-
September 3rd, 2014, 08:09 AM
#16
RogueKiller V9.2.9.0 [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : https://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Salina [Admin rights]
Mode : Remove -- Date : 09/03/2014 07:58:58
¤¤¤ Bad processes : 4 ¤¤¤
[Proc.Hidden] -- [x] -> KILLED [TermThr]
[Proc.Hidden] -- [x] -> KILLED [TermThr]
[Proc.Hidden] -- [x] -> KILLED [TermThr]
[Proc.Hidden] -- [x] -> KILLED [TermThr]
¤¤¤ Registry Entries : 12 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.1.10.1 -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.1.10.1 -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.1.10.1 -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D94B12F3-6144-438C-8582-893D7A1E252C} | DhcpNameServer : 10.1.10.1 -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D94B12F3-6144-438C-8582-893D7A1E252C} | DhcpNameServer : 10.1.10.1 -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{D94B12F3-6144-438C-8582-893D7A1E252C} | DhcpNameServer : 10.1.10.1 -> NOT SELECTED
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3913336790-2022505941-1720759447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> NOT SELECTED
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3913336790-2022505941-1720759447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED
¤¤¤ Scheduled tasks : 1 ¤¤¤
[Suspicious.Path] SW_Booster-S-2982133423.job -- c:\programdata\trusted publisher\sw_booster\SW_Booster.exe (/schedule /profile "c:\programdata\trusted publisher\sw_booster\2982133423.ini") -> DELETED
¤¤¤ Files : 0 ¤¤¤
¤¤¤ HOSTS File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000036b]) ¤¤¤
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] ksgzcgc5.default-1405450587902 : user_pref("browser.startup.homepage", "http://xfinity.comcast.net/?cid=mtmh07152014"); -> NOT SELECTED
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD50 00AAKX-753CA1 SATA Disk Device +++++
--- User ---
[MBR] fc8cd638587124f6ee9814e3fdd51ce4
[BSP] b324dfe7f624ef326d7f29bebd17d51e : HP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 15166 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 31141888 | Size: 461733 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive3: Generic- SM/xD Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive5: Kingston DataTraveler 2.0 USB Device +++++
--- User ---
[MBR] 5e3f83ab0da8b7ba62685315d1da36b1
[BSP] 6b2a830e55603f5113fe1ad032f23762 : Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0xb) [VISIBLE] Offset (sectors): 63 | Size: 7643 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
============================================
RKreport_SCN_09032014_075819.log
Steve
-
September 3rd, 2014, 08:37 AM
#17
RogueKiller V9.2.9.0 [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : https://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Salina [Admin rights]
Mode : Remove -- Date : 09/03/2014 07:58:58
¤¤¤ Bad processes : 4 ¤¤¤
[Proc.Hidden] -- [x] -> KILLED [TermThr]
[Proc.Hidden] -- [x] -> KILLED [TermThr]
[Proc.Hidden] -- [x] -> KILLED [TermThr]
[Proc.Hidden] -- [x] -> KILLED [TermThr]
¤¤¤ Registry Entries : 12 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.1.10.1 -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.1.10.1 -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.1.10.1 -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D94B12F3-6144-438C-8582-893D7A1E252C} | DhcpNameServer : 10.1.10.1 -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D94B12F3-6144-438C-8582-893D7A1E252C} | DhcpNameServer : 10.1.10.1 -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{D94B12F3-6144-438C-8582-893D7A1E252C} | DhcpNameServer : 10.1.10.1 -> NOT SELECTED
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3913336790-2022505941-1720759447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> NOT SELECTED
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3913336790-2022505941-1720759447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED
¤¤¤ Scheduled tasks : 1 ¤¤¤
[Suspicious.Path] SW_Booster-S-2982133423.job -- c:\programdata\trusted publisher\sw_booster\SW_Booster.exe (/schedule /profile "c:\programdata\trusted publisher\sw_booster\2982133423.ini") -> DELETED
¤¤¤ Files : 0 ¤¤¤
¤¤¤ HOSTS File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000036b]) ¤¤¤
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] ksgzcgc5.default-1405450587902 : user_pref("browser.startup.homepage", "http://xfinity.comcast.net/?cid=mtmh07152014"); -> NOT SELECTED
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD50 00AAKX-753CA1 SATA Disk Device +++++
--- User ---
[MBR] fc8cd638587124f6ee9814e3fdd51ce4
[BSP] b324dfe7f624ef326d7f29bebd17d51e : HP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 15166 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 31141888 | Size: 461733 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive3: Generic- SM/xD Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive5: Kingston DataTraveler 2.0 USB Device +++++
--- User ---
[MBR] 5e3f83ab0da8b7ba62685315d1da36b1
[BSP] 6b2a830e55603f5113fe1ad032f23762 : Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0xb) [VISIBLE] Offset (sectors): 63 | Size: 7643 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
============================================
RKreport_SCN_09032014_075819.log
Steve
-
September 3rd, 2014, 08:42 AM
#18
Broni I found these logs on my desktop. I don't know if I sent them to you before or if I need to now so I will now:
DDS, Attach, MBAM1 and MBAM2. Here is DDSDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17239 BrowserJavaVersion: 10.65.2
Run by Salina at 8:55:20 on 2014-08-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.391 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: COMODO Antivirus *Enabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: COMODO Antivirus *Enabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Coupons\CouponPrinterService.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
C:\Program Files\File Association Helper\FAHWindow.exe
C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\COMODO\GeekBuddy\unit_manager.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
C:\Program Files\COMODO\GeekBuddy\unit.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Program Files\COMODO\COMODO Internet Security\CIS.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: {200F5C03-A4F0-A899-3AAD-C4F5AEA8470D} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: {ACC780B0-906C-7AAD-64FF-51131513A55D} - <orphaned>
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Facebook Update] "C:\Users\Salina\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [tvncontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARTG~1.LNK - C:\Program Files\COMODO\GeekBuddy\launcher.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 10.1.10.1
TCP: Interfaces\{D94B12F3-6144-438C-8582-893D7A1E252C} : NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{D94B12F3-6144-438C-8582-893D7A1E252C} : DHCPNameServer = 10.1.10.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: {ACC780B0-906C-7AAD-64FF-51131513A55D} - <orphaned>
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [FAHConsole] C:\Program Files\File Association Helper\FAHConsole.exe
x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
x64-Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe"
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Salina\AppData\Roaming\Mozilla\Firefox\Profiles\ksgzcgc5.default-1405450587902\
FF - prefs.js: browser.startup.homepage - hxxp://xfinity.comcast.net/?cid=mtmh07152014
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Salina\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\Salina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-3-31 82600]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-3-31 42664]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-8-25 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-8-25 224896]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-9-29 55856]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2014-7-24 21184]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-8-25 1041168]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-8-25 427360]
R1 CFRMD;CFRMD;C:\Windows\System32\drivers\CFRMD.sys [2013-5-7 37976]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2014-4-16 23168]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2014-4-16 738472]
R1 HMD;COMODO livePCsupport Hardware Monitor Driver;C:\Windows\System32\drivers\hmd.sys [2013-10-7 14888]
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [2014-7-24 881952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-9-29 238080]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-8-25 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-8-25 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-8-25 92008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-8-25 50344]
R2 CLPSLauncher;COMODO LPS Launcher;C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [2014-7-25 70864]
R2 CouponPrinterService;Coupon Printer Service;C:\Program Files (x86)\Coupons\CouponPrinterService.exe [2014-2-13 177136]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 GeekBuddyRSP;GeekBuddyRSP Server;C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2014-7-25 2327248]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2014-7-24 342336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-6-23 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-23 860472]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 133928]
R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2014-7-24 23048]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2014-7-24 458960]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-10-31 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-23 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-6-23 63704]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 PaniniUSB;PaniniUSB;C:\Windows\System32\drivers\PaniniUSB.sys [2013-10-21 258304]
R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2014-7-24 34848]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2014-7-24 23016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-7-13 150920]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-7-24 2152736]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2014-3-25 2264280]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2014-1-27 227904]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 203344]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-13 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-1-30 19456]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-17 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-1-30 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
.
