User Tag List

rootkits

This is a discussion on rootkits within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. can someone help my removing a rootkits . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT


Closed Thread
 
Thread Tools Search this Thread
Old 08-30-2015, 01:30 AM   #1
Registered Member
 
Join Date: Aug 2015
Posts: 2
OS: windosw 7



can someone help my removing a rootkits


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 8/8/2015 4:14:58 PM
System Uptime: 8/30/2015 7:11:31 AM (4 hours ago)
.
Motherboard: Acer | | JE41_CP
Processor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz | CPU | 2667/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 117 GiB total, 76.961 GiB free.
D: is FIXED (NTFS) - 181 GiB total, 1.086 GiB free.
E: is CDROM ()
F: is FIXED (FAT32) - 7 GiB total, 1.703 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP48: 8/27/2015 6:59:07 PM - ComboFix created restore point
RP50: 8/27/2015 8:14:06 PM - Before uninstalling Mozilla Firefox 40.0.2 (x86 en-US)
RP51: 8/28/2015 12:30:15 AM - F-Secure malware removal
RP52: 8/28/2015 1:45:50 AM - JRT Pre-Junkware Removal
RP53: 8/28/2015 1:55:44 AM - F-Secure malware removal
RP54: 8/29/2015 3:20:38 PM - Created By FixIEDef
RP55: 8/30/2015 10:44:00 AM - Windows Update
.
==== Installed Programs ======================
.
9-lab Removal Tool
ACDSee 18
Adobe Flash Player 18 ActiveX
Adobe Flash Player 18 NPAPI
Apple Application Support
AVS Video Editor 7.1
BB FlashBack Pro 5
Broadcom 802.11 Network Adapter
Broadcom Gigabit NetLink Controller
Browser Cleaner
CaptureWizPro 5.40
Chromodo
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
COMODO Internet Security Premium
Corel PaintShop Pro X7
Corel PaintShop Pro X7
Cyberfox Web Browser (x86)
Epic Privacy Browser
Free Alarm Clock 3.1.0
GeekBuddy
Haali Media Splitter
HitmanPro 3.7
ICA
Intel(R) Graphics Media Accelerator Driver
Intel(R) Rapid Storage Technology
IPM_PSP_COM
Java 8 Update 51
Java Auto Updater
Malwarebytes Anti-Malware version 2.1.8.1057
Maxthon App Store
Maxthon Cloud Browser
Microsoft .NET Framework 4 Client Profile
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Mozilla Firefox 40.0.3 (x86 en-US)
Mozilla Maintenance Service
NoVirusThanks Anti-Rootkit (Free Edition) v1.2
PhoXo
PIXresizer
PSPPContent
PSPPHelp
QuickTime
QupZilla 1.8.6
Realtek High Definition Audio Driver
SanityCheck 3.00
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2894842v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2972106)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2972215)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2978125)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2979575v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB3023221)
Security Update for Microsoft .NET Framework 4 Client Profile (KB3032662)
Security Update for Microsoft .NET Framework 4 Client Profile (KB3037578)
Setup
Spy Emergency
SUPERAntiSpyware
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
UVK - Ultra Virus Killer
WinRAR 5.30 beta 2 (32-bit)
Wondershare DVD Slideshow Builder Deluxe(Build 6.5.1.1)
Wondershare Filmora(Build 6.6.0)
Your Uninstaller! 7
Youtube Downloader HD v. 2.9.9.23
.
==== Event Viewer Messages From Past Week ========
.
8/30/2015 7:14:52 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
8/30/2015 7:12:08 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: epp32
8/29/2015 2:41:45 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
8/29/2015 2:41:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/29/2015 2:41:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/29/2015 2:41:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/29/2015 2:41:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/29/2015 2:41:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/29/2015 2:41:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/29/2015 2:41:28 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CFRMD cmdGuard cmdHlp CSC DfsC discache epp32 inspect NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
8/29/2015 2:41:28 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/29/2015 2:41:28 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/29/2015 2:41:28 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/29/2015 2:41:28 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/29/2015 2:41:28 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/29/2015 2:41:28 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
8/29/2015 2:41:28 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/29/2015 2:41:28 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/29/2015 2:41:28 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/29/2015 2:41:28 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/29/2015 2:41:28 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/29/2015 10:14:46 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Upgrade to Windows 10 Pro.
8/28/2015 4:39:07 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80040154: Upgrade to Windows 10 Pro.
8/28/2015 1:52:54 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10003] - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\bcmihvsrv.dll
8/28/2015 1:52:41 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/28/2015 1:52:41 AM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/28/2015 1:52:41 AM, Error: Service Control Manager [7031] - The Spy Emergency Health Check service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
8/28/2015 1:52:41 AM, Error: Service Control Manager [7031] - The Spy Emergency Engine Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
8/28/2015 1:52:41 AM, Error: Service Control Manager [7031] - The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
8/28/2015 1:52:41 AM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/28/2015 1:52:41 AM, Error: Service Control Manager [7031] - The GeekBuddyRSP Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
8/28/2015 1:47:21 AM, Error: Service Control Manager [7034] - The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
8/28/2015 1:47:21 AM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/28/2015 1:47:09 AM, Error: Service Control Manager [7034] - The Corel License Validation Service V2, Powered by arvato service terminated unexpectedly. It has done this 1 time(s).
8/28/2015 1:47:09 AM, Error: Service Control Manager [7031] - The Spy Emergency Health Check service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
8/28/2015 1:47:09 AM, Error: Service Control Manager [7031] - The Spy Emergency Engine Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
8/28/2015 1:46:48 AM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
8/28/2015 1:46:48 AM, Error: Service Control Manager [7034] - The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).
8/28/2015 1:46:48 AM, Error: Service Control Manager [7034] - The Maxthon Core Update Service service terminated unexpectedly. It has done this 1 time(s).
