS.0\system32\trkwks.dll [90112 2008-04-14] (Microsoft Corporation) [File not signed]
R3 upnphost; C:\WINDOWS.0\System32\upnphost.dll [185856 2008-04-14] (Microsoft Corporation) [File not signed]
S3 UPS; C:\WINDOWS.0\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation) [File not signed]
S3 VSS; C:\WINDOWS.0\System32\vssvc.exe [289792 2008-04-14] (Microsoft Corporation) [File not signed]
R2 W32Time; C:\WINDOWS.0\system32\w32time.dll [175616 2012-10-10] (Microsoft Corporation) [File not signed]
R2 WebClient; C:\WINDOWS.0\System32\webclnt.dll [68096 2012-10-10] (Microsoft Corporation)
R2 winmgmt; C:\WINDOWS.0\system32\wbem\WMIsvc.dll [144896 2008-04-14] (Microsoft Corporation) [File not signed]
R2 wltrysvc; C:\WINDOWS.0\System32\bcmwltry.exe [1236992 2006-06-23] (Dell Inc.) [File not signed]
S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [27136 2006-10-18] (Microsoft Corporation) [File not signed]
S3 Wmi; C:\WINDOWS.0\System32\advapi32.dll [617472 2012-10-10] (Microsoft Corporation) [File not signed]
S3 WmiApSrv; C:\WINDOWS.0\system32\wbem\wmiapsrv.exe [126464 2008-04-14] (Microsoft Corporation) [File not signed]
S3 WPFFontCache_v0400; C:\WINDOWS.0\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [756392 2013-07-20] (Microsoft Corporation)
R2 wscsvc; C:\WINDOWS.0\system32\wscsvc.dll [80896 2008-04-14] (Microsoft Corporation) [File not signed]
R2 wuauserv; C:\WINDOWS.0\system32\wuauserv.dll [23064 2012-10-10] (Microsoft Corporation)
R2 WudfSvc; C:\WINDOWS.0\System32\WUDFSvc.dll [55808 2006-09-28] (Microsoft Corporation) [File not signed]
S2 WZCSVC; C:\WINDOWS.0\System32\wzcsvc.dll [483328 2012-10-10] (Microsoft Corporation) [File not signed]
S3 xmlprov; C:\WINDOWS.0\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation) [File not signed]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S3 SwPrv; C:\WINDOWS.0\system32\dllhost.exe /Processid:{017276A5-F41B-48CF-BB1E-FAB472D6E32B}
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 ACPI; C:\WINDOWS.0\System32\DRIVERS\ACPI.sys [187776 2008-04-14] (Microsoft Corporation) [File not signed]
S4 ACPIEC; C:\WINDOWS.0\system32\Drivers\ACPIEC.sys [11648 2008-04-14] (Microsoft Corporation) [File not signed]
S3 aec; C:\WINDOWS.0\System32\drivers\aec.sys [142592 2008-04-14] (Microsoft Corporation) [File not signed]
R1 AFD; C:\WINDOWS.0\System32\drivers\afd.sys [138496 2012-10-10] (Microsoft Corporation)
R1 APPDRV; C:\WINDOWS.0\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) [File not signed]
R3 Arp1394; C:\WINDOWS.0\System32\DRIVERS\arp1394.sys [60800 2012-10-10] (Microsoft Corporation) [File not signed]
R3 asvpndrv; C:\WINDOWS.0\System32\DRIVERS\asvpndrv.sys [25856 2014-05-17] (Astrill) [File not signed]
R2 aswHwid; C:\WINDOWS.0\system32\drivers\aswHwid.sys [32792 2016-02-16] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS.0\system32\drivers\aswMonFlt.sys [91168 2016-03-10] (AVAST Software)
R1 aswRdr; C:\WINDOWS.0\system32\drivers\aswRdr.sys [64272 2016-02-16] (AVAST Software)
R0 aswRvrt; C:\WINDOWS.0\system32\Drivers\aswRvrt.sys [58776 2016-02-16] (AVAST Software)
R1 aswSnx; C:\WINDOWS.0\system32\drivers\aswSnx.sys [816304 2016-03-10] (AVAST Software)
R1 aswSP; C:\WINDOWS.0\system32\drivers\aswSP.sys [447848 2016-02-24] (AVAST Software)
R3 aswStmXP; C:\WINDOWS.0\system32\drivers\aswStmXP.sys [171608 2016-02-16] (AVAST Software)
S3 aswTdi; C:\WINDOWS.0\system32\drivers\aswTdi.sys [67088 2016-02-16] (AVAST Software)
R0 aswVmm; C:\WINDOWS.0\system32\Drivers\aswVmm.sys [221240 2016-02-16] (AVAST Software)
S3 AsyncMac; C:\WINDOWS.0\System32\DRIVERS\asyncmac.sys [14336 2008-04-14] (Microsoft Corporation) [File not signed]
R0 atapi; C:\WINDOWS.0\System32\DRIVERS\atapi.sys [96512 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Atmarpc; C:\WINDOWS.0\System32\DRIVERS\atmarpc.sys [59904 2008-04-14] (Microsoft Corporation) [File not signed]
R3 audstub; C:\WINDOWS.0\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation) [File not signed]
R3 BCM43XX; C:\WINDOWS.0\System32\DRIVERS\bcmwl5.sys [563968 2006-06-27] (Broadcom Corporation) [File not signed]
R3 bcm4sbxp; C:\WINDOWS.0\System32\DRIVERS\bcm4sbxp.sys [44544 2006-08-17] (Broadcom Corporation) [File not signed]
R1 Beep; C:\WINDOWS.0\system32\Drivers\Beep.sys [4224 2008-04-14] (Microsoft Corporation)
R3 btaudio; C:\WINDOWS.0\System32\drivers\btaudio.sys [328237 2006-05-25] (Broadcom Corporation.) [File not signed]
R3 BTDriver; C:\WINDOWS.0\System32\DRIVERS\btport.sys [30427 2006-05-25] (Broadcom Corporation.) [File not signed]
R3 BTKRNL; C:\WINDOWS.0\System32\DRIVERS\btkrnl.sys [851434 2006-05-25] (Broadcom Corporation.) [File not signed]
R1 BTOWSFF; C:\WINDOWS.0\system32\Drivers\BTOWSFF.sys [27648 2016-02-24] (Toolwiz.com)
R0 BTOWSVF; C:\WINDOWS.0\System32\Drivers\BTOWSVF.sys [45952 2016-02-24] (Toolwiz.com)
R2 BTSERIAL; C:\WINDOWS.0\system32\drivers\btserial.sys [23271 2006-05-25] (Broadcom Corporation.) [File not signed]
R3 BTWDNDIS; C:\WINDOWS.0\System32\DRIVERS\btwdndis.sys [148900 2006-05-25] (Broadcom Corporation.) [File not signed]
S3 btwhid; C:\WINDOWS.0\System32\DRIVERS\btwhid.sys [45683 2006-05-25] (Broadcom Corporation.) [File not signed]
R3 btwmodem; C:\WINDOWS.0\System32\DRIVERS\btwmodem.sys [30285 2006-05-25] (Broadcom Corporation.) [File not signed]
R3 BTWUSB; C:\WINDOWS.0\System32\Drivers\btwusb.sys [66488 2006-05-25] (Broadcom Corporation.) [File not signed]
S4 cbidf2k; C:\WINDOWS.0\system32\Drivers\cbidf2k.sys [13952 2008-04-14] (Microsoft Corporation)
S3 CCDECODE; C:\WINDOWS.0\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) [File not signed]
S1 Cdaudio; C:\WINDOWS.0\system32\Drivers\Cdaudio.sys [18688 2012-10-10] (Microsoft Corporation) [File not signed]
R4 Cdfs; C:\WINDOWS.0\system32\Drivers\Cdfs.sys [63744 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Cdrom; C:\WINDOWS.0\System32\DRIVERS\cdrom.sys [62976 2008-05-02] (Microsoft Corporation) [File not signed]
R3 CmBatt; C:\WINDOWS.0\System32\DRIVERS\CmBatt.sys [13952 2008-04-14] (Microsoft Corporation) [File not signed]
R0 Compbatt; C:\WINDOWS.0\System32\DRIVERS\compbatt.sys [10240 2008-04-14] (Microsoft Corporation) [File not signed]
R0 Disk; C:\WINDOWS.0\System32\DRIVERS\disk.sys [36352 2008-05-07] (Microsoft Corporation) [File not signed]
S4 dmboot; C:\WINDOWS.0\System32\drivers\dmboot.sys [799744 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
R0 dmio; C:\WINDOWS.0\System32\drivers\dmio.sys [153344 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
R0 dmload; C:\WINDOWS.0\System32\drivers\dmload.sys [5888 2008-04-14] (Microsoft Corp., Veritas Software.) [File not signed]
S3 DMusic; C:\WINDOWS.0\System32\drivers\DMusic.sys [52864 2008-04-14] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\WINDOWS.0\System32\drivers\drmkaud.sys [2944 2008-04-14] (Microsoft Corporation) [File not signed]
S3 EsgScanner; C:\WINDOWS.0\System32\DRIVERS\EsgScanner.sys [19984 2015-12-21] ()
S4 exFat; C:\WINDOWS.0\system32\Drivers\exFat.sys [133632 2012-10-10] (Microsoft Corporation) [File not signed]
S4 Fastfat; C:\WINDOWS.0\system32\Drivers\Fastfat.sys [143744 2008-04-14] (Microsoft Corporation) [File not signed]
S1 Fdc; C:\WINDOWS.0\system32\Drivers\Fdc.sys [27392 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Fips; C:\WINDOWS.0\system32\Drivers\Fips.sys [44544 2008-04-14] (Microsoft Corporation) [File not signed]
S1 Flpydisk; C:\WINDOWS.0\system32\Drivers\Flpydisk.sys [20480 2008-04-14] (Microsoft Corporation) [File not signed]
R0 FltMgr; C:\WINDOWS.0\System32\DRIVERS\fltMgr.sys [129792 2008-04-14] (Microsoft Corporation) [File not signed]
S3 FsUsbExDisk; C:\WINDOWS.0\system32\FsUsbExDisk.SYS [37344 2013-12-30] () [File not signed]
U1 Fs_Rec; C:\WINDOWS.0\system32\Drivers\Fs_Rec.sys [9216 2012-10-10] (Microsoft Corporation) [File not signed]
R0 Ftdisk; C:\WINDOWS.0\System32\DRIVERS\ftdisk.sys [125056 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Gpc; C:\WINDOWS.0\System32\DRIVERS\msgpc.sys [35072 2008-04-14] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\WINDOWS.0\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows ® Server 2003 DDK provider) [File not signed]
R3 hidusb; C:\WINDOWS.0\System32\DRIVERS\hidusb.sys [10368 2008-04-14] (Microsoft Corporation) [File not signed]
R3 HSF_DPV; C:\WINDOWS.0\System32\DRIVERS\HSX_DPV.sys [936960 2005-12-01] (Conexant Systems, Inc.) [File not signed]
R3 HSXHWAZL; C:\WINDOWS.0\System32\DRIVERS\HSXHWAZL.sys [192512 2005-12-01] (Conexant Systems, Inc.) [File not signed]
R3 HTTP; C:\WINDOWS.0\System32\Drivers\HTTP.sys [265728 2012-10-10] (Microsoft Corporation) [File not signed]
R1 i8042prt; C:\WINDOWS.0\System32\DRIVERS\i8042prt.sys [52480 2008-04-14] (Microsoft Corporation) [File not signed]
R3 ialm; C:\WINDOWS.0\System32\DRIVERS\ialmnt5.sys [1364574 2005-12-14] (Intel Corporation) [File not signed]
R1 Imapi; C:\WINDOWS.0\System32\DRIVERS\imapi.sys [42112 2008-04-13] (Microsoft Corporation) [File not signed]
R1 intelppm; C:\WINDOWS.0\System32\DRIVERS\intelppm.sys [36352 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Ip6Fw; C:\WINDOWS.0\System32\DRIVERS\Ip6Fw.sys [36608 2008-04-14] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\WINDOWS.0\System32\DRIVERS\ipfltdrv.sys [32896 2008-04-14] (Microsoft Corporation) [File not signed]