=============== Created Last 30 ================
.
2014-08-26 18:51:59 -------- d-----w- C:\Users\Salina\AppData\Roaming\LavasoftStatistics
2014-08-26 18:50:44 -------- d-----w- C:\Program Files\Lavasoft
2014-08-26 18:49:22 -------- d-----w- C:\Program Files\Common Files\Lavasoft
2014-08-26 13:29:05 -------- d-----w- C:\Program Files (x86)\Common Files\COMODO
2014-08-26 12:48:50 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F5C5C856-522C-47E3-A00E-F93852AC7B68}\mpengine.dll
2014-08-26 12:06:14 -------- d-s---w- C:\ProgramData\Shared Space
2014-08-26 12:05:20 -------- d-----w- C:\Program Files\COMODO
2014-08-26 12:05:10 -------- d-----w- C:\ProgramData\Comodo Downloader
2014-08-26 12:02:57 -------- d-----w- C:\ProgramData\Comodo
2014-08-25 17:27:46 -------- d-----w- C:\Users\Salina\AppData\Roaming\AVAST Software
2014-08-25 17:26:52 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-08-25 17:26:52 92008 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-08-25 17:26:52 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-08-25 17:26:52 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-08-25 17:26:52 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-08-25 17:26:52 224896 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-08-25 17:26:52 1041168 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-08-25 17:26:43 43152 ----a-w- C:\Windows\avastSS.scr
2014-08-25 17:24:49 -------- d-----w- C:\Program Files\AVAST Software
2014-08-25 17:23:13 -------- d-----w- C:\ProgramData\AVAST Software
2014-08-25 11:54:13 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-22 08:17:10 2620928 ----a-w- C:\Windows\System32\wucltux.dll
2014-08-22 08:16:45 97792 ----a-w- C:\Windows\System32\wudriver.dll
2014-08-22 08:16:45 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2014-08-21 19:18:24 -------- d-----w- C:\Users\Salina\AppData\Local\SlimWare Utilities Inc
2014-08-21 19:18:12 -------- d-----w- C:\Program Files (x86)\SlimCleaner
2014-08-21 18:15:02 -------- d-----w- C:\ProgramData\Trusted Publisher
2014-08-21 18:13:41 -------- d-----w- C:\Users\Salina\AppData\Local\Packages
2014-08-21 18:13:10 -------- d-----w- C:\ProgramData\c6bd839095d3eda2
2014-08-21 18:13:09 -------- d-----w- C:\Users\Salina\AppData\Local\Torch
2014-08-21 18:13:09 -------- d-----w- C:\Users\Salina\AppData\Local\Chromatic Browser
2014-08-21 18:13:08 -------- d-----w- C:\Users\Salina\AppData\Local\Comodo
2014-08-20 17:41:30 1169712 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{09AD0405-44E0-4D44-85D7-F2D642FA52A1}\gapaengine.dll
2014-08-19 13:02:15 -------- d-----w- C:\Windows\CD95F661A5C444F5A6AAECDD91C240E3.TMP
2014-08-19 13:02:12 -------- d-----w- C:\Program Files\File Association Helper
2014-08-19 11:43:58 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-08-19 11:43:58 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2014-08-19 11:43:58 198600 ----a-w- C:\Windows\System32\wuwebv.dll
2014-08-19 11:43:58 179656 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2014-08-18 13:02:37 -------- d-----w- C:\Users\Salina\AppData\Local\Adobe
2014-08-15 12:48:22 -------- d-----w- C:\Program Files (x86)\Coupons
2014-08-13 16:01:51 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-08-13 16:01:51 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-08-13 16:01:51 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-08-13 16:01:51 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-08-13 16:01:49 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-08-13 16:01:49 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-08-13 16:01:30 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-13 16:01:30 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-08-13 11:43:53 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-08-13 11:43:52 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-08-13 11:43:51 529920 ----a-w- C:\Windows\System32\aepdu.dll
2014-08-13 11:43:50 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-07-28 23:25:45 -------- d-----w- C:\Users\Salina\AppData\Local\Windows Live
2014-07-28 23:25:28 -------- d-----w- C:\Users\Salina\AppData\Local\{FFF8C6A5-57B7-4192-B2B5-4844FF5F8535}
2014-07-28 23:25:28 -------- d-----w- C:\Users\Salina\AppData\Local\{881CB04C-E393-42B1-A846-064CFABFFD39}
.
==================== Find3M ====================
.