8/28/2015 1:46:48 AM, Error: Service Control Manager [7034] - The Maxthon AppStore Update Service service terminated unexpectedly. It has done this 1 time(s).
8/28/2015 1:46:47 AM, Error: Service Control Manager [7034] - The Maxthon App Store Service 1.0.0.10539 service terminated unexpectedly. It has done this 1 time(s).
8/28/2015 1:46:47 AM, Error: Service Control Manager [7034] - The COMODO Chromodo Update Service service terminated unexpectedly. It has done this 1 time(s).
8/28/2015 1:46:46 AM, Error: Service Control Manager [7034] - The HitmanPro Scheduler service terminated unexpectedly. It has done this 1 time(s).
8/28/2015 1:46:46 AM, Error: Service Control Manager [7034] - The COMODO LPS Launcher service terminated unexpectedly. It has done this 1 time(s).
8/27/2015 8:59:55 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HitmanProScheduler service.
8/27/2015 7:10:02 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/27/2015 2:02:24 AM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
8/27/2015 10:41:12 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
8/26/2015 2:17:39 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.3 with the system having network hardware address 2C-8A-72-41-B9-4C. Network operations on this system may be disrupted as a result.
8/25/2015 8:36:15 AM, Error: Service Control Manager [7000] - The Amiti Antivirus Health Check service failed to start due to the following error: The system cannot find the file specified.
8/24/2015 4:01:44 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Amiti Antivirus Engine Service service to connect.
8/24/2015 4:01:44 PM, Error: Service Control Manager [7000] - The Amiti Antivirus Engine Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/23/2015 6:21:06 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Pro.
8/23/2015 2:16:14 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
.
==== End Of File ===========================
GT-truth is offline  
Sponsored Links
Advertisement
 
Old 08-30-2015, 01:31 AM   #2
Registered Member
 
Join Date: Aug 2015
Posts: 2
OS: windosw 7



DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17937 BrowserJavaVersion: 11.51.2
Run by b at 11:26:21 on 2015-08-30
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2807.449 [GMT 3:00]
.
AV: COMODO Antivirus *Enabled/Updated* {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5}
SP: Comodo Defense+ *Enabled/Updated* {493CE176-EB84-BC8D-9707-B3ACF7598648}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall *Enabled* {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Common Files\COMODO\launcher_service.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Comodo\Chromodo\chromodo_updater.exe
C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Maxthon App Store\1.0.0.10539\MaxthonAppstoreSvc.exe
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\Program Files\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
C:\Program Files\FreeAlarmClock\FreeAlarmClock.exe
C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyHealth.exe
C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe
C:\Windows\system32\GWX\GWX.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Users\b\AppData\Local\Epic Privacy Browser\Application\epic.exe
C:\Users\b\AppData\Local\Epic Privacy Browser\Application\epic.exe
C:\Users\b\AppData\Local\Epic Privacy Browser\Application\epic.exe
C:\Users\b\AppData\Local\Epic Privacy Browser\Application\epic.exe
C:\Users\b\AppData\Local\Epic Privacy Browser\Application\epic.exe
C:\Users\b\AppData\Local\Epic Privacy Browser\Application\epic.exe
C:\Users\b\AppData\Local\Epic Privacy Browser\Application\epic.exe
C:\Users\b\AppData\Local\Epic Privacy Browser\Application\epic.exe
C:\Users\b\AppData\Local\Epic Privacy Browser\Application\epic.exe
C:\Users\b\AppData\Local\Epic Privacy Browser\Application\epic.exe
C:\Users\b\AppData\Local\Epic Privacy Browser\Application\epic.exe
C:\Users\b\AppData\Local\Epic Privacy Browser\Application\epic.exe
C:\Users\b\AppData\Local\Epic Privacy Browser\Application\epic.exe
C:\Users\b\AppData\Local\Epic Privacy Browser\Application\epic.exe
C:\Users\b\AppData\Local\Epic Privacy Browser\Application\epic.exe
C:\Users\b\AppData\Local\Epic Privacy Browser\Application\epic.exe
C:\Users\b\AppData\Local\Epic Privacy Browser\Application\epic.exe
C:\Users\b\AppData\Local\Epic Privacy Browser\Application\epic.exe
C:\Users\b\AppData\Local\Epic Privacy Browser\Application\epic.exe
C:\Users\b\AppData\Local\Epic Privacy Browser\Application\epic.exe
C:\Users\b\AppData\Local\Epic Privacy Browser\Application\epic.exe
C:\Users\b\AppData\Local\Epic Privacy Browser\Application\epic.exe
C:\Users\b\AppData\Local\Epic Privacy Browser\Application\epic.exe
C:\Users\b\AppData\Local\Epic Privacy Browser\Application\epic.exe
C:\Users\b\AppData\Local\Epic Privacy Browser\Application\epic.exe
C:\Users\b\AppData\Local\Epic Privacy Browser\Application\epic.exe
C:\Users\b\AppData\Local\Epic Privacy Browser\Application\epic.exe
C:\Users\b\AppData\Local\Epic Privacy Browser\Application\epic.exe
C:\Users\b\AppData\Local\Epic Privacy Browser\Application\epic.exe
C:\Users\b\AppData\Local\Epic Privacy Browser\Application\epic.exe
C:\Users\b\AppData\Local\Epic Privacy Browser\Application\epic.exe
C:\Users\b\AppData\Local\Epic Privacy Browser\Application\epic.exe
C:\Users\b\AppData\Local\Epic Privacy Browser\Application\epic.exe
C:\Users\b\AppData\Local\Epic Privacy Browser\Application\epic.exe
C:\Users\b\AppData\Local\Epic Privacy Browser\Application\epic.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Blueberry Software\BB FlashBack Pro 5\FlashBack Recorder.exe
C:\Program Files\Blueberry Software\BB FlashBack Pro 5\LogSysServer.exe
C:\Program Files\Blueberry Software\BB FlashBack Pro 5\FBO\FTSUploadAgent.exe
C:\Program Files\Blueberry Software\BB FlashBack Pro 5\RecorderChecker.exe
F:\malware scanner\aswmbr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wimserv.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k utcsvc
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
mStart Page = about:blank
mSearch Page = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com/ie
uRun: [FreeAC] c:\program files\freealarmclock\FreeAlarmClock.exe -autorun
StartupFolder: c:\users\b\appdata\roaming\micros~1\windows\startm~1\programs\startup\captur~1.lnk - c:\program files\capturewiz\pro\CaptureWiz.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:153
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:157
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{C163DA87-E37A-4EB8-B69D-46565C5C25CA} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C163DA87-E37A-4EB8-B69D-46565C5C25CA}\34F6E6E6563647F54374F525F657475627 : NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{C163DA87-E37A-4EB8-B69D-46565C5C25CA}\34F6E6E6563647F54374F525F657475627 : DHCPNameServer = 192.168.2.1
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\b\appdata\roaming\mozilla\firefox\profiles\pihkw1ul.default-1440614188705\
FF - plugin: c:\program files\java\jre1.8.0_51\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_51\bin\plugin2\npjp2.dll
FF - plugin: c:\users\b\appdata\local\epic privacy browser\installer\1.3.27.13\npEpicUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_18_0_0_232.dll
.
