Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Don't know if I'm infected
#11
Step 1

[Image: herdprotect.png]Scan with HerdProtect

Please download HerdProtect by Reason Software (portable edition) and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click on [Image: herdprotect.png] icon and select [Image: RunAsAdmin.jpg] Run as Administrator to install the scanner.
  • It will ask for the location - leave the default one (%ProgramFiles%) or select another, convenient one.
  • Agree to the terms, select Launch herdProtect and click Finish.
  • Click Scan. It may take a while, depending on your system and connection specs. Please be patient.
  • When it finishes click on Save Results.
  • A Notepad with a report should open.
Please include the contens of that report in your next reply.
This type of scan often produces false positives. In any case do not remove on your own any of its findings! Removal will be made after the careful analysis of the scan results.
Upon completion of the cleaning you may remove HerdProtect if you wish so. To do it just delete its directory (chosen by you when installing the tool).

Step 2

[Image: Emsisoft-Emergency-Kit.jpg] Please Download Emsisoft Emergency Kit to your desktop.

·         Please double click EmsisoftEmergencyKit.exe this will install Emsisoft Emergency Kit
·         Next  choose Extract it will put program in C:\EEK
·         Navigate to C:\EEK then click "Start Emergency Kit Scanner .exe"
·         Click Yes to User Account Control (UAC)
·         Click Yes to Update Signature Definitions  
·         Now click " Smart Scan "and select Yes" to "Detect Potently Unwanted Programs (PuPs) "
·         Click Delete Selected  then click View Report and save as EEK.log.  
·         Click Finish and post EEK.log on next post.
<left><form action="https://www.paypal.com/cgi-bin/webscr" method="post">If you are satisfied with my help, consider a donation. Thank you so much for your continued support! 
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="Y4ZDLXGFS4F8Q">
<input type="image" src="https://www.paypalobjects.com/en_US/GB/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal — The safer, easier way to pay online.">
<img alt="" border="0" src="https://www.paypalobjects.com/en_GB/i/scr/pixel.gif" width="0" height="0">
</form>

   </div></left> 
Reply

#12
HerdProtect first scan
---------------------
Saved date:   1/9/2015 3:44:23 PM
Files detected: 46
Files scanned: 10,163
Processes scanned: 106
Modules scanned: 856
ASEPs scanned: 500
Downloads scanned: 16
Deep analysis: 12/6
---------------------------------------------------------------------------------

Files

---------------------------------------------------------------------------------

File path: c:\program files (x86)\browny02\brother\brfirmupdatecheck.dll
Publisher: Brother Industries, Ltd.
MD5: 53fa6d58be4782b4d058583ed17521d5
SHA-1: 7b7ae3a12f59d5c8719ad7aef6974f85139d64f8
Created: 2/5/2013 7:10:45 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.Laneul (Undefined)

---------------------------------------------------------------------------------

File path: c:\windows\system32\drivers\intcdaud.sys
Publisher: Intel® Corporation
MD5: f5495b38bfb9149925f54f65ab40efbf
SHA-1: 3fbef8ee216245a0b26e3fb24f6345605a0b440b
Created: 9/4/2012 1:35:43 AM
Detections: 1
Determination: Ignore detections (false positive)
- Emsisoft Anti-Malware as Gen:Variant.Adware.SMSHoax.95 (Adware)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\iobit\start menu 8\autoupdate.exe
Publisher: IObit
Signer: IObit Information Technology
MD5: e44eb0dc9a68827ae4f0650f5a55ec9d
SHA-1: 423f05cd552c9f43b311cb0e143fa66bcc22fef1
Created: 2/22/2014 6:48:35 PM
Detections: 1
Determination: Ignore detections (false positive)
- Boost by Reason as Optional.Task.IObitInformationTechnology.K

---------------------------------------------------------------------------------

File path: c:\users\devin\downloads\mingw-get-setup.exe
Publisher: MinGW.org Project
MD5: 92d905bdfe13c798a2cda2bbacdad932
SHA-1: 66f1355f16ac1e328243e877880eb6e45e8b30e2
Created: 10/16/2014 10:25:35 AM
Detections: 2
Determination: Ignore detections (false positive)
- The Hacker as Posible_Worm32 (Undefined)
- Trend Micro House Call as TROJ_GEN.F47V1004 (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\devin\downloads\ttrbetainstaller-v1.1.3.exe
Publisher: The TTR Team
MD5: 612ce979b5e22b46cc255c5817462206
SHA-1: 5e463955bcbe28bc147309c09fcc223f425d7820
Created: 8/24/2014 3:35:11 PM
Detections: 1
Determination: Ignore detections (false positive)
- Trend Micro House Call as TROJ_GE.778CDA28 (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\devin\downloads\graphcalc4.0.1.exe
Publisher:
MD5: c181a8014395702310313706705b0f66
SHA-1: e32c8141f253289d4f4aac76b8b59fade9834717
Created: 2/28/2013 10:45:55 PM
Detections: 1
Determination: Ignore detections (false positive)
- CMC Antivirus as AdWare.Win32!O (Adware)

---------------------------------------------------------------------------------

File path: c:\users\devin\downloads\jrt (1).exe
Publisher:
MD5: b9e1bf24ef01a82701b09be75d294085
SHA-1: 38c4b8b4cdc56b930245e864bf89d086781fee06
Created: 1/6/2015 5:03:00 PM
Detections: 1
Determination: Ignore detections (false positive)
- McAfee Web Gateway as BehavesLike.Win32.Backdoor.tc (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\devin\downloads\qqintl1.61.exe
Publisher:
Signer: Tencent Technology(Shenzhen) Company Limited
MD5: 8697ffab89b5cf501a66f83e4372d1d6
SHA-1: 6cd9042f591a7b140e3216df2851c9b7a436be34
Created: 5/12/2013 8:14:21 PM
Detections: 1
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Trojan/Win32.SGeneric (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\devin\downloads\install\driver\netscan\sysdir\32\2k\brnsticp.cpl
Publisher: Brother Industries,Ltd.
MD5: 2ad934ecba3c696969c35c3eb1b9d364
SHA-1: 7c1f254f6fa759479a1269cd48842e854f5a46d4
Created: 5/12/2014 4:45:20 PM
Detections: 1
Determination: Ignore detections (false positive)
- CMC Antivirus as Backdoor.Win32.PoeBot!O (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\devin\downloads\wlan_wiz\brwprwiz.exe
Publisher: Brother Industries, Ltd.
MD5: 071d911eea1f98b87ed98d3a4409778d
SHA-1: 73f7aa65725f14c3955ba527be9db86787cd0cae
Created: 5/12/2014 4:45:26 PM
Detections: 1
Determination: Ignore detections (false positive)
- Emsisoft Anti-Malware as Trojan.Peed.Gen (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\devin\downloads\wlan_wiz\difx_32\brdifxapi.exe
Publisher:
MD5: ee8f96331b6ec03c2eafef9bacd7d17e
SHA-1: afdbbeb1a5f868ae603f3886bebd874ed89dea95
Created: 5/12/2014 4:45:28 PM
Detections: 1
Determination: Inconclusive
- Emsisoft Anti-Malware as Win32.Sality (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\devin\downloads\wlan_wiz_win8\brwprwiz.exe
Publisher: Brother Industries, Ltd.
MD5: 071d911eea1f98b87ed98d3a4409778d
SHA-1: 73f7aa65725f14c3955ba527be9db86787cd0cae
Created: 2/5/2013 7:08:13 PM
Detections: 1
Determination: Ignore detections (false positive)
- Emsisoft Anti-Malware as Trojan.Peed.Gen (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\devin\downloads\wlan_wiz_win8\difx_32\brdifxapi.exe
Publisher:
MD5: ee8f96331b6ec03c2eafef9bacd7d17e
SHA-1: afdbbeb1a5f868ae603f3886bebd874ed89dea95
Created: 2/5/2013 7:08:14 PM
Detections: 1
Determination: Inconclusive
- Emsisoft Anti-Malware as Win32.Sality (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\devin\desktop\antimalware tools\adwcleaner.exe
Publisher:
MD5: 9208e5a0a844fccb39b5252c07b4e860
SHA-1: 55780cf64fb45d822686fba8eb47efcaa9806c5b
Created: 1/6/2015 4:16:55 PM
Detections: 1
Determination: Ignore detections (false positive)
- Jiangmin as TrojanDropper.FrauDrop.uic (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\devin\desktop\antimalware tools\hijackthis.exe
Publisher: Trend Micro Inc.
MD5: 47811d50390a86a17102d7496e6eabb9
SHA-1: 2623749cdb27887f6746acdee7e8065475f8b541
Created: 10/3/2014 5:50:36 PM
Detections: 2
Determination: Ignore detections (false positive)
- Kingsoft AntiVirus as Win32.HeurC.KVM099.a.(kcloud) (Undefined)
- Rising Antivirus as PE:Trojan.VBInject!1.6546 (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\devin\desktop\antimalware tools\jrt.exe
Publisher:
MD5: b9e1bf24ef01a82701b09be75d294085
SHA-1: 38c4b8b4cdc56b930245e864bf89d086781fee06
Created: 1/6/2015 4:48:29 PM
Detections: 1
Determination: Ignore detections (false positive)
- McAfee Web Gateway as BehavesLike.Win32.Backdoor.tc (Undefined)