2014-08-27 11:38:55 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-18 12:01:58 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-18 12:01:58 699568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-07-25 14:02:12 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-07-25 14:01:41 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-07-25 13:28:35 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-07-25 13:25:45 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-07-25 13:04:40 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-07-25 13:00:25 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-07-25 12:59:28 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-07-25 12:47:25 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\Windows\System32\jscript9.dll
2014-07-25 12:28:05 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-07-25 11:43:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29 2087936 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-07-25 11:39:25 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49 2001920 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06 2266624 ----a-w- C:\Windows\System32\wininet.dll
2014-07-25 10:05:23 1792512 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-24 11:49:44 7528440 ----a-w- C:\Windows\System32\atiumd64.dll
2014-07-16 03:25:04 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-07-16 02:46:24 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-07-16 02:12:11 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-07-11 07:02:05 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-16 02:10:19 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-06-05 14:45:15 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-06-05 14:26:58 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-06-05 14:25:49 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-06-04 19:17:14 34080 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe
2014-06-04 19:17:14 21184 ----a-w- C:\Windows\System32\drivers\SmartDefragDriver.sys
2014-06-04 19:17:12 128288 ----a-w- C:\Windows\System32\IObitSmartDefragExtension.dll20140724084219.dll
2014-06-04 19:17:12 128288 ----a-w- C:\Windows\System32\IObitSmartDefragExtension.dll
2014-06-03 10:02:37 112064 ----a-w- C:\Windows\System32\consent.exe
2014-06-03 10:02:21 504320 ----a-w- C:\Windows\System32\msihnd.dll
2014-06-03 10:02:21 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-06-03 10:02:12 1941504 ----a-w- C:\Windows\System32\authui.dll
2014-06-03 09:29:50 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2014-06-03 09:29:50 2363392 ----a-w- C:\Windows\SysWow64\msi.dll
2014-06-03 09:29:40 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 8:58:49.84 ===============
Steve
-
September 3rd, 2014, 08:43 AM
#19
Attach: UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 10/31/2011 4:47:29 PM
System Uptime: 8/26/2014 11:04:35 AM (21 hours ago)
.
Motherboard: Dell Inc. | | 04GJJT
Processor: AMD Athlon(tm) II X2 250 Processor | CPU 1 | 780/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 370.396 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP273: 8/18/2014 8:02:49 AM - Windows Update
RP274: 8/19/2014 7:42:25 AM - Windows Update
RP276: 8/21/2014 12:03:37 PM - Windows Update
RP277: 8/22/2014 4:16:18 AM - Windows Update
RP278: 8/25/2014 7:53:25 AM - Windows Update
RP279: 8/25/2014 1:24:28 PM - avast! antivirus system restore point
RP280: 8/26/2014 2:03:28 PM - Windows Modules Installer
RP281: 8/26/2014 2:48:20 PM - AA11
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Ad-Aware Antivirus
AdAwareInstaller
AdAwareUpdater
Adobe Flash Player 14 ActiveX
Adobe Flash Player 14 Plugin
Adobe Photoshop Elements 2.0
Adobe Reader X (10.1.11) MUI
Advanced SystemCare 7
AntimalwareEngine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Bejeweled 2 Deluxe
Blackhawk Striker 2
Bonjour
Bounce Symphony
BufferChm
Build-a-lot 2
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Citrix Online Launcher
COMODO Antivirus
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
D3DX10
D4100
D4100_Help
D7500
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Digital Delivery
Dell Edoc Viewer
Dell Getting Started Guide
Dell Marketplace Webslice IE8
Dell MusicStage
Dell PhotoStage
Dell Product Registration
Dell Stage
Dell VideoStage
Destinations
DeviceDiscovery
Diner Dash 2 Restaurant Rescue
DirectX 9 Runtime
Dora's World Adventure
Driver Booster
eBay
Escape Whisper Valley (TM)
Facebook Video Calling 3.1.0.521
Farm Frenzy
FATE
File Association Helper
FileHippo.com Update Checker
Final Drive Fury
Final Drive Nitro
FIS Panini Universal Driver
GeekBuddy
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
GoToMeeting 6.4.0.1558
GPBaseService2
HP Customer Participation Program 13.0
HP Deskjet & Photosmart Printer Driver Software 13.0 Rel. A
HP Imaging Device Functions 13.0
HP Photosmart D7500 Printer Driver Software 13.0 Rel. 4
HP Photosmart Essential 3.5
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Internet Explorer
IObit Malware Fighter
IObit Uninstaller
iTunes
Java 7 Update 65
Java Auto Updater
Jewel Quest
Jewel Quest Solitaire 2
Junk Mail filter update
Luxor
Malwarebytes Anti-Malware version 2.0.2.1012
MarketResearch
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Office Starter 2010 - English
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 31.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Dell
Namco All-Stars PAC-MAN
Panini 4.0.2 Universal Installer
Panini API 4.0.2 - Universal Installer
Penguins!
PhotoShowExpress
Plants vs. Zombies - Game of the Year
Poker Superstars III
Polar Bowler
Polar Golfer
PS_SF_04_D7500_Software_Min
RBVirtualFolder64Inst
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Samantha Swift
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
SF_CDA_ProductContext
SF_CDA_Software
Shop for HP Supplies
Skins
Skype Toolbars
Skype™ 6.11
Slawdog Smart Shutdown
SlimCleaner
Smart Defrag 3
SmartWebPrinting
SolutionCenter
Sonic CinePlayer Decoder Pack
Status
Surfing Protection
Toolbox
TrayApp
TrustedID
UnloadSupport
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
WebReg
Wedding Dash - Ready, Aim, Love!
WildTangent Games
WildTangent Games App (Dell Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinZip 18.5
World of Warcraft
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
8/26/2014 11:11:05 AM, Error: Service Control Manager [7034] - The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).
8/26/2014 11:10:44 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified.
8/26/2014 11:04:41 AM, Error: volmgr [46] - Crash dump initialization failed!
8/26/2014 10:43:15 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
8/22/2014 7:59:21 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
8/22/2014 7:58:51 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/22/2014 7:58:51 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
8/22/2014 7:58:34 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
.
