Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

HELP PLEASE!COMPUTER BEING ATTACKED THROUGH IP

Started by angel959 , Dec 01 2014 06:05 AM

hacked rootkits.hijack software malware viruses

Please log in to reply

#1
angel959

Posted 01 December 2014 - 06:05 AM

Member

Member
38 posts

HI GUYS

:wave: First of all I want to say Thankyou for being here for people like myself!!!

I have come here because on Friday I went to Rollitup.org and joined the forums there , As soon as I signed up I was pounced on ad asked for pics etc , after a few petty discussions someone posted what turned out to actually be our gateway number on the forums. They said it was our IP but I have spoken with the provider and they say it is the gateway address?! In saying that it doesn't mean that they didn't have our IP...After a few minutes I was sent Hijack software that was caught by my security software (comodo security suite free version) then after that every few minutes was attack after attack , after about 30 hours of that they changed it up and started sending viruses to me as well as DDOSing me ,after that they started to try Malware and then rootkits.I look through our programmes and found a registry item that I did not DL and it was causing all sorts of errors I removed that but am really frightened that something may have slipped past because my registry is continually having issues and i keep finding doubles of thing in the computer system...PLease can someone help me I have malware bytes which claims we are clean my security software says clean but clearly some damage has been done somewhere I am of limited means and have just finished paying for a full reboot and a new version of windows 7 after an incompetant repair man destroyed my hard drive

If someone could please take the time to help me sort this out I would really appreciate it

Angel959 :help: :kiss:

#2
angel959

Posted 01 December 2014 - 11:49 PM

Member

Topic Starter
Member
38 posts

HI GUYS

First of all I want to say Thankyou for being here for people like myself!!!

I have come here because on Friday I went to Rollitup.org and joined the forums there , As soon as I signed up I was pounced on ad asked for pics etc , after a few petty discussions someone posted what turned out to actually be our gateway number on the forums. They said it was our IP but I have spoken with the provider and they say it is the gateway address?! In saying that it doesn't mean that they didn't have our IP...After a few minutes I was sent Hijack software that was caught by my security software (comodo security suite free version) then after that every few minutes was attack after attack , after about 30 hours of that they changed it up and started sending viruses to me as well as DDOSing me ,after that they started to try Malware and then rootkits.I look through our programmes and found a registry item that I did not DL and it was causing all sorts of errors I removed that but am really frightened that something may have slipped past because my registry is continually having issues and i keep finding doubles of thing in the computer system...PLease can someone help me I have malware bytes which claims we are clean my security software says clean but clearly some damage has been done somewhere I am of limited means and have just finished paying for a full reboot and a new version of windows 7 after an incompetant repair man destroyed my hard drive

If someone could please take the time to help me sort this out I would really appreciate it

Angel959 root kit results

RogueKiller V10.0.8.0 (x64) [Nov 20 2014] by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.co...es/roguekiller/

Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Julie-Anne [Administrator]

Mode : Scan -- Date : 12/02/2014 03:31:29

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 6 ¤¤¤

[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1508351825-2038946537-1176088434-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/?pc=u159 -> Found

[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1508351825-2038946537-1176088434-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/?pc=u159 -> Found

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤

[PUM.Proxy][FIREFX:Config] hyouixo8.default : user_pref("network.proxy.type", 2); -> Found

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BPKX-00HPJT0 ATA Device +++++

--- User ---

[MBR] 296a91b76faa5c6a06ff6beb447077d5

[BSP] 2a44cc6dba04ea8230a9d0e654ada494 : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB

1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB

User = LL1 ... OK

User = LL2 ... OK

+++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++

Error reading User MBR! ([15] The device is not ready. )

Error reading LL1 MBR! NOT VALID!

Error reading LL2 MBR! ([32] The request is not supported. )

============================================

RKreport_DEL_12022014_021318.log - RKreport_DEL_12022014_021328.log - RKreport_DEL_12022014_021334.log - RKreport_DEL_12022014_021658.log

RKreport_DEL_12022014_023609.log - RKreport_SCN_12022014_021250.log - RKreport_SCN_12022014_021649.log - RKreport_SCN_12022014_023505.log

#3
RKinner

Posted 02 December 2014 - 02:02 PM

Malware Expert

Expert
24,624 posts

Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site

Pause your anti-virus. Close all browsers.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

Press Scan button.

It will produce a log called FRST.txt in the same directory the tool is run from.