---------------------------------------------------------------------------------

File path: c:\windows\syswow64\brdctf2.dll
Publisher: Brother Industries Ltd.
MD5: 5790dd6c789efd358cb8e904e22e5105
SHA-1: ed034edebb14ac3146335da3806560f454f5e5bb
Created: 5/12/2014 4:53:12 PM
Detections: 1
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Trojan/Win32.Rozena (Undefined)

---------------------------------------------------------------------------------

File path: c:\windows\syswow64\brosnmp.dll
Publisher: Brother Industries, Ltd.
MD5: 38e5e24bede6f59afc648cb7ef897d69
SHA-1: c91eb7b475bb6857636c2c3e6fa43feec62da889
Created: 5/12/2014 4:45:17 PM
Detections: 1
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Virus/Win32.Xpaj.gen (Undefined)

---------------------------------------------------------------------------------

File path: c:\windows\syswow64\brrbtool.exe
Publisher: Brother Industries Ltd
Signer: Brother Industries, ltd.
MD5: 06872311905299ba7fe505ced6c1f99a
SHA-1: 3419e4f4f8780dc96167cd172aecc6f430fc48da
Created: 2/5/2013 7:10:44 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.Clod6a4.Trojan (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\application data\documents\my videos\toontown rewritten\launcher.exe
Publisher:
MD5: f2cc163b70e10f332e71f7342f0316f9
SHA-1: 6814effc4ee397d96156db26376c8ab7786e0f3b
Created: 7/8/2014 8:17:48 PM
Detections: 1
Determination: Ignore detections (false positive)
- Qihoo 360 Security as Malware.QVM40.Gen (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\application data\iobit\ascdownloader\advanced systemcare.exe
Publisher: IObit                                                      
Signer: IObit Information Technology
MD5: 7d8df018c6327ad7521e6364ab1852ca
SHA-1: 8abcf987cea5a4ee48d615dbde56ec55e888a5fe
Created: 2/22/2014 6:46:36 PM
Detections: 1
Determination: Ignore detections (false positive)
- Comodo Security as UnclassifiedMalware (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\documents\my videos\toontown rewritten\launcher.exe
Publisher:
MD5: f2cc163b70e10f332e71f7342f0316f9
SHA-1: 6814effc4ee397d96156db26376c8ab7786e0f3b
Created: 7/8/2014 8:17:48 PM
Detections: 1
Determination: Ignore detections (false positive)
- Qihoo 360 Security as Malware.QVM40.Gen (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\iobit\ascdownloader\advanced systemcare.exe
Publisher: IObit                                                      
Signer: IObit Information Technology
MD5: 7d8df018c6327ad7521e6364ab1852ca
SHA-1: 8abcf987cea5a4ee48d615dbde56ec55e888a5fe
Created: 2/22/2014 6:46:36 PM
Detections: 1
Determination: Ignore detections (false positive)
- Comodo Security as UnclassifiedMalware (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\devin\appdata\roaming\microsoft\installer\{d54842cb-f761-30ba-881f-1ff821dc44df}\python_icon.exe
Publisher:
MD5: 192b58baa6a58532c61ad0aabf5a4ba1
SHA-1: 7c95e08ecb1d4da61313c21b752a2f20ddc28748
Created: 6/9/2014 12:46:51 PM
Detections: 1
Determination: Ignore detections (false positive)
- Jiangmin as TrojanSpy.Zbot.cyxb (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\asus\asus instant connect\adb.exe
Publisher:
MD5: 0717be6b32a22d03fe020d6632a72254
SHA-1: 88455686faee52779e30d8ef17717075bc50e7ae
Created: 8/22/2012 4:11:54 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\brother\brmfl10d\brmfprint.dll
Publisher:
MD5: 2329f781301c2915393f2d64fa8ba300
SHA-1: 69a6de3ef64e87fe0a86ad40400d6cdc8ea708ea
Created: 2/5/2013 7:10:44 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.Laneul (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\brother\brmfl10d\brstdvpt.exe
Publisher: Brother Industries, Ltd.
MD5: afdfc70868f3fb89d2a541ce1da2878e
SHA-1: d66df2cace4549826dfe5073e5cc639c5d323bd4
Created: 2/5/2013 7:10:44 PM
Detections: 1
Determination: Ignore detections (false positive)
- Boost by Reason as Optional.BrotherIndustries.I

---------------------------------------------------------------------------------

File path: c:\program files (x86)\brother\brmfl10f\brinstck.exe
Publisher: Brother Industries, Ltd.
MD5: c70c9226b98919515762d7992adfcfd0
SHA-1: b8866c2a3727074d1488757396b8a02890030fbd
Created: 5/12/2014 4:53:40 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.Laneul (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\brother\brmfl10f\brmfnt.dll
Publisher: Brother Industries,LTD.
MD5: a0bdee4d0860d9eb71fac8b0e358bbad
SHA-1: f49ef6088e2e53a4f8ce07448388c42d7b7ec953
Created: 5/12/2014 4:53:40 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.Laneul (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\brother\brmfl10f\brmfprint.dll
Publisher:
MD5: 2329f781301c2915393f2d64fa8ba300
SHA-1: 69a6de3ef64e87fe0a86ad40400d6cdc8ea708ea
Created: 5/12/2014 4:53:20 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.Laneul (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\brother\brmfl10f\brstdvpt.exe
Publisher: Brother Industries, Ltd.
MD5: afdfc70868f3fb89d2a541ce1da2878e
SHA-1: d66df2cace4549826dfe5073e5cc639c5d323bd4
Created: 5/12/2014 4:53:20 PM
Detections: 1
Determination: Ignore detections (false positive)
- Boost by Reason as Optional.BrotherIndustries.I

---------------------------------------------------------------------------------