S3 IpInIp; C:\WINDOWS.0\System32\DRIVERS\ipinip.sys [20864 2008-04-14] (Microsoft Corporation) [File not signed]
R3 IpNat; C:\WINDOWS.0\System32\DRIVERS\ipnat.sys [152832 2008-04-14] (Microsoft Corporation) [File not signed]
R1 IPSec; C:\WINDOWS.0\System32\DRIVERS\ipsec.sys [75264 2008-04-14] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\WINDOWS.0\System32\DRIVERS\irenum.sys [11264 2008-04-14] (Microsoft Corporation) [File not signed]
R0 isapnp; C:\WINDOWS.0\System32\DRIVERS\isapnp.sys [37248 2008-04-14] (Microsoft Corporation) [File not signed]
R3 jakstaVA; C:\WINDOWS.0\System32\DRIVERS\jaksta_va.sys [91784 2014-12-09] (e2eSoft)
R1 Kbdclass; C:\WINDOWS.0\System32\DRIVERS\kbdclass.sys [24576 2008-04-14] (Microsoft Corporation) [File not signed]
R1 kbdhid; C:\WINDOWS.0\System32\DRIVERS\kbdhid.sys [14592 2008-04-14] (Microsoft Corporation) [File not signed]
R3 kmixer; C:\WINDOWS.0\System32\drivers\kmixer.sys [172416 2008-04-14] (Microsoft Corporation) [File not signed]
R0 KSafeDISK; C:\WINDOWS.0\System32\Drivers\KSafeDISK.sys [48640 2016-02-24] (Toolwiz.com)
R0 KSecDD; C:\WINDOWS.0\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation) [File not signed]
S3 kvnet; C:\WINDOWS.0\System32\DRIVERS\kvnet.sys [36912 2014-06-24] (Kerio Technologies Inc.)
R3 ManyCam; C:\WINDOWS.0\System32\DRIVERS\mcvidrv.sys [48280 2014-12-29] (Visicom Media Inc.)
R3 MBAMProtector; C:\WINDOWS.0\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R3 mcaudrv_simple; C:\WINDOWS.0\System32\drivers\mcaudrv.sys [30488 2014-12-29] (Visicom Media Inc.)
R2 mdmxsdk; C:\WINDOWS.0\System32\DRIVERS\mdmxsdk.sys [12544 2005-10-05] (Conexant) [File not signed]
R1 mnmdd; C:\WINDOWS.0\system32\Drivers\mnmdd.sys [4224 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Modem; C:\WINDOWS.0\system32\Drivers\Modem.sys [30080 2012-10-10] (Microsoft Corporation) [File not signed]
R1 Mouclass; C:\WINDOWS.0\System32\DRIVERS\mouclass.sys [23040 2012-10-10] (Microsoft Corporation) [File not signed]
R3 mouhid; C:\WINDOWS.0\System32\DRIVERS\mouhid.sys [12160 2012-10-10] (Microsoft Corporation) [File not signed]
R0 MountMgr; C:\WINDOWS.0\system32\Drivers\MountMgr.sys [42752 2012-10-10] (Microsoft Corporation) [File not signed]
R3 MRxDAV; C:\WINDOWS.0\System32\DRIVERS\mrxdav.sys [180096 2012-10-10] (Microsoft Corporation)
R1 MRxSmb; C:\WINDOWS.0\System32\DRIVERS\mrxsmb.sys [457856 2012-10-10] (Microsoft Corporation)
R1 Msfs; C:\WINDOWS.0\system32\Drivers\Msfs.sys [19072 2008-04-14] (Microsoft Corporation)
S3 MSKSSRV; C:\WINDOWS.0\System32\drivers\MSKSSRV.sys [7552 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\WINDOWS.0\System32\drivers\MSPCLOCK.sys [5376 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\WINDOWS.0\System32\drivers\MSPQM.sys [4992 2008-04-14] (Microsoft Corporation) [File not signed]
R3 mssmbios; C:\WINDOWS.0\System32\DRIVERS\mssmbios.sys [15488 2012-10-10] (Microsoft Corporation) [File not signed]
S3 MSTEE; C:\WINDOWS.0\System32\drivers\MSTEE.sys [5504 2008-04-14] (Microsoft Corporation) [File not signed]
R0 Mup; C:\WINDOWS.0\system32\Drivers\Mup.sys [105472 2012-10-10] (Microsoft Corporation)
S3 NABTSFEC; C:\WINDOWS.0\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-14] (Microsoft Corporation) [File not signed]
R0 NDIS; C:\WINDOWS.0\system32\Drivers\NDIS.sys [182656 2008-04-14] (Microsoft Corporation) [File not signed]
S3 NdisIP; C:\WINDOWS.0\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\WINDOWS.0\System32\DRIVERS\ndistapi.sys [10496 2012-10-10] (Microsoft Corporation)
R3 Ndisuio; C:\WINDOWS.0\System32\DRIVERS\ndisuio.sys [14592 2012-10-10] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\WINDOWS.0\System32\DRIVERS\ndiswan.sys [91520 2008-04-14] (Microsoft Corporation) [File not signed]
R3 NDProxy; C:\WINDOWS.0\system32\Drivers\NDProxy.sys [40960 2013-11-27] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\WINDOWS.0\System32\DRIVERS\netbios.sys [34688 2008-04-14] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\WINDOWS.0\System32\DRIVERS\netbt.sys [162816 2008-04-14] (Microsoft Corporation) [File not signed]
R3 NIC1394; C:\WINDOWS.0\System32\DRIVERS\nic1394.sys [61824 2012-10-10] (Microsoft Corporation) [File not signed]
S3 NPF; C:\WINDOWS.0\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R1 Npfs; C:\WINDOWS.0\system32\Drivers\Npfs.sys [30848 2008-04-14] (Microsoft Corporation) [File not signed]
R4 Ntfs; C:\WINDOWS.0\system32\Drivers\Ntfs.sys [576384 2008-11-18] (Microsoft Corporation) [File not signed]
R1 Null; C:\WINDOWS.0\system32\Drivers\Null.sys [2944 2008-04-14] (Microsoft Corporation) [File not signed]
S3 NwlnkFlt; C:\WINDOWS.0\System32\DRIVERS\nwlnkflt.sys [12416 2008-04-14] (Microsoft Corporation) [File not signed]
S3 NwlnkFwd; C:\WINDOWS.0\System32\DRIVERS\nwlnkfwd.sys [32512 2008-04-14] (Microsoft Corporation) [File not signed]
R0 ohci1394; C:\WINDOWS.0\System32\DRIVERS\ohci1394.sys [61824 2012-10-10] (Microsoft Corporation) [File not signed]
S3 Parport; C:\WINDOWS.0\system32\Drivers\Parport.sys [80128 2012-10-10] (Microsoft Corporation) [File not signed]
R0 PartMgr; C:\WINDOWS.0\system32\Drivers\PartMgr.sys [19712 2008-04-14] (Microsoft Corporation) [File not signed]
S2 ParVdm; C:\WINDOWS.0\system32\Drivers\ParVdm.sys [6784 2008-04-14] (Microsoft Corporation) [File not signed]
R0 PCI; C:\WINDOWS.0\System32\DRIVERS\pci.sys [68224 2008-04-14] (Microsoft Corporation) [File not signed]
R0 PCIIde; C:\WINDOWS.0\System32\DRIVERS\pciide.sys [3328 2001-08-17] (Microsoft Corporation) [File not signed]
S4 Pcmcia; C:\WINDOWS.0\system32\Drivers\Pcmcia.sys [120192 2008-04-14] (Microsoft Corporation) [File not signed]
R3 PptpMiniport; C:\WINDOWS.0\System32\DRIVERS\raspptp.sys [48384 2008-04-14] (Microsoft Corporation) [File not signed]
R3 PSched; C:\WINDOWS.0\System32\DRIVERS\psched.sys [70272 2012-10-10] (Microsoft Corporation) [File not signed]
R3 Ptilink; C:\WINDOWS.0\System32\DRIVERS\ptilink.sys [17792 2008-04-14] (Parallel Technologies, Inc.) [File not signed]
S3 QCDonner; C:\WINDOWS.0\System32\DRIVERS\LVCD.sys [38912 2001-09-24] (Logitech Inc.) [File not signed]
R1 RasAcd; C:\WINDOWS.0\System32\DRIVERS\rasacd.sys [8832 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\WINDOWS.0\System32\DRIVERS\rasl2tp.sys [51328 2008-04-14] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\WINDOWS.0\System32\DRIVERS\raspppoe.sys [41472 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Raspti; C:\WINDOWS.0\System32\DRIVERS\raspti.sys [16512 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Rdbss; C:\WINDOWS.0\System32\DRIVERS\rdbss.sys [174848 2012-10-10] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\WINDOWS.0\System32\DRIVERS\RDPCDD.sys [4224 2008-04-14] (Microsoft Corporation) [File not signed]
R3 rdpdr; C:\WINDOWS.0\System32\DRIVERS\rdpdr.sys [195712 2009-09-05] (Microsoft Corporation) [File not signed]
S3 RDPWD; C:\WINDOWS.0\system32\Drivers\RDPWD.sys [139784 2012-10-10] (Microsoft Corporation)
R1 redbook; C:\WINDOWS.0\System32\DRIVERS\redbook.sys [57600 2008-04-13] (Microsoft Corporation) [File not signed]
R3 rimmptsk; C:\WINDOWS.0\System32\DRIVERS\rimmptsk.sys [28544 2005-07-15] (REDC) [File not signed]
R3 rimsptsk; C:\WINDOWS.0\System32\DRIVERS\rimsptsk.sys [51328 2005-07-13] (REDC) [File not signed]
R3 rismxdp; C:\WINDOWS.0\System32\DRIVERS\rixdptsk.sys [307968 2005-07-15] (REDC) [File not signed]
R2 rspndr; C:\WINDOWS.0\System32\DRIVERS\rspndr.sys [62848 2012-10-10] (Microsoft Corporation) [File not signed]
R3 sdbus; C:\WINDOWS.0\System32\DRIVERS\sdbus.sys [79232 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Secdrv; C:\WINDOWS.0\System32\DRIVERS\secdrv.sys [20480 2008-04-14] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S2 Serial; C:\WINDOWS.0\system32\Drivers\Serial.sys [64512 2008-04-14] (Microsoft Corporation) [File not signed]
S3 sffdisk; C:\WINDOWS.0\System32\DRIVERS\sffdisk.sys [11904 2008-04-13] (Microsoft Corporation) [File not signed]
S3 sffp_sd; C:\WINDOWS.0\System32\DRIVERS\sffp_sd.sys [11008 2008-04-13] (Microsoft Corporation) [File not signed]
S1 Sfloppy; C:\WINDOWS.0\system32\Drivers\Sfloppy.sys [11392 2008-04-14] (Microsoft Corporation) [File not signed]
S3 SLIP; C:\WINDOWS.0\System32\DRIVERS\SLIP.sys [11136 2008-04-14] (Microsoft Corporation) [File not signed]
S3 splitter; C:\WINDOWS.0\System32\drivers\splitter.sys [6272 2008-04-14] (Microsoft Corporation) [File not signed]
R0 sr; C:\WINDOWS.0\System32\DRIVERS\sr.sys [73472 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Srv; C:\WINDOWS.0\System32\DRIVERS\srv.sys [357888 2012-10-10] (Microsoft Corporation)
S3 ssadbus; C:\WINDOWS.0\System32\DRIVERS\ssadbus.sys [136904 2014-06-16] (MCCI Corporation)
S3 ssadmdfl; C:\WINDOWS.0\System32\DRIVERS\ssadmdfl.sys [17864 2014-06-16] (MCCI Corporation)
S3 ssadmdm; C:\WINDOWS.0\System32\DRIVERS\ssadmdm.sys [153672 2014-06-16] (MCCI Corporation)
S3 sscdbus; C:\WINDOWS.0\System32\DRIVERS\sscdbus.sys [136776 2014-06-16] (MCCI Corporation)
S3 sscdmdfl; C:\WINDOWS.0\System32\DRIVERS\sscdmdfl.sys [17864 2014-06-16] (MCCI Corporation)
S3 sscdmdm; C:\WINDOWS.0\System32\DRIVERS\sscdmdm.sys [153672 2014-06-16] (MCCI Corporation)
R3 STHDA; C:\WINDOWS.0\System32\drivers\sthda.sys [1156648 2006-03-24] (SigmaTel, Inc.) [File not signed]
S3 streamip; C:\WINDOWS.0\System32\DRIVERS\StreamIP.sys [15232 2008-04-14] (Microsoft Corporation) [File not signed]