Please copy and paste log back here.

The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Download OTL from

http://www.geekstogo...timers-list-it/

and Save it to your desktop.

Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron

#4
angel959

Posted 03 December 2014 - 08:07 PM

Member

Topic Starter
Member
38 posts

Hi and thanks I just want to ask a question before I go and do this stuff I ran rogue killer again after I rolled the comp back a few days and it has found some svc host files that I can't remove and a thing called driver store it is written in blue has thousands of files and has downloaded weird drivers that make the computer think it has things like devices that aren't there and they are confusing the ipod etc I tried to reset the permissions but it is set uo so I cant ...it has trusted installer settings and no virus stuff I have run can detect it..not even windows own one I watched go straight past it API is a common theme and I am sure it is stopping the computer setting restore points I watched 4 driver things install earlier but can not find them ...rogue killer cant remove either because of the settings..the day I did roll back the restore operation took 45 minutes..I tried using the cmd prompt to allow me access to the file path??? I could of course be writing the file name wrong...anyway I will go run this stuff and be back I just thought I would tell you what I have found

Edited by angel959, 03 December 2014 - 08:09 PM.

#5
angel959

Posted 04 December 2014 - 12:28 AM

Member

Topic Starter
Member
38 posts

# Database : 2014-12-03.1 [Live]

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Julie-Anne - TOSHIBA

# Running from : C:\Users\Julie-Anne\J&N (3)\adwcleaner_4.103.exe

# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Users\Julie-Anne\AppData\Roaming\Mozilla\Firefox\Profiles\hyouixo8.default\searchplugins\bingp.xml

Folder Found : C:\Program Files (x86)\ASP

Folder Found : C:\ProgramData\baidu

Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector

Folder Found : C:\ProgramData\Systweak

Folder Found : C:\Users\Julie-Anne\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja

Folder Found : C:\Users\Julie-Anne\AppData\Roaming\baidu

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Brothersoft

Key Found : [x64] HKCU\Software\Brothersoft

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420

-\\ Mozilla Firefox v33.1 (x86 en-US)

-\\ Comodo Dragon v36.1.1.21

[C:\Users\Julie-Anne\AppData\Local\Comodo\Dragon\User Data\Default\preferences] - Found [Extension] : cmaiofennmphjldldcpphcechfnnohja

-\\ Opera v0.0.0.0

*************************

AdwCleaner[R0].txt - [1818 octets] - [04/12/2014 19:25:49]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1878 octets] ##########

#6
angel959

Posted 04 December 2014 - 01:59 AM

Member

Topic Starter
Member
38 posts

Version: 6.4.0 (11.29.2014:1)

OS: Windows 7 Home Premium x64

Ran by Julie-Anne on Thu 04/12/2014 at 19:51:00.50

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

Successfully stopped: [Service] hshld

Successfully deleted: [Service] hshld

Successfully stopped: [Service] hsstrayservice

Successfully deleted: [Service] hsstrayservice

Successfully stopped: [Service] hsswd

Successfully deleted: [Service] hsswd

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\baidu"

Successfully deleted: [Folder] "C:\ProgramData\baidu security"

Failed to delete: [Folder] "C:\ProgramData\hotspot shield"

Failed to delete: [Folder] "C:\ProgramData\systweak"

Successfully deleted: [Folder] "C:\Users\Julie-Anne\AppData\Roaming\asp"

Successfully deleted: [Folder] "C:\Users\Julie-Anne\AppData\Roaming\baidu"

Successfully deleted: [Folder] "C:\Users\Julie-Anne\AppData\Roaming\baidu security"

Failed to delete: [Folder] "C:\Users\Julie-Anne\AppData\Roaming\hotspot shield"

Successfully deleted: [Folder] "C:\Users\Julie-Anne\AppData\Roaming\systweak"

Successfully deleted: [Folder] "C:\Program Files (x86)\asp"

Successfully deleted: [Folder] "C:\Program Files (x86)\baidu security"