File path: c:\program files (x86)\browny02\brother\brmfnt.dll
Publisher: Brother Industries,LTD.
MD5: a0bdee4d0860d9eb71fac8b0e358bbad
SHA-1: f49ef6088e2e53a4f8ce07448388c42d7b7ec953
Created: 2/5/2013 7:10:45 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.Laneul (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\browny02\brother\brmfprint.dll
Publisher:
MD5: 2329f781301c2915393f2d64fa8ba300
SHA-1: 69a6de3ef64e87fe0a86ad40400d6cdc8ea708ea
Created: 2/5/2013 7:10:45 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.Laneul (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\common files\tencent\txsso\1.2.1.38\bin\ssocommon.dll
Publisher: Tencent
Signer: Tencent Technology(Shenzhen) Company Limited
MD5: a46a2de7364d9b6ef8745463c3ba6fd5
SHA-1: 009c3a5b25872ab790bc670a6fe90b1d5ba7046f
Created: 5/12/2013 8:31:39 PM
Detections: 1
Determination: Ignore detections (false positive)
- SUPERAntiSpyware as Adware.Tencent (Adware)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\common files\tencent\txsso\1.2.1.38\bin\ssoluicontrol.dll
Publisher: Tencent
Signer: Tencent Technology(Shenzhen) Company Limited
MD5: 00c7a074f422d413c2f4b894b60268d6
SHA-1: 7d9283418e37e435f9cb3b4c0bdb5fa1c960576c
Created: 5/12/2013 8:31:39 PM
Detections: 1
Determination: Ignore detections (false positive)
- SUPERAntiSpyware as Adware.Tencent (Adware)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\common files\tencent\txsso\1.2.1.38\bin\ssoplatform.dll
Publisher: Tencent
Signer: Tencent Technology(Shenzhen) Company Limited
MD5: 5a0132b39b40343774f506437e846e05
SHA-1: b1ad31264adb644e782da120c5504216319705d8
Created: 5/12/2013 8:31:39 PM
Detections: 1
Determination: Ignore detections (false positive)
- SUPERAntiSpyware as Adware.Tencent (Adware)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\common files\tencent\txsso\bin\ssocommon.dll
Publisher: Tencent
Signer: Tencent Technology(Shenzhen) Company Limited
MD5: a46a2de7364d9b6ef8745463c3ba6fd5
SHA-1: 009c3a5b25872ab790bc670a6fe90b1d5ba7046f
Created: 5/12/2013 8:09:19 PM
Detections: 1
Determination: Ignore detections (false positive)
- SUPERAntiSpyware as Adware.Tencent (Adware)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\common files\tencent\txsso\bin\ssoluicontrol.dll
Publisher: Tencent
Signer: Tencent Technology(Shenzhen) Company Limited
MD5: 00c7a074f422d413c2f4b894b60268d6
SHA-1: 7d9283418e37e435f9cb3b4c0bdb5fa1c960576c
Created: 5/12/2013 8:31:40 PM
Detections: 1
Determination: Ignore detections (false positive)
- SUPERAntiSpyware as Adware.Tencent (Adware)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\common files\tencent\txsso\bin\ssoplatform.dll
Publisher: Tencent
Signer: Tencent Technology(Shenzhen) Company Limited
MD5: 5a0132b39b40343774f506437e846e05
SHA-1: b1ad31264adb644e782da120c5504216319705d8
Created: 5/12/2013 8:09:19 PM
Detections: 1
Determination: Ignore detections (false positive)
- SUPERAntiSpyware as Adware.Tencent (Adware)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\cyberlink\powerdvd10\audiofilter\dolbyhph.dll
Publisher: Lake Technology Limited, https://www.lake.com.au
MD5: 442b5be8aa79b0496c5d0234b78e20ce
SHA-1: 9956235bf6fe3a3220c73a84c8f57c951226655a
Created: 5/23/2012 8:48:46 AM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.CDB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\installshield installation information\{69cc4b1e-0adb-48e7-83d5-b45da8cd1320}\setup.exe
Publisher: Alcor Micro Corp.                                        
MD5: 18acd90638392c3c3eccdcb10355ad4d
SHA-1: f8d8f5ded6f5665dca79ccbf2b86396fd5d0e010
Created: 9/26/2012 5:05:08 AM
Detections: 3
Determination: UndefinedMalware
- Agnitum Outpost as Trojan.Genome (Undefined)
- VIPRE Antivirus as Trojan.Win32.Generic (Undefined)
- Sunbelt AntiMalware as Porn-Dialer.Win32.CapreDeam.N (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\iobit\iobit malware fighter\adsremovalsetup-imf0819.exe
Publisher: ADSRemoval                                                  
Signer: Cheng Du VTools Information Technology
MD5: 4fd8dbaa84fb5a6913ab418ed6f53e08
SHA-1: bfded2e1fa38c27412295cf6945fa703f62bfe7a
Created: 8/20/2014 5:04:14 PM
Detections: 1
Determination: Inconclusive
- Reason Heuristics as PUP.Installer.ChengDuVToolsInformationTechnology.X (Adware)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\iobit\iobit malware fighter\adsremoval\firefox\adremoveext@adremoveext.net\bin\npadbexternal.dll
Publisher: Software
Signer: Cheng Du VTools Information Technology
MD5: 7527f8595de5115127890058ec0784a7
SHA-1: 43c2633214e6cea4ad72dfce616e3b2c4299caf3
Created: 8/20/2014 5:04:36 PM
Detections: 1
Determination: Inconclusive
- Reason Heuristics as PUP.ChengDuVToolsInformationTechnology.N (Adware)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\iobit\iobit malware fighter\adsremoval\ie\update\adsremoval\adsremovalsetup06162.exe
Publisher: ADSRemoval                                                  
Signer: Cheng Du VTools Information Technology
MD5: ab53dc9711cf9cfe6b2651a4a09da8d8
SHA-1: a6dfd042b4a4d77ed11501629c57da806d268048
Created: 6/20/2014 12:34:48 PM
Detections: 1
Determination: Inconclusive
- Reason Heuristics as PUP.Installer.ChengDuVToolsInformationTechnology.U (Adware)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\iobit\start menu 8\killallstartmenu.exe
Publisher:
Signer: IObit Information Technology
MD5: 6544e5b857879700172a2224e90e3313
SHA-1: bccab7c98149184ebf4f3d90f089994485347142
Created: 2/22/2014 6:48:34 PM
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Malware.XPACK/RDM!5.1

---------------------------------------------------------------------------------

File path: c:\program files (x86)\iobit\start menu 8\startmenu8_frmstartmenulibrary.exe
Publisher: IObit
Signer: IObit Information Technology
MD5: 781287bb09bfdee69928604f5b2486d0
SHA-1: af17b81bda6da026fa4379fc812fdbe5688ff05d
Created: 2/22/2014 6:48:34 PM
Detections: 1
Determination: Inconclusive
- Malwarebytes as Backdoor.Bot (Undefined)


HerdProtect second scan (30 minutes later)
--------------------------
Saved date:   1/9/2015 4:32:18 PM
Files detected: 46
Files scanned: 10,148
Processes scanned: 105
Modules scanned: 842
ASEPs scanned: 500
Downloads scanned: 16
Deep analysis: 0/0
---------------------------------------------------------------------------------

Files

---------------------------------------------------------------------------------

File path: c:\program files (x86)\browny02\brother\brfirmupdatecheck.dll
Publisher: Brother Industries, Ltd.
MD5: 53fa6d58be4782b4d058583ed17521d5
SHA-1: 7b7ae3a12f59d5c8719ad7aef6974f85139d64f8
Created: 2/5/2013 7:10:45 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.Laneul (Undefined)

---------------------------------------------------------------------------------

File path: c:\windows\system32\drivers\intcdaud.sys
Publisher: Intel® Corporation
MD5: f5495b38bfb9149925f54f65ab40efbf
SHA-1: 3fbef8ee216245a0b26e3fb24f6345605a0b440b
Created: 9/4/2012 1:35:43 AM
Detections: 1
Determination: Ignore detections (false positive)
- Emsisoft Anti-Malware as Gen:Variant.Adware.SMSHoax.95 (Adware)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\iobit\start menu 8\autoupdate.exe
Publisher: IObit
Signer: IObit Information Technology
MD5: e44eb0dc9a68827ae4f0650f5a55ec9d
SHA-1: 423f05cd552c9f43b311cb0e143fa66bcc22fef1
Created: 2/22/2014 6:48:35 PM
Detections: 1
Determination: Ignore detections (false positive)
- Boost by Reason as Optional.Task.IObitInformationTechnology.K

---------------------------------------------------------------------------------

File path: c:\users\devin\downloads\mingw-get-setup.exe
Publisher: MinGW.org Project
MD5: 92d905bdfe13c798a2cda2bbacdad932
SHA-1: 66f1355f16ac1e328243e877880eb6e45e8b30e2
Created: 10/16/2014 10:25:35 AM
Detections: 2
Determination: Ignore detections (false positive)
- The Hacker as Posible_Worm32 (Undefined)
- Trend Micro House Call as TROJ_GEN.F47V1004 (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\devin\downloads\ttrbetainstaller-v1.1.3.exe
Publisher: The TTR Team
MD5: 612ce979b5e22b46cc255c5817462206
SHA-1: 5e463955bcbe28bc147309c09fcc223f425d7820
Created: 8/24/2014 3:35:11 PM
Detections: 1
Determination: Ignore detections (false positive)
- Trend Micro House Call as TROJ_GE.778CDA28 (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\devin\downloads\graphcalc4.0.1.exe
Publisher:
MD5: c181a8014395702310313706705b0f66
SHA-1: e32c8141f253289d4f4aac76b8b59fade9834717
Created: 2/28/2013 10:45:55 PM
Detections: 1
Determination: Ignore detections (false positive)
- CMC Antivirus as AdWare.Win32!O (Adware)

---------------------------------------------------------------------------------