R3 swenum; C:\WINDOWS.0\System32\DRIVERS\swenum.sys [4352 2012-10-10] (Microsoft Corporation) [File not signed]
S3 swmidi; C:\WINDOWS.0\System32\drivers\swmidi.sys [56576 2008-04-14] (Microsoft Corporation) [File not signed]
R3 sysaudio; C:\WINDOWS.0\System32\drivers\sysaudio.sys [60800 2008-04-14] (Microsoft Corporation) [File not signed]
S3 tap0901; C:\WINDOWS.0\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R3 taphss; C:\WINDOWS.0\System32\DRIVERS\taphss.sys [33512 2015-12-15] (AnchorFree Inc)
R1 Tcpip; C:\WINDOWS.0\System32\DRIVERS\tcpip.sys [361600 2012-10-10] (Microsoft Corporation)
S3 TDPIPE; C:\WINDOWS.0\system32\Drivers\TDPIPE.sys [12040 2008-04-14] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\WINDOWS.0\system32\Drivers\TDTCP.sys [22024 2012-10-10] (Microsoft Corporation) [File not signed]
R1 TermDD; C:\WINDOWS.0\System32\DRIVERS\termdd.sys [40840 2008-04-14] (Microsoft Corporation) [File not signed]
U3 TrueSight; C:\WINDOWS.0\system32\drivers\TrueSight.sys [24688 2016-01-27] ()
S4 Udfs; C:\WINDOWS.0\system32\Drivers\Udfs.sys [66048 2008-04-14] (Microsoft Corporation)
R3 Update; C:\WINDOWS.0\System32\DRIVERS\update.sys [384768 2008-04-14] (Microsoft Corporation) [File not signed]
S3 usbccgp; C:\WINDOWS.0\System32\DRIVERS\usbccgp.sys [32384 2013-08-09] (Microsoft Corporation)
R3 usbehci; C:\WINDOWS.0\System32\DRIVERS\usbehci.sys [30464 2009-06-09] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\WINDOWS.0\System32\DRIVERS\usbhub.sys [59520 2008-04-14] (Microsoft Corporation) [File not signed]
S3 USBSTOR; C:\WINDOWS.0\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-13] (Microsoft Corporation) [File not signed]
R3 usbuhci; C:\WINDOWS.0\System32\DRIVERS\usbuhci.sys [20608 2008-04-14] (Microsoft Corporation) [File not signed]
S3 USB_RNDIS_51; C:\WINDOWS.0\System32\DRIVERS\usb8023.sys [12928 2013-02-12] (Microsoft Corporation)
R1 VBoxDrv; C:\WINDOWS.0\System32\DRIVERS\VBoxDrv.sys [204064 2014-05-16] (Oracle Corporation)
R3 VBoxNetAdp; C:\WINDOWS.0\System32\DRIVERS\VBoxNetAdp.sys [116512 2014-05-16] (Oracle Corporation)
R3 VBoxNetFlt; C:\WINDOWS.0\System32\DRIVERS\VBoxNetFlt.sys [126752 2014-05-16] (Oracle Corporation)
R1 VBoxUSBMon; C:\WINDOWS.0\System32\DRIVERS\VBoxUSBMon.sys [104736 2014-05-16] (Oracle Corporation)
R1 VgaSave; C:\WINDOWS.0\System32\drivers\vga.sys [20992 2008-04-14] (Microsoft Corporation) [File not signed]
R0 VolSnap; C:\WINDOWS.0\system32\Drivers\VolSnap.sys [52352 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Wanarp; C:\WINDOWS.0\System32\DRIVERS\wanarp.sys [34560 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Wdf01000; C:\WINDOWS.0\System32\Drivers\wdf01000.sys [444136 2009-07-14] (Microsoft Corporation)
R3 wdmaud; C:\WINDOWS.0\System32\drivers\wdmaud.sys [83072 2008-04-14] (Microsoft Corporation) [File not signed]
R3 winachsf; C:\WINDOWS.0\System32\DRIVERS\HSX_CNXT.sys [669696 2005-12-01] (Conexant Systems, Inc.) [File not signed]
R1 WmiAcpi; C:\WINDOWS.0\System32\DRIVERS\wmiacpi.sys [8832 2008-04-14] (Microsoft Corporation) [File not signed]
S3 WpdUsb; C:\WINDOWS.0\System32\DRIVERS\wpdusb.sys [38528 2006-10-18] (Microsoft Corporation) [File not signed]
R1 WS2IFSL; C:\WINDOWS.0\System32\drivers\ws2ifsl.sys [12032 2008-04-14] (Microsoft Corporation) [File not signed]
S3 WSTCODEC; C:\WINDOWS.0\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-14] (Microsoft Corporation) [File not signed]
R0 WudfPf; C:\WINDOWS.0\System32\DRIVERS\WudfPf.sys [77568 2006-09-28] (Microsoft Corporation) [File not signed]
S3 WudfRd; C:\WINDOWS.0\System32\DRIVERS\wudfrd.sys [82944 2006-09-28] (Microsoft Corporation) [File not signed]
S3 anvsnddrv; system32\drivers\anvsnddrv.sys [X]
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [14080 2001-08-17] (Microsoft Corporation) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S4 InCDFs; system32\drivers\InCDFs.sys [X]
S1 InCDPass; system32\drivers\InCDPass.sys [X]
S1 InCDRm; system32\drivers\InCDRm.sys [X]
S4 IntelIde; no ImagePath
U2 TMAgent; no ImagePath
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-12 15:34 - 2016-03-12 15:34 - 01725440 _____ (Farbar) C:\Documents and Settings\tony.TONY-B4DA82999C\Desktop\FRST (4).exe
2016-03-11 02:03 - 2016-03-11 03:03 - 11035328 _____ (Adobe Systems Incorporated) C:\WINDOWS.0\system32\FlashPlayerInstaller.exe
2016-03-09 18:54 - 2016-03-12 14:37 - 00000000 ____D C:\Program Files\AdwCleaner
2016-03-09 18:53 - 2016-03-09 18:53 - 01524224 _____ C:\Documents and Settings\tony.TONY-B4DA82999C\Desktop\adwcleaner_5.101.exe
2016-03-06 19:27 - 2016-03-06 19:31 - 110013952 _____ C:\Documents and Settings\tony.TONY-B4DA82999C\Desktop\My Recording_7.avi
2016-03-06 19:27 - 2016-03-06 19:27 - 05015040 _____ C:\Documents and Settings\tony.TONY-B4DA82999C\Desktop\My Recording_6.avi
2016-03-05 18:33 - 2016-03-05 18:33 - 04185830 _____ C:\Documents and Settings\tony.TONY-B4DA82999C\Desktop\view-source_peachtug.ru.txt
2016-03-05 18:29 - 2016-03-05 18:29 - 00000045 _____ C:\peachtug.ru.url
2016-03-04 20:47 - 2016-03-04 20:47 - 00056241 _____ C:\Documents and Settings\tony.TONY-B4DA82999C\Desktop\270x330_960abdc097c582e8e9e5.jpeg
2016-03-02 19:23 - 2016-03-02 19:23 - 00000000 ____D C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Google
2016-03-02 00:00 - 2016-03-02 00:16 - 151449218 _____ C:\Documents and Settings\tony.TONY-B4DA82999C\My Documents\vlc-.avi
2016-02-29 16:24 - 2008-05-07 11:12 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS.0\system32\Drivers\SET1DA.tmp
2016-02-28 19:01 - 2008-05-07 11:12 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS.0\system32\Drivers\SET3AF.tmp
2016-02-27 14:50 - 2008-05-07 11:12 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS.0\system32\Drivers\SETEA.tmp
2016-02-26 16:44 - 2016-02-26 20:41 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-02-26 01:02 - 2016-02-26 01:24 - 52994048 _____ C:\Documents and Settings\tony.TONY-B4DA82999C\My Documents\vlc-.ts
2016-02-26 01:02 - 2016-02-26 01:02 - 00153596 _____ C:\Documents and Settings\tony.TONY-B4DA82999C\My Documents\vlc-record-2016-02-26-01h02m20s-http___origin2.stream.highwebmedia.com_1935_live-origin_another_jed-sd-a537e0172fd02b2ada9e8bd8b41c977aa2ff83bffcbe449404f0b42f9ace8811_aac_playlist.m3u8-.ts
2016-02-26 00:27 - 2016-02-26 00:44 - 37847408 _____ C:\Documents and Settings\tony.TONY-B4DA82999C\My Documents\vlc-record-2016-02-26-00h27m27s-http___origin2.stream.highwebmedia.com_1935_live-origin_another_jed-sd-a537e0172fd02b2ada9e8bd8b41c977aa2ff83bffcbe449404f0b42f9ace8811_aac_playlist.m3u8-.ts
2016-02-26 00:23 - 2016-02-26 00:24 - 06695056 _____ C:\Documents and Settings\tony.TONY-B4DA82999C\My Documents\vlc-record-2016-02-26-00h23m52s-http___origin12.stream.highwebmedia.com_1935_live-origin_busty_ir_housewife-sd-01ed333b00d0b7d3d8ff333ab4f4e20107b75b3617e706decd9ae0c420625f95_aac_playlist.m3u8-.ts
2016-02-26 00:17 - 2016-02-26 00:17 - 00000719 _____ C:\Documents and Settings\All Users.WINDOWS.0\Desktop\VLC media player.lnk
2016-02-26 00:17 - 2016-02-26 00:17 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\VideoLAN
2016-02-26 00:17 - 2016-02-26 00:17 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\VideoLAN
2016-02-24 15:06 - 2016-02-24 15:10 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\ToolwizCareFree
2016-02-24 15:06 - 2016-02-24 15:06 - 00048640 _____ (Toolwiz.com) C:\WINDOWS.0\system32\Drivers\KSafeDISK.sys
2016-02-24 15:06 - 2016-02-24 15:06 - 00045952 _____ (Toolwiz.com) C:\WINDOWS.0\system32\Drivers\BTOWSVF.sys
2016-02-24 15:06 - 2016-02-24 15:06 - 00027648 _____ (Toolwiz.com) C:\WINDOWS.0\system32\Drivers\BTOWSFF.sys
2016-02-24 15:06 - 2016-02-24 15:06 - 00000753 _____ C:\Documents and Settings\tony.TONY-B4DA82999C\Desktop\Toolwiz Care.lnk
2016-02-24 15:06 - 2016-02-24 15:06 - 00000000 ___HD C:\TOOLWIZ
2016-02-24 15:06 - 2016-02-24 15:06 - 00000000 ____D C:\Program Files\ToolwizCareFree
2016-02-24 15:06 - 2016-02-24 15:06 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\ToolwizCareFree
2016-02-24 15:06 - 2016-02-24 15:06 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\ToolwizCareFree
2016-02-20 14:39 - 2008-05-07 11:12 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS.0\system32\Drivers\SETFD.tmp
2016-02-20 01:57 - 2016-02-20 01:57 - 00000000 ____D C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Temp
2016-02-16 13:55 - 2016-02-16 13:55 - 00000000 ____D C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Temp
2016-02-16 12:20 - 2016-02-16 12:12 - 00334280 _____ (AVAST Software) C:\WINDOWS.0\system32\aswBoot.exe
2016-02-16 12:16 - 2016-02-16 12:16 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\AVAST Software
2016-02-16 12:15 - 2016-02-16 12:15 - 00001689 _____ C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Avast Free Antivirus.lnk
2016-02-16 12:15 - 2016-02-16 12:15 - 00000000 __HDC C:\WINDOWS.0\$NtUninstallWdf01009$
2016-02-16 12:15 - 2016-02-16 12:15 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\AVAST Software
2016-02-16 12:15 - 2016-02-16 12:15 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\AVAST Software
2016-02-16 12:15 - 2008-11-07 18:55 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS.0\system32\spmsgXP_2k3.dll
2016-02-16 12:13 - 2016-03-12 13:25 - 00000364 ____H C:\WINDOWS.0\Tasks\avast! Emergency Update.job