Failed to delete: [Folder] "C:\Program Files (x86)\hotspot shield"

~~~ FireFox

Successfully deleted: [File] C:\Users\Julie-Anne\AppData\Roaming\mozilla\firefox\profiles\hyouixo8.default\searchplugins\bingp.xml

Emptied folder: C:\Users\Julie-Anne\AppData\Roaming\mozilla\firefox\profiles\hyouixo8.default\minidumps [8 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 04/12/2014 at 20:55:53.17

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#7
angel959

Posted 04 December 2014 - 02:00 AM

Member

Topic Starter
Member
38 posts

Hi and thanks I just want to ask a question before I go and do this stuff I ran rogue killer again after I rolled the comp back a few days and it has found some svc host files that I can't remove and a thing called driver store it is written in blue has thousands of files and has downloaded weird drivers that make the computer think it has things like devices that aren't there and they are confusing the ipod etc I tried to reset the permissions but it is set uo so I cant ...it has trusted installer settings and no virus stuff I have run can detect it..not even windows own one I watched go straight past it API is a common theme and I am sure it is stopping the computer setting restore points I watched 4 driver things install earlier but can not find them ...rogue killer cant remove either because of the settings..the day I did roll back the restore operation took 45 minutes..I tried using the cmd prompt to allow me access to the file path??? I could of course be writing the file name wrong...anyway I will go run this stuff and be back I just thought I would tell you what I have found

Thought I should tell you the junk remover was getting blocked from some registry keys I don't know if that is meant to happen so thought I would point it out

#8
angel959

Posted 04 December 2014 - 02:11 AM

Member

Topic Starter
Member
38 posts

L logfile created on: 4/12/2014 9:03:04 p.m. - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Julie-Anne\J&N (3)

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17420)

Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

3.80 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 57.04% Memory free

7.60 Gb Paging File | 5.41 Gb Available in Paging File | 71.09% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.66 Gb Total Space | 420.82 Gb Free Space | 90.37% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA | User Name: Julie-Anne | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/12/04 21:01:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Julie-Anne\J&N (3)\OTL.exe

PRC - [2014/11/28 15:18:33 | 000,725,696 | ---- | M] (Comodo) -- C:\Program Files (x86)\Comodo\Dragon\dragon.exe

PRC - [2014/11/28 15:18:31 | 002,370,240 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe

PRC - [2014/11/17 06:42:25 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe

PRC - [2014/09/12 22:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

========== Modules (No Company Name) ==========

MOD - [2014/11/28 02:42:36 | 000,879,808 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\libGLESv2.dll

MOD - [2014/11/28 02:34:18 | 000,956,608 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\ffmpegsumo.dll

MOD - [2014/11/28 02:33:18 | 000,134,848 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\libEGL.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/11/13 10:52:58 | 007,615,952 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (CmdAgent)

SRV:64bit: - [2014/11/13 10:52:22 | 002,265,304 | ---- | M] (COMODO) [On_Demand | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)

SRV:64bit: - [2014/11/06 16:30:08 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)

SRV:64bit: - [2013/05/27 18:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2014/12/03 00:56:33 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2014/11/28 15:18:31 | 002,370,240 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)

SRV - [2014/11/27 05:24:19 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2014/09/12 22:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2014/03/21 11:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/12/01 05:34:21 | 000,033,328 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)

DRV:64bit: - [2014/11/13 10:53:14 | 000,021,304 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)

DRV:64bit: - [2014/08/15 23:35:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2013/10/02 15:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2013/07/19 00:54:52 | 000,129,224 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)

DRV:64bit: - [2013/02/07 00:24:06 | 000,469,744 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2013/02/07 00:24:04 | 000,032,496 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)

DRV:64bit: - [2012/10/03 16:14:56 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/08/24 03:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/08/24 03:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2012/03/01 19:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/04 19:27:34 | 001,226,344 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)

DRV:64bit: - [2011/03/11 19:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 19:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/21 16:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/07/29 10:10:41 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2010/03/30 23:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)

DRV:64bit: - [2010/02/27 12:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2009/09/17 19:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)

DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009/07/14 20:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)

DRV:64bit: - [2009/07/14 14:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 14:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 14:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/15 18:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)

DRV:64bit: - [2009/06/11 10:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009/06/11 10:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009/06/11 10:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009/06/11 09:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/11 09:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/11 09:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/11 09:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009/07/14 14:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=u159