File path: c:\users\devin\downloads\jrt (1).exe
Publisher:
MD5: b9e1bf24ef01a82701b09be75d294085
SHA-1: 38c4b8b4cdc56b930245e864bf89d086781fee06
Created: 1/6/2015 5:03:00 PM
Detections: 1
Determination: Ignore detections (false positive)
- McAfee Web Gateway as BehavesLike.Win32.Backdoor.tc (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\devin\downloads\qqintl1.61.exe
Publisher:
Signer: Tencent Technology(Shenzhen) Company Limited
MD5: 8697ffab89b5cf501a66f83e4372d1d6
SHA-1: 6cd9042f591a7b140e3216df2851c9b7a436be34
Created: 5/12/2013 8:14:21 PM
Detections: 1
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Trojan/Win32.SGeneric (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\devin\downloads\install\driver\netscan\sysdir\32\2k\brnsticp.cpl
Publisher: Brother Industries,Ltd.
MD5: 2ad934ecba3c696969c35c3eb1b9d364
SHA-1: 7c1f254f6fa759479a1269cd48842e854f5a46d4
Created: 5/12/2014 4:45:20 PM
Detections: 1
Determination: Ignore detections (false positive)
- CMC Antivirus as Backdoor.Win32.PoeBot!O (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\devin\downloads\wlan_wiz\brwprwiz.exe
Publisher: Brother Industries, Ltd.
MD5: 071d911eea1f98b87ed98d3a4409778d
SHA-1: 73f7aa65725f14c3955ba527be9db86787cd0cae
Created: 5/12/2014 4:45:26 PM
Detections: 1
Determination: Ignore detections (false positive)
- Emsisoft Anti-Malware as Trojan.Peed.Gen (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\devin\downloads\wlan_wiz\difx_32\brdifxapi.exe
Publisher:
MD5: ee8f96331b6ec03c2eafef9bacd7d17e
SHA-1: afdbbeb1a5f868ae603f3886bebd874ed89dea95
Created: 5/12/2014 4:45:28 PM
Detections: 1
Determination: Inconclusive
- Emsisoft Anti-Malware as Win32.Sality (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\devin\downloads\wlan_wiz_win8\brwprwiz.exe
Publisher: Brother Industries, Ltd.
MD5: 071d911eea1f98b87ed98d3a4409778d
SHA-1: 73f7aa65725f14c3955ba527be9db86787cd0cae
Created: 2/5/2013 7:08:13 PM
Detections: 1
Determination: Ignore detections (false positive)
- Emsisoft Anti-Malware as Trojan.Peed.Gen (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\devin\downloads\wlan_wiz_win8\difx_32\brdifxapi.exe
Publisher:
MD5: ee8f96331b6ec03c2eafef9bacd7d17e
SHA-1: afdbbeb1a5f868ae603f3886bebd874ed89dea95
Created: 2/5/2013 7:08:14 PM
Detections: 1
Determination: Inconclusive
- Emsisoft Anti-Malware as Win32.Sality (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\devin\desktop\antimalware tools\adwcleaner.exe
Publisher:
MD5: 9208e5a0a844fccb39b5252c07b4e860
SHA-1: 55780cf64fb45d822686fba8eb47efcaa9806c5b
Created: 1/6/2015 4:16:55 PM
Detections: 1
Determination: Ignore detections (false positive)
- Jiangmin as TrojanDropper.FrauDrop.uic (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\devin\desktop\antimalware tools\hijackthis.exe
Publisher: Trend Micro Inc.
MD5: 47811d50390a86a17102d7496e6eabb9
SHA-1: 2623749cdb27887f6746acdee7e8065475f8b541
Created: 10/3/2014 5:50:36 PM
Detections: 2
Determination: Ignore detections (false positive)
- Kingsoft AntiVirus as Win32.HeurC.KVM099.a.(kcloud) (Undefined)
- Rising Antivirus as PE:Trojan.VBInject!1.6546 (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\devin\desktop\antimalware tools\jrt.exe
Publisher:
MD5: b9e1bf24ef01a82701b09be75d294085
SHA-1: 38c4b8b4cdc56b930245e864bf89d086781fee06
Created: 1/6/2015 4:48:29 PM
Detections: 1
Determination: Ignore detections (false positive)
- McAfee Web Gateway as BehavesLike.Win32.Backdoor.tc (Undefined)

---------------------------------------------------------------------------------

File path: c:\windows\syswow64\brdctf2.dll
Publisher: Brother Industries Ltd.
MD5: 5790dd6c789efd358cb8e904e22e5105
SHA-1: ed034edebb14ac3146335da3806560f454f5e5bb
Created: 5/12/2014 4:53:12 PM
Detections: 1
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Trojan/Win32.Rozena (Undefined)

---------------------------------------------------------------------------------

File path: c:\windows\syswow64\brosnmp.dll
Publisher: Brother Industries, Ltd.
MD5: 38e5e24bede6f59afc648cb7ef897d69
SHA-1: c91eb7b475bb6857636c2c3e6fa43feec62da889
Created: 5/12/2014 4:45:17 PM
Detections: 1
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Virus/Win32.Xpaj.gen (Undefined)

---------------------------------------------------------------------------------

File path: c:\windows\syswow64\brrbtool.exe
Publisher: Brother Industries Ltd
Signer: Brother Industries, ltd.
MD5: 06872311905299ba7fe505ced6c1f99a
SHA-1: 3419e4f4f8780dc96167cd172aecc6f430fc48da
Created: 2/5/2013 7:10:44 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.Clod6a4.Trojan (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\application data\documents\my videos\toontown rewritten\launcher.exe
Publisher:
MD5: f2cc163b70e10f332e71f7342f0316f9
SHA-1: 6814effc4ee397d96156db26376c8ab7786e0f3b
Created: 7/8/2014 8:17:48 PM
Detections: 1
Determination: Ignore detections (false positive)
- Qihoo 360 Security as Malware.QVM40.Gen (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\application data\iobit\ascdownloader\advanced systemcare.exe
Publisher: IObit                                                      
Signer: IObit Information Technology
MD5: 7d8df018c6327ad7521e6364ab1852ca
SHA-1: 8abcf987cea5a4ee48d615dbde56ec55e888a5fe
Created: 2/22/2014 6:46:36 PM
Detections: 1
Determination: Ignore detections (false positive)
- Comodo Security as UnclassifiedMalware (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\documents\my videos\toontown rewritten\launcher.exe
Publisher:
MD5: f2cc163b70e10f332e71f7342f0316f9
SHA-1: 6814effc4ee397d96156db26376c8ab7786e0f3b
Created: 7/8/2014 8:17:48 PM
Detections: 1
Determination: Ignore detections (false positive)
- Qihoo 360 Security as Malware.QVM40.Gen (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\iobit\ascdownloader\advanced systemcare.exe
Publisher: IObit                                                      
Signer: IObit Information Technology
MD5: 7d8df018c6327ad7521e6364ab1852ca
SHA-1: 8abcf987cea5a4ee48d615dbde56ec55e888a5fe
Created: 2/22/2014 6:46:36 PM
Detections: 1
Determination: Ignore detections (false positive)
- Comodo Security as UnclassifiedMalware (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\devin\appdata\roaming\microsoft\installer\{d54842cb-f761-30ba-881f-1ff821dc44df}\python_icon.exe
Publisher:
MD5: 192b58baa6a58532c61ad0aabf5a4ba1
SHA-1: 7c95e08ecb1d4da61313c21b752a2f20ddc28748
Created: 6/9/2014 12:46:51 PM
Detections: 1
Determination: Ignore detections (false positive)
- Jiangmin as TrojanSpy.Zbot.cyxb (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\asus\asus instant connect\adb.exe
Publisher:
MD5: 0717be6b32a22d03fe020d6632a72254
SHA-1: 88455686faee52779e30d8ef17717075bc50e7ae
Created: 8/22/2012 4:11:54 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\brother\brmfl10d\brmfprint.dll
Publisher:
MD5: 2329f781301c2915393f2d64fa8ba300
SHA-1: 69a6de3ef64e87fe0a86ad40400d6cdc8ea708ea
Created: 2/5/2013 7:10:44 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.Laneul (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\brother\brmfl10d\brstdvpt.exe
Publisher: Brother Industries, Ltd.
MD5: afdfc70868f3fb89d2a541ce1da2878e
SHA-1: d66df2cace4549826dfe5073e5cc639c5d323bd4
Created: 2/5/2013 7:10:44 PM
Detections: 1
Determination: Ignore detections (false positive)
- Boost by Reason as Optional.BrotherIndustries.I

---------------------------------------------------------------------------------

File path: c:\program files (x86)\brother\brmfl10f\brinstck.exe
Publisher: Brother Industries, Ltd.
MD5: c70c9226b98919515762d7992adfcfd0
SHA-1: b8866c2a3727074d1488757396b8a02890030fbd
Created: 5/12/2014 4:53:40 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.Laneul (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\brother\brmfl10f\brmfnt.dll
Publisher: Brother Industries,LTD.
MD5: a0bdee4d0860d9eb71fac8b0e358bbad
SHA-1: f49ef6088e2e53a4f8ce07448388c42d7b7ec953
Created: 5/12/2014 4:53:40 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.Laneul (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\brother\brmfl10f\brmfprint.dll
Publisher:
MD5: 2329f781301c2915393f2d64fa8ba300
SHA-1: 69a6de3ef64e87fe0a86ad40400d6cdc8ea708ea
Created: 5/12/2014 4:53:20 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.Laneul (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\brother\brmfl10f\brstdvpt.exe
Publisher: Brother Industries, Ltd.
MD5: afdfc70868f3fb89d2a541ce1da2878e
SHA-1: d66df2cace4549826dfe5073e5cc639c5d323bd4
Created: 5/12/2014 4:53:20 PM
Detections: 1
Determination: Ignore detections (false positive)
- Boost by Reason as Optional.BrotherIndustries.I

---------------------------------------------------------------------------------