==== End Of File ===========================
Steve
-
September 3rd, 2014, 08:44 AM
#20
MBAM1:Malwarebytes Anti-Malware
www.malwarebytes.org
Update, 6/24/2014 7:30:56 AM, SYSTEM, JOHNSMARTIN-PC, Scheduler, Rootkit Database, 2014.6.20.1, 2014.6.23.2,
Update, 6/24/2014 7:31:07 AM, SYSTEM, JOHNSMARTIN-PC, Scheduler, Malware Database, 2014.6.23.12, 2014.6.24.6,
Protection, 6/24/2014 7:31:37 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Starting,
Protection, 6/24/2014 7:31:37 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopping,
Protection, 6/24/2014 7:31:37 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopped,
Protection, 6/24/2014 7:31:44 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Success,
Protection, 6/24/2014 7:31:44 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 6/24/2014 7:31:45 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Started,
Protection, 6/24/2014 7:34:45 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malware Protection, Starting,
Protection, 6/24/2014 7:34:45 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malware Protection, Started,
Protection, 6/24/2014 7:34:45 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 6/24/2014 7:35:49 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Started,
Update, 6/24/2014 8:44:33 AM, SYSTEM, JOHNSMARTIN-PC, Scheduler, Malware Database, 2014.6.24.6, 2014.6.24.7,
Protection, 6/24/2014 8:44:41 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Starting,
Protection, 6/24/2014 8:44:41 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopping,
Protection, 6/24/2014 8:44:41 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopped,
Protection, 6/24/2014 8:44:45 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Success,
Protection, 6/24/2014 8:44:45 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 6/24/2014 8:44:45 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Started,
Update, 6/24/2014 9:33:37 AM, SYSTEM, JOHNSMARTIN-PC, Scheduler, Malware Database, 2014.6.24.7, 2014.6.24.8,
Protection, 6/24/2014 9:33:49 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Starting,
Protection, 6/24/2014 9:33:49 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopping,
Protection, 6/24/2014 9:33:49 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopped,
Protection, 6/24/2014 9:34:01 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Success,
Protection, 6/24/2014 9:34:01 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 6/24/2014 9:34:02 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Started,
Update, 6/24/2014 10:29:20 AM, SYSTEM, JOHNSMARTIN-PC, Scheduler, Malware Database, 2014.6.24.8, 2014.6.24.9,
Protection, 6/24/2014 10:29:34 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Starting,
Protection, 6/24/2014 10:29:34 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopping,
Protection, 6/24/2014 10:29:34 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopped,
Protection, 6/24/2014 10:29:39 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Success,
Protection, 6/24/2014 10:29:39 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 6/24/2014 10:29:39 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Started,
Update, 6/24/2014 11:40:35 AM, SYSTEM, JOHNSMARTIN-PC, Scheduler, Malware Database, 2014.6.24.9, 2014.6.24.10,
Protection, 6/24/2014 11:40:45 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Starting,
Protection, 6/24/2014 11:40:45 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopping,
Protection, 6/24/2014 11:40:45 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopped,
Protection, 6/24/2014 11:40:57 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Success,
Protection, 6/24/2014 11:40:57 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 6/24/2014 11:40:57 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Started,
Update, 6/24/2014 1:41:52 PM, SYSTEM, JOHNSMARTIN-PC, Scheduler, Malware Database, 2014.6.24.10, 2014.6.24.11,
Protection, 6/24/2014 1:42:06 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Starting,
Protection, 6/24/2014 1:42:06 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopping,
Protection, 6/24/2014 1:42:06 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopped,
Protection, 6/24/2014 1:42:10 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Success,
Protection, 6/24/2014 1:42:10 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 6/24/2014 1:42:10 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Started,
Update, 6/24/2014 3:41:28 PM, SYSTEM, JOHNSMARTIN-PC, Scheduler, Malware Database, 2014.6.24.11, 2014.6.24.12,
Protection, 6/24/2014 3:41:41 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Starting,
Protection, 6/24/2014 3:41:41 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopping,
Protection, 6/24/2014 3:41:41 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopped,
Protection, 6/24/2014 3:41:45 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Success,
Protection, 6/24/2014 3:41:45 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 6/24/2014 3:41:46 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Started,
Update, 6/24/2014 4:32:01 PM, SYSTEM, JOHNSMARTIN-PC, Scheduler, Malware Database, 2014.6.24.12, 2014.6.24.13,
Protection, 6/24/2014 4:32:34 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Starting,
Protection, 6/24/2014 4:32:34 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopping,
Protection, 6/24/2014 4:32:34 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopped,
Protection, 6/24/2014 4:32:38 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Success,
Protection, 6/24/2014 4:32:38 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 6/24/2014 4:32:39 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Started,
(end)
Steve
-
September 3rd, 2014, 08:45 AM
#21
and MBAM2:Malwarebytes Anti-Malware
www.malwarebytes.org
Update, 6/24/2014 7:30:56 AM, SYSTEM, JOHNSMARTIN-PC, Scheduler, Rootkit Database, 2014.6.20.1, 2014.6.23.2,
Update, 6/24/2014 7:31:07 AM, SYSTEM, JOHNSMARTIN-PC, Scheduler, Malware Database, 2014.6.23.12, 2014.6.24.6,
Protection, 6/24/2014 7:31:37 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Starting,
Protection, 6/24/2014 7:31:37 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopping,
Protection, 6/24/2014 7:31:37 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopped,
Protection, 6/24/2014 7:31:44 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Success,
Protection, 6/24/2014 7:31:44 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 6/24/2014 7:31:45 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Started,
Protection, 6/24/2014 7:34:45 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malware Protection, Starting,
Protection, 6/24/2014 7:34:45 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malware Protection, Started,
Protection, 6/24/2014 7:34:45 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 6/24/2014 7:35:49 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Started,
Update, 6/24/2014 8:44:33 AM, SYSTEM, JOHNSMARTIN-PC, Scheduler, Malware Database, 2014.6.24.6, 2014.6.24.7,
Protection, 6/24/2014 8:44:41 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Starting,
Protection, 6/24/2014 8:44:41 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopping,
Protection, 6/24/2014 8:44:41 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopped,
Protection, 6/24/2014 8:44:45 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Success,
Protection, 6/24/2014 8:44:45 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 6/24/2014 8:44:45 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Started,
Update, 6/24/2014 9:33:37 AM, SYSTEM, JOHNSMARTIN-PC, Scheduler, Malware Database, 2014.6.24.7, 2014.6.24.8,
Protection, 6/24/2014 9:33:49 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Starting,
Protection, 6/24/2014 9:33:49 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopping,
Protection, 6/24/2014 9:33:49 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopped,
Protection, 6/24/2014 9:34:01 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Success,
Protection, 6/24/2014 9:34:01 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 6/24/2014 9:34:02 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Started,