2016-02-16 12:13 - 2016-03-10 00:21 - 00816304 _____ (AVAST Software) C:\WINDOWS.0\system32\Drivers\aswsnx.sys
2016-02-16 12:13 - 2016-03-10 00:21 - 00091168 _____ (AVAST Software) C:\WINDOWS.0\system32\Drivers\aswmonflt.sys
2016-02-16 12:13 - 2016-02-24 00:21 - 00447848 _____ (AVAST Software) C:\WINDOWS.0\system32\Drivers\aswsp.sys
2016-02-16 12:13 - 2016-02-16 12:14 - 00221240 _____ (AVAST Software) C:\WINDOWS.0\system32\Drivers\aswVmm.sys
2016-02-16 12:13 - 2016-02-16 12:12 - 00171608 _____ (AVAST Software) C:\WINDOWS.0\system32\Drivers\aswStmXP.sys
2016-02-16 12:13 - 2016-02-16 12:12 - 00067088 _____ (AVAST Software) C:\WINDOWS.0\system32\Drivers\aswTdi.sys
2016-02-16 12:13 - 2016-02-16 12:12 - 00064272 _____ (AVAST Software) C:\WINDOWS.0\system32\Drivers\aswRdr.sys
2016-02-16 12:13 - 2016-02-16 12:12 - 00058776 _____ (AVAST Software) C:\WINDOWS.0\system32\Drivers\aswRvrt.sys
2016-02-16 12:13 - 2016-02-16 12:12 - 00032792 _____ (AVAST Software) C:\WINDOWS.0\system32\Drivers\aswHwid.sys
2016-02-16 12:12 - 2016-02-16 12:12 - 00052184 _____ (AVAST Software) C:\WINDOWS.0\avastSS.scr
2016-02-16 12:09 - 2016-02-16 12:09 - 00000000 ____D C:\Program Files\AVAST Software
2016-02-14 02:37 - 2016-02-15 11:31 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\HiSuite
2016-02-14 02:37 - 2016-02-14 02:37 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C\My Documents\HiSuite
2016-02-14 02:36 - 2011-10-24 07:34 - 00195200 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS.0\system32\Drivers\hw_quusbmdm.sys
2016-02-14 02:36 - 2011-10-24 07:21 - 00102272 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS.0\system32\Drivers\hw_usbdev.sys
2016-02-14 02:36 - 2010-02-19 02:30 - 01302600 _____ (Microsoft Corporation) C:\WINDOWS.0\system32\Drivers\WUDFUpdate_01007.dll
2016-02-14 02:36 - 2010-02-19 02:30 - 01112288 _____ (Microsoft Corporation) C:\WINDOWS.0\system32\WdfCoInstaller01007.dll
2016-02-14 02:36 - 2010-02-19 02:30 - 01112288 _____ (Microsoft Corporation) C:\WINDOWS.0\system32\Drivers\WdfCoInstaller01007.dll
2016-02-14 02:36 - 2010-02-19 02:30 - 00581192 _____ (Microsoft Corporation) C:\WINDOWS.0\system32\Drivers\WinUSBCoInstaller.dll
2016-02-14 01:29 - 2016-02-14 01:29 - 00000000 ____D C:\Program Files\SDA
2016-02-14 01:29 - 2016-02-14 01:29 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\SDFormatter
2016-02-14 01:29 - 2016-02-14 01:29 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\SDFormatter
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-12 15:36 - 2014-08-02 07:06 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Temp
2016-03-12 15:35 - 2016-01-18 20:01 - 00054838 _____ C:\Documents and Settings\tony.TONY-B4DA82999C\Desktop\FRST.txt
2016-03-12 15:35 - 2015-12-21 20:09 - 00000000 ____D C:\FRST
2016-03-12 15:03 - 2015-10-26 12:25 - 00000834 _____ C:\WINDOWS.0\Tasks\Adobe Flash Player Updater.job
2016-03-12 15:03 - 2014-08-02 07:05 - 00032568 _____ C:\WINDOWS.0\SchedLgU.Txt
2016-03-12 14:58 - 2014-08-01 21:55 - 00000886 _____ C:\WINDOWS.0\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-12 14:34 - 2014-12-14 22:27 - 00005370 _____ C:\WINDOWS.0\system32\ASProxy.ini
2016-03-12 14:34 - 2014-12-14 22:27 - 00003508 _____ C:\WINDOWS.0\system32\ASProxyOff.ini
2016-03-12 13:23 - 2014-08-01 23:34 - 00560262 _____ C:\WINDOWS.0\system32\PerfStringBackup.INI
2016-03-12 13:23 - 2014-08-01 23:23 - 00000000 ____D C:\WINDOWS.0\system32
2016-03-12 13:20 - 2014-08-01 23:23 - 00000000 ____D C:\WINDOWS.0\Temp
2016-03-12 13:20 - 2014-08-01 21:55 - 00000882 _____ C:\WINDOWS.0\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-12 13:19 - 2014-08-01 23:23 - 00000000 ____D C:\WINDOWS.0
2016-03-12 13:18 - 2014-08-02 07:05 - 00000006 ____H C:\WINDOWS.0\Tasks\SA.DAT
2016-03-11 22:05 - 2012-10-10 21:15 - 141270216 _____ (Microsoft Corporation) C:\WINDOWS.0\system32\mrt.exe
2016-03-11 22:04 - 2014-08-02 07:06 - 00000178 __SHC C:\Documents and Settings\tony.TONY-B4DA82999C\ntuser.ini
2016-03-11 22:04 - 2014-08-02 07:06 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C
2016-03-11 22:02 - 2015-02-05 21:50 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\Skype
2016-03-11 14:06 - 2008-04-14 14:30 - 00002206 _____ C:\WINDOWS.0\system32\wpa.dbl
2016-03-11 03:05 - 2008-04-14 14:30 - 00797376 _____ (Adobe Systems Incorporated) C:\WINDOWS.0\system32\FlashPlayerApp.exe
2016-03-11 03:05 - 2008-04-14 14:30 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS.0\system32\FlashPlayerCPLApp.cpl
2016-03-11 00:12 - 2015-06-19 17:06 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C\My Documents\lol
2016-03-09 18:59 - 2014-08-02 07:06 - 00000000 ___RD C:\Documents and Settings\tony.TONY-B4DA82999C\My Documents
2016-03-08 15:00 - 2015-02-07 14:53 - 00000218 _____ C:\WINDOWS.0\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2016-03-06 23:34 - 2014-08-02 07:40 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\ManyCam
2016-03-06 19:27 - 2015-10-18 16:33 - 00000116 _____ C:\WINDOWS.0\NeroDigital.ini
2016-03-06 01:53 - 2014-08-02 07:10 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\DMCache
2016-03-05 18:29 - 2014-04-24 18:04 - 00031304 _____ C:\GDIPFONTCACHEV1.DAT
2016-03-02 19:25 - 2016-01-17 14:55 - 00000773 _____ C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Hotspot Shield.lnk
2016-03-02 19:25 - 2016-01-17 14:54 - 00000000 ____D C:\Program Files\Hotspot Shield
2016-03-02 19:25 - 2016-01-17 14:53 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Hotspot Shield
2016-03-02 19:25 - 2016-01-17 14:53 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Hotspot Shield
2016-03-02 19:17 - 2014-08-11 19:37 - 00612352 __SHC C:\Documents and Settings\tony.TONY-B4DA82999C\My Documents\Thumbs.db
2016-03-02 19:17 - 2014-08-01 20:55 - 00048128 ____C C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-03-01 23:47 - 2015-11-03 21:02 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\vlc
2016-03-01 23:44 - 2014-08-02 07:06 - 00000000 ___RD C:\Documents and Settings\tony.TONY-B4DA82999C\My Documents\My Pictures
2016-02-29 15:41 - 2014-08-02 07:38 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\ICQ
2016-02-27 13:56 - 2014-09-01 09:38 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C\Desktop\Unused Desktop Shortcuts
2016-02-27 13:55 - 2013-11-14 17:59 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-02-26 19:32 - 2015-06-10 23:38 - 00001456 _____ C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
2016-02-26 04:35 - 2016-01-28 00:28 - 00087568 _____ C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\FontCache3.0.0.0.dat
2016-02-26 01:19 - 2015-07-15 10:30 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C\My Documents\doc
2016-02-26 00:01 - 2015-12-13 23:55 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\TubeDigger
2016-02-26 00:01 - 2015-12-13 23:55 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\TubeDigger
2016-02-26 00:01 - 2015-12-13 22:58 - 00000000 ____D C:\Program Files\TubeDigger
2016-02-24 18:35 - 2014-08-01 23:32 - 00162728 _____ C:\WINDOWS.0\system32\FNTCACHE.DAT
2016-02-24 16:07 - 2014-08-29 14:52 - 00030520 ____C C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2016-02-24 15:11 - 2014-08-22 23:22 - 00000000 ____D C:\WINDOWS.0\Minidump
2016-02-24 15:11 - 2014-08-02 07:29 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\skypePM
2016-02-24 15:11 - 2014-08-01 23:23 - 00000000 ____D C:\WINDOWS.0\security
2016-02-20 14:08 - 2014-10-08 20:02 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\MultiBit
2016-02-20 00:02 - 2014-08-01 22:04 - 00001819 _____ C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Google Chrome.lnk
2016-02-20 00:02 - 2014-08-01 22:04 - 00001819 _____ C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Google Chrome.lnk
2016-02-20 00:02 - 2014-08-01 22:04 - 00001813 _____ C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Google Chrome.lnk
2016-02-17 20:15 - 2014-08-23 16:02 - 00000600 ____C C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\PUTTY.RND
2016-02-16 14:16 - 2014-08-02 06:55 - 00000781 _____ C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Microsoft Update Catalog.lnk
2016-02-16 14:16 - 2014-08-02 06:55 - 00000781 _____ C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Microsoft Update Catalog.lnk
2016-02-16 13:55 - 2014-08-02 00:15 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\temp
2016-02-16 12:26 - 2014-08-01 23:23 - 00000000 ___HD C:\WINDOWS.0\inf
2016-02-16 12:06 - 2014-08-01 20:53 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Trend Micro
2016-02-16 12:06 - 2014-08-01 20:53 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Trend Micro
2016-02-16 12:04 - 2014-08-01 21:04 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\Trend Micro
2016-02-14 01:29 - 2014-08-17 13:16 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\Downloaded Installations
2016-02-13 15:10 - 2015-10-18 00:13 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\Ahead
2016-02-13 12:59 - 2015-06-09 14:29 - 00000010 _____ C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\sponge.last.runtime.cache
2016-02-12 19:25 - 2016-02-06 20:10 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Active@ ISO Burner
2016-02-12 19:25 - 2016-02-06 20:10 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Active@ ISO Burner
 