File path: c:\program files (x86)\browny02\brother\brmfnt.dll
Publisher: Brother Industries,LTD.
MD5: a0bdee4d0860d9eb71fac8b0e358bbad
SHA-1: f49ef6088e2e53a4f8ce07448388c42d7b7ec953
Created: 2/5/2013 7:10:45 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.Laneul (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\browny02\brother\brmfprint.dll
Publisher:
MD5: 2329f781301c2915393f2d64fa8ba300
SHA-1: 69a6de3ef64e87fe0a86ad40400d6cdc8ea708ea
Created: 2/5/2013 7:10:45 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.Laneul (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\common files\tencent\txsso\1.2.1.38\bin\ssocommon.dll
Publisher: Tencent
Signer: Tencent Technology(Shenzhen) Company Limited
MD5: a46a2de7364d9b6ef8745463c3ba6fd5
SHA-1: 009c3a5b25872ab790bc670a6fe90b1d5ba7046f
Created: 5/12/2013 8:31:39 PM
Detections: 1
Determination: Ignore detections (false positive)
- SUPERAntiSpyware as Adware.Tencent (Adware)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\common files\tencent\txsso\1.2.1.38\bin\ssoluicontrol.dll
Publisher: Tencent
Signer: Tencent Technology(Shenzhen) Company Limited
MD5: 00c7a074f422d413c2f4b894b60268d6
SHA-1: 7d9283418e37e435f9cb3b4c0bdb5fa1c960576c
Created: 5/12/2013 8:31:39 PM
Detections: 1
Determination: Ignore detections (false positive)
- SUPERAntiSpyware as Adware.Tencent (Adware)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\common files\tencent\txsso\1.2.1.38\bin\ssoplatform.dll
Publisher: Tencent
Signer: Tencent Technology(Shenzhen) Company Limited
MD5: 5a0132b39b40343774f506437e846e05
SHA-1: b1ad31264adb644e782da120c5504216319705d8
Created: 5/12/2013 8:31:39 PM
Detections: 1
Determination: Ignore detections (false positive)
- SUPERAntiSpyware as Adware.Tencent (Adware)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\common files\tencent\txsso\bin\ssocommon.dll
Publisher: Tencent
Signer: Tencent Technology(Shenzhen) Company Limited
MD5: a46a2de7364d9b6ef8745463c3ba6fd5
SHA-1: 009c3a5b25872ab790bc670a6fe90b1d5ba7046f
Created: 5/12/2013 8:09:19 PM
Detections: 1
Determination: Ignore detections (false positive)
- SUPERAntiSpyware as Adware.Tencent (Adware)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\common files\tencent\txsso\bin\ssoluicontrol.dll
Publisher: Tencent
Signer: Tencent Technology(Shenzhen) Company Limited
MD5: 00c7a074f422d413c2f4b894b60268d6
SHA-1: 7d9283418e37e435f9cb3b4c0bdb5fa1c960576c
Created: 5/12/2013 8:31:40 PM
Detections: 1
Determination: Ignore detections (false positive)
- SUPERAntiSpyware as Adware.Tencent (Adware)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\common files\tencent\txsso\bin\ssoplatform.dll
Publisher: Tencent
Signer: Tencent Technology(Shenzhen) Company Limited
MD5: 5a0132b39b40343774f506437e846e05
SHA-1: b1ad31264adb644e782da120c5504216319705d8
Created: 5/12/2013 8:09:19 PM
Detections: 1
Determination: Ignore detections (false positive)
- SUPERAntiSpyware as Adware.Tencent (Adware)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\cyberlink\powerdvd10\audiofilter\dolbyhph.dll
Publisher: Lake Technology Limited, https://www.lake.com.au
MD5: 442b5be8aa79b0496c5d0234b78e20ce
SHA-1: 9956235bf6fe3a3220c73a84c8f57c951226655a
Created: 5/23/2012 8:48:46 AM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.CDB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\installshield installation information\{69cc4b1e-0adb-48e7-83d5-b45da8cd1320}\setup.exe
Publisher: Alcor Micro Corp.                                        
MD5: 18acd90638392c3c3eccdcb10355ad4d
SHA-1: f8d8f5ded6f5665dca79ccbf2b86396fd5d0e010
Created: 9/26/2012 5:05:08 AM
Detections: 3
Determination: UndefinedMalware
- Agnitum Outpost as Trojan.Genome (Undefined)
- VIPRE Antivirus as Trojan.Win32.Generic (Undefined)
- Sunbelt AntiMalware as Porn-Dialer.Win32.CapreDeam.N (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\iobit\iobit malware fighter\adsremovalsetup-imf0819.exe
Publisher: ADSRemoval                                                  
Signer: Cheng Du VTools Information Technology
MD5: 4fd8dbaa84fb5a6913ab418ed6f53e08
SHA-1: bfded2e1fa38c27412295cf6945fa703f62bfe7a
Created: 8/20/2014 5:04:14 PM
Detections: 1
Determination: Inconclusive
- Reason Heuristics as PUP.Installer.ChengDuVToolsInformationTechnology.X (Adware)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\iobit\iobit malware fighter\adsremoval\firefox\adremoveext@adremoveext.net\bin\npadbexternal.dll
Publisher: Software
Signer: Cheng Du VTools Information Technology
MD5: 7527f8595de5115127890058ec0784a7
SHA-1: 43c2633214e6cea4ad72dfce616e3b2c4299caf3
Created: 8/20/2014 5:04:36 PM
Detections: 1
Determination: Inconclusive
- Reason Heuristics as PUP.ChengDuVToolsInformationTechnology.N (Adware)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\iobit\iobit malware fighter\adsremoval\ie\update\adsremoval\adsremovalsetup06162.exe
Publisher: ADSRemoval                                                  
Signer: Cheng Du VTools Information Technology
MD5: ab53dc9711cf9cfe6b2651a4a09da8d8
SHA-1: a6dfd042b4a4d77ed11501629c57da806d268048
Created: 6/20/2014 12:34:48 PM
Detections: 1
Determination: Inconclusive
- Reason Heuristics as PUP.Installer.ChengDuVToolsInformationTechnology.U (Adware)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\iobit\start menu 8\killallstartmenu.exe
Publisher:
Signer: IObit Information Technology
MD5: 6544e5b857879700172a2224e90e3313
SHA-1: bccab7c98149184ebf4f3d90f089994485347142
Created: 2/22/2014 6:48:34 PM
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Malware.XPACK/RDM!5.1

---------------------------------------------------------------------------------

File path: c:\program files (x86)\iobit\start menu 8\startmenu8_frmstartmenulibrary.exe
Publisher: IObit
Signer: IObit Information Technology
MD5: 781287bb09bfdee69928604f5b2486d0
SHA-1: af17b81bda6da026fa4379fc812fdbe5688ff05d
Created: 2/22/2014 6:48:34 PM
Detections: 1
Determination: Inconclusive
- Malwarebytes as Backdoor.Bot (Undefined)

Emsisoft scan
----------------
Emsisoft Emergency Kit - Version 9.0
Last update: 1/9/2015 4:40:47 PM
User account: devinliu\devin

Scan settings:

Scan type: Smart Scan
Objects: Rootkits, Memory, Traces, C:\Windows\, C:\Program Files\, C:\Program Files (x86)\

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 1/9/2015 4:46:46 PM
Value: HKEY_USERS\S-1-5-21-2915065497-1860789701-262245439-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-2915065497-1860789701-262245439-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)

Scanned 237567
Found 2

Scan end: 1/9/2015 5:34:03 PM
Scan time: 0:47:17

Value: HKEY_USERS\S-1-5-21-2915065497-1860789701-262245439-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-2915065497-1860789701-262245439-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Quarantined Setting.DisableTaskMgr (A)

Quarantined 2
----------------------------
P.S. I couldn't find where it said UAC and Detect PuPs in the emsisoft scanner.
Reply

#13
You have a lot of false positives with "Brother" this must be your printer software, lots of false positives in "Downloads Folder" just clear that folder to be safe. You also have "iobit" software flagging a lot of issue, I would uninstall that software, but its up to you if you want to keep it.


Upload this file to Virustotal


c:\users\devin\appdata\roaming\microsoft\installer\{d54842cb-f761-30ba-881f-1ff821dc44df}\python_icon.exe



and you have some "Shenzhen" software on the system, do you use this software?
<left><form action="https://www.paypal.com/cgi-bin/webscr" method="post">If you are satisfied with my help, consider a donation. Thank you so much for your continued support! 
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="Y4ZDLXGFS4F8Q">
<input type="image" src="https://www.paypalobjects.com/en_US/GB/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal — The safer, easier way to pay online.">
<img alt="" border="0" src="https://www.paypalobjects.com/en_GB/i/scr/pixel.gif" width="0" height="0">
</form>

   </div></left> 
Reply

#14
Yes, Brother is my printer software. I have cleared my downloads folder and uninstalled iobit software. I have included the virustotal screenshot in this reply. As for the shenzhen software, I used to use a messenger called tencent qq but I no longer use it.