Update, 6/24/2014 10:29:20 AM, SYSTEM, JOHNSMARTIN-PC, Scheduler, Malware Database, 2014.6.24.8, 2014.6.24.9,
Protection, 6/24/2014 10:29:34 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Starting,
Protection, 6/24/2014 10:29:34 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopping,
Protection, 6/24/2014 10:29:34 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopped,
Protection, 6/24/2014 10:29:39 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Success,
Protection, 6/24/2014 10:29:39 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 6/24/2014 10:29:39 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Started,
Update, 6/24/2014 11:40:35 AM, SYSTEM, JOHNSMARTIN-PC, Scheduler, Malware Database, 2014.6.24.9, 2014.6.24.10,
Protection, 6/24/2014 11:40:45 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Starting,
Protection, 6/24/2014 11:40:45 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopping,
Protection, 6/24/2014 11:40:45 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopped,
Protection, 6/24/2014 11:40:57 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Success,
Protection, 6/24/2014 11:40:57 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 6/24/2014 11:40:57 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Started,
Update, 6/24/2014 1:41:52 PM, SYSTEM, JOHNSMARTIN-PC, Scheduler, Malware Database, 2014.6.24.10, 2014.6.24.11,
Protection, 6/24/2014 1:42:06 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Starting,
Protection, 6/24/2014 1:42:06 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopping,
Protection, 6/24/2014 1:42:06 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopped,
Protection, 6/24/2014 1:42:10 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Success,
Protection, 6/24/2014 1:42:10 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 6/24/2014 1:42:10 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Started,
Update, 6/24/2014 3:41:28 PM, SYSTEM, JOHNSMARTIN-PC, Scheduler, Malware Database, 2014.6.24.11, 2014.6.24.12,
Protection, 6/24/2014 3:41:41 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Starting,
Protection, 6/24/2014 3:41:41 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopping,
Protection, 6/24/2014 3:41:41 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopped,
Protection, 6/24/2014 3:41:45 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Success,
Protection, 6/24/2014 3:41:45 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 6/24/2014 3:41:46 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Started,
Update, 6/24/2014 4:32:01 PM, SYSTEM, JOHNSMARTIN-PC, Scheduler, Malware Database, 2014.6.24.12, 2014.6.24.13,
Protection, 6/24/2014 4:32:34 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Starting,
Protection, 6/24/2014 4:32:34 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopping,
Protection, 6/24/2014 4:32:34 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopped,
Protection, 6/24/2014 4:32:38 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Success,
Protection, 6/24/2014 4:32:38 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 6/24/2014 4:32:39 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Started,
(end)
Steve
-
September 3rd, 2014, 09:09 AM
#22
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org
Database version: v2014.09.03.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17239
Salina :: JOHNSMARTIN-PC [administrator]
9/3/2014 8:25:10 AM
mbar-log-2014-09-03 (08-25-10).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 375263
Time elapsed: 29 minute(s), 24 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Steve
-
September 3rd, 2014, 09:10 AM
#23
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.17239
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 3.000000 GHz
Memory total: 4025458688, free: 393318400
Downloaded database version: v2014.09.03.03
Downloaded database version: v2014.08.21.01
=======================================
Initializing...
Done!
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 61810D7F
Partition information:
Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 80262
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 81920 Numsec = 31059968
Partition file system is NTFS
Partition is bootable
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 31141888 Numsec = 945629184
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...
Done!
Drive 5
Scanning MBR on drive 5...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 105C512B
Partition information:
Partition 0 type is Other (0xb)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 15654177
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 8015282176 bytes
Sector size: 512 bytes
Done!
Scan finished
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-81920-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-5-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-5-r.mbam...
Removal finished
I believe I am now caught up Broni.
Steve
-
September 3rd, 2014, 07:36 PM
#24
Did you uninstall THREE of your AV programs?
Please download ComboFix from Here, Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Never rename Combofix unless instructed.
- Close any open browsers.
- Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix. - Double click on combofix.exe & follow the prompts.
- NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.
Make sure, you re-enable your security programs, when you're done with Combofix.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTE.
If, for some reason, Combofix refuses to run, try the following...
Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
Restart computer in safe mode
- Double-click on the Rkill desktop icon to run the tool.
- If using Vista or Windows 7 right-click on it and choose Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- Do not reboot until instructed.
- If the tool does not run from any of the links provided, please let me know.
When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.
IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
-
September 4th, 2014, 08:35 AM
#25
Broni, I ran Combofix but I didn't see a text file and my computer rebooted by itself. Is it possible there is no text file or should I run the program again? Also, if Combofix ran fine do I need Rkill?
Steve
-
September 4th, 2014, 07:33 PM
#26
No.
Look here: C:\ComboFix.txt for log.
If it's not there...
Re-run Combofix one more time.
If still no log re-run Combofix from safe mode.
How to start Windows in Safe Mode
-
September 4th, 2014, 07:56 PM
#27
Originally Posted by Broni
No.
Look here: C:\ComboFix.txt for log.
If it's not there...
Re-run Combofix one more time.
If still no log re-run Combofix from safe mode.
How to start Windows in Safe Mode
I didn't see the log; Combofix ran two full times. I did a search for text files to be sure and nothing came up. If I don't hear back from you I will run in safe mode tomorrow when I return to the office. Steve
Steve
-
September 4th, 2014, 09:03 PM
#28
Let's leave Combofix alone.
Please download AdwCleaner by Xplode onto your desktop.
- Close all open programs and internet browsers.
- Double click on adwcleaner.exe to run the tool.
- Click on Scan button.
- When the scan has finished click on Clean button.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the contents of that logfile with your next reply.
- You can find the logfile at C:\AdwCleaner[S1].txt as well.
Please download Junkware Removal Tool to your desktop.
- Shut down your protection software now to avoid potential conflicts.
- Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Post the contents of JRT.txt into your next message.
Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
- Double-click to run it. When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
- The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
-
September 5th, 2014, 08:26 AM
#29
OComboFix 14-08-31.01 - Salina 09/05/2014 8:09.4.2 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2593 [GMT -4:00]
Running from: c:\users\Salina\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
SP: COMODO Antivirus *Disabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Salina\AppData\Roaming\Mozilla\Firefox\Profiles\ksgzcgc5.default-1405450587902\search-metadata.json
.