==================== Files in the root of some directories =======
 
2015-10-17 20:24 - 2015-12-04 19:00 - 0000618 _____ () C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\burnaware.ini
2015-10-18 18:20 - 2015-10-19 13:47 - 0087608 _____ () C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\inst.exe
2015-10-18 18:20 - 2015-10-19 13:47 - 0007887 _____ () C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\pcouffin.cat
2015-10-18 18:20 - 2015-10-19 13:47 - 0001144 _____ () C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\pcouffin.inf
2015-10-18 18:21 - 2015-10-19 13:47 - 0000055 _____ () C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\pcouffin.log
2015-10-18 18:20 - 2015-10-19 13:47 - 0047360 _____ (VSO Software) C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\pcouffin.sys
2015-06-10 23:38 - 2016-02-26 19:32 - 0001456 _____ () C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
2012-05-03 14:42 - 2012-05-03 14:42 - 0000532 ____C () C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\datos.txt
2014-08-01 20:55 - 2016-03-02 19:17 - 0048128 ____C () C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-01 01:25 - 2015-02-01 01:25 - 0000036 ____C () C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\housecall.guid.cache
2014-02-05 23:38 - 2014-02-05 23:38 - 0193744 ____C () C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\lateral1.bmp
2010-11-12 12:40 - 2010-11-12 12:40 - 0193744 ____C () C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\lateral2.bmp
2014-02-05 23:40 - 2014-02-05 23:40 - 0195108 ____C () C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\lateral3.bmp
2014-08-23 16:02 - 2016-02-17 20:15 - 0000600 ____C () C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\PUTTY.RND
2015-12-22 16:31 - 2015-12-22 16:31 - 0000218 _____ () C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\recently-used.xbel
2014-02-06 01:20 - 2014-02-06 01:20 - 0043976 ____C () C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\save_en.bmp
2014-02-06 01:19 - 2014-02-06 01:19 - 0043976 ____C () C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\save_es.bmp
2015-06-09 14:29 - 2016-02-13 12:59 - 0000010 _____ () C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\sponge.last.runtime.cache
2014-08-06 04:42 - 2014-08-06 04:42 - 0000004 ___HC () C:\Documents and Settings\All Users.WINDOWS.0\Application Data\QSLLPSVCShare
 
Some files in TEMP:
====================
C:\Documents and Settings\Tony\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS.0\explorer.exe
[2012-10-10 21:13] - [2012-10-10 21:13] - 1033728 ____A (Microsoft Corporation) 2BB75B7F548D82A099125D0C5971DE7D
 
C:\WINDOWS.0\system32\winlogon.exe
[2012-10-10 21:15] - [2012-10-10 21:15] - 0509440 ____A (Microsoft Corporation) 53A8857723277B1D6D5EE60A9F85B117
 
C:\WINDOWS.0\system32\svchost.exe => MD5 is legit
C:\WINDOWS.0\system32\services.exe
[2012-10-10 21:14] - [2012-10-10 21:14] - 0110592 ____A (Microsoft Corporation) C519E15665CD89A91AD383FCE3CB556A
 
C:\WINDOWS.0\system32\User32.dll => MD5 is legit
C:\WINDOWS.0\system32\userinit.exe => MD5 is legit
C:\WINDOWS.0\system32\rpcss.dll => MD5 is legit
C:\WINDOWS.0\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS.0\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End of FRST.txt ============================

Attached Files



#4 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:02 AM

Posted 12 March 2016 - 02:15 PM

Hi again,
 
Please uninstall:
µTorrent
Yahoo! Software Update
Hotspot Shield

==============================================
Step 1:
 FRST Script:
 Please download this attached  Attached File  Fixlist.txt   4.37KB   3 downloadsand save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete or Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4:
Please download ZHPcleaner to your desktop.

  • Double click on ZHPCleaner to run the tool.
  • If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
  • Please klick Ashampoo_Snap_20140819_13h09m50s_001__zp
  • Then press ''Repair'' button.
  • Browsers will automatically shut down.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.

Step 5:

  • Temporarily disable your Antivirus protection - if you don't know how to do that, please consult the article below.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Please download ZOEK and save it to your desktop (preferred version is the *.exe one - upper left corner).

http://hijackthis.nl/smeenk/

  • Attached to this message you will find a file called zoekscript

txt.gif  zoekscript.txt   188bytes   130 downloads

  • Download it too and save to your desktop - _it needs to be in the same location as the ZOEK tool
  • Drag zoekscript file and drop it onto ZOEK icon - this should launch the program:
  • The scan may take a while and may need a reboot.
  • Upon completion a file zoek-results should appear.
  • Attach it for my review.

Edited by olgun52, 13 March 2016 - 11:02 AM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 hatemalware2

hatemalware2
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 12 March 2016 - 02:42 PM

Hi

 

I need Hotspot shield software ..

Also about FRST , it get hanged when i click on 'fix'

a while ago i did open a topic and we had same problem about it here :

http://www.bleepingcomputer.com/forums/t/600072/redirect-to-zeroredirect1com/ 



#6 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:02 AM

Posted 13 March 2016 - 10:58 AM

Well other operations make please.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 hatemalware2

hatemalware2
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 17 March 2016 - 06:52 AM

Hi Yilmaz

 

also ZHcleaner give error on file Srcrun.dll and won't open

 

Here logs : 

 

# AdwCleaner v5.102 - Logfile created 17/03/2016 at 14:46:51
# Updated 13/03/2016 by Xplode
# Database : 2016-03-16.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : tony - TONY-B4DA82999C
# Running from : C:\Documents and Settings\tony.TONY-B4DA82999C\Desktop\adwcleaner_5.102.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[-] [C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
*************************
 
C:\Program Files\AdwCleaner\AdwCleaner[C1].txt - [3506 bytes] - [09/03/2016 18:59:09]
C:\Program Files\AdwCleaner\AdwCleaner[C2].txt - [1157 bytes] - [17/03/2016 14:46:51]
C:\Program Files\AdwCleaner\AdwCleaner[S1].txt - [3198 bytes] - [09/03/2016 18:54:16]
C:\Program Files\AdwCleaner\AdwCleaner[S2].txt - [1007 bytes] - [12/03/2016 14:37:00]
C:\Program Files\AdwCleaner\AdwCleaner[S3].txt - [1410 bytes] - [17/03/2016 14:06:04]
 
########## EOF - C:\Program Files\AdwCleaner\AdwCleaner[C2].txt - [1505 bytes] ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Microsoft Windows XP x86 
Ran by tony (Administrator) on Thu 03/17/2016 at 12:03:49.17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 12 
 
Successfully deleted: C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\Mozilla\Firefox\Profiles\pppsxktn.default-1450795932312\extensions\staged (Folder) 
Successfully deleted: C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\crashrpt (Folder) 
Successfully deleted: C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal (File) 
Successfully deleted: C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage (File) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8B8DZ5ZE (Temporary Internet Files Folder) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\AL8FSHZM (Temporary Internet Files Folder) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\AOBR6W0E (Temporary Internet Files Folder) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NZVPJJ63 (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS.0\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8B8DZ5ZE (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS.0\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\AL8FSHZM (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS.0\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\AOBR6W0E (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS.0\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NZVPJJ63 (Temporary Internet Files Folder) 
 
 
 
Registry: 1 
 
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 03/17/2016 at 12:10:24.03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 

 

Attached Files



#8 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:02 AM

Posted 17 March 2016 - 12:54 PM

I am waiting ZHPCleaner log and Zoek scrip run result


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 hatemalware2

hatemalware2
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 18 March 2016 - 05:02 AM

Unfortunately both programs give me error when i try to open them on my system

Attached Files



#10 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:02 AM

Posted 19 March 2016 - 12:06 PM

Okay.

 

Step 1:
 Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Step 2:

ComboFix run:

Please be sure to run our tools with administrator rights.

* IMPORTAN: 1   Place ComboFix.exe on your Desktop

* IMPORTAN: 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

 

Have a nice day.
:hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#11 hatemalware2

hatemalware2
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 21 March 2016 - 02:47 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 3/21/2016
Scan Time: 10:04:14 PM
Logfile: 
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.03.21.05
Rootkit Database: v2016.03.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: tony
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 736634
Time Elapsed: 1 hr, 14 min, 54 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 1
PUP.Optional.CrossRider, C:\Documents and Settings\Tony\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\gphjehcgndcjccmghmjmeeabfecdiilm, Quarantined, [e980741674250b2bcb33768017eb18e8], 
 
Files: 9
PUP.Optional.QuickStart, C:\Documents and Settings\Tony\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\newtabv3.crx, Quarantined, [78f10f7b2f6a42f4e1f60f19ac58926e], 
PUP.Optional.CrossRider, C:\Documents and Settings\Tony\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\gphjehcgndcjccmghmjmeeabfecdiilm\000005.ldb, Quarantined, [e980741674250b2bcb33768017eb18e8], 
PUP.Optional.CrossRider, C:\Documents and Settings\Tony\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\gphjehcgndcjccmghmjmeeabfecdiilm\000008.ldb, Quarantined, [e980741674250b2bcb33768017eb18e8], 
PUP.Optional.CrossRider, C:\Documents and Settings\Tony\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\gphjehcgndcjccmghmjmeeabfecdiilm\000009.log, Quarantined, [e980741674250b2bcb33768017eb18e8], 
PUP.Optional.CrossRider, C:\Documents and Settings\Tony\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\gphjehcgndcjccmghmjmeeabfecdiilm\CURRENT, Quarantined, [e980741674250b2bcb33768017eb18e8], 
PUP.Optional.CrossRider, C:\Documents and Settings\Tony\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\gphjehcgndcjccmghmjmeeabfecdiilm\LOCK, Quarantined, [e980741674250b2bcb33768017eb18e8], 
PUP.Optional.CrossRider, C:\Documents and Settings\Tony\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\gphjehcgndcjccmghmjmeeabfecdiilm\LOG, Quarantined, [e980741674250b2bcb33768017eb18e8], 
PUP.Optional.CrossRider, C:\Documents and Settings\Tony\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\gphjehcgndcjccmghmjmeeabfecdiilm\LOG.old, Quarantined, [e980741674250b2bcb33768017eb18e8], 
PUP.Optional.CrossRider, C:\Documents and Settings\Tony\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\gphjehcgndcjccmghmjmeeabfecdiilm\MANIFEST-000007, Quarantined, [e980741674250b2bcb33768017eb18e8], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#12 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:02 AM

Posted 21 March 2016 - 07:14 PM

I am waiting ComboFix Log.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#13 hatemalware2

hatemalware2
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 24 March 2016 - 10:16 AM