Attached Files Thumbnail(s)
   
Reply

#15
The only other thing is Tencent Technology(Shenzhen) Company Limited
https://www.shouldiremoveit.com/Tencent-QQ-24159-program.aspx

If you don't use that instant messenger called Tencent-QQ just uninstall it.

Then if you want run another scan with HerdProtect, you should only have Brother Printer software left if you uninstalled everything.

[Image: herdprotect.png]Scan with HerdProtect


Please download HerdProtect by Reason Software (portable edition) and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click on [Image: herdprotect.png] icon and select [Image: RunAsAdmin.jpg] Run as Administrator to install the scanner.
  • It will ask for the location - leave the default one (%ProgramFiles%) or select another, convenient one.
  • Agree to the terms, select Launch herdProtect and click Finish.
  • Click Scan. It may take a while, depending on your system and connection specs. Please be patient.
  • When it finishes click on Save Results.
  • A Notepad with a report should open. 

Please include the contens of that report in your next reply.
This type of scan often produces false positives. In any case do not remove on your own any of its findings! Removal will be made after the careful analysis of the scan results.
Upon completion of the cleaning you may remove HerdProtect if you wish so. To do it just delete its directory (chosen by you when installing the tool).
<left><form action="https://www.paypal.com/cgi-bin/webscr" method="post">If you are satisfied with my help, consider a donation. Thank you so much for your continued support! 
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="Y4ZDLXGFS4F8Q">
<input type="image" src="https://www.paypalobjects.com/en_US/GB/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal — The safer, easier way to pay online.">
<img alt="" border="0" src="https://www.paypalobjects.com/en_GB/i/scr/pixel.gif" width="0" height="0">
</form>

   </div></left> 
Reply

#16
Sorry ive been quite busy lately. I will hopefully be able to do the scan and post the log in the next day or two.
Reply

#17
OK, just make sure you uninstall what  posted, apart from your printer software.
<left><form action="https://www.paypal.com/cgi-bin/webscr" method="post">If you are satisfied with my help, consider a donation. Thank you so much for your continued support! 
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="Y4ZDLXGFS4F8Q">
<input type="image" src="https://www.paypalobjects.com/en_US/GB/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal — The safer, easier way to pay online.">
<img alt="" border="0" src="https://www.paypalobjects.com/en_GB/i/scr/pixel.gif" width="0" height="0">
</form>

   </div></left> 
Reply

#18
HerdProtect (first scan)
--------------------------
Saved date: 1/12/2015 5:02:35 PM
Files detected: 27
Files scanned: 10,062
Processes scanned: 96
Modules scanned: 791
ASEPs scanned: 497
Downloads scanned: 2
Deep analysis: 7/0
---------------------------------------------------------------------------------

Files

---------------------------------------------------------------------------------

File path: c:\program files (x86)\browny02\brother\brfirmupdatecheck.dll
Publisher: Brother Industries, Ltd.
MD5: 53fa6d58be4782b4d058583ed17521d5
SHA-1: 7b7ae3a12f59d5c8719ad7aef6974f85139d64f8
Created: 2/5/2013 7:10:45 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.Laneul (Undefined)

---------------------------------------------------------------------------------

File path: c:\windows\system32\drivers\intcdaud.sys
Publisher: Intel® Corporation
MD5: f5495b38bfb9149925f54f65ab40efbf
SHA-1: 3fbef8ee216245a0b26e3fb24f6345605a0b440b
Created: 9/4/2012 1:35:43 AM
Detections: 1
Determination: Ignore detections (false positive)
- Emsisoft Anti-Malware as Gen:Variant.Adware.SMSHoax.95 (Adware)

---------------------------------------------------------------------------------

File path: c:\users\devin\desktop\antimalware tools\adwcleaner.exe
Publisher:
MD5: 9208e5a0a844fccb39b5252c07b4e860
SHA-1: 55780cf64fb45d822686fba8eb47efcaa9806c5b
Created: 1/6/2015 4:16:55 PM
Detections: 1
Determination: Ignore detections (false positive)
- Jiangmin as TrojanDropper.FrauDrop.uic (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\devin\desktop\antimalware tools\hijackthis.exe
Publisher: Trend Micro Inc.
MD5: 47811d50390a86a17102d7496e6eabb9
SHA-1: 2623749cdb27887f6746acdee7e8065475f8b541
Created: 10/3/2014 5:50:36 PM
Detections: 2
Determination: Ignore detections (false positive)
- Kingsoft AntiVirus as Win32.HeurC.KVM099.a.(kcloud) (Undefined)
- Rising Antivirus as PE:Trojan.VBInject!1.6546 (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\devin\desktop\antimalware tools\jrt.exe
Publisher:
MD5: b9e1bf24ef01a82701b09be75d294085
SHA-1: 38c4b8b4cdc56b930245e864bf89d086781fee06
Created: 1/6/2015 4:48:29 PM
Detections: 1
Determination: Ignore detections (false positive)
- McAfee Web Gateway as BehavesLike.Win32.Backdoor.tc (Undefined)

---------------------------------------------------------------------------------

File path: c:\windows\syswow64\brdctf2.dll
Publisher: Brother Industries Ltd.
MD5: 5790dd6c789efd358cb8e904e22e5105
SHA-1: ed034edebb14ac3146335da3806560f454f5e5bb
Created: 5/12/2014 4:53:12 PM
Detections: 1
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Trojan/Win32.Rozena (Undefined)

---------------------------------------------------------------------------------

File path: c:\windows\syswow64\brosnmp.dll
Publisher: Brother Industries, Ltd.
MD5: 38e5e24bede6f59afc648cb7ef897d69
SHA-1: c91eb7b475bb6857636c2c3e6fa43feec62da889
Created: 5/12/2014 4:45:17 PM
Detections: 1
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Virus/Win32.Xpaj.gen (Undefined)

---------------------------------------------------------------------------------

File path: c:\windows\syswow64\brrbtool.exe
Publisher: Brother Industries Ltd
Signer: Brother Industries, ltd.
MD5: 06872311905299ba7fe505ced6c1f99a
SHA-1: 3419e4f4f8780dc96167cd172aecc6f430fc48da
Created: 2/5/2013 7:10:44 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.Clod6a4.Trojan (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\application data\documents\my videos\toontown rewritten\launcher.exe
Publisher:
MD5: f2cc163b70e10f332e71f7342f0316f9
SHA-1: 6814effc4ee397d96156db26376c8ab7786e0f3b
Created: 7/8/2014 8:17:48 PM
Detections: 1
Determination: Ignore detections (false positive)
- Qihoo 360 Security as Malware.QVM40.Gen (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\application data\iobit\ascdownloader\advanced systemcare.exe
Publisher: IObit
Signer: IObit Information Technology
MD5: 7d8df018c6327ad7521e6364ab1852ca
SHA-1: 8abcf987cea5a4ee48d615dbde56ec55e888a5fe
Created: 2/22/2014 6:46:36 PM
Detections: 1
Determination: Ignore detections (false positive)
- Comodo Security as UnclassifiedMalware (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\documents\my videos\toontown rewritten\launcher.exe
Publisher:
MD5: f2cc163b70e10f332e71f7342f0316f9
SHA-1: 6814effc4ee397d96156db26376c8ab7786e0f3b
Created: 7/8/2014 8:17:48 PM
Detections: 1
Determination: Ignore detections (false positive)
- Qihoo 360 Security as Malware.QVM40.Gen (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\iobit\ascdownloader\advanced systemcare.exe
Publisher: IObit
Signer: IObit Information Technology
MD5: 7d8df018c6327ad7521e6364ab1852ca
SHA-1: 8abcf987cea5a4ee48d615dbde56ec55e888a5fe
Created: 2/22/2014 6:46:36 PM
Detections: 1
Determination: Ignore detections (false positive)
- Comodo Security as UnclassifiedMalware (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\devin\appdata\roaming\microsoft\installer\{d54842cb-f761-30ba-881f-1ff821dc44df}\python_icon.exe
Publisher:
MD5: 192b58baa6a58532c61ad0aabf5a4ba1
SHA-1: 7c95e08ecb1d4da61313c21b752a2f20ddc28748
Created: 6/9/2014 12:46:51 PM
Detections: 1
Determination: Ignore detections (false positive)
- Jiangmin as TrojanSpy.Zbot.cyxb (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\asus\asus instant connect\adb.exe
Publisher:
MD5: 0717be6b32a22d03fe020d6632a72254
SHA-1: 88455686faee52779e30d8ef17717075bc50e7ae
Created: 8/22/2012 4:11:54 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\brother\brmfl10d\brmfprint.dll
Publisher:
MD5: 2329f781301c2915393f2d64fa8ba300
SHA-1: 69a6de3ef64e87fe0a86ad40400d6cdc8ea708ea
Created: 2/5/2013 7:10:44 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.Laneul (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\brother\brmfl10d\brstdvpt.exe
Publisher: Brother Industries, Ltd.
MD5: afdfc70868f3fb89d2a541ce1da2878e
SHA-1: d66df2cace4549826dfe5073e5cc639c5d323bd4
Created: 2/5/2013 7:10:44 PM
Detections: 1
Determination: Ignore detections (false positive)
- Boost by Reason as Optional.BrotherIndustries.I

---------------------------------------------------------------------------------

File path: c:\program files (x86)\brother\brmfl10f\brinstck.exe
Publisher: Brother Industries, Ltd.
MD5: c70c9226b98919515762d7992adfcfd0
SHA-1: b8866c2a3727074d1488757396b8a02890030fbd
Created: 5/12/2014 4:53:40 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.Laneul (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\brother\brmfl10f\brmfnt.dll
Publisher: Brother Industries,LTD.
MD5: a0bdee4d0860d9eb71fac8b0e358bbad
SHA-1: f49ef6088e2e53a4f8ce07448388c42d7b7ec953
Created: 5/12/2014 4:53:40 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.Laneul (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\brother\brmfl10f\brmfprint.dll
Publisher:
MD5: 2329f781301c2915393f2d64fa8ba300
SHA-1: 69a6de3ef64e87fe0a86ad40400d6cdc8ea708ea
Created: 5/12/2014 4:53:20 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.Laneul (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\brother\brmfl10f\brstdvpt.exe
Publisher: Brother Industries, Ltd.
MD5: afdfc70868f3fb89d2a541ce1da2878e
SHA-1: d66df2cace4549826dfe5073e5cc639c5d323bd4
Created: 5/12/2014 4:53:20 PM
Detections: 1
Determination: Ignore detections (false positive)
- Boost by Reason as Optional.BrotherIndustries.I

---------------------------------------------------------------------------------

File path: c:\program files (x86)\browny02\brother\brmfnt.dll
Publisher: Brother Industries,LTD.
MD5: a0bdee4d0860d9eb71fac8b0e358bbad
SHA-1: f49ef6088e2e53a4f8ce07448388c42d7b7ec953
Created: 2/5/2013 7:10:45 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.Laneul (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\browny02\brother\brmfprint.dll
Publisher:
MD5: 2329f781301c2915393f2d64fa8ba300
SHA-1: 69a6de3ef64e87fe0a86ad40400d6cdc8ea708ea
Created: 2/5/2013 7:10:45 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.Laneul (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\cyberlink\powerdvd10\audiofilter\dolbyhph.dll
Publisher: Lake Technology Limited, https://www.lake.com.au
MD5: 442b5be8aa79b0496c5d0234b78e20ce
SHA-1: 9956235bf6fe3a3220c73a84c8f57c951226655a
Created: 5/23/2012 8:48:46 AM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.CDB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\installshield installation information\{69cc4b1e-0adb-48e7-83d5-b45da8cd1320}\setup.exe
Publisher: Alcor Micro Corp.
MD5: 18acd90638392c3c3eccdcb10355ad4d
SHA-1: f8d8f5ded6f5665dca79ccbf2b86396fd5d0e010
Created: 1/1/0001 12:00:00 AM
Detections: 3
Determination: UndefinedMalware
- Agnitum Outpost as Trojan.Genome (Undefined)
- VIPRE Antivirus as Trojan.Win32.Generic (Undefined)
- Sunbelt AntiMalware as Porn-Dialer.Win32.CapreDeam.N (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\iobit\iobit malware fighter\adsremovalsetup-imf0819.exe
Publisher: ADSRemoval
Signer: Cheng Du VTools Information Technology
MD5: 4fd8dbaa84fb5a6913ab418ed6f53e08
SHA-1: bfded2e1fa38c27412295cf6945fa703f62bfe7a
Created: 1/1/0001 12:00:00 AM
Detections: 1
Determination: Inconclusive
- Reason Heuristics as PUP.Installer.ChengDuVToolsInformationTechnology.X (Adware)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\iobit\iobit malware fighter\adsremoval\firefox\adremoveext@adremoveext.net\bin\npadbexternal.dll
Publisher: Software
Signer: Cheng Du VTools Information Technology
MD5: 7527f8595de5115127890058ec0784a7
SHA-1: 43c2633214e6cea4ad72dfce616e3b2c4299caf3
Created: 1/1/0001 12:00:00 AM
Detections: 1
Determination: Inconclusive
- Reason Heuristics as PUP.ChengDuVToolsInformationTechnology.N (Adware)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\iobit\iobit malware fighter\adsremoval\ie\update\adsremoval\adsremovalsetup06162.exe
Publisher: ADSRemoval
Signer: Cheng Du VTools Information Technology
MD5: ab53dc9711cf9cfe6b2651a4a09da8d8
SHA-1: a6dfd042b4a4d77ed11501629c57da806d268048
Created: 1/1/0001 12:00:00 AM
Detections: 3
Determination: Adware
- Reason Heuristics as PUP.Installer.ChengDuVToolsInformationTechnology.U (Adware)
- Dr.Web as riskware program Program.Unwanted.34 (Undefined)
- AVG as Cheng Du VTools Information Technology (Undefined)


HerdProtect (second scan 30 minutes later)
-------------------------------------------------
Saved date: 1/12/2015 5:13:59 PM
Files detected: 23
Files scanned: 10,003
Processes scanned: 94
Modules scanned: 723
ASEPs scanned: 497
Downloads scanned: 2
Deep analysis: 0/0
---------------------------------------------------------------------------------

Files

---------------------------------------------------------------------------------

File path: c:\program files (x86)\browny02\brother\brfirmupdatecheck.dll
Publisher: Brother Industries, Ltd.
MD5: 53fa6d58be4782b4d058583ed17521d5
SHA-1: 7b7ae3a12f59d5c8719ad7aef6974f85139d64f8
Created: 2/5/2013 7:10:45 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.Laneul (Undefined)

---------------------------------------------------------------------------------

File path: c:\windows\system32\drivers\intcdaud.sys
Publisher: Intel® Corporation
MD5: f5495b38bfb9149925f54f65ab40efbf
SHA-1: 3fbef8ee216245a0b26e3fb24f6345605a0b440b
Created: 9/4/2012 1:35:43 AM
Detections: 1
Determination: Ignore detections (false positive)
- Emsisoft Anti-Malware as Gen:Variant.Adware.SMSHoax.95 (Adware)

---------------------------------------------------------------------------------

File path: c:\users\devin\desktop\antimalware tools\adwcleaner.exe
Publisher:
MD5: 9208e5a0a844fccb39b5252c07b4e860
SHA-1: 55780cf64fb45d822686fba8eb47efcaa9806c5b
Created: 1/6/2015 4:16:55 PM
Detections: 1
Determination: Ignore detections (false positive)
- Jiangmin as TrojanDropper.FrauDrop.uic (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\devin\desktop\antimalware tools\hijackthis.exe
Publisher: Trend Micro Inc.
MD5: 47811d50390a86a17102d7496e6eabb9
SHA-1: 2623749cdb27887f6746acdee7e8065475f8b541
Created: 10/3/2014 5:50:36 PM
Detections: 2
Determination: Ignore detections (false positive)
- Kingsoft AntiVirus as Win32.HeurC.KVM099.a.(kcloud) (Undefined)
- Rising Antivirus as PE:Trojan.VBInject!1.6546 (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\devin\desktop\antimalware tools\jrt.exe
Publisher:
MD5: b9e1bf24ef01a82701b09be75d294085
SHA-1: 38c4b8b4cdc56b930245e864bf89d086781fee06
Created: 1/6/2015 4:48:29 PM
Detections: 1
Determination: Ignore detections (false positive)
- McAfee Web Gateway as BehavesLike.Win32.Backdoor.tc (Undefined)

---------------------------------------------------------------------------------

File path: c:\windows\syswow64\brdctf2.dll
Publisher: Brother Industries Ltd.
MD5: 5790dd6c789efd358cb8e904e22e5105
SHA-1: ed034edebb14ac3146335da3806560f454f5e5bb
Created: 5/12/2014 4:53:12 PM
Detections: 1
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Trojan/Win32.Rozena (Undefined)

---------------------------------------------------------------------------------

File path: c:\windows\syswow64\brosnmp.dll
Publisher: Brother Industries, Ltd.
MD5: 38e5e24bede6f59afc648cb7ef897d69
SHA-1: c91eb7b475bb6857636c2c3e6fa43feec62da889
Created: 5/12/2014 4:45:17 PM
Detections: 1
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Virus/Win32.Xpaj.gen (Undefined)