============= SERVICES / DRIVERS ===============
.
R0 3F62376A;3F62376A;c:\windows\system32\drivers\3F62376A.sys [2015-8-27 153784]
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [2014-6-26 35064]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2015-8-5 17064]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2015-8-5 626776]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2015-8-5 41736]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
R1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\drivers\spyemrg.sys [2015-8-20 14168]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2014-7-23 142648]
R2 ChromodoUpdater;COMODO Chromodo Update Service;c:\program files\comodo\chromodo\chromodo_updater.exe [2015-8-19 1998520]
R2 CLPSLauncher;COMODO LPS Launcher;c:\program files\common files\comodo\launcher_service.exe [2015-8-13 70848]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\system32\svchost.exe -k utcsvc [2009-7-14 20992]
R2 GeekBuddyRSP;GeekBuddyRSP Server;c:\program files\common files\comodo\GeekBuddyRSP.exe [2015-6-30 2327248]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\hitmanpro\hmpsched.exe [2015-8-15 106248]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2015-8-8 13336]
R2 MaxthonAppStoreSvc;Maxthon AppStore Update Service;c:\program files\maxthon app store\1.0.0.10539\MaxthonAppstoreSvc.exe [2015-6-15 1867544]
R2 MaxthonUpdateSvc;Maxthon Core Update Service;c:\program files\maxthon\modules\service\update\MaxthonUpdateSvc.exe [2015-8-21 1871784]
R2 SpyEmrgHealth;Spy Emergency Health Check;c:\program files\netgate\spy emergency\SpyEmergencyHealth.exe [2015-8-20 308024]
R2 SpyEmrgSrv;Spy Emergency Engine Service;c:\program files\netgate\spy emergency\SpyEmergencySrv.exe [2015-8-20 2481144]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2015-8-8 132480]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2015-8-8 247808]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2010-6-8 343592]
R3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\drivers\spyemrg_guard.sys [2015-8-20 18872]
S1 epp32;epp32;f:\malware scanner\bin\epp32.sys [2015-8-9 112408]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2015-8-9 1871160]
S2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2015-8-9 1133880]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\comodo\comodo internet security\cmdvirth.exe [2015-8-5 1664704]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2015-8-15 43368]
S3 gfiutil;gfiutil;c:\windows\system32\drivers\gfiutil.sys [2015-8-15 24040]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2015-8-12 102912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-8-9 23256]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-8-9 51928]
S3 PSKMAD;PSKMAD;c:\windows\system32\drivers\PSKMAD.sys [2015-8-15 47632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2015-8-8 15872]
S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspSanity32.sys [2015-8-30 28256]
S3 SpyEmrgAccess;Spy Emergency OnAccess Driver;c:\windows\system32\drivers\spyemrg_access.sys [2015-8-20 20056]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]
.
=============== Created Last 30 ================
.