ComboFix 16-03-19.01 - tony 03/24/2016  18:15:53.3.2 - x86
Running from: c:\documents and settings\tony.TONY-B4DA82999C\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\tony.TONY-B4DA82999C\Application Data\addr2line.exe
c:\documents and settings\tony.TONY-B4DA82999C\Application Data\inst.exe
c:\documents and settings\tony.TONY-B4DA82999C\Local Settings\Application Data\datos.txt
c:\documents and settings\tony.TONY-B4DA82999C\Local Settings\Application Data\lateral1.bmp
c:\documents and settings\tony.TONY-B4DA82999C\Local Settings\Application Data\lateral2.bmp
c:\documents and settings\tony.TONY-B4DA82999C\Local Settings\Application Data\lateral3.bmp
c:\documents and settings\tony.TONY-B4DA82999C\Local Settings\Application Data\save_en.bmp
c:\documents and settings\tony.TONY-B4DA82999C\Local Settings\Application Data\save_es.bmp
c:\windows.0\system32\DEBUG.log
c:\windows.0\system32\drivers\SET1DA.tmp
c:\windows.0\system32\drivers\SET3AF.tmp
c:\windows.0\system32\drivers\SETEA.tmp
c:\windows.0\system32\drivers\SETFD.tmp
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MV61XXMM
-------\Legacy_MV64XXMM
-------\Legacy_MVXXMM
-------\Service_keaaycm
-------\Service_mv61xxmm
-------\Service_mv64xxmm
-------\Service_mvxxmm
.
.
(((((((((((((((((((((((((   Files Created from 2016-02-24 to 2016-03-24  )))))))))))))))))))))))))))))))
.
.
2016-03-22 21:36 . 2016-03-22 21:36 -------- d-----w- c:\documents and settings\tony.TONY-B4DA82999C\Application Data\.ACEStream
2016-03-22 21:35 . 2016-03-22 21:37 -------- d-----w- c:\documents and settings\tony.TONY-B4DA82999C\Local Settings\Application Data\ROX Player
2016-03-22 21:34 . 2016-03-22 21:36 -------- d-----w- c:\documents and settings\tony.TONY-B4DA82999C\Application Data\RoxTemp
2016-03-22 21:34 . 2016-03-22 21:34 -------- d-sh--w- c:\windows.0\system32\AI_RecycleBin
2016-03-22 19:24 . 2016-03-22 19:24 35096 ----a-w- c:\windows.0\system32\drivers\aswKbd.sys
2016-03-21 21:10 . 2008-04-13 18:45 59520 ----a-w- c:\windows.0\system32\drivers\usbhub.sys
2016-03-21 21:04 . 2008-04-13 18:45 20608 ----a-w- c:\windows.0\system32\drivers\usbuhci.sys
2016-03-18 10:02 . 2016-03-18 09:57 24064 ----a-w- c:\windows.0\zoek-delete.exe
2016-03-18 10:01 . 2016-03-18 10:01 -------- d-----w- c:\windows.0\system32\wbem\Repository\FS
2016-03-18 10:01 . 2016-03-18 10:01 -------- d-----w- c:\windows.0\system32\wbem\Repository
2016-03-18 09:47 . 2016-03-18 09:47 -------- d-----w- c:\windows.0\system32\wbem\repository.old
2016-03-17 11:19 . 2016-03-17 11:19 -------- d-----w- c:\documents and settings\tony.TONY-B4DA82999C\Local Settings\Application Data\CrashRpt
2016-03-17 10:25 . 2016-03-17 10:25 -------- d-----w- C:\zoek_backup
2016-03-15 14:56 . 2016-03-15 14:56 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\ASProxy
2016-03-10 22:33 . 2016-03-10 23:33 11035328 ----a-w- c:\windows.0\system32\FlashPlayerInstaller.exe
2016-03-09 15:24 . 2016-03-17 11:16 -------- d-----w- c:\program files\AdwCleaner
2016-03-02 15:53 . 2016-03-02 15:53 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Google
2016-02-24 11:36 . 2016-02-24 11:36 48640 ----a-w- c:\windows.0\system32\drivers\KSafeDISK.sys
2016-02-24 11:36 . 2016-02-24 11:36 45952 ----a-w- c:\windows.0\system32\drivers\BTOWSVF.sys
2016-02-24 11:36 . 2016-02-24 11:36 27648 ----a-w- c:\windows.0\system32\drivers\BTOWSFF.sys
2016-02-24 11:36 . 2016-02-24 11:36 -------- d-----w- C:\TOOLWIZ
2016-02-24 11:36 . 2016-02-24 11:40 -------- d-----w- c:\documents and settings\tony.TONY-B4DA82999C\Local Settings\Application Data\ToolwizCareFree
2016-02-24 11:36 . 2016-02-24 11:36 -------- d-----w- c:\program files\ToolwizCareFree
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-03-21 18:34 . 2015-12-04 21:28 170200 ----a-w- c:\windows.0\system32\drivers\mbamswissarmy.sys
2016-03-10 23:35 . 2008-04-14 11:00 797376 ----a-w- c:\windows.0\system32\FlashPlayerApp.exe
2016-03-10 23:35 . 2008-04-14 11:00 142528 ----a-w- c:\windows.0\system32\FlashPlayerCPLApp.cpl
2016-03-10 10:39 . 2015-12-04 21:27 123264 ----a-w- c:\windows.0\system32\drivers\mbamchameleon.sys
2016-03-10 10:38 . 2015-12-04 21:27 24448 ----a-w- c:\windows.0\system32\drivers\mbam.sys
2016-03-09 20:51 . 2016-02-16 08:43 91168 ----a-w- c:\windows.0\system32\drivers\aswmonflt.sys
2016-03-09 20:51 . 2016-02-16 08:43 816304 ----a-w- c:\windows.0\system32\drivers\aswsnx.sys
2016-02-23 20:51 . 2016-02-16 08:43 447848 ----a-w- c:\windows.0\system32\drivers\aswsp.sys
2016-02-16 08:44 . 2016-02-16 08:43 221240 ----a-w- c:\windows.0\system32\drivers\aswVmm.sys
2016-02-16 08:42 . 2016-02-16 08:43 67088 ----a-w- c:\windows.0\system32\drivers\aswTdi.sys
2016-02-16 08:42 . 2016-02-16 08:43 171608 ----a-w- c:\windows.0\system32\drivers\aswStmXP.sys
2016-02-16 08:42 . 2016-02-16 08:43 58776 ----a-w- c:\windows.0\system32\drivers\aswRvrt.sys
2016-02-16 08:42 . 2016-02-16 08:43 64272 ----a-w- c:\windows.0\system32\drivers\aswRdr.sys
2016-02-16 08:42 . 2016-02-16 08:43 32792 ----a-w- c:\windows.0\system32\drivers\aswHwid.sys
2016-02-16 08:42 . 2016-02-16 08:50 334280 ----a-w- c:\windows.0\system32\aswBoot.exe
2016-02-16 08:42 . 2016-02-16 08:42 52184 ----a-w- c:\windows.0\avastSS.scr
2016-01-27 17:04 . 2015-12-26 10:54 24688 ----a-w- c:\windows.0\system32\drivers\TrueSight.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows.0\system32\dllcache\atapi.sys
[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows.0\system32\drivers\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows.0\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
.
[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows.0\system32\dllcache\asyncmac.sys
[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows.0\system32\drivers\asyncmac.sys
.
[-] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows.0\system32\dllcache\beep.sys
[-] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows.0\system32\drivers\beep.sys
.
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows.0\system32\drivers\kbdclass.sys
.
[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows.0\system32\dllcache\ndis.sys
[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows.0\system32\drivers\ndis.sys
.
[-] 2008-11-18 . 4C51D5275AE8A16999EDFE7E647D00DE . 576384 . . [5.1.2600.5712] . . c:\windows.0\system32\dllcache\ntfs.sys
[-] 2008-11-18 . 4C51D5275AE8A16999EDFE7E647D00DE . 576384 . . [5.1.2600.5712] . . c:\windows.0\system32\drivers\ntfs.sys
.
[-] 2008-04-14 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows.0\system32\dllcache\null.sys
[-] 2008-04-14 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows.0\system32\drivers\null.sys
.
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows.0\system32\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows.0\system32\dllcache\lsass.exe
.
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows.0\system32\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows.0\system32\dllcache\netman.dll
.
[-] 2008-04-14 11:00 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows.0\system32\comres.dll
[-] 2008-04-14 11:00 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows.0\system32\dllcache\comres.dll
.
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows.0\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows.0\system32\dllcache\qmgr.dll
.
[-] 2012-10-10 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows.0\system32\rpcss.dll
[-] 2012-10-10 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows.0\system32\dllcache\rpcss.dll
.
[-] 2012-10-10 . C519E15665CD89A91AD383FCE3CB556A . 110592 . . [5.1.2600.5922] . . c:\windows.0\system32\services.exe
[-] 2012-10-10 . C519E15665CD89A91AD383FCE3CB556A . 110592 . . [5.1.2600.5922] . . c:\windows.0\system32\dllcache\services.exe
.
[-] 2012-10-10 . 53A8857723277B1D6D5EE60A9F85B117 . 509440 . . [5.1.2600.5788] . . c:\windows.0\system32\winlogon.exe
[-] 2012-10-10 . 53A8857723277B1D6D5EE60A9F85B117 . 509440 . . [5.1.2600.5788] . . c:\windows.0\system32\dllcache\winlogon.exe
.
[-] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows.0\system32\dllcache\ipsec.sys
[-] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows.0\system32\drivers\ipsec.sys
.
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows.0\system32\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows.0\system32\dllcache\cryptsvc.dll
.
[-] 2012-10-10 17:43 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows.0\system32\es.dll
[-] 2012-10-10 17:43 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows.0\system32\dllcache\es.dll
.
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows.0\system32\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows.0\system32\dllcache\imm32.dll
.
[-] 2014-03-12 . 4A45B692D2BAA74124DF57472D5EA2F1 . 993280 . . [5.1.2600.6532] . . c:\windows.0\system32\kernel32.dll
[-] 2014-03-12 . 4A45B692D2BAA74124DF57472D5EA2F1 . 993280 . . [5.1.2600.6532] . . c:\windows.0\system32\dllcache\kernel32.dll
.
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows.0\system32\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows.0\system32\dllcache\linkinfo.dll
.
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows.0\system32\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows.0\system32\dllcache\lpk.dll
.
[-] 2014-04-30 . 3DB2624CCB1663BF6D62311B2B9E7B55 . 6022144 . . [8.00.6001.23588] . . c:\windows.0\system32\mshtml.dll
[-] 2014-04-30 . 3DB2624CCB1663BF6D62311B2B9E7B55 . 6022144 . . [8.00.6001.23588] . . c:\windows.0\system32\dllcache\mshtml.dll
[7] 2012-10-10 . CF6B381C3518AB328382429CAE206D64 . 6010368 . . [8.00.6001.23415] . . c:\windows.0\ie8updates\KB2964358-IE8\mshtml.dll
.
[-] 2012-10-10 . 06B8485FB1DA9A552B10AB978CD1AC85 . 343040 . . [7.0.2600.5701] . . c:\windows.0\system32\msvcrt.dll
[-] 2012-10-10 . 06B8485FB1DA9A552B10AB978CD1AC85 . 343040 . . [7.0.2600.5701] . . c:\windows.0\system32\dllcache\msvcrt.dll
[-] 2012-10-10 . A4C4A54FD7E31179CB5BDF7896DF3DF7 . 343040 . . [7.0.2600.5701] . . c:\windows.0\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5701_x-ww_40d12c25\msvcrt.dll
[-] 2008-04-14 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows.0\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
.
[-] 2012-10-10 . 06CF9EEDB7E827205C6948C9DAF56974 . 407040 . . [5.1.2600.5582] . . c:\windows.0\system32\netlogon.dll
[-] 2012-10-10 . 06CF9EEDB7E827205C6948C9DAF56974 . 407040 . . [5.1.2600.5582] . . c:\windows.0\system32\dllcache\netlogon.dll
.
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows.0\system32\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows.0\system32\dllcache\powrprof.dll
.
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows.0\system32\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows.0\system32\dllcache\scecli.dll
.
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows.0\system32\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows.0\system32\dllcache\sfc.dll
.
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows.0\system32\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows.0\system32\dllcache\svchost.exe
.
[-] 2012-10-10 . E2B32B10ACC5D97623275AAFB67E5F03 . 249856 . . [5.1.2600.5654] . . c:\windows.0\system32\tapisrv.dll
[-] 2012-10-10 . E2B32B10ACC5D97623275AAFB67E5F03 . 249856 . . [5.1.2600.5654] . . c:\windows.0\system32\dllcache\tapisrv.dll
.
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows.0\system32\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows.0\system32\dllcache\user32.dll
.
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows.0\system32\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows.0\system32\dllcache\userinit.exe
.
[-] 2014-03-06 . 8AF91E4B4C1F5338EBE1548117304296 . 920064 . . [8.00.6001.23580] . . c:\windows.0\system32\wininet.dll
[-] 2014-03-06 . 8AF91E4B4C1F5338EBE1548117304296 . 920064 . . [8.00.6001.23580] . . c:\windows.0\system32\dllcache\wininet.dll
[7] 2012-10-10 . DCEA3B3193B7181CF818ECC4EAB30A66 . 920064 . . [8.00.6001.23415] . . c:\windows.0\ie8updates\KB2936068-IE8\wininet.dll
.
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows.0\system32\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows.0\system32\dllcache\ws2_32.dll
.
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows.0\system32\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows.0\system32\dllcache\ws2help.dll
.
[-] 2012-10-10 . 2BB75B7F548D82A099125D0C5971DE7D . 1033728 . . [6.00.2900.5634] . . c:\windows.0\explorer.exe
[-] 2012-10-10 . 2BB75B7F548D82A099125D0C5971DE7D . 1033728 . . [6.00.2900.5634] . . c:\windows.0\system32\dllcache\explorer.exe
.
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows.0\regedit.exe
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows.0\system32\dllcache\regedit.exe
.
[-] 2013-08-05 . 59B408E5B8489B0B36A0D783D150EDCC . 1289728 . . [5.1.2600.6435] . . c:\windows.0\system32\ole32.dll
[-] 2013-08-05 . 59B408E5B8489B0B36A0D783D150EDCC . 1289728 . . [5.1.2600.6435] . . c:\windows.0\system32\dllcache\ole32.dll
.
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows.0\system32\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows.0\system32\dllcache\ksuser.dll
[-] 2008-04-13 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows.0\system32\ReinstallBackups\0013\DriverFiles\i386\ksuser.dll
.
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows.0\system32\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows.0\system32\dllcache\ctfmon.exe