.
((((((((((((((((((((((((( Files Created from 2014-08-05 to 2014-09-05 )))))))))))))))))))))))))))))))
.
.
2014-09-05 12:14 . 2014-09-05 12:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-05 11:47 . 2014-08-21 15:24 11319192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5A3AA3DB-19C7-4218-85AD-CC5114A74F06}\mpengine.dll
2014-09-03 16:16 . 2014-09-03 16:16 -------- d-----w- c:\users\Salina\AppData\Local\CrashDumps
2014-09-03 12:24 . 2014-09-03 12:57 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-09-03 11:50 . 2014-09-03 11:50 33512 ----a-w- c:\windows\SysWow64\drivers\TrueSight.sys
2014-09-03 11:50 . 2014-09-03 11:50 -------- d-----w- c:\programdata\RogueKiller
2014-08-28 11:51 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-28 11:51 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-28 11:51 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-27 12:19 . 2014-08-28 12:02 -------- d-----w- c:\users\Salina\AppData\Roaming\Lavasoft
2014-08-26 18:50 . 2014-08-26 18:50 -------- d-----w- c:\program files\Lavasoft
2014-08-26 18:48 . 2014-08-26 18:48 -------- d-----w- c:\programdata\Lavasoft
2014-08-26 13:29 . 2014-08-26 13:29 -------- d-----w- c:\program files (x86)\Common Files\COMODO
2014-08-26 12:06 . 2014-08-26 12:06 -------- d-s---w- c:\programdata\Shared Space
2014-08-26 12:05 . 2014-08-26 12:05 -------- d-----w- c:\program files\COMODO
2014-08-26 12:05 . 2014-08-26 12:05 -------- d-----w- c:\programdata\Comodo Downloader
2014-08-26 12:02 . 2014-08-26 12:06 -------- d-----w- c:\programdata\Comodo
2014-08-25 17:23 . 2014-08-28 16:19 -------- d-----w- c:\programdata\AVAST Software
2014-08-22 08:17 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
2014-08-22 08:17 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-22 08:17 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-22 08:17 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
2014-08-22 08:16 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll
2014-08-22 08:16 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll
2014-08-22 08:16 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll
2014-08-22 08:16 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll
2014-08-22 08:16 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll
2014-08-22 08:16 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2014-08-21 19:18 . 2014-08-21 19:18 -------- d-----w- c:\users\Salina\AppData\Local\SlimWare Utilities Inc
2014-08-21 19:18 . 2014-08-21 19:18 -------- d-----w- c:\program files (x86)\SlimCleaner
2014-08-21 18:15 . 2014-08-22 11:56 -------- d-----w- c:\programdata\Trusted Publisher
2014-08-21 18:13 . 2014-08-21 18:13 -------- d-----w- c:\users\Salina\AppData\Local\Packages
2014-08-21 18:13 . 2014-08-21 18:14 -------- d-----w- c:\programdata\c6bd839095d3eda2
2014-08-21 18:13 . 2014-08-21 18:13 -------- d-----w- c:\users\Salina\AppData\Local\Torch
2014-08-21 18:13 . 2014-08-21 18:13 -------- d-----w- c:\users\Salina\AppData\Local\Chromatic Browser
2014-08-21 18:13 . 2014-08-21 18:13 -------- d-----w- c:\users\Salina\AppData\Local\Comodo
2014-08-21 18:13 . 2014-08-26 12:06 -------- d-----w- c:\users\HomeGroupUser$
2014-08-21 18:13 . 2014-08-26 12:06 -------- d-----w- c:\users\Guest
2014-08-21 18:13 . 2014-08-26 12:06 -------- d-----w- c:\users\Administrator
2014-08-19 13:02 . 2014-08-19 13:02 -------- d-----w- c:\windows\CD95F661A5C444F5A6AAECDD91C240E3.TMP
2014-08-19 13:02 . 2014-08-19 13:02 -------- d-----w- c:\program files\File Association Helper
2014-08-19 11:43 . 2014-05-14 13:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-19 11:43 . 2014-05-14 13:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
2014-08-19 11:43 . 2014-05-14 13:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-08-19 11:43 . 2014-05-14 13:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2014-08-18 13:02 . 2014-08-18 13:02 -------- d-----w- c:\users\Salina\AppData\Local\Adobe
2014-08-15 12:48 . 2014-08-15 12:48 -------- d-----w- c:\program files (x86)\Coupons
2014-08-13 16:01 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-13 16:01 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-13 16:01 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-13 16:01 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-13 16:01 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-13 16:01 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-13 16:01 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-13 16:01 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-13 11:43 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-13 11:43 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-08-13 11:43 . 2014-08-07 02:06 529920 ----a-w- c:\windows\system32\aepdu.dll
2014-08-13 11:43 . 2014-08-07 02:01 424448 ----a-w- c:\windows\system32\aeinv.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-05 12:05 . 2014-06-23 13:48 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-03 13:04 . 2010-06-24 16:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-09-03 12:23 . 2014-06-23 13:35 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-18 12:01 . 2012-11-12 23:50 699568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-18 12:01 . 2011-09-29 06:37 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-13 16:07 . 2012-03-25 18:23 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-08-05 13:20 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-07-24 11:51 . 2014-07-24 11:51 518896 ----a-w- c:\windows\system32\SRSTSX64.dll
2014-07-24 11:51 . 2014-07-24 11:51 2101848 ----a-w- c:\windows\system32\WavesGUILib64.dll
2014-07-24 11:51 . 2014-07-24 11:51 155888 ----a-w- c:\windows\system32\SRSWOW64.dll
2014-07-24 11:51 . 2014-07-24 11:51 211184 ----a-w- c:\windows\system32\SRSTSH64.dll
2014-07-24 11:51 . 2014-07-24 11:51 198896 ----a-w- c:\windows\system32\SRSHP64.dll
2014-07-24 11:51 . 2014-07-24 11:51 1959128 ----a-w- c:\windows\system32\RTSnMg64.cpl
2014-07-24 11:51 . 2014-07-24 11:51 2834648 ----a-w- c:\windows\system32\RtPgEx64.dll
2014-07-24 11:51 . 2014-07-24 11:51 3962840 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2014-07-24 11:51 . 2014-07-24 11:51 331880 ----a-w- c:\windows\system32\RtlCPAPI64.dll
2014-07-24 11:51 . 2014-07-24 11:51 78680 ----a-w- c:\windows\system32\RTEEG64A.dll
2014-07-24 11:51 . 2014-07-24 11:51 628952 ----a-w- c:\windows\system32\RtDataProc64.dll
2014-07-24 11:51 . 2014-07-24 11:51 375128 ----a-w- c:\windows\system32\RTEEP64A.dll
2014-07-24 11:51 . 2014-07-24 11:51 204120 ----a-w- c:\windows\system32\RTEED64A.dll
2014-07-24 11:51 . 2014-07-24 11:51 149608 ----a-w- c:\windows\system32\RtkCfg64.dll
2014-07-24 11:51 . 2014-07-24 11:51 14952 ----a-w- c:\windows\system32\RtkCoLDR64.dll
2014-07-24 11:51 . 2014-07-24 11:51 1022168 ----a-w- c:\windows\system32\RtkApi64.dll
2014-07-24 11:51 . 2014-07-24 11:51 101208 ----a-w- c:\windows\system32\RTEEL64A.dll
2014-07-24 11:51 . 2014-07-24 11:51 948952 ----a-w- c:\windows\system32\RCoInstII64.dll
2014-07-24 11:51 . 2014-07-24 11:51 310104 ----a-w- c:\windows\system32\RP3DHT64.dll
2014-07-24 11:51 . 2014-07-24 11:51 310104 ----a-w- c:\windows\system32\RP3DAA64.dll
2014-07-24 11:51 . 2014-07-24 11:51 2800344 ----a-w- c:\windows\system32\RltkAPO64.dll
2014-07-24 11:51 . 2014-07-24 11:51 1286872 ----a-w- c:\windows\system32\RTCOM64.dll
2014-07-24 11:51 . 2014-07-24 11:51 897152 ----a-w- c:\windows\system32\MBAPO64.dll
2014-07-24 11:51 . 2014-07-24 11:51 753280 ----a-w- c:\windows\SysWow64\MBAPO32.dll
2014-07-24 11:51 . 2014-07-24 11:51 628504 ----a-w- c:\windows\system32\MBTHX64.dll
2014-07-24 11:51 . 2014-07-24 11:51 563992 ----a-w- c:\windows\SysWow64\MBTHX32.dll
2014-07-24 11:51 . 2014-07-24 11:51 397592 ----a-w- c:\windows\system32\MBWrp64.dll
2014-07-24 11:51 . 2014-07-24 11:51 2000152 ----a-w- c:\windows\system32\MBAPO264.dll
2014-07-24 11:51 . 2014-07-24 11:51 1728280 ----a-w- c:\windows\SysWow64\MBAPO232.dll
2014-07-24 11:51 . 2014-07-24 11:51 2041432 ----a-w- c:\windows\system32\MaxxAudioEQ64.dll
2014-07-24 11:51 . 2014-07-24 11:51 1063512 ----a-w- c:\windows\system32\MaxxAudioAPOShell64.dll
2014-07-24 11:51 . 2014-07-24 11:51 318808 ----a-w- c:\windows\system32\MaxxAudioAPO20.dll
2014-07-24 11:51 . 2014-07-24 11:51 2770976 ----a-w- c:\windows\system32\FMAPO64.dll
2014-07-24 11:51 . 2014-07-24 11:51 113576 ----a-w- c:\windows\system32\CONEQMSAPOGUILibrary.dll
2014-07-24 11:51 . 2014-07-24 11:51 209096 ----a-w- c:\windows\system32\AERTAC64.dll
2014-07-24 11:51 . 2014-07-24 11:51 108640 ----a-w- c:\windows\system32\AERTAR64.dll
2014-07-24 11:51 . 2014-07-24 11:51 458960 ----a-w- c:\windows\system32\drivers\k57nd60a.sys
2014-07-24 11:49 . 2014-07-24 11:49 7528440 ----a-w- c:\windows\system32\atiumd64.dll
2014-07-24 11:49 . 2014-07-24 11:49 69632 ----a-w- c:\windows\system32\coinst_8.97.100.11.dll
2014-07-24 11:49 . 2014-07-24 11:49 51152 ----a-w- c:\windows\system32\atiu9p64.dll
2014-07-24 11:49 . 2014-07-24 11:49 4292192 ----a-w- c:\windows\system32\atiumd6a.dll
2014-07-24 11:49 . 2014-07-24 11:49 1978240 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2014-07-24 11:49 . 2014-07-24 11:49 19584512 ----a-w- c:\windows\SysWow64\atioglxx.dll
2014-07-24 11:49 . 2014-07-24 11:49 120320 ----a-w- c:\windows\system32\atitmm64.dll
2014-07-24 11:49 . 2014-07-24 11:49 1065720 ----a-w- c:\windows\system32\atiumd6v.dll
2014-07-24 11:49 . 2014-07-24 11:49 26017280 ----a-w- c:\windows\system32\atio6axx.dll
2014-07-24 11:49 . 2011-09-29 08:02 6288832 ----a-w- c:\windows\SysWow64\atiumdag.dll
2014-07-24 11:49 . 2011-09-29 08:02 4782960 ----a-w- c:\windows\SysWow64\atiumdva.dll
2014-07-24 11:49 . 2011-04-20 06:21 61464 ----a-w- c:\windows\system32\atiuxp64.dll
2014-07-24 11:49 . 2011-04-20 06:21 48544 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2014-07-24 11:49 . 2011-04-20 06:21 38768 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2014-07-24 11:49 . 2014-07-24 11:49 62976 ----a-w- c:\windows\SysWow64\atimpc32.dll
2014-07-24 11:49 . 2014-07-24 11:49 62976 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2014-07-24 11:49 . 2014-07-24 11:49 62464 ----a-w- c:\windows\system32\atimpc64.dll
2014-07-24 11:49 . 2014-07-24 11:49 62464 ----a-w- c:\windows\system32\amdpcom64.dll
2014-07-24 11:49 . 2014-07-24 11:49 59392 ----a-w- c:\windows\system32\atiedu64.dll
2014-07-24 11:49 . 2014-07-24 11:49 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2014-07-24 11:49 . 2014-07-24 11:49 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2014-07-24 11:49 . 2014-07-24 11:49 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2014-07-24 11:49 . 2014-07-24 11:49 44544 ----a-w- c:\windows\SysWow64\aticalcl.dll
2014-07-24 11:49 . 2014-07-24 11:49 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2014-07-24 11:49 . 2014-07-24 11:49 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2014-07-24 11:49 . 2014-07-24 11:49 41984 ----a-w- c:\windows\system32\atig6txx.dll
2014-07-24 11:49 . 2014-07-24 11:49 364544 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2014-07-24 11:49 . 2014-07-24 11:49 359936 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2014-07-24 11:49 . 2014-07-24 11:49 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2014-07-24 11:49 . 2014-07-24 11:49 21504 ----a-w- c:\windows\system32\atimuixx.dll
2014-07-24 11:49 . 2014-07-24 11:49 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2014-07-24 11:49 . 2014-07-24 11:49 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2014-07-24 11:49 . 2014-07-24 11:49 15827456 ----a-w- c:\windows\system32\aticaldd64.dll
2014-07-24 11:49 . 2014-07-24 11:49 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2014-07-24 11:49 . 2014-07-24 11:49 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2014-07-24 11:49 . 2014-07-24 11:49 13402112 ----a-w- c:\windows\SysWow64\aticaldd.dll
2014-07-24 11:49 . 2014-07-24 11:49 11922944 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2014-07-24 11:49 . 2011-09-29 08:02 514048 ----a-w- c:\windows\system32\atieclxx.exe
2014-07-24 11:49 . 2011-09-29 08:02 238080 ----a-w- c:\windows\system32\atiesrxx.exe
2014-07-24 11:49 . 2011-09-29 08:02 7560424 ----a-w- c:\windows\system32\atidxx64.dll
2014-07-24 11:49 . 2011-09-29 08:02 6857392 ----a-w- c:\windows\SysWow64\atidxx32.dll
2014-07-24 11:49 . 2011-09-29 08:02 535552 ----a-w- c:\windows\system32\atiadlxx.dll
2014-07-24 11:49 . 2011-09-29 08:02 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2014-07-24 11:49 . 2011-04-20 07:09 929736 ----a-w- c:\windows\SysWow64\aticfx32.dll
2014-07-24 11:49 . 2011-04-20 07:07 1094024 ----a-w- c:\windows\system32\aticfx64.dll
2014-07-11 07:02 . 2014-07-17 18:05 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-06-26 05:33 . 2014-06-26 05:33 14888 ----a-w- c:\windows\system32\drivers\hmd.sys
2014-06-26 05:33 . 2014-06-26 05:33 14888 ----a-w- c:\windows\inf\HMD\hmd.sys
2014-06-26 05:33 . 2014-06-26 05:33 37976 ----a-w- c:\windows\system32\drivers\CFRMD.sys
2014-06-26 05:33 . 2014-06-26 05:33 37976 ----a-w- c:\windows\inf\CFRMD\cfrmd.sys
2014-06-18 02:18 . 2014-07-09 14:05 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 14:05 646144 ----a-w- c:\windows\SysWow64\osk.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Advanced SystemCare 7"="c:\program files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" [2014-04-21 2295584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-15 98304]
"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-11-10 4144448]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2014-05-08 40312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"tvncontrol"="c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" [2014-07-25 2327248]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2013-11-15 113664]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
Start GeekBuddy.lnk - c:\program files\COMODO\GeekBuddy\launcher.exe "unit_manager.exe" [2014-7-25 48848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys;c:\windows\SYSNATIVE\DRIVERS\CFRMD.sys [x]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
R1 HMD;COMODO livePCsupport Hardware Monitor Driver;c:\windows\system32\DRIVERS\hmd.sys;c:\windows\SYSNATIVE\DRIVERS\hmd.sys [x]
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\COMODO\launcher_service.exe;c:\program files (x86)\Common Files\COMODO\launcher_service.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 CouponPrinterService;Coupon Printer Service;c:\program files (x86)\Coupons\CouponPrinterService.exe;c:\program files (x86)\Coupons\CouponPrinterService.exe [x]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]
R2 GeekBuddyRSP;GeekBuddyRSP Server;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 PaniniUSB;PaniniUSB;c:\windows\system32\DRIVERS\PaniniUSB.sys;c:\windows\SYSNATIVE\DRIVERS\PaniniUSB.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PXHLPA64
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-15 16:59 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-12 12:01]
.
2014-09-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3913336790-2022505941-1720759447-1000Core.job
- c:\users\Salina\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-01 14:08]
.
2014-09-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3913336790-2022505941-1720759447-1000UA.job
- c:\users\Salina\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-01 14:08]
.
2014-09-05 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-3913336790-2022505941-1720759447-1000.job
- c:\users\Salina\AppData\Local\Citrix\GoToMeeting\1558\g2mupdate.exe [2014-08-22 17:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-07-24 11:39 2471744 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-07-24 13672152]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
"FAHConsole"="c:\program files\File Association Helper\FAHConsole.exe" [2014-01-28 729272]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2014-03-26 1275608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.1.10.1
TCP: Interfaces\{D94B12F3-6144-438C-8582-893D7A1E252C}: NameServer = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\users\Salina\AppData\Roaming\Mozilla\Firefox\Profiles\ksgzcgc5.default-1405450587902\
FF - prefs.js: browser.startup.homepage - hxxp://xfinity.comcast.net/?cid=mtmh07152014
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{200F5C03-A4F0-A899-3AAD-C4F5AEA8470D} - (no file)
BHO-{ACC780B0-906C-7AAD-64FF-51131513A55D} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{ACC780B0-906C-7AAD-64FF-51131513A55D} - (no file)
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Installer\Sym_Cam\CIS]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Configurations]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Data]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Options]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Cam]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
Completion time: 2014-09-05 08:16:02
ComboFix-quarantined-files.txt 2014-09-05 12:16
.
Pre-Run: 398,074,884,096 bytes free
Post-Run: 397,422,407,680 bytes free
.
- - End Of File - - B7047BFA00386551C934915513AA962E
5C616939100B85E558DA92B899A0FC36
---------------------------------------------------------------------------------------------------------------
kay Broni. I tried to run Combofix again and no log. I restarted in safe mode and do have the log! I will post here now.
Steve
-
September 5th, 2014, 08:31 AM
#30
do you want me to continue to the next step?
Steve
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|