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.order.3: "Bing "

FF - prefs.js..browser.startup.homepage: "http://www.bing.com/...com/?ocid=iehp"

FF - prefs.js..extensions.enabledAddons: %7B3e0e7d2a-070f-4a47-b019-91fe5385ba79%7D:3.5.9

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1

FF - prefs.js..keyword.URL: "http://www.bing.com/...9DF&PC=U159&q="

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.1: C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.1: C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2014/10/29 22:08:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\Extensions

[2014/11/19 23:14:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\Firefox\Profiles\hyouixo8.default\extensions

[2014/11/09 12:05:50 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\Firefox\Profiles\hyouixo8.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}

[2014/11/18 23:14:10 | 000,000,000 | ---D | M] (Pinterest Pin Button) -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\Firefox\Profiles\hyouixo8.default\extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}

[2014/10/30 05:15:13 | 000,000,000 | ---D | M] (Better Battlelog (BBLog)) -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\Firefox\Profiles\hyouixo8.default\extensions\jid1-qQSMEVsYTOjgYA@jetpack

[2014/11/27 01:18:35 | 000,014,177 | ---- | M] () (No name found) -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\firefox\profiles\hyouixo8.default\bookmarkbackups\bookmarks-2014-11-27_110_i+XpIq03NUG9QGp2E+pWBw==.jsonlz4

[2014/11/19 23:14:11 | 000,644,339 | ---- | M] () (No name found) -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\firefox\profiles\hyouixo8.default\extensions\[email protected]

[2014/11/03 13:27:26 | 000,024,427 | ---- | M] () (No name found) -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\firefox\profiles\hyouixo8.default\extensions\[email protected]

[2014/11/13 22:40:40 | 000,979,699 | ---- | M] () (No name found) -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\firefox\profiles\hyouixo8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2014/11/20 04:51:00 | 000,006,057 | ---- | M] () -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\firefox\profiles\hyouixo8.default\searchplugins\bingp.xml

[2014/12/02 12:54:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions

[2014/12/02 12:55:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2009/06/11 10:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)

O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe (COMODO)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{012A706E-5880-47D1-976B-B125E8710881}: NameServer = 156.154.70.22,156.154.71.22

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{155FA928-5952-46C4-BF8B-0F1B21A48CC5}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{155FA928-5952-46C4-BF8B-0F1B21A48CC5}: NameServer = 156.154.70.22,156.154.71.22

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{d27d13cc-4830-11e4-a974-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{d27d13cc-4830-11e4-a974-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/12/04 19:30:19 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2014/12/04 19:25:06 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2014/12/04 19:00:55 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys

[2014/12/04 18:58:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

[2014/12/04 18:58:35 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys

[2014/12/04 18:58:35 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys

[2014/12/04 18:58:35 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2014/12/04 14:51:12 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Roaming\Baidu

[2014/12/04 14:46:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Baidu-Security-2014-4.4.4.82805

[2014/12/04 14:39:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Baidu

[2014/12/04 14:30:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools

[2014/12/04 14:13:16 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Roaming\Baidu Security

[2014/12/04 14:06:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools

[2014/12/04 14:05:05 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2014/12/04 14:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools

[2014/12/04 14:05:02 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Roaming\TestApp

[2014/12/04 14:04:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Baidu Security

[2014/12/04 14:04:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Baidu Security

[2014/12/03 05:11:38 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Roaming\Comodo

[2014/12/03 01:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva

[2014/12/03 01:34:47 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva

[2014/12/03 00:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak

[2014/12/03 00:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector

[2014/12/03 00:27:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASP

[2014/12/02 02:05:33 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller

[2014/12/01 12:09:43 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\J&N (6)\COMODO REDUNDANT DETECTIONS

[2014/12/01 05:35:21 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Deployment

[2014/12/01 05:35:21 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Apps

[2014/12/01 05:34:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tap0901

[2014/11/30 17:41:01 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Diagnostics

[2014/11/29 14:48:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2014/11/29 14:48:40 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2014/11/28 15:18:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo

[2014/11/28 15:11:31 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll

[2014/11/28 15:11:31 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll

[2014/11/28 03:47:27 | 000,000,000 | -H-D | C] -- C:\VTRoot

[2014/11/28 03:47:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2014/11/28 03:46:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2014/11/28 03:46:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

[2014/11/28 02:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Shared Space

[2014/11/28 02:54:33 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO

[2014/11/28 02:54:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo

[2014/11/28 02:54:13 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Comodo

[2014/11/28 02:54:07 | 000,057,096 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll

[2014/11/28 02:54:07 | 000,048,392 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll

[2014/11/28 02:53:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader

[2014/11/28 02:51:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo

[2014/11/27 17:21:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware

[2014/11/27 17:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2014/11/27 17:17:22 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Roaming\vlc

[2014/11/27 17:15:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2014/11/27 17:15:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN

[2014/11/27 05:24:10 | 004,443,312 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe

[2014/11/26 12:46:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2014/11/26 12:46:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2014/11/26 12:46:17 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2014/11/26 12:45:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

[2014/11/26 12:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle

[2014/11/26 12:45:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2014/11/23 09:54:43 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\J&N (6)\Various_Artists_-_Death_Row_Greatest_Hits_Disc_2_(1996)_320_-_HIPHOPISDREAM.COM

[2014/11/20 03:30:59 | 000,000,000 | -HSD | C] -- C:\Users\Julie-Anne\AppData\Local\EmieBrowserModeList

[2014/11/19 18:21:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

[2014/11/19 18:20:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2014/11/19 18:20:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

[2014/11/19 16:24:59 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Roaming\Apple Computer

[2014/11/19 16:24:59 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Apple Computer

[2014/11/19 16:24:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2014/11/19 16:24:46 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys

[2014/11/19 16:24:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2014/11/19 16:24:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2014/11/19 16:24:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2014/11/19 16:24:16 | 000,000,000 | ---D | C] -- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7

[2014/11/19 16:24:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer

[2014/11/19 16:23:00 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Apple

[2014/11/19 16:22:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update

[2014/11/19 16:22:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple

[2014/11/19 16:21:58 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2014/11/19 16:21:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour

[2014/11/19 16:21:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple

[2014/11/19 16:21:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple

[2014/11/17 08:33:56 | 000,000,000 | ---D | C] -- C:\NPE

[2014/11/17 08:30:38 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\NPE

[2014/11/17 06:44:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

[2014/11/17 06:42:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google

[2014/11/17 06:42:17 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Google

[2014/11/14 07:03:40 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Programs

[2014/11/13 10:53:14 | 000,021,304 | ---- | C] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys

[2014/11/13 10:52:58 | 000,041,856 | ---- | C] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll

[2014/11/13 10:52:56 | 000,438,912 | ---- | C] (COMODO) -- C:\Windows\SysNative\guard64.dll

[2014/11/13 10:52:56 | 000,353,392 | ---- | C] (COMODO) -- C:\Windows\SysWow64\guard32.dll

[2014/11/13 10:52:48 | 000,354,520 | ---- | C] (COMODO) -- C:\Windows\SysNative\cmdvrt64.dll

[2014/11/13 10:52:44 | 000,045,784 | ---- | C] (COMODO) -- C:\Windows\SysNative\cmdkbd64.dll

[2014/11/13 10:52:36 | 000,286,424 | ---- | C] (COMODO) -- C:\Windows\SysWow64\cmdvrt32.dll

[2014/11/13 10:52:32 | 000,040,664 | ---- | C] (COMODO) -- C:\Windows\SysWow64\cmdkbd32.dll

[2014/11/12 15:32:59 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll

[2014/11/12 15:32:59 | 000,304,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll

[2014/11/12 15:32:59 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll

[2014/11/12 15:32:57 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll

[2014/11/12 15:32:57 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll

[2014/11/12 15:32:56 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll

[2014/11/12 15:32:56 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll

[2014/11/12 15:32:56 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll

[2014/11/12 15:32:52 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2014/11/12 15:32:52 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe

[2014/11/12 15:32:52 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2014/11/12 15:32:52 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll

[2014/11/12 15:32:52 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll

[2014/11/12 15:32:52 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll

[2014/11/12 15:32:52 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2014/11/12 15:32:52 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2014/11/12 15:32:51 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll

[2014/11/12 15:32:50 | 002,051,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2014/11/12 15:32:50 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll

[2014/11/12 15:32:50 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2014/11/12 15:32:49 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe

[2014/11/12 15:32:49 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2014/11/12 15:32:49 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll

[2014/11/12 15:32:49 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2014/11/12 15:32:49 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll

[2014/11/12 15:32:49 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2014/11/12 15:32:49 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll

[2014/11/12 15:32:48 | 000,799,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll

[2014/11/12 15:32:48 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2014/11/12 15:32:47 | 002,124,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2014/11/12 15:32:47 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll

[2014/11/12 15:32:46 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll

[2014/11/12 15:32:46 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll

[2014/11/12 15:32:46 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2014/11/12 15:32:46 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll

[2014/11/12 15:32:45 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2014/11/12 15:32:45 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2014/11/12 15:32:44 | 006,040,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2014/11/12 15:32:44 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll

[2014/11/12 15:32:44 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll

[2014/11/12 15:32:44 | 000,580,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2014/11/12 15:32:43 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll

[2014/11/12 15:32:43 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll

[2014/11/12 15:31:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll

[2014/11/12 15:31:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll

[2014/11/12 15:30:59 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10K.DLL

[2014/11/12 15:30:59 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IMJP10K.DLL

[2014/11/12 15:30:57 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll

[2014/11/12 15:30:57 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll

[2014/11/12 15:30:57 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll

[2014/11/12 15:30:57 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll

[2014/11/12 15:30:57 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll

[2014/11/12 15:30:55 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll

[2014/11/12 15:30:47 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll

[2014/11/12 15:30:47 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll

[2014/11/12 15:30:45 | 003,241,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll

[2014/11/12 15:30:39 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll

[2014/11/11 13:43:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2014/11/11 06:30:51 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\J&N (6)\Tenancy Docs

[2014/11/08 15:21:50 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\ElevatedDiagnostics

[2014/11/08 08:05:09 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Spotify

[2014/11/08 08:03:44 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Roaming\Spotify

[2014/11/07 14:28:18 | 000,000,000 | ---D | C] -- C:\Program Files\TOSHIBA

[2014/11/07 14:22:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Toshiba

[2014/11/07 14:22:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA

[2014/11/07 14:22:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TOSHIBA

[2014/11/07 14:22:08 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Roaming\InstallShield

[2014/11/07 14:21:04 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Downloaded Installations

[2014/11/07 14:19:30 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Roaming\WinBatch

========== Files - Modified Within 30 Days ==========

[2014/12/04 21:01:26 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat

[2014/12/04 20:55:05 | 003,703,048 | ---- | M] () -- C:\Windows\SysNative\drivers\fvstore.dat

[2014/12/04 20:47:31 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/12/04 20:24:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2014/12/04 19:03:23 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys

[2014/12/04 18:58:40 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2014/12/04 18:58:35 | 000,093,400 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys

[2014/12/04 18:58:35 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys

[2014/12/04 18:58:35 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2014/12/04 18:48:45 | 000,029,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014/12/04 18:48:45 | 000,029,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014/12/04 18:41:58 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/12/04 18:41:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2014/12/04 18:41:28 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys

[2014/12/04 15:25:03 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB

[2014/12/03 01:34:50 | 000,001,658 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk

[2014/12/03 01:28:49 | 000,918,688 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2014/12/03 01:28:49 | 000,753,074 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2014/12/03 01:28:49 | 000,173,820 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2014/12/03 01:26:57 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2014/12/01 05:34:21 | 000,033,328 | ---- | M] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\tap0901.sys

[2014/11/30 19:19:50 | 000,007,618 | ---- | M] () -- C:\Users\Julie-Anne\AppData\Local\resmon.resmoncfg

[2014/11/28 15:18:36 | 000,001,044 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk

[2014/11/28 15:18:32 | 000,057,096 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll

[2014/11/28 15:18:32 | 000,048,392 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll

[2014/11/28 15:11:31 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll

[2014/11/28 15:11:31 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll

[2014/11/28 02:57:51 | 000,001,888 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk

[2014/11/27 17:45:37 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2014/11/27 05:24:16 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2014/11/27 05:24:16 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2014/11/27 05:24:10 | 004,443,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe

[2014/11/26 12:45:45 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2014/11/19 18:20:58 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2014/11/19 16:24:50 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2014/11/17 06:44:09 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2014/11/13 10:53:14 | 000,021,304 | ---- | M] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys

[2014/11/13 10:52:58 | 000,041,856 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll

[2014/11/13 10:52:56 | 000,438,912 | ---- | M] (COMODO) -- C:\Windows\SysNative\guard64.dll

[2014/11/13 10:52:56 | 000,353,392 | ---- | M] (COMODO) -- C:\Windows\SysWow64\guard32.dll