---------------------------------------------------------------------------------

File path: c:\windows\syswow64\brrbtool.exe
Publisher: Brother Industries Ltd
Signer: Brother Industries, ltd.
MD5: 06872311905299ba7fe505ced6c1f99a
SHA-1: 3419e4f4f8780dc96167cd172aecc6f430fc48da
Created: 2/5/2013 7:10:44 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.Clod6a4.Trojan (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\application data\documents\my videos\toontown rewritten\launcher.exe
Publisher:
MD5: f2cc163b70e10f332e71f7342f0316f9
SHA-1: 6814effc4ee397d96156db26376c8ab7786e0f3b
Created: 7/8/2014 8:17:48 PM
Detections: 1
Determination: Ignore detections (false positive)
- Qihoo 360 Security as Malware.QVM40.Gen (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\application data\iobit\ascdownloader\advanced systemcare.exe
Publisher: IObit
Signer: IObit Information Technology
MD5: 7d8df018c6327ad7521e6364ab1852ca
SHA-1: 8abcf987cea5a4ee48d615dbde56ec55e888a5fe
Created: 2/22/2014 6:46:36 PM
Detections: 1
Determination: Ignore detections (false positive)
- Comodo Security as UnclassifiedMalware (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\documents\my videos\toontown rewritten\launcher.exe
Publisher:
MD5: f2cc163b70e10f332e71f7342f0316f9
SHA-1: 6814effc4ee397d96156db26376c8ab7786e0f3b
Created: 7/8/2014 8:17:48 PM
Detections: 1
Determination: Ignore detections (false positive)
- Qihoo 360 Security as Malware.QVM40.Gen (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\iobit\ascdownloader\advanced systemcare.exe
Publisher: IObit
Signer: IObit Information Technology
MD5: 7d8df018c6327ad7521e6364ab1852ca
SHA-1: 8abcf987cea5a4ee48d615dbde56ec55e888a5fe
Created: 2/22/2014 6:46:36 PM
Detections: 1
Determination: Ignore detections (false positive)
- Comodo Security as UnclassifiedMalware (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\devin\appdata\roaming\microsoft\installer\{d54842cb-f761-30ba-881f-1ff821dc44df}\python_icon.exe
Publisher:
MD5: 192b58baa6a58532c61ad0aabf5a4ba1
SHA-1: 7c95e08ecb1d4da61313c21b752a2f20ddc28748
Created: 6/9/2014 12:46:51 PM
Detections: 1
Determination: Ignore detections (false positive)
- Jiangmin as TrojanSpy.Zbot.cyxb (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\asus\asus instant connect\adb.exe
Publisher:
MD5: 0717be6b32a22d03fe020d6632a72254
SHA-1: 88455686faee52779e30d8ef17717075bc50e7ae
Created: 8/22/2012 4:11:54 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\brother\brmfl10d\brmfprint.dll
Publisher:
MD5: 2329f781301c2915393f2d64fa8ba300
SHA-1: 69a6de3ef64e87fe0a86ad40400d6cdc8ea708ea
Created: 2/5/2013 7:10:44 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.Laneul (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\brother\brmfl10d\brstdvpt.exe
Publisher: Brother Industries, Ltd.
MD5: afdfc70868f3fb89d2a541ce1da2878e
SHA-1: d66df2cace4549826dfe5073e5cc639c5d323bd4
Created: 2/5/2013 7:10:44 PM
Detections: 1
Determination: Ignore detections (false positive)
- Boost by Reason as Optional.BrotherIndustries.I

---------------------------------------------------------------------------------

File path: c:\program files (x86)\brother\brmfl10f\brinstck.exe
Publisher: Brother Industries, Ltd.
MD5: c70c9226b98919515762d7992adfcfd0
SHA-1: b8866c2a3727074d1488757396b8a02890030fbd
Created: 5/12/2014 4:53:40 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.Laneul (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\brother\brmfl10f\brmfnt.dll
Publisher: Brother Industries,LTD.
MD5: a0bdee4d0860d9eb71fac8b0e358bbad
SHA-1: f49ef6088e2e53a4f8ce07448388c42d7b7ec953
Created: 5/12/2014 4:53:40 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.Laneul (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\brother\brmfl10f\brmfprint.dll
Publisher:
MD5: 2329f781301c2915393f2d64fa8ba300
SHA-1: 69a6de3ef64e87fe0a86ad40400d6cdc8ea708ea
Created: 5/12/2014 4:53:20 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.Laneul (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\brother\brmfl10f\brstdvpt.exe
Publisher: Brother Industries, Ltd.
MD5: afdfc70868f3fb89d2a541ce1da2878e
SHA-1: d66df2cace4549826dfe5073e5cc639c5d323bd4
Created: 5/12/2014 4:53:20 PM
Detections: 1
Determination: Ignore detections (false positive)
- Boost by Reason as Optional.BrotherIndustries.I

---------------------------------------------------------------------------------

File path: c:\program files (x86)\browny02\brother\brmfnt.dll
Publisher: Brother Industries,LTD.
MD5: a0bdee4d0860d9eb71fac8b0e358bbad
SHA-1: f49ef6088e2e53a4f8ce07448388c42d7b7ec953
Created: 2/5/2013 7:10:45 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.Laneul (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\browny02\brother\brmfprint.dll
Publisher:
MD5: 2329f781301c2915393f2d64fa8ba300
SHA-1: 69a6de3ef64e87fe0a86ad40400d6cdc8ea708ea
Created: 2/5/2013 7:10:45 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.Laneul (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\cyberlink\powerdvd10\audiofilter\dolbyhph.dll
Publisher: Lake Technology Limited, https://www.lake.com.au
MD5: 442b5be8aa79b0496c5d0234b78e20ce
SHA-1: 9956235bf6fe3a3220c73a84c8f57c951226655a
Created: 5/23/2012 8:48:46 AM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.CDB (Undefined)


One more thing, I previously had deleted two suspicious files called SetStretch.exe and SetStretch.cmd. Are these files malicious or no. I'm getting conflicting reports on virustotal and the internet. Also, could rootkits be involved?
Reply

#19
Devin, I see you are keeping some software I recommended you remove, also you did not uninstall IObit , are you keeping that software? 

Scan with RogueKiller

<left><form action="https://www.paypal.com/cgi-bin/webscr" method="post">If you are satisfied with my help, consider a donation. Thank you so much for your continued support! 
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="Y4ZDLXGFS4F8Q">
<input type="image" src="https://www.paypalobjects.com/en_US/GB/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal — The safer, easier way to pay online.">
<img alt="" border="0" src="https://www.paypalobjects.com/en_GB/i/scr/pixel.gif" width="0" height="0">
</form>

   </div></left> 
Reply

#20
I uninstalled iObit from the control panel. Those are probably just leftover files that I can manually delete. The toontown entries belong to a game my sister installed on here. They are not malicious.

Roguekiller log
----------------------
RogueKiller V10.1.2.0 (x64) [Jan 7 2015] by Adlice Software
mail : https://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : https://www.adlice.com/softwares/roguekiller/
Blog : https://www.adlice.com

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : devin [Administrator]
Mode : Scan -- Date : 01/13/2015 17:23:12

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 15 ¤¤¤
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MBAMProtector (\??\C:\Windows\system32\drivers\mbam.sys) -> Found
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MBAMScheduler ("C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe") -> Found
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MBAMService ("C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe") -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2915065497-1860789701-262245439-1001\Software\Microsoft\Internet Explorer\Main | Start Page : -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2915065497-1860789701-262245439-1001\Software\Microsoft\Internet Explorer\Main | Start Page : -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 128.97.128.1 164.67.128.1 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 128.97.128.1 164.67.128.1 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces​\{578144DE-F1C1-4FA9-AEED-3EDFB6A245DC} | DhcpNameServer : 169.232.103.237 [UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces​\{C996DCAA-9A77-4A98-BC0C-306D2C0A482B} | DhcpNameServer : 128.97.128.1 164.67.128.1 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{57​8144DE-F1C1-4FA9-AEED-3EDFB6A245DC} | DhcpNameServer : 169.232.103.237 [UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C9​96DCAA-9A77-4A98-BC0C-306D2C0A482B} | DhcpNameServer : 128.97.128.1 164.67.128.1 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDeskto​pIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDeskto​pIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDeskto​pIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDeskto​pIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x20]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST750LM022 HN-M750MBB +++++
--- User ---
[MBR] 456653704ac843529f1a5321e7faf1a4
[BSP] b58995061b54d51aa5291ee08d9a9ca3 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_01122015_153445.log

P.S. I noticed it said next to "Antirookit" that driver is not loaded.
Reply



Forum Jump:


Users browsing this thread:
1 Guest(s)

Powered By MyBB, © 2002-2024 Melroy van den Berg.