2015-08-30 04:48:22 28256 ----a-w- c:\windows\system32\drivers\rspSanity32.sys
2015-08-30 04:48:21 -------- d-----w- c:\program files\SanityCheck
2015-08-30 04:45:47 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{be87ab6b-7ffc-44ac-a38e-f4a27a521ecb}\offreg.2948.dll
2015-08-29 16:31:58 303744 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2015-08-29 16:19:57 -------- d-----w- c:\program files\NoVirusThanks
2015-08-29 13:09:56 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{be87ab6b-7ffc-44ac-a38e-f4a27a521ecb}\offreg.2748.dll
2015-08-29 12:21:01 -------- d-----w- C:\ERDNT
2015-08-29 12:20:59 -------- d-----w- c:\windows\ERUNT
2015-08-29 11:51:16 -------- d-----w- C:\!FixIEDef
2015-08-29 10:05:56 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{be87ab6b-7ffc-44ac-a38e-f4a27a521ecb}\offreg.3300.dll
2015-08-28 21:10:27 -------- d-----w- c:\users\b\appdata\roaming\8pecxstudios
2015-08-28 21:10:27 -------- d-----w- c:\users\b\appdata\local\8pecxstudios
2015-08-28 21:10:01 -------- d-----w- c:\program files\Cyberfox
2015-08-28 15:29:40 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{be87ab6b-7ffc-44ac-a38e-f4a27a521ecb}\offreg.3172.dll
2015-08-28 14:38:14 9234960 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{be87ab6b-7ffc-44ac-a38e-f4a27a521ecb}\mpengine.dll
2015-08-27 21:23:13 -------- d-----w- c:\users\b\appdata\local\F-Secure
2015-08-27 21:23:13 -------- d-----w- c:\programdata\F-Secure
2015-08-27 17:36:54 153784 ----a-w- c:\windows\system32\drivers\3F62376A.sys
2015-08-27 16:12:35 -------- d-sh--w- C:\$RECYCLE.BIN
2015-08-27 16:12:29 -------- d-----w- c:\users\b\appdata\local\temp
2015-08-27 15:58:54 -------- d-----w- C:\ComboFix
2015-08-25 08:39:03 -------- d-----w- C:\FRST
2015-08-24 18:51:03 -------- d-----w- C:\VTRoot
2015-08-24 18:51:00 48084 ----a-w- c:\windows\system32\drivers\fvstore.dat
2015-08-24 14:00:29 -------- d-----w- c:\program files\common files\COMODO
2015-08-24 13:43:52 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2015-08-24 13:43:07 -------- d-----w- c:\programdata\Shared Space
2015-08-24 13:41:20 -------- d-----w- c:\users\b\appdata\local\Comodo
2015-08-24 13:41:04 -------- d-----w- c:\program files\Comodo
2015-08-24 13:39:00 -------- d-----w- c:\programdata\Comodo
2015-08-24 12:04:13 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-08-21 12:33:25 -------- d-s---w- c:\windows\system32\GWX
2015-08-20 06:21:44 -------- d-----w- c:\users\b\appdata\roaming\Spy Emergency
2015-08-20 06:21:40 20056 ----a-w- c:\windows\system32\drivers\spyemrg_access.sys
2015-08-20 06:21:40 18872 ----a-w- c:\windows\system32\drivers\spyemrg_guard.sys
2015-08-20 06:21:40 14168 ----a-w- c:\windows\system32\drivers\spyemrg.sys
2015-08-20 06:21:40 -------- d-----w- c:\programdata\NETGATE
2015-08-20 06:21:36 -------- d-----w- c:\program files\NETGATE
2015-08-20 06:10:35 -------- d-----w- c:\users\b\appdata\local\QupZilla
2015-08-20 06:09:00 -------- d-----w- c:\program files\QupZilla
2015-08-20 05:40:44 -------- d-----w- c:\users\b\appdata\roaming\Maxthon App Store
2015-08-20 05:40:44 -------- d-----w- c:\program files\Maxthon App Store
2015-08-20 05:40:39 -------- d-----w- c:\users\b\appdata\roaming\Maxthon3
2015-08-20 05:40:26 -------- d-----w- c:\program files\Maxthon
2015-08-20 04:13:19 98520 ----a-w- c:\windows\system32\drivers\133E248A.sys
2015-08-19 16:09:44 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-08-19 15:58:26 -------- d-----w- c:\program files\Browser Cleaner
2015-08-19 15:54:16 -------- d-----w- c:\users\b\appdata\roaming\ZHP
2015-08-19 15:51:18 -------- d-----w- c:\programdata\UVK
2015-08-19 15:51:18 -------- d-----w- c:\program files\UVK - Ultra Virus Killer
2015-08-19 15:41:32 290304 ----a-w- c:\windows\system32\subinacl.exe
2015-08-19 15:41:32 -------- d-----w- c:\program files\Adware Removal Tool by TSA
2015-08-16 08:36:27 -------- d-----w- c:\users\b\Doctor Web
2015-08-15 15:23:31 -------- d-----w- c:\users\b\appdata\roaming\Runscanner.net
2015-08-15 15:10:55 -------- d-----w- C:\KVRT_Data
2015-08-15 14:11:16 47632 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2015-08-15 14:05:58 343456 ----a-w- c:\windows\system32\drivers\trufos.sys
2015-08-15 14:05:52 632064 ----a-w- c:\windows\system32\msvcr80.dll
2015-08-15 14:05:51 554240 ----a-w- c:\windows\system32\msvcp80.dll
2015-08-15 14:05:50 572928 ----a-w- c:\windows\system32\msvcp90.dll
2015-08-15 14:05:49 655872 ----a-w- c:\windows\system32\msvcr90.dll
2015-08-15 14:05:48 156392 ----a-w- c:\windows\system32\eEmpty.exe
2015-08-15 14:05:43 -------- d-----w- c:\program files\common files\MicroWorld
2015-08-15 14:05:41 -------- d-----w- c:\programdata\MicroWorld
2015-08-15 14:04:29 -------- d-----w- c:\program files\HitmanPro
2015-08-15 14:04:16 -------- d-----w- c:\programdata\HitmanPro
2015-08-15 11:45:22 -------- d-----w- c:\users\b\appdata\roaming\EncryptStick
2015-08-15 10:42:38 43368 ----a-w- c:\windows\system32\drivers\gfiark.sys
2015-08-15 10:42:38 24040 ----a-w- c:\windows\system32\drivers\gfiutil.sys
2015-08-15 10:42:03 -------- d-----w- C:\VIPRERESCUE
2015-08-15 0258 -------- d-----w- c:\users\b\appdata\local\ElevatedDiagnostics
2015-08-12 17:42:03 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 02:44:29 -------- d-s---w- c:\windows\system32\GWX_Old
2015-08-12 01:45:59 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-08-12 01:44:17 715200 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2015-08-12 01:44:10 44032 ----a-w- c:\windows\system32\basesrv.dll