[2014/11/13 10:52:48 | 000,354,520 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdvrt64.dll

[2014/11/13 10:52:44 | 000,045,784 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdkbd64.dll

[2014/11/13 10:52:36 | 000,286,424 | ---- | M] (COMODO) -- C:\Windows\SysWow64\cmdvrt32.dll

[2014/11/13 10:52:32 | 000,040,664 | ---- | M] (COMODO) -- C:\Windows\SysWow64\cmdkbd32.dll

[2014/11/13 03:23:47 | 000,267,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2014/11/08 14:44:32 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf

[2014/11/08 08:05:08 | 000,001,829 | ---- | M] () -- C:\Users\Julie-Anne\J&N (2)\Spotify.lnk

[2014/11/06 17:03:50 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll

[2014/11/06 16:47:03 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2014/11/06 16:46:12 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2014/11/06 16:46:12 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll

[2014/11/06 16:44:28 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll

[2014/11/06 16:35:59 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2014/11/06 16:31:48 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2014/11/06 16:30:22 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2014/11/06 16:30:08 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe

[2014/11/06 16:29:18 | 000,814,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll

[2014/11/06 16:23:57 | 006,040,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2014/11/06 16:20:18 | 000,968,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe

[2014/11/06 16:16:23 | 000,490,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll

[2014/11/06 16:13:36 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2014/11/06 16:12:44 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll

[2014/11/06 16:10:58 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll

[2014/11/06 16:07:29 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll

[2014/11/06 16:03:56 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2014/11/06 16:02:05 | 000,199,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll

[2014/11/06 16:00:56 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2014/11/06 16:00:51 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2014/11/06 15:59:36 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2014/11/06 15:58:38 | 000,620,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll

[2014/11/06 15:57:38 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll

[2014/11/06 15:42:36 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll

[2014/11/06 15:41:26 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2014/11/06 15:41:26 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2014/11/06 15:39:39 | 001,359,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll

[2014/11/06 15:38:25 | 002,124,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2014/11/06 15:37:58 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll

[2014/11/06 15:36:47 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2014/11/06 15:21:25 | 002,051,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2014/11/06 15:20:37 | 001,155,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll

[2014/11/06 14:53:19 | 000,799,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll

[2014/11/06 14:47:17 | 000,708,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll

[2014/11/06 06:56:54 | 000,304,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll

[2014/11/06 06:56:36 | 000,228,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll

[2014/11/06 06:52:22 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll

========== Files Created - No Company Name ==========

[2014/12/04 18:58:40 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2014/12/04 15:25:03 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB

[2014/12/03 01:34:50 | 000,001,658 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk

[2014/12/03 01:26:57 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2014/11/29 15:04:16 | 000,007,618 | ---- | C] () -- C:\Users\Julie-Anne\AppData\Local\resmon.resmoncfg

[2014/11/28 03:42:21 | 003,703,048 | ---- | C] () -- C:\Windows\SysNative\drivers\fvstore.dat

[2014/11/28 02:57:51 | 000,001,888 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk

[2014/11/28 02:57:44 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat

[2014/11/28 02:54:15 | 000,001,044 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk

[2014/11/27 17:15:50 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2014/11/19 18:20:58 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2014/11/19 16:24:50 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2014/11/19 16:22:57 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

[2014/11/17 06:44:08 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2014/11/17 06:42:29 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/11/17 06:42:28 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/11/08 14:44:32 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf

[2014/11/08 08:05:08 | 000,001,829 | ---- | C] () -- C:\Users\Julie-Anne\J&N (2)\Spotify.lnk

[2014/11/08 08:05:08 | 000,001,815 | ---- | C] () -- C:\Users\Julie-Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk

[2014/09/29 18:14:43 | 000,765,700 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2014/09/29 16:25:39 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe

[2014/09/29 16:04:15 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll

[2014/09/29 16:04:15 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll

[2014/09/29 16:04:13 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin

[2014/09/29 16:04:13 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin

[2014/09/29 16:04:13 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin

[2014/09/29 15:52:26 | 000,000,030 | ---- | C] () -- C:\Users\Julie-Anne\AppData\Roaming\fixcfg.ini

========== ZeroAccess Check ==========

[2009/07/14 17:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2014/06/25 15:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 14:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 14:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 16:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 14:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:DFC5A2B2

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >

#9
angel959

Posted 04 December 2014 - 02:15 AM

Member

Topic Starter
Member
38 posts