.
[-] 2012-10-10 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows.0\system32\shsvcs.dll
[-] 2012-10-10 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows.0\system32\dllcache\shsvcs.dll
.
[-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows.0\system32\msimg32.dll
[-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows.0\system32\dllcache\msimg32.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows.0\system32\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows.0\system32\dllcache\srsvc.dll
.
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows.0\system32\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows.0\system32\dllcache\wscntfy.exe
.
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows.0\system32\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows.0\system32\dllcache\xmlprov.dll
.
[-] 2012-10-10 . 30B7D847BA9075AA8E1122FB6AF3D1B5 . 177152 . . [5.1.2600.5768] . . c:\windows.0\system32\MSCTFIME.IME
[-] 2012-10-10 . 30B7D847BA9075AA8E1122FB6AF3D1B5 . 177152 . . [5.1.2600.5768] . . c:\windows.0\system32\dllcache\msctfime.ime
.
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows.0\system32\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows.0\system32\dllcache\eventlog.dll
.
[-] 2012-10-10 . E17798E1E6FF1CA9C67B8576570E05EE . 1614848 . . [5.1.2600.5512] . . c:\windows.0\system32\sfcfiles.dll
.
[-] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows.0\system32\dllcache\ipsec.sys
[-] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows.0\system32\drivers\ipsec.sys
.
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows.0\system32\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows.0\system32\dllcache\regsvc.dll
.
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows.0\system32\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows.0\system32\dllcache\schedsvc.dll
.
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows.0\system32\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows.0\system32\dllcache\ssdpsrv.dll
.
[-] 2012-10-10 . 5128852A18AE46C387F87BF27DA4C9DD . 296960 . . [5.1.2600.5815] . . c:\windows.0\system32\termsrv.dll
[-] 2012-10-10 . 5128852A18AE46C387F87BF27DA4C9DD . 296960 . . [5.1.2600.5815] . . c:\windows.0\system32\dllcache\termsrv.dll
.
[-] 2012-10-10 . 0A878AA66E4DD3E2608192A1ECCD9F8F . 344064 . . [5.1.2600.5589] . . c:\windows.0\system32\hnetcfg.dll
[-] 2012-10-10 . 0A878AA66E4DD3E2608192A1ECCD9F8F . 344064 . . [5.1.2600.5589] . . c:\windows.0\system32\dllcache\hnetcfg.dll
.
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows.0\system32\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows.0\system32\dllcache\appmgmts.dll
.
[-] 2008-04-14 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows.0\system32\drivers\acpiec.sys
.
[-] 2008-04-14 03:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows.0\system32\dllcache\aec.sys
[-] 2008-04-14 03:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows.0\system32\drivers\aec.sys
.
[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows.0\system32\dllcache\ip6fw.sys
[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows.0\system32\drivers\ip6fw.sys
.
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows.0\system32\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows.0\system32\dllcache\msgsvc.dll
.
[-] 2008-04-14 11:00 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows.0\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2006-10-18 17:17 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows.0\system32\mspmsnsv.dll
[-] 2006-10-18 17:17 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows.0\system32\dllcache\mspmsnsv.dll
.
[-] 2008-04-14 11:00 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows.0\system32\ntmssvc.dll
[-] 2008-04-14 11:00 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows.0\system32\dllcache\ntmssvc.dll
.
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows.0\system32\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows.0\system32\dllcache\upnphost.dll
.
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows.0\system32\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows.0\system32\dllcache\dsound.dll
.
[-] 2012-10-10 . D2CF91B2C710E9F666E60AFBF87643EE . 1689088 . . [5.03.2600.5601] . . c:\windows.0\system32\d3d9.dll
[-] 2012-10-10 . D2CF91B2C710E9F666E60AFBF87643EE . 1689088 . . [5.03.2600.5601] . . c:\windows.0\system32\dllcache\d3d9.dll
.
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows.0\system32\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows.0\system32\dllcache\ddraw.dll
.
[-] 2008-04-14 11:00 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows.0\system32\olepro32.dll
[-] 2008-04-14 11:00 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows.0\system32\dllcache\olepro32.dll
.
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows.0\system32\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows.0\system32\dllcache\perfctrs.dll
.
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows.0\system32\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows.0\system32\dllcache\version.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows.0\system32\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows.0\system32\dllcache\srsvc.dll
.
[-] 2012-10-10 . 9F8A0D0CBB2FA265A754516128C00E22 . 175616 . . [5.1.2600.5635] . . c:\windows.0\system32\w32time.dll
[-] 2012-10-10 . 9F8A0D0CBB2FA265A754516128C00E22 . 175616 . . [5.1.2600.5635] . . c:\windows.0\system32\dllcache\w32time.dll
.
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows.0\system32\wiaservc.dll
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows.0\system32\dllcache\wiaservc.dll
.
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows.0\system32\midimap.dll
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows.0\system32\dllcache\midimap.dll
.
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows.0\system32\rasadhlp.dll
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows.0\system32\dllcache\rasadhlp.dll
.
[-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows.0\system32\wshtcpip.dll
[-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows.0\system32\dllcache\wshtcpip.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-02-16 08:42 770088 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2014-07-25 311616]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2014-07-25 845120]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2014-07-25 1562264]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-12-16 94208]
"ToolwizCareFree"="c:\program files\ToolwizCareFree\ToolwizCares.exe" [2016-02-24 5274328]
"Astrill"="c:\program files\Astrill\astrill.exe" [2016-03-15 7292464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows.0\system32\WLTRAY.exe" [2006-06-23 1384448]
"igfxtray"="c:\windows.0\system32\igfxtray.exe" [2005-12-14 98304]
"igfxhkcmd"="c:\windows.0\system32\hkcmd.exe" [2005-12-14 77824]
"igfxpers"="c:\windows.0\system32\igfxpers.exe" [2005-12-14 118784]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 98304]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-04 1032192]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2014-09-11 2087264]
"NeroFilterCheck"="c:\windows.0\system32\NeroCheck.exe" [2001-07-09 155648]
"iSkysoft Helper Compact.exe"="c:\program files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe" [2014-04-04 2000896]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-03-23 7139256]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows.0\Jaksta\AC\x86\jaudcap.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\www.cproxy.com\\CPROXY.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\WINDOWS.0\\system32\\muzapp.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Super Network Tunnel\\TunnelClient_Portable.exe"=
"c:\\Program Files\\Super Network Tunnel\\TunnelServer.exe"=
"c:\\Documents and Settings\\tony.TONY-B4DA82999C\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS.0\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\tony.TONY-B4DA82999C\\My Documents\\Downloads\\Programs\\video convertor\\Wondershare.Video.Converter.Ultimate.8.0.5.1.Portable\\App\\local\\stubexe\\0x22EFD21A3809460C\\DSCheck.exe"=
"c:\\Program Files\\BitRope Sharing\\BitRope Sharing.exe"=
"c:\\Program Files\\TubeDigger\\TubeDigger.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\tony.TONY-B4DA82999C\\Local Settings\\Application Data\\ROX Player\\roxplayer.exe"=
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-07-09 327296]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows.0\system32\drivers\anvsnddrv.sys [x]
R3 ASOVPNHelper;Astrill OpenVPN Service;c:\program files\Astrill\ASOvpnSvc.exe [2015-11-18 602136]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 EsgScanner;EsgScanner;c:\windows.0\system32\DRIVERS\EsgScanner.sys [2015-12-21 19984]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows.0\system32\FsUsbExDisk.SYS [2013-12-30 37344]
R3 kvnet;Kerio Virtual Network Adapter;c:\windows.0\system32\DRIVERS\kvnet.sys [2014-06-24 36912]
R3 NPF;NetGroup Packet Filter Driver;c:\windows.0\system32\drivers\npf.sys [2013-03-01 36600]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows.0\system32\DRIVERS\ssadbus.sys [2014-06-16 136904]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows.0\system32\DRIVERS\ssadmdfl.sys [2014-06-16 17864]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows.0\system32\DRIVERS\ssadmdm.sys [2014-06-16 153672]
R3 USB_RNDIS_51; USB Remote NDIS Device Driver;c:\windows.0\system32\DRIVERS\usb8023.sys [2013-02-12 12928]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 BTOWSVF;BTOWSVF;c:\windows.0\system32\Drivers\BTOWSVF.sys [2016-02-24 45952]
S0 KSafeDISK;KSafeDISK;c:\windows.0\system32\Drivers\KSafeDISK.sys [2016-02-24 48640]
S1 aswKbd;aswKbd;c:\windows.0\system32\drivers\aswKbd.sys [2016-03-22 35096]
S1 aswSnx;aswSnx;c:\windows.0\system32\drivers\aswSnx.sys [2016-03-09 816304]
S1 aswSP;aswSP;c:\windows.0\system32\drivers\aswSP.sys [2016-02-23 447848]
S1 BTOWSFF;BTOWSFF;c:\windows.0\system32\Drivers\BTOWSFF.sys [2016-02-24 27648]
S1 VBoxDrv;VirtualBox Service;c:\windows.0\system32\DRIVERS\VBoxDrv.sys [2014-05-16 204064]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows.0\system32\DRIVERS\VBoxUSBMon.sys [2014-05-16 104736]
S2 aswHwid;avast! HardwareID;c:\windows.0\system32\drivers\aswHwid.sys [2016-02-16 32792]
S2 aswMonFlt;aswMonFlt;c:\windows.0\system32\drivers\aswMonFlt.sys [2016-03-09 91168]
S2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\cmw_srv.exe [2016-02-17 2442368]
S3 ASProxy;ASProxy;c:\program files\Astrill\ASProxy.exe [2015-09-03 2607640]
S3 asvpndrv;Astrill SSL VPN Adapter;c:\windows.0\system32\DRIVERS\asvpndrv.sys [2014-05-17 25856]
S3 aswStmXP;Avast StreamFilter Driver;c:\windows.0\system32\drivers\aswStmXP.sys [2016-02-16 171608]
S3 jakstaVA;Digital Video Recorder;c:\windows.0\system32\DRIVERS\jaksta_va.sys [2014-12-09 91784]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows.0\system32\DRIVERS\mcvidrv.sys [2014-12-29 48280]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows.0\system32\drivers\mcaudrv.sys [2014-12-29 30488]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows.0\system32\DRIVERS\VBoxNetAdp.sys [2014-05-16 116512]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows.0\system32\DRIVERS\VBoxNetFlt.sys [2014-05-16 126752]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-03-14 21:35 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.87\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-03-24 c:\windows.0\Tasks\Adobe Flash Player Updater.job
- c:\windows.0\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-10 23:35]
.
2016-03-24 c:\windows.0\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-16 08:42]
.
2016-03-24 c:\windows.0\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-11-23 16:00]
.
2016-03-24 c:\windows.0\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-11-23 16:00]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:3213;https=127.0.0.1:3213
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Show all images in original quality - c:\program files\www.cproxy.com\originalAll.htm
IE: Show image in original quality - c:\program files\www.cproxy.com\original.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{26E173B9-CC9C-42D2-B61F-AEA81FB9D986}: NameServer = 46.143.233.2,217.218.155.155
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-03-24 18:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-776561741-1343024091-1606980848-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):44,c9,4f,05,70,3e,f3,13,3d,2a,da,cd,13,fd,02,9d,c7,d4,fe,5f,ab,
   7d,77,de,de,4a,65,99,ea,a5,dd,1c,21,a7,08,5d,c4,a1,55,59,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS.0\\system32\\Macromed\\Flash\\FlashUtil32_21_0_0_182_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS.0\\system32\\Macromed\\Flash\\FlashUtil32_21_0_0_182_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2016-03-24  18:41:32
ComboFix-quarantined-files.txt  2016-03-24 15:11
ComboFix2.txt  2016-01-01 21:34
ComboFix3.txt  2016-01-01 10:17
.
Pre-Run: 6,303,322,112 bytes free
Post-Run: 6,559,555,584 bytes free
.
- - End Of File - - 3D7383D6C5F70EEE2E1D5B85C5203C5A
8F558EB6672622401DA993E1E865C861


#14 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:02 AM

Posted 25 March 2016 - 06:08 PM

Hi again,

 

Step 1:

MalwareBytes Anti-Rootkit scan:

  • Close all the running processes
  • Be sure to temporarily disable all antivirus/anti-spyware softwares
  • Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Note: Malwarebytes Anti-Rootkit requires administrative privileges to function properly.

:step1: Download MalwareBytes Anti-Rootkit software from here to your desktop.

  • Right-click on Mbar 1.09.1.1004.exe and select Run As Administrator  to launch the application.

:step2: Open a folder with MBAR name on desktop.
:step3: The MBAR folder in the list you find.
:step4: Click once. :step5:  Now click the OK button. :step6: Click the OK button again.

Ashampoo_Snap_2015.05.21_21h16m53s_002__
 
:step7: Then Next and click on the Uptade button
:step8: Now click on the scan button

  • When finished updating, click 'Next' then 'Scan'.
  • If you are told you have the 'AppInit_Dlls rootkit', choose not to fix it and proceed with the scan.
  • With some infections, you may see two messages boxes:
  • Could not load protection driver'. Click 'OK'.
  • Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart, then continue with the rest of these instructions.
  • If malware is found, do NOT press the 'Cleanup' button yet. Click 'Exit'.
  • Please  attach the two log files created by the tool within the folder from which it was run.
  • The logs will be named mbar-log-YYYY-MM-DD (##-##-##).txt and system-log.txt

Step 2:

RogueKiller scan:

  • Please download and run RogueKiller  32/64 bit to your desktop
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
  • Click Scan to scan the system.
  • When the scan completes > Close out the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!
  • Post back the report which should be located on your desktop

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#15 hatemalware2

hatemalware2
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 27 March 2016 - 03:06 PM

Hi Yilnaz

It just created system-log.txt

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 5.1.2600 Windows XP Service Pack 3 x86
 
Account is Administrative
 
Internet Explorer version: 8.0.6001.18702
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED
CPU speed: 1.862000 GHz
Memory total: 2674253824, free: 1290436608
 
Downloaded database version: v2016.03.27.02
Downloaded database version: v2016.03.12.01
Downloaded database version: v2016.03.24.01
Initializing...
======================
Driver version: 0.3.0.4
------------ Kernel report ------------
     03/27/2016 11:03:04
------------ Loaded modules -----------
\WINDOWS.0\system32\ntkrnlpa.exe
\WINDOWS.0\system32\hal.dll
\WINDOWS.0\system32\KDCOM.DLL
\WINDOWS.0\system32\BOOTVID.dll
ACPI.sys
\WINDOWS.0\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS.0\system32\DRIVERS\1394BUS.SYS
compbatt.sys
\WINDOWS.0\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS.0\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS.0\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
aswRvrt.sys
aswVmm.sys
Mup.sys
KSafeDISK.sys
BTOWSVF.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\ialmnt5.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\bcmwl5.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\bcm4sbxp.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimmptsk.sys
\SystemRoot\system32\DRIVERS\rimsptsk.sys
\SystemRoot\system32\DRIVERS\rixdptsk.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\asvpndrv.sys
\SystemRoot\system32\DRIVERS\btkrnl.sys
\SystemRoot\system32\DRIVERS\mcvidrv.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\drivers\mcaudrv.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\jaksta_va.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
\SystemRoot\system32\DRIVERS\taphss.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\drivers\btaudio.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\sthda.sys
\SystemRoot\system32\DRIVERS\HSXHWAZL.sys
\SystemRoot\system32\DRIVERS\HSX_DPV.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\drivers\aswKbd.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\drivers\aswRdr.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
\SystemRoot\system32\DRIVERS\VBoxDrv.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\drivers\aswSnx.sys
\??\C:\WINDOWS.0\system32\Drivers\BTOWSFF.sys
\SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\btwusb.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ialmdnt5.dll
\SystemRoot\System32\ialmrnt5.dll
\SystemRoot\System32\ialmdev5.DLL
\SystemRoot\System32\ialmdd5.DLL
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\aswMonFlt.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\drivers\aswHwid.sys
\??\C:\WINDOWS.0\system32\drivers\btserial.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\drivers\aswStmXP.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\wdf01000.sys
\??\C:\WINDOWS.0\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS.0\system32\drivers\MBAMSwissArmy.sys
\WINDOWS.0\system32\ntdll.dll
----------- End -----------
Done!
Module: \??\\WINDOWS.0\system32\ntkrnlpa.exe could not be loadedModule: \??\\WINDOWS.0\system32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINDOWS.0\system32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINDOWS.0\system32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINDOWS.0\system32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINDOWS.0\system32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINDOWS.0\system32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINDOWS.0\system32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINDOWS.0\system32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINDOWS.0\system32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINDOWS.0\system32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINDOWS.0\system32\DRIVERS\CLASSPNP.SYS could not be loaded
Scan started
Database versions:
  main:    v2016.03.27.02
  rootkit: v2016.03.12.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8aa21ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8aa88930, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8aa21ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8aaace98, DeviceName: \Device\00000088\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8aa25940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS.0\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: AA1AAA1A
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 168955542
    Partition is bootable
    Partition file system is NTFS
 
    Partition 1 type is Extended with CSH (0x5)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 168955605  Numsec = 319436460
    Partition is not bootable
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 250059350016 bytes
Sector size: 512 bytes
 
Done!
File "C:\WINDOWS.0\system32\wbem\unsecapp.exe" is compressed (flags = 1)
File "C:\Documents and Settings\All Users.WINDOWS.0\Application Data\QSLLPSVCShare" is compressed (flags = 1)
File "C:\Documents and Settings\All Users.WINDOWS.0\Application Data\AVAST Software\Avast\log\AvastSvc.log" is compressed (flags = 1)
File "C:\Documents and Settings\All Users.WINDOWS.0\Application Data\AVAST Software\Avast\log\AvastUI.log" is compressed (flags = 1)
File "C:\Documents and Settings\All Users.WINDOWS.0\Application Data\AVAST Software\Avast\log\Cleanup.log" is compressed (flags = 1)
File "C:\Documents and Settings\All Users.WINDOWS.0\Application Data\AVAST Software\Avast\log\CommChannel.Protocol.log" is compressed (flags = 1)
File "C:\Documents and Settings\All Users.WINDOWS.0\Application Data\AVAST Software\Avast\log\event_manager.log" is compressed (flags = 1)
File "C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\config\SECURITY.tmp.LOG" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\oobe\msobcomm.dll" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\oobe\msobdl.dll" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\oobe\msobmain.dll" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\oobe\msobshel.dll" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\oobe\msobweb.dll" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\oobe\msoobe.exe" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\oobe\oobebaln.exe" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\wbem\CmdEvTgProv.dll" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\wbem\dsprov.dll" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\wbem\evntrprv.dll" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\wbem\ntevt.dll" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\wbem\policman.dll" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\wbem\provthrd.dll" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\wbem\smtpcons.dll" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\wbem\stdprov.dll" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\wbem\tmplprov.dll" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\wbem\trnsprov.dll" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\wbem\winmgmt.exe" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\wbem\winmgmtr.dll" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\wbem\wmiapres.dll" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\wbem\wmiaprpl.dll" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\wbem\wmic.exe" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\wbem\fwdprov.dll" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\wbem\krnlprov.dll" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\wbem\mofcomp.exe" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\wbem\msiprov.dll" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\wbem\wmidcprv.dll" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\wbem\wmimsg.dll" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\wbem\wmipdskq.dll" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\wbem\wmipicmp.dll" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\wbem\wmipiprt.dll" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\wbem\wmipjobj.dll" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\wbem\wmipsess.dll" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\wbem\wmitimep.dll" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\wbem\scrcons.exe" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\wbem\wbemupgd.dll" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\wbem\wmicookr.dll" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\wbem\updprov.dll" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\wbem\viewprov.dll" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\wbem\wbemads.dll" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\wbem\wbemads.tlb" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\wbem\wbemcntl.dll" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\wbem\wbemperf.dll" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\wbem\wbemtest.exe" is compressed (flags = 1)
File "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temp\Cookies\index.dat" is compressed (flags = 1)
File "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temp\History\History.IE5\index.dat" is compressed (flags = 1)
File "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat" is compressed (flags = 1)
File "C:\Documents and Settings\Default User.WINDOWS.0\NTUSER.DAT" is compressed (flags = 1)
File "C:\Documents and Settings\Default User.WINDOWS.0\NtUser.dat.LOG" is compressed (flags = 1)
File "C:\Documents and Settings\LocalService\NTUSER.DAT" is compressed (flags = 1)
File "C:\Documents and Settings\LocalService\ntuser.dat.LOG" is compressed (flags = 1)
File "C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat" is compressed (flags = 1)
File "C:\Documents and Settings\NetworkService\NTUSER.DAT" is compressed (flags = 1)
File "C:\Documents and Settings\NetworkService\ntuser.dat.LOG" is compressed (flags = 1)
File "C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\index.dat" is compressed (flags = 1)
File "C:\Documents and Settings\Tony\ntuser.dat.LOG" is compressed (flags = 1)
File "C:\Documents and Settings\tony.TONY-B4DA82999C\Cookies\index.dat" is compressed (flags = 1)
File "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
File "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
File "C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-1-168955605-i.mbam...
Removing C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users