2015-08-12 01:44:07 2048 ----a-w- c:\windows\system32\msxml6r.dll
2015-08-12 01:44:07 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-08-12 01:44:07 1390592 ----a-w- c:\windows\system32\msxml6.dll
2015-08-12 01:44:07 1241088 ----a-w- c:\windows\system32\msxml3.dll
2015-08-12 01:42:41 9234960 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2015-08-11 08:07:29 98816 ----a-w- c:\windows\sed.exe
2015-08-11 08:07:29 256000 ----a-w- c:\windows\PEV.exe
2015-08-11 08:07:29 208896 ----a-w- c:\windows\MBR.exe
2015-08-11 08:01:08 -------- d-----w- c:\users\b\appdata\roaming\Youtube Downloader HD
2015-08-10 10:50:05 -------- d-----w- c:\users\b\appdata\local\GWX
2015-08-10 09:45:26 -------- d-----w- c:\program files\Your Uninstaller! 7
2015-08-10 09:45:18 -------- d-----w- c:\users\b\appdata\roaming\URSoft
2015-08-10 09:18:03 96352 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-08-10 09:17:30 -------- d-----w- c:\programdata\Oracle
2015-08-10 08:28:22 -------- d-----w- c:\users\b\appdata\local\Diagnostics
2015-08-10 08:28:10 -------- d-----w- c:\users\b\appdata\local\CrashDumps
2015-08-10 07:02:34 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2015-08-10 07:02:34 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2015-08-10 07:02:34 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2015-08-10 07:02:34 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2015-08-10 07:02:34 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2015-08-10 07:01:12 -------- d-----w- c:\program files\Haali
2015-08-10 06:54:59 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2015-08-10 06:13:59 -------- d-----w- c:\program files\PhoXo
2015-08-10 06:13:55 -------- d-----w- c:\users\b\appdata\roaming\PhoXo
2015-08-10 06:12:42 991232 ----a-w- c:\windows\system32\imageviewer2.ocx
2015-08-10 06:12:42 224016 ----a-w- c:\windows\system32\tabctl32.ocx
2015-08-10 06:12:42 200704 ----a-w- c:\windows\system32\threed32.ocx
2015-08-10 06:12:41 608448 ----a-w- c:\windows\system32\comctl32.ocx
2015-08-10 06:12:41 164144 ----a-w- c:\windows\system32\comct232.ocx
2015-08-10 06:12:41 151552 ----a-w- c:\windows\system32\ccrpfd6.ocx
2015-08-10 06:12:41 110592 ----a-w- c:\windows\system32\ccrpbds6.dll
2015-08-10 06:12:41 106496 ----a-w- c:\windows\system32\mbprgbar.ocx
2015-08-10 06:12:41 -------- d-----w- c:\program files\PIXresizer
2015-08-10 06:09:59 -------- d-----w- c:\programdata\Protexis
2015-08-10 06:09:41 -------- d-----w- c:\users\b\appdata\local\Corel PaintShop Pro
2015-08-10 06:09:23 -------- d-----w- c:\program files\common files\Protexis
2015-08-10 06:09:14 -------- d-----w- c:\programdata\Corel
2015-08-10 06:07:58 -------- d-----w- c:\program files\Corel
2015-08-10 06:07:45 -------- d-----w- c:\programdata\Package Cache
2015-08-10 06:02:07 -------- d-----w- c:\programdata\UniqueId
2015-08-10 01:12:57 -------- d-s---w- c:\windows\system32\CompatTel
2015-08-10 01:12:57 -------- d-----w- c:\windows\system32\appraiser
2015-08-10 01:12:44 -------- d-----w- c:\windows\Migration
2015-08-09 15:15:36 -------- d-----w- c:\windows\system32\MRT
2015-08-09 15:04:36 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2015-08-09 14:49:07 -------- d-----w- c:\programdata\AVS4YOU
2015-08-09 14:49:03 -------- d-----w- c:\users\b\appdata\roaming\AVS4YOU
2015-08-09 14:47:36 -------- d-----w- c:\program files\common files\AVSMedia
2015-08-09 14:47:20 24576 ----a-w- c:\windows\system32\msxml3a.dll
2015-08-09 14:47:20 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2015-08-09 14:47:20 -------- d-----w- c:\program files\AVS4YOU
2015-08-09 08:39:08 -------- d-----w- c:\program files\Youtube Downloader HD
2015-08-09 08:32:22 -------- d-----w- c:\users\b\appdata\local\Epic Privacy Browser
2015-08-09 08:32:22 -------- d-----w- c:\programdata\Epic Privacy Browser
2015-08-09 08:24:52 3419136 ----a-w- c:\windows\system32\d2d1.dll
2015-08-09 07:47:44 -------- d-----w- C:\NPE
2015-08-09 07:46:34 -------- d-----w- c:\users\b\appdata\local\NPE
2015-08-09 07:46:34 -------- d-----w- c:\programdata\Norton
2015-08-09 07:44:48 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-08-09 07:44:45 -------- d-----w- c:\programdata\RogueKiller
2015-08-09 07:43:36 -------- d-----w- C:\AdwCleaner
2015-08-09 07:18:40 -------- d-----w- c:\users\b\appdata\roaming\SUPERAntiSpyware.com
2015-08-09 07:18:26 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2015-08-09 07:18:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2015-08-09 07:14:34 -------- d-----w- c:\users\b\appdata\roaming\9-lab
2015-08-09 07:13:58 -------- d-----w- c:\programdata\9-lab
2015-08-09 07:13:58 -------- d-----w- c:\program files\9-lab
2015-08-09 06:44:37 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-09 06:44:31 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-08-09 06:44:31 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-08-09 06:44:31 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-08-09 06:44:31 -------- d-----w- c:\programdata\Malwarebytes
2015-08-09 06:44:31 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-08-09 06:33:48 -------- d-----w- c:\users\b\appdata\roaming\uTorrent
2015-08-09 05:18:36 -------- d-----w- c:\programdata\Blueberry
2015-08-09 05:00:10 1230848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-08-09 04:56:56 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2015-08-08 23:59:26 -------- d-----w- c:\windows\Panther
2015-08-08 15:28:52 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2015-08-08 15:28:52 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2015-08-08 15:28:52 613888 ----a-w- c:\windows\system32\WUDFx.dll
2015-08-08 15:28:52 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2015-08-08 15:28:52 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2015-08-08 15:28:52 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2015-08-08 15:28:52 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2015-08-08 15:27:30 99480 ----a-w- c:\windows\system32\infocardapi.dll
2015-08-08 15:27:28 8856 ----a-w- c:\windows\system32\icardres.dll
2015-08-08 15:27:25 619672 ----a-w- c:\windows\system32\icardagt.exe
2015-08-08 15:27:24 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2015-08-08 15:26:34 5120 ----a-w- c:\windows\system32\wmi.dll
2015-08-08 15:26:34 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2015-08-08 15:04:31 231424 ----a-w- c:\windows\system32\mswsock.dll
2015-08-08 15:04:21 49152 ----a-w- c:\windows\system32\taskhost.exe
2015-08-08 15:01:43 1505280 ----a-w- c:\windows\system32\d3d11.dll
2015-08-08 15:00:48 -------- d-----w- c:\users\b\appdata\local\Wondershare
2015-08-08 15:00:46 -------- d-----w- c:\program files\common files\Wondershare
2015-08-08 15:00:18 2140712 ----a-w- c:\windows\system32\mcmpgvout.004
2015-08-08 15:00:18 20520 ----a-w- c:\windows\system32\mcmpgvout.dll
2015-08-08 15:00:17 531496 ----a-w- c:\windows\system32\mcmpeg2mux.ax
2015-08-08 15:00:17 375848 ----a-w- c:\windows\system32\mcm2ve.ax
2015-08-08 15:00:17 257064 ----a-w- c:\windows\system32\mcl2ae.ax
2015-08-08 15:00:17 244776 ----a-w- c:\windows\system32\mcmpgaout.dll
2015-08-08 15:00:02 -------- d-----w- c:\programdata\Wondershare Video Editor
2015-08-08 15:00:02 -------- d-----w- c:\program files\Wondershare
2015-08-08 14:59:53 -------- d-----w- c:\users\b\appdata\roaming\Blueberry
2015-08-08 14:59:52 -------- d-----w- c:\users\b\appdata\roaming\LogSys
2015-08-08 14:59:50 -------- d-----w- c:\programdata\LogSys
2015-08-08 14:59:45 -------- d-----w- c:\program files\common files\Blueberry Software
2015-08-08 14:59:44 -------- d-----w- c:\program files\Blueberry Software
2015-08-08 14:56:28 635904 ----a-w- c:\windows\system32\perftrack.dll
2015-08-08 14:56:28 27136 ----a-w- c:\windows\system32\powertracker.dll
2015-08-08 14:56:27 76800 ----a-w- c:\windows\system32\wdi.dll
2015-08-08 14:56:22 538112 ----a-w- c:\windows\system32\objsel.dll
2015-08-08 14:56:21 51200 ----a-w- c:\windows\system32\cngprovider.dll
2015-08-08 14:56:21 49664 ----a-w- c:\windows\system32\adprovider.dll
2015-08-08 14:56:21 48128 ----a-w- c:\windows\system32\capiprovider.dll
2015-08-08 14:56:21 47616 ----a-w- c:\windows\system32\dpapiprovider.dll
2015-08-08 14:56:21 36864 ----a-w- c:\windows\system32\dimsroam.dll
2015-08-08 14:56:21 35328 ----a-w- c:\windows\system32\wincredprovider.dll
2015-08-08 14:56:14 828928 ----a-w- c:\windows\system32\msctf.dll
2015-08-08 14:54:47 534528 ----a-w- c:\windows\system32\EncDec.dll
2015-08-08 14:54:13 233472 ----a-w- c:\windows\system32\oleacc.dll
2015-08-08 14:52:35 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2015-08-08 14:51:59 868864 ----a-w- c:\program files\common files\microsoft shared\ink\tipskins.dll
2015-08-08 14:50:58 571904 ----a-w- c:\windows\system32\oleaut32.dll
2015-08-08 14:49:58 2311168 ----a-w- c:\windows\system32\wpdshext.dll
2015-08-08 14:48:59 991232 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2015-08-08 14:40:51 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2015-08-08 14:40:51 87040 ----a-w- c:\windows\system32\secproc_ssp.dll
2015-08-08 14:40:51 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe
2015-08-08 14:40:51 572416 ----a-w- c:\windows\system32\RMActivate.exe
2015-08-08 14:40:51 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2015-08-08 14:40:51 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2015-08-08 14:40:51 428032 ----a-w- c:\windows\system32\secproc.dll
2015-08-08 14:40:51 423936 ----a-w- c:\windows\system32\secproc_isv.dll
2015-08-08 14:40:51 390144 ----a-w- c:\windows\system32\msdrm.dll
2015-08-08 14:39:25 523776 ----a-w- c:\windows\system32\termsrv.dll
2015-08-08 14:39:12 116224 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2015-08-08 14:39:10 530432 ----a-w- c:\windows\system32\comctl32.dll
2015-08-08 14:39:09 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2015-08-08 14:39:09 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2015-08-08 14:39:09 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys
2015-08-08 14:39:09 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2015-08-08 14:39:09 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2015-08-08 14:39:07 308224 ----a-w- c:\windows\system32\scesrv.dll
2015-08-08 14:37:40 248832 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2015-08-08 14:37:40 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2015-08-08 14:37:40 198656 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2015-08-08 14:37:40 145920 ----a-w- c:\windows\system32\WsmAuto.dll
2015-08-08 14:37:40 1177088 ----a-w- c:\windows\system32\WsmSvc.dll
2015-08-08 14:36:21 -------- d-----w- c:\users\b\appdata\roaming\ACD Systems
2015-08-08 14:36:21 -------- d-----w- c:\users\b\appdata\local\ACD Systems
2015-08-08 14:30:28 -------- d-----w- c:\program files\common files\ACD Systems
2015-08-08 14:30:28 -------- d-----w- c:\program files\ACD Systems
2015-08-08 14:29:38 -------- d-----w- c:\users\b\appdata\local\Downloaded Installations
2015-08-08 1454 -------- d-----w- c:\program files\CaptureWiz
2015-08-08 14:03:28 246952 ------w- c:\windows\system32\MpSigStub.exe
2015-08-08 14:02:01 826880 ----a-w- c:\windows\system32\rdpcore.dll
2015-08-08 14:02:01 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2015-08-08 13:55:44 -------- d-----w- c:\users\b\appdata\local\Macromedia
2015-08-08 13:41:09 778440 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-08-08 13:41:09 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-08-08 13:38:25 -------- d-----w- c:\users\b\appdata\local\Adobe
2015-08-08 13:37:31 -------- d-----w- c:\users\b\appdata\local\Mozilla
2015-08-08 13:37:25 -------- d-----w- c:\program files\Mozilla Maintenance Service
2015-08-08 13:29:48 -------- d-----w- c:\users\b\appdata\roaming\Intel Corporation
2015-08-08 13:27:45 435736 ----a-w- c:\windows\system32\drivers\iaStor.sys
2015-08-08 13:22:09 -------- d-----w- C:\Intel
2015-08-08 13:20:58 64616 ----a-w- c:\windows\system32\RtkCoInst.dll
2015-08-08 13:19:24 -------- d-----w- c:\program files\Cisco
2015-08-08 13:19:22 -------- d-sh--w- c:\windows\Installer
2015-08-08 13:18:49 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll
2015-08-08 13:18:49 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2015-08-08 13:18:48 3872056 ----a-w- c:\windows\system32\bcmihvsrv.dll
2015-08-08 13:18:48 3764800 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2015-08-08 13:18:48 3560760 ----a-w- c:\windows\system32\bcmihvui.dll
2015-08-08 13:18:48 -------- d-----w- c:\program files\Broadcom
2015-08-08 13:14:55 -------- d-----w- C:\Recovery
2015-08-04 22:31:14 41736 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2015-08-04 22:31:10 626776 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2015-08-04 22:31:08 17064 ----a-w- c:\windows\system32\drivers\cmderd.sys
2015-08-04 22:29:54 33496 ----a-w- c:\windows\system32\cmdcsr.dll
2015-08-04 22:29:52 445472 ----a-w- c:\windows\system32\guard32.dll
2015-08-04 22:27:22 288448 ----a-w- c:\windows\system32\cmdvrt32.dll
2015-08-04 22:26:54 40640 ----a-w- c:\windows\system32\cmdkbd32.dll
.
==================== Find3M ====================
.
2015-08-08 15:02:43 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-07-30 17:57:31 909824 ----a-w- c:\windows\system32\FntCache.dll
2015-07-30 17:57:30 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2015-07-30 17:57:30 1251328 ----a-w- c:\windows\system32\DWrite.dll
2015-07-30 17:57:12 26624 ----a-w- c:\windows\system32\lpk.dll
2015-07-30 17:57:08 70656 ----a-w- c:\windows\system32\fontsub.dll
2015-07-30 17:57:05 10240 ----a-w- c:\windows\system32\dciman32.dll
2015-07-30 17:57:02 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-07-30 16:52:25 2384384 ----a-w- c:\windows\system32\win32k.sys
2015-07-30 16:49:55 299520 ----a-w- c:\windows\system32\atmfd.dll
2015-07-28 20:04:44 15808 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-07-28 20:00:18 635904 ----a-w- c:\windows\system32\invagent.dll
2015-07-28 20:00:16 598528 ----a-w- c:\windows\system32\generaltel.dll
2015-07-28 20:00:12 346112 ----a-w- c:\windows\system32\devinv.dll
2015-07-28 20:00:09 952832 ----a-w- c:\windows\system32\appraiser.dll
2015-07-28 20:00:08 60416 ----a-w- c:\windows\system32\acmigration.dll
2015-07-28 20:00:08 202752 ----a-w- c:\windows\system32\aepdu.dll
2015-07-28 19:54:01 934400 ----a-w- c:\windows\system32\aeinv.dll
2015-07-20 17:56:49 93184 ----a-w- c:\windows\system32\wudriver.dll
2015-07-20 17:56:49 2943488 ----a-w- c:\windows\system32\wucltux.dll
2015-07-20 17:56:49 173056 ----a-w- c:\windows\system32\wuwebv.dll
2015-07-20 17:56:24 73728 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-07-20 17:56:12 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-07-20 17:56:08 34816 ----a-w- c:\windows\system32\wuapp.exe
2015-07-16 2026 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2015-07-16 19:51:47 504320 ----a-w- c:\windows\system32\vbscript.dll
2015-07-16 19:51:46 62464 ----a-w- c:\windows\system32\iesetup.dll
2015-07-16 19:50:54 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2015-07-16 19:50:38 341504 ----a-w- c:\windows\system32\html.iec
2015-07-16 19:49:37 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-07-16 19:39:29 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2015-07-16 19:39:20 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2015-07-16 19:38:51 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2015-07-16 19:32:13 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2015-07-16 19:24:03 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2015-07-16 19:12:39 4520448 ----a-w- c:\windows\system32\jscript9.dll
2015-07-16 1906 2052608 ----a-w- c:\windows\system32\inetcpl.cpl
2015-07-16 19:05:15 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2015-07-16 18:42:02 1951232 ----a-w- c:\windows\system32\wininet.dll
2015-07-15 17:59:45 3989952 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-07-15 17:59:45 3934656 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-07-15 17:59:44 78784 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-07-15 17:59:44 137664 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-07-15 17:56:24 1308160 ----a-w- c:\windows\system32\ntdll.dll
2015-07-15 17:55:07 172032 ----a-w- c:\windows\system32\wdigest.dll
2015-07-15 17:55:04 65536 ----a-w- c:\windows\system32\TSpkg.dll
2015-07-15 17:55:03 15872 ----a-w- c:\windows\system32\sspisrv.dll
2015-07-15 17:55:03 1159168 ----a-w- c:\windows\system32\sysmain.dll
2015-07-15 17:55:03 100352 ----a-w- c:\windows\system32\sspicli.dll
2015-07-15 17:55:02 43008 ----a-w- c:\windows\system32\srclient.dll
2015-07-15 17:55:02 400896 ----a-w- c:\windows\system32\srcore.dll
2015-07-15 17:55:00 248832 ----a-w- c:\windows\system32\schannel.dll
2015-07-15 17:55:00 22016 ----a-w- c:\windows\system32\secur32.dll
2015-07-15 17:54:59 655360 ----a-w- c:\windows\system32\rpcrt4.dll
2015-07-15 17:54:55 221184 ----a-w- c:\windows\system32\ncrypt.dll
2015-07-15 17:54:54 259584 ----a-w- c:\windows\system32\msv1_0.dll
2015-07-15 17:54:53 10752 ----a-w- c:\windows\system32\msmmsp.dll
2015-07-15 17:54:50 1061376 ----a-w- c:\windows\system32\lsasrv.dll
2015-07-15 17:54:49 552960 ----a-w- c:\windows\system32\kerberos.dll
2015-07-15 17:54:43 38912 ----a-w- c:\windows\system32\csrsrv.dll
2015-07-15 17:54:43 36864 ----a-w- c:\windows\system32\cryptbase.dll
2015-07-15 17:54:43 17408 ----a-w- c:\windows\system32\credssp.dll
2015-07-15 17:54:24 69632 ----a-w- c:\windows\system32\smss.exe
2015-07-15 17:54:19 262656 ----a-w- c:\windows\system32\rstrui.exe
2015-07-15 17:54:08 22528 ----a-w- c:\windows\system32\lsass.exe
2015-07-15 17:53:53 50176 ----a-w- c:\windows\system32\auditpol.exe
2015-07-15 17:49:10 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-07-15 17:48:14 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-07-15 17:44:18 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-07-15 17:44:16 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-07-15 17:43:40 2560 ----a-w- c:\windows\system32\drivers\en-us\mountmgr.sys.mui
2015-07-15 16:36:44 225792 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2015-07-15 16:36:23 98304 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2015-07-15 16:36:23 124416 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2015-07-10 17:34:09 36864 ----a-w- c:\windows\system32\tsgqec.dll
2015-07-10 17:34:02 3221504 ----a-w- c:\windows\system32\mstscax.dll
2015-07-10 17:33:50 131584 ----a-w- c:\windows\system32\aaclient.dll
2015-07-09 17:42:27 179712 ----a-w- c:\windows\system32\notepad.exe
2015-07-09 17:42:27 179712 ----a-w- c:\windows\notepad.exe
2015-07-04 17:48:36 1414656 ----a-w- c:\windows\system32\ole32.dll
2015-07-01 20:30:43 206848 ----a-w- c:\windows\system32\WebClnt.dll
2015-07-01 20:30:21 82432 ----a-w- c:\windows\system32\davclnt.dll
2015-06-17 17:39:13 305664 ----a-w- c:\windows\system32\gdi32.dll
2015-06-15 21:47:30 101824 ----a-w- c:\windows\system32\consent.exe
2015-06-15 21:43:35 337408 ----a-w- c:\windows\system32\msihnd.dll
2015-06-15 21:43:35 2364416 ----a-w- c:\windows\system32\msi.dll
2015-06-15 21:43:24 1805824 ----a-w- c:\windows\system32\authui.dll
2015-06-15 21:43:23 47104 ----a-w- c:\windows\system32\appinfo.dll
2015-06-15 21:42:49 73216 ----a-w- c:\windows\system32\msiexec.exe
2015-06-15 21:37:15 25088 ----a-w- c:\windows\system32\msimsg.dll
2015-06-11 17:57:19 919552 ----a-w- c:\windows\system32\rdpcorets.dll
2015-06-11 17:15:58 134656 ----a-w- c:\windows\system32\rdpudd.dll
2015-06-11 17:15:04 15872 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2015-06-03 20:17:05 163840 ----a-w- c:\windows\system32\aepic.dll
2015-06-03 20:17:05 1167520 ----a-w- c:\windows\system32\aitstatic.exe
2015-06-01 23:47:09 210432 ----a-w- c:\windows\system32\cewmdm.dll
.
============= FINISH: 11:28:26.96 ===============
GT-truth is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Rootkits
https://www.microsoft.com/security/portal/mmpc/threat/rootkits.aspx
JMH3143 Computer Security News 0 05-07-2014 02:41 AM
[SOLVED] AVG scan found rootkits on a newly formatted computer
Hi everyone, I have a Vaio VGN-BX760 laptop, running XP and recently ran the vaio recovery to reformat the C: drive since I suspected a virus or trojan. I tried creating recovery disks to reformat the entire system, but I kept getting a blank pop up screen with an "ok" button and when I click...
kfeng86 Resolved HJT Threads 3 07-09-2013 12:25 PM
Sophisticated rootkits becoming more resilient
Experts from security vendor ESET warn that TDL4, one of the most sophisticated pieces of malware in the world, is being rewritten and improved for increased resilience to antivirus detection. "ESET researchers have been tracking the TDL4 botnet for a long time, and now we have noticed a new...
Glaswegian Computer Security News 0 10-24-2011 01:18 PM
Finding Rootkits with Windbg
I wasn't sure whether to put this under the LizaMoon discussion or not, but I think that it warrants a new thread (although that may just be me :laugh:) For a very brief introduction to Rootkits, if you don't already know what they are: Rootkits: The Obscure Hacker Attack If you don't...
niemiro The Registry 6 04-29-2011 11:11 AM
An Introduction to Rootkits, Tutorial by Swandog46
Posted with permisssion of Swandog46 An Introduction to Rootkits What are they, and how does one detect and remove them? The purpose of this thread is to give you a basic introduction to rootkits --- what are they, why are they so dangerous, how do they behave, how does one detect and...
tetonbob The Annex 0 08-02-2006 09:58 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 01:43 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts