Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trovigo won't go away


  • Please log in to reply
9 replies to this topic

#1 Bluenose1812

Bluenose1812

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 11 July 2014 - 08:30 AM

It is attached to IE11. Firefox seems OK but I don't know what's happening in the background. I have tried most automation removers, MalwareBytes, Trojan-Killer etc. Stopped WMIProvider task and reset IE to defaults. The blighter will not let me kill it in the Registry. The key HKEY_USERS\S-1-5-21-2172371588-234326739-4245322426-1001\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} rebuilds itself even if deleted.

 

Here is DDS

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17126  BrowserJavaVersion: 10.51.2
Run by Haydn at 13:46:19 on 2014-07-11
Microsoft Windows 8.1 Pro  6.3.9600.0.1252.44.2057.18.2982.1674 [GMT 1:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\WINDOWS\system32\wininit.exe
C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe
C:\Program Files\IObit\Start Menu 8\StartMenuServices.exe
C:\Program Files\uvnc bvba\UltraVNC\WinVNC.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\uvnc bvba\UltraVNC\WinVNC.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IObit\Start Menu 8\StartMenu8.exe
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\system32\igfxTray.exe
C:\Program Files\IObit\Start Menu 8\InstallServices32.exe
C:\Program Files\IObit\Start Menu 8\StartMenu_Hook.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe
C:\WINDOWS\system32\taskhostex.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Windows\System32\WWAHost.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\IObit\Advanced SystemCare 7\RealTimeProtector.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\ROBOTASKBARICON.EXE
C:\PROGRAM FILES\LOGMEIN HAMACHI\HAMACHI-2-UI.EXE
C:\ztree2\ZTW.EXE
C:\WINDOWS\system32\conhost.exe
C:\WINDOWS\system32\conhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com/?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPF1E6842D-EB3A-489F-AE56-781B4B6560CC&SSPV=
uSearch Bar = Preserve
uSearch Page = hxxp://go.microsoft.com
uDefault_Page_URL = about:blank
uDefault_Search_URL = hxxp://go.microsoft.com
mStart Page = about:blank
mSearch Bar = hxxp://www.google.com
mSearch Page = hxxp://go.microsoft.com
mDefault_Page_URL = about:blank
mDefault_Search_URL = hxxp://go.microsoft.com
uRun: [Advanced SystemCare 7] "c:\program files\iobit\advanced systemcare 7\ASCTray.exe" /Auto
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 208.67.222.222 192.168.1.1
TCP: Interfaces\{A7F56B81-FFC8-4A49-8F68-8C3F4FBF5149} : DHCPNameServer = 208.67.222.222 192.168.1.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\belarcadvisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\35.0.1916.153\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {F0173905-8498-4452-A4BD-EC689AFA6B3A} - "c:\program files\common files\sage sbd\ForceEIRRegistration.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\haydn\appdata\roaming\mozilla\firefox\profiles\87piu2vf.default-1405008631147\
FF - prefs.js: browser.startup.homepage - hxxp://www.newsnow.co.uk/h/Sport/Football/Championship/Birmingham+City
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorAV;Intel® SATA RAID Controller Windows;c:\windows\system32\drivers\iaStorAV.sys [2013-8-22 524784]
R0 intelpep;Intel® Power Engine Plug-in Driver;c:\windows\system32\drivers\intelpep.sys [2014-5-21 36696]
R0 Wof;Windows Overlay File System Filter Driver;c:\windows\system32\drivers\wof.sys [2014-5-21 138584]
R1 ahcache;Application Compatibility Cache;c:\windows\system32\drivers\ahcache.sys [2013-8-22 63488]
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files\iobit\advanced systemcare 7\ASCService.exe [2014-5-22 881952]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2014-6-23 1889616]
R2 igfxCUIService1.0.0.0;Intel® HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe [2014-5-21 277320]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein hamachi\LMIGuardianSvc.exe [2014-4-15 375056]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2013-12-11 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2014-4-29 47640]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-7-10 1809720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-7-10 860472]
R2 Sage SData Service;Sage SData Service;c:\program files\common files\sage sdata\Sage.SData.Service.exe [2009-12-16 49152]
R2 StartMenuService;StartMenu8 Service;c:\program files\iobit\start menu 8\StartMenuServices.exe [2014-6-17 72992]
R2 uvnc_service;uvnc_service;c:\program files\uvnc bvba\ultravnc\winvnc.exe [2014-3-24 1831168]
R3 e1dexpress;Intel® PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\drivers\e1d6432.sys [2014-2-26 378128]
R3 iwdbus;IWD Bus Enumerator;c:\windows\system32\drivers\iwdbus.sys [2014-5-6 23448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-7-10 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-7-10 110296]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-7-10 51928]
R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2013-1-11 56432]
R3 NcbService;Network Connection Broker;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 31552]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;c:\windows\system32\drivers\NdisVirtualBus.sys [2013-8-22 13312]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\drivers\WUDFRd.sys [2014-7-10 188416]
S2 LiveUpdateSvc;LiveUpdate;c:\program files\iobit\liveupdate\LiveUpdate.exe [2014-2-28 2152736]
S3 ADP80XX;ADP80XX;c:\windows\system32\drivers\adp80xx.sys [2013-8-22 773472]
S3 AppReadiness;App Readiness;c:\windows\system32\svchost.exe -k AppReadiness [2013-8-22 31552]
S3 AppXSvc;AppX Deployment Service (AppXSVC);c:\windows\system32\svchost.exe -k wsappx [2013-8-22 31552]
S3 bcmfn2;bcmfn2 Service;c:\windows\system32\drivers\bcmfn2.sys [2013-8-22 16088]
S3 BioNTDrv;BioNTDrv;c:\program files\paragon software\hard disk manager 12 professional\program\biontdrv.sys [2014-4-23 30936]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2014-1-22 88576]
S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys [2014-3-17 163616]
S3 GPIO;Intel SoC GPIO Controller Driver;c:\windows\system32\drivers\iaiogpio.sys [2013-8-22 22016]
S3 iaioi2c;Intel® Atom™ Processor I2C Controller Service;c:\windows\system32\drivers\iaioi2c.sys [2013-8-22 61936]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-6-16 108032]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2014-5-6 32152]
S3 kbldfltr;kbldfltr;c:\windows\system32\drivers\kbldfltr.sys [2013-9-30 19680]
S3 lfsvc;Windows Location Framework Service;c:\windows\system32\svchost.exe -k netsvcs [2013-8-22 31552]
S3 LSI_SAS3;LSI_SAS3;c:\windows\system32\drivers\lsi_sas3.sys [2013-8-22 68960]
S3 netvsc;netvsc;c:\windows\system32\drivers\netvsc63.sys [2013-8-22 72192]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 31552]
S3 SerCx2;Serial UART Support Library;c:\windows\system32\drivers\SerCx2.sys [2014-3-1 120152]
S3 smphost;Microsoft Storage Spaces SMP;c:\windows\system32\svchost.exe -k smphost [2013-8-22 31552]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2014-1-22 184192]
S3 stornvme;Microsoft Standard NVM Express Driver;c:\windows\system32\drivers\stornvme.sys [2013-11-13 47960]
S3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\drivers\gtkdrv.sys [2014-7-2 16128]
S3 UEFI;Microsoft UEFI Driver;c:\windows\system32\drivers\uefi.sys [2013-8-22 23904]
S3 vmicguestinterface;Hyper-V Guest Service Interface;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 31552]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;c:\windows\system32\drivers\WdNisDrv.sys [2014-5-22 92504]
S3 WdNisSvc;Windows Defender Network Inspection Service;c:\program files\windows defender\NisSrv.exe [2014-5-22 279784]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;c:\windows\system32\svchost.exe -k WepHostSvcGroup [2013-8-22 31552]
S3 workfolderssvc;Work Folders;c:\windows\system32\svchost.exe -k LocalService [2013-8-22 31552]
S4 MsKeyboardFilter;Microsoft Keyboard Filter;c:\windows\system32\svchost.exe -k netsvcs [2013-8-22 31552]
.
=============== Created Last 30 ================
.
2014-07-11 12:45:53    --------    d-----w-    C:\111
2014-07-11 09:59:55    --------    d-----w-    c:\programdata\GridinSoft
2014-07-11 09:59:53    --------    d-----w-    c:\program files\GridinSoft Trojan Killer
2014-07-11 09:40:07    --------    d-----w-    c:\programdata\HitmanPro
2014-07-11 09:37:07    --------    d-----w-    c:\program files\VS Revo Group
2014-07-11 08:09:17    5    ----a-w-    c:\windows\system32\lMMLDeleteUserData42107612FX.tmp
2014-07-11 07:46:17    765968    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{059c7451-a4f3-4bb7-b66f-49d6fa96ff30}\gapaengine.dll
2014-07-11 07:46:08    8140904    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{b19948d4-cd52-45f1-8cb1-b6d16330677d}\mpengine.dll
2014-07-10 16:01:47    765968    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{8dda497d-1c71-a339-3f29-e0d4386da9a8}\GapaEngine.dll
2014-07-10 16:01:43    8140904    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2014-07-10 15:46:50    765968    ------w-    c:\programdata\microsoft\windows defender\definition updates\{a7f0336b-dbd0-4d8b-bb33-c8748ece0c83}\gapaengine.dll
2014-07-10 15:45:56    79360    ----a-w-    c:\windows\system32\WSReset.exe
2014-07-10 15:17:51    703968    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-07-10 15:17:51    105440    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-10 14:40:29    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-07-10 14:33:26    --------    d-----w-    C:\FRST
2014-07-10 13:19:36    110296    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-10 13:19:25    74456    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-07-10 13:19:25    51928    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-07-10 13:19:25    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-07-10 13:19:25    --------    d-----w-    c:\programdata\Malwarebytes
2014-07-10 13:19:25    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2014-07-10 13:00:14    --------    d-----w-    c:\windows\ERUNT
2014-07-09 11:01:44    290304    ----a-w-    c:\windows\system32\subinacl.exe
2014-07-09 11:01:42    --------    d-----w-    c:\program files\common files\Microsoft
2014-07-09 11:01:42    --------    d-----w-    c:\program files\Adware-Removal-Tool
2014-07-09 11:00:06    778936    ----a-w-    c:\windows\system32\PresentationNative_v0300.dll
2014-07-09 11:00:06    35480    ----a-w-    c:\windows\system32\TsWpfWrp.exe
2014-07-09 11:00:06    102608    ----a-w-    c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-07-09 10:52:46    --------    d-----w-    C:\AdwCleaner
2014-07-09 10:47:24    536576    ----a-w-    c:\windows\system32\sqlite3.dll
2014-07-03 06:21:55    --------    d-----w-    c:\program files\LogMeIn Hamachi
2014-07-02 09:56:04    16128    ----a-w-    c:\windows\system32\drivers\gtkdrv.sys
2014-06-25 14:49:57    --------    d-----w-    c:\users\haydn\appdata\roaming\uTorrent
2014-06-23 12:26:22    75264    ----a-w-    c:\windows\system32\nmwcdcls.dll
2014-06-23 10:42:36    38920    ---ha-w-    c:\windows\system32\drivers\Hamdrv.sys
2014-06-18 10:00:59    93808    ----a-w-    c:\program files\mozilla firefox\webapprt-stub.exe
2014-06-18 10:00:59    898176    ----a-w-    c:\program files\mozilla firefox\uninstall\helper.exe
2014-06-18 10:00:59    28272    ----a-w-    c:\program files\mozilla firefox\plugin-hang-ui.exe
2014-06-18 10:00:59    277616    ----a-w-    c:\program files\mozilla firefox\updater.exe
2014-06-18 10:00:59    23950448    ----a-w-    c:\program files\mozilla firefox\xul.dll
2014-06-18 10:00:59    18544    ----a-w-    c:\program files\mozilla firefox\plugin-container.exe
2014-06-18 10:00:59    170960    ----a-w-    c:\program files\mozilla firefox\webapp-uninstaller.exe
2014-06-18 10:00:59    152688    ----a-w-    c:\program files\mozilla firefox\softokn3.dll
2014-06-17 08:27:59    144    ----a-w-    c:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-06-16 16:25:22    --------    d-sh--w-    c:\users\haydn\IntelGraphicsProfiles
2014-06-16 16:25:21    451    ----a-w-    c:\windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-06-16 16:01:47    53248    ----a-w-    c:\windows\system32\tsgqec.dll
2014-06-16 15:59:27    --------    d-----w-    c:\program files\CCleaner
2014-06-16 15:34:51    51200    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-06-16 15:34:51    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-06-16 15:34:51    108032    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-06-16 15:34:50    112128    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-06-13 09:06:02    --------    d--h--w-    C:\$WINDOWS.~BT
.
==================== Find3M  ====================
.
2014-07-03 11:48:05    82432    ----a-w-    c:\windows\system32\KXPLM32.DLL
2014-06-18 22:52:18    4254720    ----a-w-    c:\windows\system32\jscript9.dll
2014-06-18 22:45:59    1964544    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-06-18 22:13:59    1791488    ----a-w-    c:\windows\system32\wininet.dll
2014-06-16 22:26:43    779264    ----a-w-    c:\windows\system32\osk.exe
2014-06-06 13:20:13    3497472    ----a-w-    c:\windows\system32\win32k.sys
2014-06-06 13:01:34    86888    ----a-w-    c:\windows\system32\LMIRfsClientNP.dll
2014-06-06 13:01:30    53064    ----a-w-    c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2014-06-06 13:01:26    85832    ----a-w-    c:\windows\system32\LMIinit.dll
2014-06-06 13:01:26    31560    ----a-w-    c:\windows\system32\LMIport.dll
2014-06-06 12:18:07    488960    ----a-w-    c:\windows\system32\qedit.dll
2014-05-31 03:30:05    11792384    ----a-w-    c:\windows\system32\twinui.dll
2014-05-31 03:01:51    189952    ----a-w-    c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-31 02:56:02    80896    ----a-w-    c:\windows\system32\wudriver.dll
2014-05-31 02:35:41    828928    ----a-w-    c:\windows\system32\twinui.appcore.dll
2014-05-31 02:32:24    756224    ----a-w-    c:\windows\system32\WSShared.dll
2014-05-30 12:27:08    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-05-30 08:43:06    61952    ----a-w-    c:\windows\system32\iesetup.dll
2014-05-30 08:27:56    592896    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-05-30 03:05:35    461312    ----a-w-    c:\windows\system32\drivers\afd.sys
2014-05-29 09:30:03    481400    ----a-w-    c:\windows\system32\drivers\cng.sys
2014-05-29 06:40:52    735232    ----a-w-    c:\windows\system32\adtschema.dll
2014-05-29 04:38:00    1089024    ----a-w-    c:\windows\system32\lsasrv.dll
2014-05-20 23:32:58    5120    ----a-w-    c:\windows\system32\igfxLHMLibv2_0.dll
2014-05-19 05:33:42    51200    ----a-w-    c:\windows\system32\drvcfg.exe
2014-05-19 05:23:45    98816    ----a-w-    c:\windows\system32\drvinst.exe
2014-05-14 22:47:44    3886080    ----a-w-    c:\windows\system32\SyncEngine.dll
2014-05-13 14:46:46    73216    ----a-w-    c:\windows\ST6UNST.EXE
2014-05-13 14:46:46    364544    ------w-    c:\windows\Setup1.exe
2014-05-13 05:21:32    63488    ----a-w-    c:\windows\system32\BulkOperationHost.exe
2014-05-13 03:59:29    1035264    ----a-w-    c:\windows\system32\actxprxy.dll
2014-05-13 03:43:13    98816    ----a-w-    c:\windows\system32\winbici.dll
2014-05-13 03:33:09    586240    ----a-w-    c:\windows\system32\SkyDriveTelemetry.dll
2014-05-13 03:31:55    265216    ----a-w-    c:\windows\system32\SkyDriveShell.dll
2014-05-13 03:04:38    875520    ----a-w-    c:\windows\system32\SkyDrive.exe
2014-05-10 03:22:15    1312256    ----a-w-    c:\windows\system32\msxml3.dll
2014-05-08 23:08:22    218112    ----a-w-    c:\windows\system32\drivers\ks.sys
2014-05-06 22:39:17    32152    ----a-w-    c:\windows\system32\drivers\intelaud.sys
2014-05-06 22:39:17    23448    ----a-w-    c:\windows\system32\drivers\iwdbus.sys
2014-05-05 04:02:52    2826240    ----a-w-    c:\windows\system32\rdpcorets.dll
2014-05-03 09:20:30    1450880    ----a-w-    c:\windows\system32\ntdll.dll
2014-05-03 06:42:35    124928    ----a-w-    c:\windows\system32\wbem\WMIADAP.exe
2014-05-03 06:36:32    119296    ----a-w-    c:\windows\system32\rdpudd.dll
2014-05-03 04:57:42    854528    ----a-w-    c:\windows\system32\reseteng.dll
2014-05-03 04:47:03    49664    ----a-w-    c:\windows\system32\wbem\wbemsvc.dll
2014-05-03 04:46:18    52736    ----a-w-    c:\windows\system32\ncobjapi.dll
2014-05-03 04:37:39    235008    ----a-w-    c:\windows\system32\framedynos.dll
2014-05-03 04:37:16    97792    ----a-w-    c:\windows\system32\wbem\wmiutils.dll
2014-05-03 04:37:01    207360    ----a-w-    c:\windows\system32\framedyn.dll
2014-05-03 04:36:32    34816    ----a-w-    c:\windows\system32\wbem\wbemprox.dll
2014-05-03 04:36:04    322048    ----a-w-    c:\windows\system32\wbem\esscli.dll
2014-05-03 04:32:47    77312    ----a-w-    c:\windows\system32\wbem\NCProv.dll
2014-05-03 03:27:51    2317824    ----a-w-    c:\windows\system32\authui.dll
2014-05-01 11:00:26    2257608    ----a-w-    c:\windows\system32\WpcMon.exe
2014-05-01 11:00:25    46512    ----a-w-    c:\windows\system32\drivers\wpcfltr.sys
2014-05-01 08:24:18    560640    ----a-w-    c:\windows\system32\drivers\srv2.sys
2014-05-01 06:51:23    2344448    ----a-w-    c:\windows\system32\Wpc.dll
2014-05-01 06:42:00    2045440    ----a-w-    c:\windows\system32\WpcWebSync.dll
2014-05-01 05:46:25    834560    ----a-w-    c:\windows\system32\localspl.dll
2014-05-01 05:31:32    2366976    ----a-w-    c:\windows\system32\wpccpl.dll
2014-04-30 10:10:47    1090296    ----a-w-    c:\windows\system32\gdi32.dll
2014-04-30 05:32:04    57344    ----a-w-    c:\windows\system32\drivers\vwififlt.sys
2014-04-30 05:29:58    30720    ----a-w-    c:\windows\system32\drivers\vwifimp.sys
2014-04-30 05:29:36    333312    ----a-w-    c:\windows\system32\drivers\mrxsmb.sys
2014-04-30 04:48:16    106496    ----a-w-    c:\windows\system32\Robocopy.exe
2014-04-30 03:47:50    1509888    ----a-w-    c:\windows\system32\DWrite.dll
2014-04-30 03:46:18    56320    ----a-w-    c:\windows\system32\dhcpcsvc6.dll
2014-04-30 03:46:07    285696    ----a-w-    c:\windows\system32\dhcpcore.dll
2014-04-30 03:46:07    229888    ----a-w-    c:\windows\system32\dhcpcore6.dll
2014-04-30 03:43:15    1046016    ----a-w-    c:\windows\system32\FntCache.dll
2014-04-30 03:38:10    551424    ----a-w-    c:\windows\system32\BFE.DLL
2014-04-30 03:25:21    731648    ----a-w-    c:\windows\system32\IKEEXT.DLL
2014-04-30 03:15:16    323072    ----a-w-    c:\windows\system32\vpnike.dll
2014-04-28 22:40:42    572416    ----a-w-    c:\windows\system32\fveapi.dll
2014-04-26 20:14:05    2144984    ----a-w-    c:\windows\system32\mfcore.dll
2014-04-26 16:59:39    128000    ----a-w-    c:\windows\system32\BdeHdCfg.exe
2014-04-26 16:43:38    82944    ----a-w-    c:\windows\system32\BdeHdCfgLib.dll
2014-04-26 16:31:00    304640    ----a-w-    c:\windows\system32\fvecpl.dll
2014-04-26 16:07:00    761856    ----a-w-    c:\windows\system32\fvewiz.dll
2014-04-23 16:08:40    426248    ----a-w-    c:\windows\system32\drivers\UimFIO.sys
2014-04-23 16:08:38    91016    ----a-w-    c:\windows\system32\drivers\UimBus.sys
2014-04-23 16:08:38    540168    ----a-w-    c:\windows\system32\drivers\uim_im.sys
2014-04-18 13:43:52    31064    ----a-w-    c:\windows\system32\ploptin.dll
2014-04-18 13:29:08    1200288    ----a-w-    c:\windows\system32\propsys.dll
2014-04-18 09:14:19    2441216    ----a-w-    c:\windows\apppatch\AcGenral.dll
2014-04-18 08:51:31    47616    ----a-w-    c:\windows\system32\energyprov.dll
2014-04-18 08:01:20    553472    ----a-w-    c:\windows\system32\win32spl.dll
2014-04-18 07:51:14    836608    ----a-w-    c:\windows\system32\SearchFolder.dll
2014-04-18 07:49:01    5833216    ----a-w-    c:\windows\system32\Windows.UI.Search.dll
2014-04-16 21:10:36    86888    ----a-w-    c:\windows\system32\LMIRfsClientNP.dll.000.bak
2014-04-16 21:10:28    85832    ----a-w-    c:\windows\system32\LMIinit.dll.000.bak
2014-04-14 08:08:44    1797896    ----a-w-    c:\windows\system32\d3d9.dll
2014-04-14 08:01:02    285144    ----a-w-    c:\windows\system32\MFCaptureEngine.dll
2014-04-14 05:18:38    11776    ----a-w-    c:\windows\system32\d3d8thk.dll
.
============= FINISH: 13:46:25.06 ===============
 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,198 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:19 AM

Posted 15 July 2014 - 01:13 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know what problem persists.

#3 Bluenose1812

Bluenose1812
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 16 July 2014 - 03:06 AM

ADWC removed it but whwn I opened IE up again - there it was !

 

# AdwCleaner v3.215 - Report created 16/07/2014 at 08:57:31

# Updated 09/07/2014 by Xplode

# Operating System : Windows 8.1 Pro  (32 bits)

# Username : Haydn - PC14-3

# Running from : C:\Users\Haydn\Downloads\adwcleaner_3.215(2).exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Found : C:\Users\Haydn\AppData\Roaming\Mozilla\Firefox\Profiles\87piu2vf.default-1405008631147\adawaretb

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKCU\Software\AppDataLow\Software\adawarebp

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17126

 

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://search.conduit.com/?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPF1E6842D-EB3A-489F-AE56-781B4B6560CC&SSPV=

 

-\\ Mozilla Firefox v30.0 (en-GB)

 

[ File : C:\Users\Haydn\AppData\Roaming\Mozilla\Firefox\Profiles\87piu2vf.default-1405008631147\prefs.js ]

 

 

-\\ Google Chrome v35.0.1916.153

 

*************************

 

AdwCleaner[R0].txt - [1208 octets] - [09/07/2014 11:52:57]

AdwCleaner[R1].txt - [2659 octets] - [16/07/2014 08:47:47]

AdwCleaner[R2].txt - [1286 octets] - [16/07/2014 08:57:31]

AdwCleaner[S0].txt - [1132 octets] - [09/07/2014 11:53:07]

AdwCleaner[S1].txt - [2618 octets] - [16/07/2014 08:51:53]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1466 octets] ##########

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-07-2014 01

Ran by Haydn (administrator) on PC14-3 on 16-07-2014 09:00:01

Running from C:\Users\Haydn\Downloads

Platform: Microsoft Windows 8.1 Pro (X86) OS Language: English (United Kingdom)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(IObit) C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe

(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe

(Sage (UK) Limited) C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe

(IObit) C:\Program Files\IObit\Start Menu 8\StartMenuServices.exe

(UltraVNC) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe

(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe

(UltraVNC) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

(Intel Corporation) C:\Windows\System32\igfxTray.exe

(IObit) C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe

(IObit) C:\Program Files\IObit\Start Menu 8\StartMenu8.exe

() C:\Program Files\IObit\Start Menu 8\InstallServices32.exe

(IObit) C:\Program Files\IObit\Start Menu 8\StartMenu_Hook.exe

() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe

(Google) C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe

(Microsoft Corporation) C:\Windows\System32\WWAHost.exe

(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe

() C:\Program Files\IObit\Advanced SystemCare 7\RealTimeProtector.exe

(Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2013-12-11] (LogMeIn, Inc.)

HKLM\...\Run: [] => [X]

HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe [6699864 2014-06-03] ()

Winlogon\Notify\igfxcui: igfxdev.dll [X]

HKU\S-1-5-21-2172371588-234326739-4245322426-1001\...\Run: [Advanced SystemCare 7] => C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe [2295584 2014-04-21] (IObit)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk

ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPF1E6842D-EB3A-489F-AE56-781B4B6560CC&SSPV=

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPF1E6842D-EB3A-489F-AE56-781B4B6560CC&q={searchTerms}&SSPV=

SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPF1E6842D-EB3A-489F-AE56-781B4B6560CC&q={searchTerms}&SSPV=

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Users\Haydn\AppData\Roaming\Mozilla\Firefox\Profiles\87piu2vf.default-1405008631147

FF SelectedSearchEngine: Google

FF Homepage: hxxp://www.newsnow.co.uk/h/Sport/Football/Championship/Birmingham+City

FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml

FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Haydn\AppData\Roaming\Mozilla\Firefox\Profiles\87piu2vf.default-1405008631147\Extensions\ascsurfingprotection@iobit.com [2014-07-10]

FF Extension: Ad-Aware Security Toolbar - C:\Users\Haydn\AppData\Roaming\Mozilla\Firefox\Profiles\87piu2vf.default-1405008631147\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2014-07-11]

FF Extension: Adblock Plus - C:\Users\Haydn\AppData\Roaming\Mozilla\Firefox\Profiles\87piu2vf.default-1405008631147\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-10]

FF HKLM\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox

FF Extension: RoboForm Toolbar for Firefox - C:\Program Files\Siber Systems\AI RoboForm\Firefox [2013-10-23]

FF HKCU\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox

 

========================== Services (Whitelisted) =================

 

R2 AdvancedSystemCareService7; C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit)

S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [278344 2014-05-21] (Intel Corporation)

R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1889616 2014-06-23] (LogMeIn Inc.)

S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]

R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [277320 2014-05-21] (Intel Corporation)

R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe [655352 2014-06-03] ()

S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)

R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [375056 2014-04-15] (LogMeIn, Inc.)

S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

R2 Sage SData Service; C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe [49152 2009-12-16] (Sage (UK) Limited) [File not signed]

S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)

R2 StartMenuService; C:\Program Files\IObit\Start Menu 8\StartMenuServices.exe [72992 2014-06-06] (IObit)

R2 uvnc_service; C:\Program Files\uvnc bvba\UltraVNC\WinVNC.exe [1831168 2013-12-05] (UltraVNC)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [279784 2014-03-24] (Microsoft Corporation)

S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2014-03-24] (Microsoft Corporation)

S3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1210368 2014-04-03] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2005-04-07] () [File not signed]

R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [25600 2014-02-22] (Microsoft Corporation)

S3 BioNTDrv; C:\Program Files\Paragon Software\Hard Disk Manager 12 Professional\program\BioNTDrv.SYS [30936 2014-04-23] (Paragon Software Group)

S3 DigiartyVirtualCDBus; C:\WINDOWS\System32\drivers\DigiartyVirtualCDBus.sys [163616 2014-03-17] (Digiarty Software, Inc.)

R3 e1dexpress; C:\WINDOWS\system32\DRIVERS\e1d6432.sys [378128 2014-02-26] (Intel Corporation)

R0 gfibto; C:\WINDOWS\System32\drivers\gfibto.sys [13560 2014-07-11] (GFI Software)

S3 GPIO; C:\WINDOWS\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)

R3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [38920 2014-06-23] (LogMeIn Inc.)

S3 intaud_WaveExtensible; C:\WINDOWS\system32\drivers\intelaud.sys [32152 2014-05-06] (Intel Corporation)

R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [23448 2014-05-06] (Intel Corporation)

S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)

R3 MEI; C:\WINDOWS\System32\drivers\HECI.sys [56432 2013-01-11] (Intel Corporation)

S3 TrojanKillerDriver; C:\WINDOWS\System32\DRIVERS\gtkdrv.sys [16128 2014-07-02] (Windows ® Win 7 DDK provider)

S3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [360376 2014-04-22] (BitDefender S.R.L.)

R1 UimBus; C:\WINDOWS\System32\drivers\UimBus.sys [91016 2014-04-23] ()

R1 Uim_IM; C:\WINDOWS\System32\Drivers\Uim_IM.sys [540168 2014-04-23] ()

S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [92504 2014-03-24] (Microsoft Corporation)

R0 Wof; C:\WINDOWS\system32\Drivers\Wof.sys [138584 2014-03-13] (Microsoft Corporation)

R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-07-10] (Microsoft Corporation)

S3 DIRECTIO; No ImagePath

S4 LMIRfsClientNP; No ImagePath

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-07-16 09:00 - 2014-07-16 09:00 - 00011841 _____ () C:\Users\Haydn\Downloads\FRST.txt

2014-07-16 08:59 - 2014-07-16 08:59 - 00001429 _____ () C:\Users\Haydn\Desktop\FRST.txt - Shortcut.lnk

2014-07-16 08:59 - 2014-07-16 08:59 - 00001429 _____ () C:\Users\Haydn\Desktop\FRST.exe - Shortcut.lnk

2014-07-16 08:58 - 2014-07-16 08:58 - 01077248 _____ (Farbar) C:\Users\Haydn\Downloads\FRST.exe

2014-07-16 08:56 - 2014-07-16 08:57 - 01348263 _____ () C:\Users\Haydn\Downloads\adwcleaner_3.215(2).exe

2014-07-16 08:47 - 2014-07-16 08:47 - 01348263 _____ () C:\Users\Haydn\Downloads\adwcleaner_3.215(1).exe

2014-07-15 14:51 - 2014-07-15 14:51 - 00323212 _____ () C:\Users\Haydn\Downloads\010414-KMAD-Disclosure-Checklists.zip

2014-07-14 12:51 - 2014-07-16 08:52 - 00000934 _____ () C:\WINDOWS\PFRO.log

2014-07-11 15:02 - 2014-07-11 15:02 - 00000000 ____D () C:\Users\Haydn\AppData\Roaming\Lavasoft

2014-07-11 14:55 - 2014-07-16 08:52 - 00002405 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk

2014-07-11 14:55 - 2014-07-11 14:55 - 05616264 _____ (Lavasoft Limited) C:\Users\Haydn\Downloads\Adaware_Installer(1).exe

2014-07-11 14:55 - 2014-07-11 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus

2014-07-11 14:53 - 2014-07-11 14:54 - 00000000 ____D () C:\Program Files\Lavasoft

2014-07-11 14:52 - 2014-07-11 14:52 - 05616264 _____ (Lavasoft Limited) C:\Users\Haydn\Downloads\Adaware_Installer.exe

2014-07-11 14:52 - 2014-07-11 14:52 - 00044424 _____ (GFI Software) C:\WINDOWS\system32\sbbd.exe

2014-07-11 14:52 - 2014-07-11 14:52 - 00013560 _____ (GFI Software) C:\WINDOWS\system32\Drivers\gfibto.sys

2014-07-11 14:52 - 2014-07-11 14:52 - 00000000 ____D () C:\Users\Haydn\AppData\Roaming\LavasoftStatistics

2014-07-11 14:52 - 2014-07-11 14:52 - 00000000 ____D () C:\Users\Haydn\AppData\Roaming\Ad-Aware Antivirus

2014-07-11 14:52 - 2014-07-11 14:52 - 00000000 ____D () C:\ProgramData\Lavasoft

2014-07-11 14:52 - 2014-07-11 14:52 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft

2014-07-11 13:46 - 2014-07-11 13:46 - 00023336 _____ () C:\Users\Haydn\Desktop\dds.txt

2014-07-11 13:46 - 2014-07-11 13:46 - 00010031 _____ () C:\Users\Haydn\Desktop\attach.txt

2014-07-11 13:45 - 2014-07-11 13:45 - 00000000 ____D () C:\111

2014-07-11 13:42 - 2014-07-11 13:42 - 00002853 _____ () C:\Users\Haydn\Desktop\dds.com - Shortcut.pif

2014-07-11 13:37 - 2014-07-11 13:37 - 00688992 _____ (Swearware) C:\Users\Haydn\Downloads\dds.com

2014-07-11 13:08 - 2014-07-11 13:09 - 46320616 _____ (GridinSoft LLC) C:\Users\Haydn\Downloads\gtk-2.2.3.8-setup.exe

2014-07-11 12:35 - 2014-07-11 12:35 - 00505695 _____ () C:\Users\Haydn\Desktop\IEDiag.cab

2014-07-11 11:33 - 2014-07-11 11:33 - 00001197 _____ () C:\Users\Haydn\Desktop\Trojan Killer.lnk

2014-07-11 10:59 - 2014-07-11 10:59 - 00001179 _____ () C:\Users\Public\Desktop\Trojan Killer.lnk

2014-07-11 10:59 - 2014-07-11 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer

2014-07-11 10:59 - 2014-07-11 10:59 - 00000000 ____D () C:\ProgramData\GridinSoft

2014-07-11 10:59 - 2014-07-11 10:59 - 00000000 ____D () C:\Program Files\GridinSoft Trojan Killer

2014-07-11 10:57 - 2014-07-11 10:58 - 03026176 _____ (GridinSoft) C:\Users\Haydn\Downloads\TrojanKillerInstallerST.exe

2014-07-11 10:40 - 2014-07-11 10:42 - 00000000 ____D () C:\ProgramData\HitmanPro

2014-07-11 10:39 - 2014-07-11 10:40 - 10278752 _____ (SurfRight B.V.) C:\Users\Haydn\Downloads\HitmanPro.exe

2014-07-11 10:37 - 2014-07-11 10:37 - 00001306 _____ () C:\Users\Haydn\Desktop\Revo Uninstaller.lnk

2014-07-11 10:37 - 2014-07-11 10:37 - 00000000 ____D () C:\Program Files\VS Revo Group

2014-07-11 10:36 - 2014-07-11 10:36 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Haydn\Downloads\revosetup.exe

2014-07-11 09:09 - 2014-07-11 09:09 - 00000005 _____ () C:\WINDOWS\system32\lMMLDeleteUserData42107612FX.tmp

2014-07-10 17:11 - 2014-06-19 09:40 - 00000124 _____ () C:\Users\Haydn\Documents\indexfile.txt

2014-07-10 16:53 - 2014-07-10 16:54 - 28694720 _____ (Microsoft Corporation) C:\Users\Haydn\Downloads\Windows-KB890830-V5.14.exe

2014-07-10 16:49 - 2014-07-10 16:49 - 00001492 _____ () C:\Users\Haydn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-07-10 16:45 - 2014-07-10 16:45 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe

2014-07-10 16:29 - 2014-07-10 16:29 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Haydn\Downloads\SpyHunter-Installer.exe

2014-07-10 16:17 - 2014-07-10 15:12 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe

2014-07-10 16:17 - 2014-07-10 15:12 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

2014-07-10 15:37 - 2014-07-10 17:00 - 00000000 ____D () C:\WINDOWS\erdnt

2014-07-10 15:37 - 2014-07-10 15:37 - 00000000 ___SD () C:\32788R22FWJFW

2014-07-10 15:33 - 2014-07-16 09:00 - 00000000 ____D () C:\FRST

2014-07-10 15:33 - 2014-07-10 15:34 - 00031441 _____ () C:\Users\Haydn\Downloads\Addition.txt

2014-07-10 15:11 - 2014-07-10 15:11 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll

2014-07-10 15:11 - 2014-07-10 15:11 - 01871704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys

2014-07-10 15:11 - 2014-07-10 15:11 - 00865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll

2014-07-10 15:11 - 2014-07-10 15:11 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll

2014-07-10 15:11 - 2014-07-10 15:11 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll

2014-07-10 15:11 - 2014-07-10 15:11 - 00382296 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys

2014-07-10 15:11 - 2014-07-10 15:11 - 00376152 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS

2014-07-10 15:11 - 2014-07-10 15:11 - 00338264 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys

2014-07-10 15:11 - 2014-07-10 15:11 - 00337752 _____ (Microsoft Corporation) C:\WINDOWS\system32\halmacpi.dll

2014-07-10 15:11 - 2014-07-10 15:11 - 00337752 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll

2014-07-10 15:11 - 2014-07-10 15:11 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll

2014-07-10 15:11 - 2014-07-10 15:11 - 00286040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS

2014-07-10 15:11 - 2014-07-10 15:11 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll

2014-07-10 15:11 - 2014-07-10 15:11 - 00244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe

2014-07-10 15:11 - 2014-07-10 15:11 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll

2014-07-10 15:11 - 2014-07-10 15:11 - 00188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys

2014-07-10 15:11 - 2014-07-10 15:11 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll

2014-07-10 15:11 - 2014-07-10 15:11 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys

2014-07-10 15:11 - 2014-07-10 15:11 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll

2014-07-10 15:11 - 2014-07-10 15:11 - 00072536 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys

2014-07-10 15:11 - 2014-07-10 15:11 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys

2014-07-10 15:11 - 2014-07-10 15:11 - 00023384 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys

2014-07-10 14:19 - 2014-07-16 08:52 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-07-10 14:19 - 2014-07-10 17:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-10 14:19 - 2014-07-10 17:01 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-07-10 14:19 - 2014-07-10 17:00 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-10 14:19 - 2014-07-10 14:19 - 00001138 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-07-10 14:19 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2014-07-10 14:19 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2014-07-10 14:19 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2014-07-10 14:18 - 2014-07-10 14:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Haydn\Downloads\mbam-setup-2.0.2.1012.exe

2014-07-10 14:01 - 2014-07-10 14:01 - 00001492 _____ () C:\Users\Haydn\Desktop\JRT.txt

2014-07-10 14:00 - 2014-07-10 17:00 - 00000000 ____D () C:\WINDOWS\ERUNT

2014-07-10 14:00 - 2014-07-10 14:00 - 01016261 _____ (Thisisu) C:\Users\Haydn\Downloads\JRT.exe

2014-07-09 12:01 - 2014-07-10 17:01 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool

2014-07-09 12:01 - 2014-07-10 17:00 - 00000000 ____D () C:\Program Files\Reference Assemblies

2014-07-09 12:01 - 2014-07-09 12:01 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\system32\subinacl.exe

2014-07-09 12:00 - 2013-08-03 05:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll

2014-07-09 12:00 - 2013-08-03 05:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll

2014-07-09 12:00 - 2013-08-03 05:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe

2014-07-09 11:52 - 2014-07-16 08:57 - 00000000 ____D () C:\AdwCleaner

2014-07-09 11:47 - 2014-07-09 11:47 - 01348263 _____ () C:\Users\Haydn\Downloads\adwcleaner_3.215.exe

2014-07-09 11:47 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll

2014-07-09 09:34 - 2014-07-09 09:34 - 00466028 _____ () C:\Users\Haydn\Downloads\return(3)

2014-07-09 04:08 - 2014-06-19 01:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2014-07-09 04:08 - 2014-06-19 00:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2014-07-09 04:08 - 2014-06-19 00:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll

2014-07-09 04:08 - 2014-06-18 23:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2014-07-09 04:08 - 2014-06-18 23:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll

2014-07-09 04:08 - 2014-06-18 23:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2014-07-09 04:08 - 2014-06-18 23:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2014-07-09 04:08 - 2014-06-18 23:52 - 00595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2014-07-09 04:08 - 2014-06-18 23:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2014-07-09 04:08 - 2014-06-18 23:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2014-07-09 04:08 - 2014-06-18 23:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2014-07-09 04:08 - 2014-06-18 23:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2014-07-09 04:08 - 2014-06-18 23:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2014-07-09 04:08 - 2014-06-18 23:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2014-07-09 04:08 - 2014-06-16 23:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe

2014-07-09 04:08 - 2014-06-06 14:20 - 03497472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2014-07-09 04:08 - 2014-06-06 13:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll

2014-07-09 04:08 - 2014-05-31 09:38 - 00049552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

2014-07-09 04:08 - 2014-05-31 04:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll

2014-07-09 04:08 - 2014-05-31 04:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-07-09 04:08 - 2014-05-31 03:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll

2014-07-09 04:08 - 2014-05-31 03:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll

2014-07-09 04:08 - 2014-05-31 03:39 - 02818048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2014-07-09 04:08 - 2014-05-31 03:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll

2014-07-09 04:08 - 2014-05-31 03:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll

2014-07-09 04:08 - 2014-05-30 04:05 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys

2014-07-09 04:08 - 2014-05-29 10:30 - 00481400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys

2014-07-09 04:08 - 2014-05-29 07:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll

2014-07-09 04:08 - 2014-05-29 05:38 - 01089024 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll

2014-07-08 11:50 - 2014-07-08 11:50 - 99596461 _____ () C:\Users\Haydn\Desktop\ASC_Portable.zip

2014-07-07 16:46 - 2014-07-07 16:46 - 51277824 _____ () C:\WINDOWS\system32\config\SOFTWARE.iobit

2014-07-07 16:46 - 2014-07-07 16:46 - 00409600 _____ () C:\WINDOWS\system32\config\DEFAULT.iobit

2014-07-07 16:46 - 2014-07-07 16:46 - 00032768 _____ () C:\WINDOWS\system32\config\SAM.iobit

2014-07-07 16:46 - 2014-07-07 16:46 - 00028672 _____ () C:\WINDOWS\system32\config\SECURITY.iobit

2014-07-04 16:38 - 2014-07-04 16:38 - 00013054 _____ () C:\Users\Haydn\Desktop\MP PAYROLL TRANSFERS.xlsx

2014-07-04 14:23 - 2014-07-04 14:23 - 00465945 _____ () C:\Users\Haydn\Downloads\return(2)

2014-07-04 13:50 - 2014-07-04 13:50 - 00466014 _____ () C:\Users\Haydn\Downloads\return(1)

2014-07-03 12:45 - 2014-07-03 12:47 - 42991706 _____ () C:\Users\Haydn\Downloads\KXDrv_6.0.3323_...P2x35_P7035.zip

2014-07-03 07:21 - 2014-07-10 17:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

2014-07-03 07:21 - 2014-07-10 17:01 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi

2014-07-03 07:21 - 2014-07-03 07:21 - 00000968 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk

2014-07-02 10:56 - 2014-07-02 10:56 - 00016128 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\gtkdrv.sys

2014-06-25 15:50 - 2014-06-25 15:50 - 00000907 _____ () C:\Users\Haydn\Desktop\µTorrent.lnk

2014-06-25 15:50 - 2014-06-25 15:50 - 00000887 _____ () C:\Users\Haydn\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk

2014-06-25 15:49 - 2014-07-10 17:01 - 00000000 ____D () C:\Users\Haydn\AppData\Roaming\uTorrent

2014-06-25 15:49 - 2014-06-25 15:49 - 01837904 _____ (BitTorrent Inc.) C:\Users\Haydn\Downloads\uTorrent.exe

2014-06-25 13:34 - 2014-06-25 13:34 - 00268726 _____ () C:\Users\Haydn\Downloads\pgpsw-speed-cams-rKvyJ-(12-062).zip

2014-06-24 13:11 - 2014-06-24 13:11 - 00000000 ____D () C:\Users\Default\AppData\Roaming\IObit

2014-06-24 13:11 - 2014-06-24 13:11 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\IObit

2014-06-23 13:26 - 2014-07-10 17:00 - 00000000 ____D () C:\ProgramData\Installations

2014-06-23 13:26 - 2013-01-23 11:31 - 00075264 _____ (Nokia) C:\WINDOWS\system32\nmwcdcls.dll

2014-06-23 13:25 - 2014-06-23 13:26 - 07082136 _____ () C:\Users\Haydn\Downloads\Nokia_Connectivity_Cable_Driver.exe

2014-06-23 11:42 - 2014-06-23 11:42 - 00038920 ____H (LogMeIn Inc.) C:\WINDOWS\system32\Drivers\Hamdrv.sys

2014-06-17 09:29 - 2014-06-17 09:29 - 07315296 _____ (IObit ) C:\Users\Haydn\Downloads\startmenu-setup.exe

2014-06-17 09:29 - 2014-06-17 09:29 - 00002067 _____ () C:\Users\Public\Desktop\Start Menu 8.lnk

2014-06-17 09:29 - 2014-06-17 09:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8

2014-06-17 09:27 - 2014-06-17 09:27 - 00000144 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

2014-06-16 17:25 - 2014-06-16 17:25 - 00000451 _____ () C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat

2014-06-16 17:03 - 2014-04-26 21:21 - 00404132 __RSH () C:\bootmgr

2014-06-16 17:03 - 2013-06-18 13:18 - 00000001 ___SH () C:\BOOTNXT

2014-06-16 17:01 - 2014-06-16 17:01 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll

2014-06-16 16:59 - 2014-06-16 16:59 - 00001027 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-06-16 16:59 - 2014-06-16 16:59 - 00000000 ____D () C:\Program Files\CCleaner

2014-06-16 16:58 - 2014-06-16 16:59 - 04748896 _____ (Piriform Ltd) C:\Users\Haydn\Downloads\ccsetup414.exe

2014-06-16 16:34 - 2014-06-16 16:34 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll

2014-06-16 16:34 - 2014-06-16 16:34 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe

2014-06-16 16:34 - 2014-06-16 16:34 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe

2014-06-16 16:34 - 2014-06-16 16:34 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll

2014-06-16 16:34 - 2014-06-16 16:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll

2014-06-16 16:34 - 2014-06-16 16:34 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll

2014-06-16 16:34 - 2014-06-16 16:34 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll

2014-06-16 16:32 - 2014-05-14 23:47 - 03886080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll

2014-06-16 16:32 - 2014-05-13 06:21 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe

2014-06-16 16:32 - 2014-05-13 04:59 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll

2014-06-16 16:32 - 2014-05-13 04:43 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll

2014-06-16 16:32 - 2014-05-13 04:33 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll

2014-06-16 16:32 - 2014-05-13 04:31 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll

2014-06-16 16:32 - 2014-05-13 04:04 - 00875520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe

2014-06-16 16:32 - 2014-05-03 10:20 - 01450880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll

2014-06-16 16:32 - 2014-05-03 05:57 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll

2014-06-16 16:32 - 2014-05-03 05:46 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll

2014-06-16 16:32 - 2014-05-03 05:37 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll

2014-06-16 16:32 - 2014-05-03 05:37 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll

2014-06-16 16:32 - 2014-05-03 04:27 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll

2014-06-16 16:32 - 2014-05-03 00:26 - 00050745 _____ () C:\WINDOWS\system32\srms.dat

2014-06-16 16:32 - 2014-05-01 09:24 - 00560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys

2014-06-16 16:32 - 2014-05-01 06:46 - 00834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll

2014-06-16 16:32 - 2014-04-30 06:32 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys

2014-06-16 16:32 - 2014-04-30 06:29 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys

2014-06-16 16:32 - 2014-04-30 06:29 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys

2014-06-16 16:32 - 2014-04-30 05:48 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe

2014-06-16 16:32 - 2014-04-30 04:46 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll

2014-06-16 16:32 - 2014-04-30 04:46 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll

2014-06-16 16:32 - 2014-04-30 04:46 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll

2014-06-16 16:32 - 2014-04-30 04:45 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll

2014-06-16 16:32 - 2014-04-30 04:38 - 00551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL

2014-06-16 16:32 - 2014-04-30 04:25 - 00731648 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL

2014-06-16 16:32 - 2014-04-30 04:15 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll

2014-06-16 16:32 - 2014-04-28 23:40 - 00572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll

2014-06-16 16:32 - 2014-04-26 21:14 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll

2014-06-16 16:32 - 2014-04-26 17:59 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfg.exe

2014-06-16 16:32 - 2014-04-26 17:43 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll

2014-06-16 16:32 - 2014-04-26 17:31 - 00304640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll

2014-06-16 16:32 - 2014-04-26 17:07 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll

2014-06-16 16:32 - 2014-04-14 09:08 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll

2014-06-16 16:32 - 2014-04-14 06:18 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d8thk.dll

2014-06-16 16:32 - 2014-04-09 06:20 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll

 

==================== One Month Modified Files and Folders =======

 

2014-07-16 09:00 - 2014-07-16 09:00 - 00011841 _____ () C:\Users\Haydn\Downloads\FRST.txt

2014-07-16 09:00 - 2014-07-10 15:33 - 00000000 ____D () C:\FRST

2014-07-16 09:00 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\sru

2014-07-16 08:59 - 2014-07-16 08:59 - 00001429 _____ () C:\Users\Haydn\Desktop\FRST.txt - Shortcut.lnk

2014-07-16 08:59 - 2014-07-16 08:59 - 00001429 _____ () C:\Users\Haydn\Desktop\FRST.exe - Shortcut.lnk

2014-07-16 08:58 - 2014-07-16 08:58 - 01077248 _____ (Farbar) C:\Users\Haydn\Downloads\FRST.exe

2014-07-16 08:57 - 2014-07-16 08:56 - 01348263 _____ () C:\Users\Haydn\Downloads\adwcleaner_3.215(2).exe

2014-07-16 08:57 - 2014-07-09 11:52 - 00000000 ____D () C:\AdwCleaner

2014-07-16 08:57 - 2013-10-22 14:43 - 00867596 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2014-07-16 08:54 - 2014-01-13 10:31 - 00002199 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-07-16 08:53 - 2013-10-22 14:40 - 01664672 _____ () C:\WINDOWS\WindowsUpdate.log

2014-07-16 08:52 - 2014-07-14 12:51 - 00000934 _____ () C:\WINDOWS\PFRO.log

2014-07-16 08:52 - 2014-07-11 14:55 - 00002405 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk

2014-07-16 08:52 - 2014-07-10 14:19 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-07-16 08:52 - 2014-04-29 11:48 - 00001042 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk

2014-07-16 08:52 - 2014-04-29 11:48 - 00001030 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk

2014-07-16 08:52 - 2013-08-22 08:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-07-16 08:47 - 2014-07-16 08:47 - 01348263 _____ () C:\Users\Haydn\Downloads\adwcleaner_3.215(1).exe

2014-07-16 08:04 - 2013-10-22 15:43 - 00000000 ____D () C:\ProgramData\LogMeIn

2014-07-16 06:26 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\Microsoft.NET

2014-07-15 14:51 - 2014-07-15 14:51 - 00323212 _____ () C:\Users\Haydn\Downloads\010414-KMAD-Disclosure-Checklists.zip

2014-07-15 13:27 - 2013-09-17 11:55 - 00000000 ____D () C:\ztree2

2014-07-15 12:28 - 2013-10-23 13:38 - 00000064 _____ () C:\Users\Haydn\f7abcaeb11afa8d716d5721ce0ae73df02a9d630

2014-07-14 14:42 - 2013-09-19 10:57 - 00000000 ____D () C:\TEMP

2014-07-14 12:51 - 2014-05-22 11:31 - 00000244 _____ () C:\WINDOWS\Tasks\ASC7_SkipUac_Haydn.job

2014-07-14 12:51 - 2013-10-23 11:44 - 00258560 ___SH () C:\Users\Haydn\Desktop\Thumbs.db

2014-07-14 08:58 - 2014-05-22 11:31 - 00002233 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk

2014-07-14 08:55 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\registration

2014-07-11 15:02 - 2014-07-11 15:02 - 00000000 ____D () C:\Users\Haydn\AppData\Roaming\Lavasoft

2014-07-11 14:55 - 2014-07-11 14:55 - 05616264 _____ (Lavasoft Limited) C:\Users\Haydn\Downloads\Adaware_Installer(1).exe

2014-07-11 14:55 - 2014-07-11 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus

2014-07-11 14:54 - 2014-07-11 14:53 - 00000000 ____D () C:\Program Files\Lavasoft

2014-07-11 14:52 - 2014-07-11 14:52 - 05616264 _____ (Lavasoft Limited) C:\Users\Haydn\Downloads\Adaware_Installer.exe

2014-07-11 14:52 - 2014-07-11 14:52 - 00044424 _____ (GFI Software) C:\WINDOWS\system32\sbbd.exe

2014-07-11 14:52 - 2014-07-11 14:52 - 00013560 _____ (GFI Software) C:\WINDOWS\system32\Drivers\gfibto.sys

2014-07-11 14:52 - 2014-07-11 14:52 - 00000000 ____D () C:\Users\Haydn\AppData\Roaming\LavasoftStatistics

2014-07-11 14:52 - 2014-07-11 14:52 - 00000000 ____D () C:\Users\Haydn\AppData\Roaming\Ad-Aware Antivirus

2014-07-11 14:52 - 2014-07-11 14:52 - 00000000 ____D () C:\ProgramData\Lavasoft

2014-07-11 14:52 - 2014-07-11 14:52 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft

2014-07-11 13:46 - 2014-07-11 13:46 - 00023336 _____ () C:\Users\Haydn\Desktop\dds.txt

2014-07-11 13:46 - 2014-07-11 13:46 - 00010031 _____ () C:\Users\Haydn\Desktop\attach.txt

2014-07-11 13:45 - 2014-07-11 13:45 - 00000000 ____D () C:\111

2014-07-11 13:42 - 2014-07-11 13:42 - 00002853 _____ () C:\Users\Haydn\Desktop\dds.com - Shortcut.pif

2014-07-11 13:37 - 2014-07-11 13:37 - 00688992 _____ (Swearware) C:\Users\Haydn\Downloads\dds.com

2014-07-11 13:09 - 2014-07-11 13:08 - 46320616 _____ (GridinSoft LLC) C:\Users\Haydn\Downloads\gtk-2.2.3.8-setup.exe

2014-07-11 12:35 - 2014-07-11 12:35 - 00505695 _____ () C:\Users\Haydn\Desktop\IEDiag.cab

2014-07-11 12:01 - 2013-08-22 07:13 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI

2014-07-11 12:00 - 2013-10-22 14:38 - 00000000 ____D () C:\Users\Haydn

2014-07-11 11:58 - 2014-02-28 18:11 - 00000000 ____D () C:\ProgramData\ProductData

2014-07-11 11:57 - 2013-08-22 08:22 - 00474288 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

2014-07-11 11:33 - 2014-07-11 11:33 - 00001197 _____ () C:\Users\Haydn\Desktop\Trojan Killer.lnk

2014-07-11 10:59 - 2014-07-11 10:59 - 00001179 _____ () C:\Users\Public\Desktop\Trojan Killer.lnk

2014-07-11 10:59 - 2014-07-11 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer

2014-07-11 10:59 - 2014-07-11 10:59 - 00000000 ____D () C:\ProgramData\GridinSoft

2014-07-11 10:59 - 2014-07-11 10:59 - 00000000 ____D () C:\Program Files\GridinSoft Trojan Killer

2014-07-11 10:58 - 2014-07-11 10:57 - 03026176 _____ (GridinSoft) C:\Users\Haydn\Downloads\TrojanKillerInstallerST.exe

2014-07-11 10:42 - 2014-07-11 10:40 - 00000000 ____D () C:\ProgramData\HitmanPro

2014-07-11 10:40 - 2014-07-11 10:39 - 10278752 _____ (SurfRight B.V.) C:\Users\Haydn\Downloads\HitmanPro.exe

2014-07-11 10:37 - 2014-07-11 10:37 - 00001306 _____ () C:\Users\Haydn\Desktop\Revo Uninstaller.lnk

2014-07-11 10:37 - 2014-07-11 10:37 - 00000000 ____D () C:\Program Files\VS Revo Group

2014-07-11 10:36 - 2014-07-11 10:36 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Haydn\Downloads\revosetup.exe

2014-07-11 09:09 - 2014-07-11 09:09 - 00000005 _____ () C:\WINDOWS\system32\lMMLDeleteUserData42107612FX.tmp

2014-07-11 09:09 - 2014-06-10 15:27 - 00000000 ____D () C:\WINDOWS\system32\appmgmt

2014-07-11 09:09 - 2014-05-28 10:53 - 00000000 ____D () C:\Users\Haydn\AppData\Roaming\HTC

2014-07-11 09:09 - 2014-05-28 10:53 - 00000000 ____D () C:\ProgramData\HTC

2014-07-11 09:09 - 2014-05-28 10:53 - 00000000 ____D () C:\Program Files\HTC

2014-07-10 17:31 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\rescache

2014-07-10 17:10 - 2014-05-13 15:02 - 00000000 ____D () C:\Users\Haydn\Desktop\Old Firefox Data

2014-07-10 17:01 - 2014-07-10 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-10 17:01 - 2014-07-10 14:19 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-07-10 17:01 - 2014-07-09 12:01 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool

2014-07-10 17:01 - 2014-07-03 07:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

2014-07-10 17:01 - 2014-07-03 07:21 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi

2014-07-10 17:01 - 2014-06-25 15:49 - 00000000 ____D () C:\Users\Haydn\AppData\Roaming\uTorrent

2014-07-10 17:01 - 2014-05-22 11:32 - 00000000 ____D () C:\Users\Haydn\AppData\Roaming\ProductData

2014-07-10 17:01 - 2014-03-19 13:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7

2014-07-10 17:01 - 2014-01-13 10:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-07-10 17:01 - 2013-12-16 13:27 - 00000000 ____D () C:\Users\Haydn\AppData\Roaming\IrfanView

2014-07-10 17:01 - 2013-10-28 10:12 - 00000000 ____D () C:\Users\Haydn\AppData\Roaming\Public Sync

2014-07-10 17:01 - 2013-09-30 04:57 - 00000000 ____D () C:\WINDOWS\ShellNew

2014-07-10 17:01 - 2013-09-30 04:57 - 00000000 ____D () C:\Program Files\Windows Journal

2014-07-10 17:01 - 2013-08-22 09:17 - 00000000 __RSD () C:\WINDOWS\Media

2014-07-10 17:01 - 2013-08-22 09:17 - 00000000 ___RD () C:\WINDOWS\ToastData

2014-07-10 17:01 - 2013-08-22 09:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-07-10 17:01 - 2013-08-22 09:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2014-07-10 17:01 - 2013-08-22 09:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-07-10 17:01 - 2013-08-22 09:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2014-07-10 17:01 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\WinStore

2014-07-10 17:01 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\en-GB

2014-07-10 17:01 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\Camera

2014-07-10 17:01 - 2013-08-22 09:17 - 00000000 ____D () C:\Program Files\Windows Defender

2014-07-10 17:01 - 2013-08-22 09:17 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared

2014-07-10 17:00 - 2014-07-10 15:37 - 00000000 ____D () C:\WINDOWS\erdnt

2014-07-10 17:00 - 2014-07-10 14:19 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-10 17:00 - 2014-07-10 14:00 - 00000000 ____D () C:\WINDOWS\ERUNT

2014-07-10 17:00 - 2014-07-09 12:01 - 00000000 ____D () C:\Program Files\Reference Assemblies

2014-07-10 17:00 - 2014-06-23 13:26 - 00000000 ____D () C:\ProgramData\Installations

2014-07-10 17:00 - 2013-10-22 16:33 - 00000000 ____D () C:\Program Files\MSBuild

2014-07-10 17:00 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\MUI

2014-07-10 16:58 - 2012-07-26 07:43 - 00000000 ____D () C:\WINDOWS\CbsTemp

2014-07-10 16:54 - 2014-07-10 16:53 - 28694720 _____ (Microsoft Corporation) C:\Users\Haydn\Downloads\Windows-KB890830-V5.14.exe

2014-07-10 16:49 - 2014-07-10 16:49 - 00001492 _____ () C:\Users\Haydn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-07-10 16:46 - 2013-10-22 16:32 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-07-10 16:46 - 2013-09-18 17:22 - 00000000 ____D () C:\WINDOWS\system32\MRT

2014-07-10 16:45 - 2014-07-10 16:45 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe

2014-07-10 16:29 - 2014-07-10 16:29 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Haydn\Downloads\SpyHunter-Installer.exe

2014-07-10 15:37 - 2014-07-10 15:37 - 00000000 ___SD () C:\32788R22FWJFW

2014-07-10 15:34 - 2014-07-10 15:33 - 00031441 _____ () C:\Users\Haydn\Downloads\Addition.txt

2014-07-10 15:12 - 2014-07-10 16:17 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe

2014-07-10 15:12 - 2014-07-10 16:17 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

2014-07-10 15:11 - 2014-07-10 15:11 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll

2014-07-10 15:11 - 2014-07-10 15:11 - 01871704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys

2014-07-10 15:11 - 2014-07-10 15:11 - 00865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll

2014-07-10 15:11 - 2014-07-10 15:11 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll

2014-07-10 15:11 - 2014-07-10 15:11 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll

2014-07-10 15:11 - 2014-07-10 15:11 - 00382296 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys

2014-07-10 15:11 - 2014-07-10 15:11 - 00376152 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS

2014-07-10 15:11 - 2014-07-10 15:11 - 00338264 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys

2014-07-10 15:11 - 2014-07-10 15:11 - 00337752 _____ (Microsoft Corporation) C:\WINDOWS\system32\halmacpi.dll

2014-07-10 15:11 - 2014-07-10 15:11 - 00337752 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll

2014-07-10 15:11 - 2014-07-10 15:11 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll

2014-07-10 15:11 - 2014-07-10 15:11 - 00286040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS

2014-07-10 15:11 - 2014-07-10 15:11 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll

2014-07-10 15:11 - 2014-07-10 15:11 - 00244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe

2014-07-10 15:11 - 2014-07-10 15:11 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll

2014-07-10 15:11 - 2014-07-10 15:11 - 00188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys

2014-07-10 15:11 - 2014-07-10 15:11 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll

2014-07-10 15:11 - 2014-07-10 15:11 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys

2014-07-10 15:11 - 2014-07-10 15:11 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll

2014-07-10 15:11 - 2014-07-10 15:11 - 00072536 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys

2014-07-10 15:11 - 2014-07-10 15:11 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys

2014-07-10 15:11 - 2014-07-10 15:11 - 00023384 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys

2014-07-10 14:19 - 2014-07-10 14:19 - 00001138 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-07-10 14:19 - 2014-07-10 14:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Haydn\Downloads\mbam-setup-2.0.2.1012.exe

2014-07-10 14:01 - 2014-07-10 14:01 - 00001492 _____ () C:\Users\Haydn\Desktop\JRT.txt

2014-07-10 14:00 - 2014-07-10 14:00 - 01016261 _____ (Thisisu) C:\Users\Haydn\Downloads\JRT.exe

2014-07-09 12:04 - 2014-05-01 14:46 - 00000000 ____D () C:\Program Files\Common Files\Sage SData

2014-07-09 12:04 - 2014-05-01 14:43 - 00000000 ____D () C:\ProgramData\Sage

2014-07-09 12:01 - 2014-07-09 12:01 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\system32\subinacl.exe

2014-07-09 11:47 - 2014-07-09 11:47 - 01348263 _____ () C:\Users\Haydn\Downloads\adwcleaner_3.215.exe

2014-07-09 09:55 - 2013-08-22 07:13 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM

2014-07-09 09:34 - 2014-07-09 09:34 - 00466028 _____ () C:\Users\Haydn\Downloads\return(3)

2014-07-08 11:50 - 2014-07-08 11:50 - 99596461 _____ () C:\Users\Haydn\Desktop\ASC_Portable.zip

2014-07-07 16:46 - 2014-07-07 16:46 - 51277824 _____ () C:\WINDOWS\system32\config\SOFTWARE.iobit

2014-07-07 16:46 - 2014-07-07 16:46 - 00409600 _____ () C:\WINDOWS\system32\config\DEFAULT.iobit

2014-07-07 16:46 - 2014-07-07 16:46 - 00032768 _____ () C:\WINDOWS\system32\config\SAM.iobit

2014-07-07 16:46 - 2014-07-07 16:46 - 00028672 _____ () C:\WINDOWS\system32\config\SECURITY.iobit

2014-07-04 16:38 - 2014-07-04 16:38 - 00013054 _____ () C:\Users\Haydn\Desktop\MP PAYROLL TRANSFERS.xlsx

2014-07-04 14:23 - 2014-07-04 14:23 - 00465945 _____ () C:\Users\Haydn\Downloads\return(2)

2014-07-04 13:50 - 2014-07-04 13:50 - 00466014 _____ () C:\Users\Haydn\Downloads\return(1)

2014-07-03 12:48 - 2013-10-31 06:12 - 00082432 _____ (KYOCERA Document Solutions Inc.) C:\WINDOWS\system32\KXPLM32.DLL

2014-07-03 12:47 - 2014-07-03 12:45 - 42991706 _____ () C:\Users\Haydn\Downloads\KXDrv_6.0.3323_...P2x35_P7035.zip

2014-07-03 07:21 - 2014-07-03 07:21 - 00000968 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk

2014-07-02 10:56 - 2014-07-02 10:56 - 00016128 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\gtkdrv.sys

2014-06-26 17:38 - 2013-09-20 15:05 - 93585272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2014-06-25 15:50 - 2014-06-25 15:50 - 00000907 _____ () C:\Users\Haydn\Desktop\µTorrent.lnk

2014-06-25 15:50 - 2014-06-25 15:50 - 00000887 _____ () C:\Users\Haydn\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk

2014-06-25 15:49 - 2014-06-25 15:49 - 01837904 _____ (BitTorrent Inc.) C:\Users\Haydn\Downloads\uTorrent.exe

2014-06-25 13:34 - 2014-06-25 13:34 - 00268726 _____ () C:\Users\Haydn\Downloads\pgpsw-speed-cams-rKvyJ-(12-062).zip

2014-06-24 13:11 - 2014-06-24 13:11 - 00000000 ____D () C:\Users\Default\AppData\Roaming\IObit

2014-06-24 13:11 - 2014-06-24 13:11 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\IObit

2014-06-23 13:26 - 2014-06-23 13:25 - 07082136 _____ () C:\Users\Haydn\Downloads\Nokia_Connectivity_Cable_Driver.exe

2014-06-23 11:42 - 2014-06-23 11:42 - 00038920 ____H (LogMeIn Inc.) C:\WINDOWS\system32\Drivers\Hamdrv.sys

2014-06-19 09:40 - 2014-07-10 17:11 - 00000124 _____ () C:\Users\Haydn\Documents\indexfile.txt

2014-06-19 01:16 - 2014-07-09 04:08 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2014-06-19 00:32 - 2014-07-09 04:08 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2014-06-19 00:12 - 2014-07-09 04:08 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll

2014-06-18 23:59 - 2014-07-09 04:08 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2014-06-18 23:58 - 2014-07-09 04:08 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll

2014-06-18 23:57 - 2014-07-09 04:08 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2014-06-18 23:52 - 2014-07-09 04:08 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2014-06-18 23:52 - 2014-07-09 04:08 - 00595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2014-06-18 23:49 - 2014-07-09 04:08 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2014-06-18 23:45 - 2014-07-09 04:08 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2014-06-18 23:35 - 2014-07-09 04:08 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2014-06-18 23:13 - 2014-07-09 04:08 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2014-06-18 23:09 - 2014-07-09 04:08 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2014-06-18 23:07 - 2014-07-09 04:08 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2014-06-18 11:01 - 2014-05-29 10:40 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-06-17 09:29 - 2014-06-17 09:29 - 07315296 _____ (IObit ) C:\Users\Haydn\Downloads\startmenu-setup.exe

2014-06-17 09:29 - 2014-06-17 09:29 - 00002067 _____ () C:\Users\Public\Desktop\Start Menu 8.lnk

2014-06-17 09:29 - 2014-06-17 09:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8

2014-06-17 09:27 - 2014-06-17 09:27 - 00000144 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

2014-06-17 09:27 - 2014-02-28 18:20 - 00165659 _____ () C:\MyXML.xml

2014-06-17 09:27 - 2013-10-28 18:14 - 00000898 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-06-17 09:27 - 2013-10-28 18:14 - 00000894 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-06-16 23:26 - 2014-07-09 04:08 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe

2014-06-16 17:25 - 2014-06-16 17:25 - 00000451 _____ () C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat

2014-06-16 17:02 - 2013-08-22 09:17 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel

2014-06-16 17:02 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\MediaViewer

2014-06-16 17:02 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\FileManager

2014-06-16 17:01 - 2014-06-16 17:01 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll

2014-06-16 16:59 - 2014-06-16 16:59 - 00001027 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-06-16 16:59 - 2014-06-16 16:59 - 00000000 ____D () C:\Program Files\CCleaner

2014-06-16 16:59 - 2014-06-16 16:58 - 04748896 _____ (Piriform Ltd) C:\Users\Haydn\Downloads\ccsetup414.exe

2014-06-16 16:34 - 2014-06-16 16:34 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll

2014-06-16 16:34 - 2014-06-16 16:34 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe

2014-06-16 16:34 - 2014-06-16 16:34 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe

2014-06-16 16:34 - 2014-06-16 16:34 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll

2014-06-16 16:34 - 2014-06-16 16:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll

2014-06-16 16:34 - 2014-06-16 16:34 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll

2014-06-16 16:34 - 2014-06-16 16:34 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll

2014-06-16 09:54 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\NDF

 

==================== Bamital & volsnap Check =================

 

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-07-14 14:48

 

==================== End Of Log ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,198 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:19 AM

Posted 16 July 2014 - 08:27 AM

Reset Internet Explorer.
Under the Meny > Tools > Internet Options > Advanced tab.
Click the Reset button in the bottom of the pane.
Click the Apply button.
Restart the computer nomally.
===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
HKLM\...\Run: [] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPF1E6842D-EB3A-489F-AE56-781B4B6560CC&SSPV=
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPF1E6842D-EB3A-489F-AE56-781B4B6560CC&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPF1E6842D-EB3A-489F-AE56-781B4B6560CC&q={searchTerms}&SSPV=

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is the computer running now?

#5 Bluenose1812

Bluenose1812
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 17 July 2014 - 04:59 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:15-07-2014 01
Ran by Haydn at 2014-07-17 10:44:19 Run:1
Running from C:\Users\Haydn\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll
[X]
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPF1E6842D-EB3A-489F-AE56-781B4B6560CC&SSPV=
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPF1E6842D-EB3A-489F-AE56-781B4B6560CC&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
http://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPF1E6842D-EB3A-489F-AE56-781B4B6560CC&q={searchTerms}&SSPV=

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
'HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui' => Key deleted successfully.
[X] => Error: No automatic fix found for this entry.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}' => Key deleted successfully.
'HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}'=> Key not found.
http://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPF1E6842D-EB3A-489F-AE56-781B4B6560CC&q={searchTerms}&SSPV= => Error: No automatic fix found for this entry.

==

 Results of screen317's Security Check version 0.99.85  
   x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Ad-Aware Antivirus   
Windows Defender     
 Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Ad-Aware
 CCleaner     
 Java 7 Update 51  
 Java version out of Date!
  Adobe Flash Player     11.9.900.117 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (30.0)
 Google Chrome 35.0.1916.114  
 Google Chrome 35.0.1916.153  
````````Process Check: objlist.exe by Laurent````````  
 Ad-Aware AAWService.exe is disabled!
 Ad-Aware AAWTray.exe is disabled!
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.2.5952.0\AdAwareService.exe
 Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.2.5952.0\AdAwareTray.exe
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C::  
````````````````````End of Log``````````````````````
 

 

No difference. It is still hooked into IE.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,198 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:19 AM

Posted 17 July 2014 - 08:41 AM

Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/
<<<>>>

Reset Internet Explorer.
Under the Menu > Tools > Internet Options > General tab.
Click the Reset Button in the bottom of the pane.
Click the Apply button.
Close IE and restart the browser.

How is it now?
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u65.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 51

===

Antivirus out of date!
You should take care of this.

#7 Bluenose1812

Bluenose1812
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 17 July 2014 - 09:01 AM

It is still the same. It seems there is a memory resident progam that continually scans the registry to restore deleted keys. If I delete the searchscopes key close the registry and then wait 30 seconds and go back in its there.

 

In the manage add-ons the default search engine is conduit if I add another such as bing and make it default and then delete conduit, close IE, restart and go back in and conduit is restored !

 

I have fixed the out of date programs.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,198 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:19 AM

Posted 17 July 2014 - 09:53 AM

It does hide, check this article.
Let me know what you find.

http://www.techsupportall.com/remove-trovigo-com-virus-ie-chrome-firefox/

#9 Bluenose1812

Bluenose1812
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 17 July 2014 - 09:57 AM

nasdaq. Thanks for your help. I have been through and removed all progams that I don't need. Closed firewall access to anything I didn't know and it now seems fixed.

 

I will reinstall programs 1 by 1 and see if It pops up again.

 

Here is the latest frst.txt

 

Cheers

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-07-2014 01
Ran by Haydn (administrator) on PC14-3 on 17-07-2014 15:49:25
Running from C:\Users\Haydn\Downloads
Platform: Microsoft Windows 8.1 Pro (X86) OS Language: English (United Kingdom)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe
(Sage (UK) Limited) C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe
(IObit) C:\Program Files\IObit\Start Menu 8\StartMenuServices.exe
(UltraVNC) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(UltraVNC) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe
(IObit) C:\Program Files\IObit\Start Menu 8\StartMenu8.exe
() C:\Program Files\IObit\Start Menu 8\InstallServices32.exe
(IObit) C:\Program Files\IObit\Start Menu 8\StartMenu_Hook.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Google) C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2013-12-11] (LogMeIn, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/?gws_rd=ssl
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Haydn\AppData\Roaming\Mozilla\Firefox\Profiles\87piu2vf.default-1405008631147
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.newsnow.co.uk/h/Sport/Football/Championship/Birmingham+City
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: Ad-Aware Security Toolbar - C:\Users\Haydn\AppData\Roaming\Mozilla\Firefox\Profiles\87piu2vf.default-1405008631147\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2014-07-11]
FF Extension: Adblock Plus - C:\Users\Haydn\AppData\Roaming\Mozilla\Firefox\Profiles\87piu2vf.default-1405008631147\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-10]
FF HKLM\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files\Siber Systems\AI RoboForm\Firefox [2013-10-23]
FF HKCU\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox

========================== Services (Whitelisted) =================

S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [278344 2014-05-21] (Intel Corporation)
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1889616 2014-06-23] (LogMeIn Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [277320 2014-05-21] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [375056 2014-04-15] (LogMeIn, Inc.)
R2 Sage SData Service; C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe [49152 2009-12-16] (Sage (UK) Limited) [File not signed]
S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
R2 StartMenuService; C:\Program Files\IObit\Start Menu 8\StartMenuServices.exe [72992 2014-06-06] (IObit)
R2 uvnc_service; C:\Program Files\uvnc bvba\UltraVNC\WinVNC.exe [1831168 2013-12-05] (UltraVNC)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [279784 2014-03-24] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2014-03-24] (Microsoft Corporation)
S3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1210368 2014-04-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2005-04-07] () [File not signed]
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [25600 2014-02-22] (Microsoft Corporation)
S3 BioNTDrv; C:\Program Files\Paragon Software\Hard Disk Manager 12 Professional\program\BioNTDrv.SYS [30936 2014-04-23] (Paragon Software Group)
S3 DigiartyVirtualCDBus; C:\WINDOWS\System32\drivers\DigiartyVirtualCDBus.sys [163616 2014-03-17] (Digiarty Software, Inc.)
R3 e1dexpress; C:\WINDOWS\system32\DRIVERS\e1d6432.sys [378128 2014-02-26] (Intel Corporation)
R0 gfibto; C:\WINDOWS\System32\drivers\gfibto.sys [13560 2014-07-11] (GFI Software)
S3 GPIO; C:\WINDOWS\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
R3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [38920 2014-06-23] (LogMeIn Inc.)
S3 intaud_WaveExtensible; C:\WINDOWS\system32\drivers\intelaud.sys [32152 2014-05-06] (Intel Corporation)
R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [23448 2014-05-06] (Intel Corporation)
R3 MEI; C:\WINDOWS\System32\drivers\HECI.sys [56432 2013-01-11] (Intel Corporation)
R1 UimBus; C:\WINDOWS\System32\drivers\UimBus.sys [91016 2014-04-23] ()
R1 Uim_IM; C:\WINDOWS\System32\Drivers\Uim_IM.sys [540168 2014-04-23] ()
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [92504 2014-03-24] (Microsoft Corporation)
R0 Wof; C:\WINDOWS\system32\Drivers\Wof.sys [138584 2014-03-13] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-07-10] (Microsoft Corporation)
S3 DIRECTIO; No ImagePath
S4 LMIRfsClientNP; No ImagePath
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-17 15:49 - 2014-07-17 15:49 - 00008890 _____ () C:\Users\Haydn\Downloads\FRST.txt
2014-07-17 10:52 - 2014-07-17 10:51 - 00854390 _____ () C:\Users\Haydn\Desktop\SecurityCheck.exe
2014-07-17 10:51 - 2014-07-17 10:51 - 00854390 _____ () C:\Users\Haydn\Downloads\SecurityCheck.exe
2014-07-16 10:51 - 2014-07-16 10:51 - 168851546 _____ () C:\Users\Haydn\Desktop\regsave2.reg
2014-07-16 10:49 - 2014-07-16 10:49 - 168853934 _____ () C:\Users\Haydn\Desktop\regsave.reg
2014-07-16 10:02 - 2014-07-16 10:03 - 00659968 _____ () C:\Users\Haydn\Downloads\MicrosoftFixit50195.msi
2014-07-16 08:59 - 2014-07-16 08:59 - 00001429 _____ () C:\Users\Haydn\Desktop\FRST.txt - Shortcut.lnk
2014-07-16 08:59 - 2014-07-16 08:59 - 00001429 _____ () C:\Users\Haydn\Desktop\FRST.exe - Shortcut.lnk
2014-07-16 08:58 - 2014-07-16 08:58 - 01077248 _____ (Farbar) C:\Users\Haydn\Downloads\FRST.exe
2014-07-16 08:56 - 2014-07-16 08:57 - 01348263 _____ () C:\Users\Haydn\Downloads\adwcleaner_3.215(2).exe
2014-07-16 08:47 - 2014-07-16 08:47 - 01348263 _____ () C:\Users\Haydn\Downloads\adwcleaner_3.215(1).exe
2014-07-15 14:51 - 2014-07-15 14:51 - 00323212 _____ () C:\Users\Haydn\Downloads\010414-KMAD-Disclosure-Checklists.zip
2014-07-14 12:51 - 2014-07-17 15:21 - 00002352 _____ () C:\WINDOWS\PFRO.log
2014-07-11 15:02 - 2014-07-11 15:02 - 00000000 ____D () C:\Users\Haydn\AppData\Roaming\Lavasoft
2014-07-11 14:55 - 2014-07-11 14:55 - 05616264 _____ (Lavasoft Limited) C:\Users\Haydn\Downloads\Adaware_Installer(1).exe
2014-07-11 14:53 - 2014-07-11 14:54 - 00000000 ____D () C:\Program Files\Lavasoft
2014-07-11 14:52 - 2014-07-11 14:52 - 05616264 _____ (Lavasoft Limited) C:\Users\Haydn\Downloads\Adaware_Installer.exe
2014-07-11 14:52 - 2014-07-11 14:52 - 00044424 _____ (GFI Software) C:\WINDOWS\system32\sbbd.exe
2014-07-11 14:52 - 2014-07-11 14:52 - 00013560 _____ (GFI Software) C:\WINDOWS\system32\Drivers\gfibto.sys
2014-07-11 14:52 - 2014-07-11 14:52 - 00000000 ____D () C:\Users\Haydn\AppData\Roaming\LavasoftStatistics
2014-07-11 14:52 - 2014-07-11 14:52 - 00000000 ____D () C:\Users\Haydn\AppData\Roaming\Ad-Aware Antivirus
2014-07-11 14:52 - 2014-07-11 14:52 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-07-11 13:46 - 2014-07-11 13:46 - 00023336 _____ () C:\Users\Haydn\Desktop\dds.txt
2014-07-11 13:46 - 2014-07-11 13:46 - 00010031 _____ () C:\Users\Haydn\Desktop\attach.txt
2014-07-11 13:45 - 2014-07-11 13:45 - 00000000 ____D () C:\111
2014-07-11 13:42 - 2014-07-11 13:42 - 00002853 _____ () C:\Users\Haydn\Desktop\dds.com - Shortcut.pif
2014-07-11 13:37 - 2014-07-11 13:37 - 00688992 _____ (Swearware) C:\Users\Haydn\Downloads\dds.com
2014-07-11 13:08 - 2014-07-11 13:09 - 46320616 _____ (GridinSoft LLC) C:\Users\Haydn\Downloads\gtk-2.2.3.8-setup.exe
2014-07-11 12:35 - 2014-07-11 12:35 - 00505695 _____ () C:\Users\Haydn\Desktop\IEDiag.cab
2014-07-11 11:33 - 2014-07-11 11:33 - 00001197 _____ () C:\Users\Haydn\Desktop\Trojan Killer.lnk
2014-07-11 10:59 - 2014-07-11 10:59 - 00000000 ____D () C:\ProgramData\GridinSoft
2014-07-11 10:57 - 2014-07-11 10:58 - 03026176 _____ (GridinSoft) C:\Users\Haydn\Downloads\TrojanKillerInstallerST.exe
2014-07-11 10:40 - 2014-07-11 10:42 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-11 10:39 - 2014-07-11 10:40 - 10278752 _____ (SurfRight B.V.) C:\Users\Haydn\Downloads\HitmanPro.exe
2014-07-11 10:37 - 2014-07-11 10:37 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-07-11 10:36 - 2014-07-11 10:36 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Haydn\Downloads\revosetup.exe
2014-07-11 09:09 - 2014-07-11 09:09 - 00000005 _____ () C:\WINDOWS\system32\lMMLDeleteUserData42107612FX.tmp
2014-07-10 17:11 - 2014-06-19 09:40 - 00000124 _____ () C:\Users\Haydn\Documents\indexfile.txt
2014-07-10 16:53 - 2014-07-10 16:54 - 28694720 _____ (Microsoft Corporation) C:\Users\Haydn\Downloads\Windows-KB890830-V5.14.exe
2014-07-10 16:49 - 2014-07-10 16:49 - 00001492 _____ () C:\Users\Haydn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-10 16:45 - 2014-07-10 16:45 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-10 16:29 - 2014-07-10 16:29 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Haydn\Downloads\SpyHunter-Installer.exe
2014-07-10 16:17 - 2014-07-10 15:12 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-07-10 16:17 - 2014-07-10 15:12 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-07-10 15:37 - 2014-07-10 17:00 - 00000000 ____D () C:\WINDOWS\erdnt
2014-07-10 15:37 - 2014-07-10 15:37 - 00000000 ___SD () C:\32788R22FWJFW
2014-07-10 15:33 - 2014-07-17 15:49 - 00000000 ____D () C:\FRST
2014-07-10 15:33 - 2014-07-10 15:34 - 00031441 _____ () C:\Users\Haydn\Downloads\Addition.txt
2014-07-10 15:11 - 2014-07-10 15:11 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-07-10 15:11 - 2014-07-10 15:11 - 01871704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-07-10 15:11 - 2014-07-10 15:11 - 00865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-10 15:11 - 2014-07-10 15:11 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2014-07-10 15:11 - 2014-07-10 15:11 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2014-07-10 15:11 - 2014-07-10 15:11 - 00382296 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2014-07-10 15:11 - 2014-07-10 15:11 - 00376152 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-07-10 15:11 - 2014-07-10 15:11 - 00338264 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-07-10 15:11 - 2014-07-10 15:11 - 00337752 _____ (Microsoft Corporation) C:\WINDOWS\system32\halmacpi.dll
2014-07-10 15:11 - 2014-07-10 15:11 - 00337752 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-07-10 15:11 - 2014-07-10 15:11 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-10 15:11 - 2014-07-10 15:11 - 00286040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-07-10 15:11 - 2014-07-10 15:11 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2014-07-10 15:11 - 2014-07-10 15:11 - 00244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
2014-07-10 15:11 - 2014-07-10 15:11 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-07-10 15:11 - 2014-07-10 15:11 - 00188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
2014-07-10 15:11 - 2014-07-10 15:11 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2014-07-10 15:11 - 2014-07-10 15:11 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
2014-07-10 15:11 - 2014-07-10 15:11 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
2014-07-10 15:11 - 2014-07-10 15:11 - 00072536 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2014-07-10 15:11 - 2014-07-10 15:11 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2014-07-10 15:11 - 2014-07-10 15:11 - 00023384 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2014-07-10 14:19 - 2014-07-10 17:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-10 14:18 - 2014-07-10 14:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Haydn\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-10 14:01 - 2014-07-10 14:01 - 00001492 _____ () C:\Users\Haydn\Desktop\JRT.txt
2014-07-10 14:00 - 2014-07-10 17:00 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-10 14:00 - 2014-07-10 14:00 - 01016261 _____ (Thisisu) C:\Users\Haydn\Downloads\JRT.exe
2014-07-09 12:01 - 2014-07-10 17:01 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-07-09 12:01 - 2014-07-10 17:00 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-07-09 12:01 - 2014-07-09 12:01 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\system32\subinacl.exe
2014-07-09 12:00 - 2013-08-03 05:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2014-07-09 12:00 - 2013-08-03 05:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2014-07-09 12:00 - 2013-08-03 05:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-07-09 11:52 - 2014-07-16 08:57 - 00000000 ____D () C:\AdwCleaner
2014-07-09 11:47 - 2014-07-09 11:47 - 01348263 _____ () C:\Users\Haydn\Downloads\adwcleaner_3.215.exe
2014-07-09 11:47 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-07-09 09:34 - 2014-07-09 09:34 - 00466028 _____ () C:\Users\Haydn\Downloads\return(3)
2014-07-09 04:08 - 2014-06-19 01:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-09 04:08 - 2014-06-19 00:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-09 04:08 - 2014-06-19 00:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-09 04:08 - 2014-06-18 23:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-09 04:08 - 2014-06-18 23:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-09 04:08 - 2014-06-18 23:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-09 04:08 - 2014-06-18 23:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-09 04:08 - 2014-06-18 23:52 - 00595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-09 04:08 - 2014-06-18 23:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-09 04:08 - 2014-06-18 23:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-09 04:08 - 2014-06-18 23:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-09 04:08 - 2014-06-18 23:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-09 04:08 - 2014-06-18 23:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-09 04:08 - 2014-06-18 23:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-09 04:08 - 2014-06-16 23:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-09 04:08 - 2014-06-06 14:20 - 03497472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-09 04:08 - 2014-06-06 13:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-09 04:08 - 2014-05-31 09:38 - 00049552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-09 04:08 - 2014-05-31 04:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-09 04:08 - 2014-05-31 04:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 04:08 - 2014-05-31 03:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-09 04:08 - 2014-05-31 03:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-09 04:08 - 2014-05-31 03:39 - 02818048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-09 04:08 - 2014-05-31 03:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-09 04:08 - 2014-05-31 03:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-09 04:08 - 2014-05-30 04:05 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-09 04:08 - 2014-05-29 10:30 - 00481400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-09 04:08 - 2014-05-29 07:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-09 04:08 - 2014-05-29 05:38 - 01089024 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-08 11:50 - 2014-07-08 11:50 - 99596461 _____ () C:\Users\Haydn\Desktop\ASC_Portable.zip
2014-07-07 16:46 - 2014-07-07 16:46 - 51277824 _____ () C:\WINDOWS\system32\config\SOFTWARE.iobit
2014-07-07 16:46 - 2014-07-07 16:46 - 00409600 _____ () C:\WINDOWS\system32\config\DEFAULT.iobit
2014-07-07 16:46 - 2014-07-07 16:46 - 00032768 _____ () C:\WINDOWS\system32\config\SAM.iobit
2014-07-07 16:46 - 2014-07-07 16:46 - 00028672 _____ () C:\WINDOWS\system32\config\SECURITY.iobit
2014-07-04 16:38 - 2014-07-04 16:38 - 00013054 _____ () C:\Users\Haydn\Desktop\MP PAYROLL TRANSFERS.xlsx
2014-07-04 14:23 - 2014-07-04 14:23 - 00465945 _____ () C:\Users\Haydn\Downloads\return(2)
2014-07-04 13:50 - 2014-07-04 13:50 - 00466014 _____ () C:\Users\Haydn\Downloads\return(1)
2014-07-03 12:45 - 2014-07-03 12:47 - 42991706 _____ () C:\Users\Haydn\Downloads\KXDrv_6.0.3323_...P2x35_P7035.zip
2014-07-03 07:21 - 2014-07-10 17:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-07-03 07:21 - 2014-07-10 17:01 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi
2014-07-03 07:21 - 2014-07-03 07:21 - 00000968 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-06-25 15:50 - 2014-06-25 15:50 - 00000907 _____ () C:\Users\Haydn\Desktop\µTorrent.lnk
2014-06-25 15:50 - 2014-06-25 15:50 - 00000887 _____ () C:\Users\Haydn\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-06-25 15:49 - 2014-07-10 17:01 - 00000000 ____D () C:\Users\Haydn\AppData\Roaming\uTorrent
2014-06-25 15:49 - 2014-06-25 15:49 - 01837904 _____ (BitTorrent Inc.) C:\Users\Haydn\Downloads\uTorrent.exe
2014-06-25 13:34 - 2014-06-25 13:34 - 00268726 _____ () C:\Users\Haydn\Downloads\pgpsw-speed-cams-rKvyJ-(12-062).zip
2014-06-24 13:11 - 2014-06-24 13:11 - 00000000 ____D () C:\Users\Default\AppData\Roaming\IObit
2014-06-24 13:11 - 2014-06-24 13:11 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\IObit
2014-06-23 13:26 - 2014-07-10 17:00 - 00000000 ____D () C:\ProgramData\Installations
2014-06-23 13:26 - 2013-01-23 11:31 - 00075264 _____ (Nokia) C:\WINDOWS\system32\nmwcdcls.dll
2014-06-23 13:25 - 2014-06-23 13:26 - 07082136 _____ () C:\Users\Haydn\Downloads\Nokia_Connectivity_Cable_Driver.exe
2014-06-23 11:42 - 2014-06-23 11:42 - 00038920 ____H (LogMeIn Inc.) C:\WINDOWS\system32\Drivers\Hamdrv.sys
2014-06-17 09:29 - 2014-06-17 09:29 - 07315296 _____ (IObit ) C:\Users\Haydn\Downloads\startmenu-setup.exe
2014-06-17 09:29 - 2014-06-17 09:29 - 00002067 _____ () C:\Users\Public\Desktop\Start Menu 8.lnk
2014-06-17 09:29 - 2014-06-17 09:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8
2014-06-17 09:27 - 2014-06-17 09:27 - 00000144 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

==================== One Month Modified Files and Folders =======

2014-07-17 15:49 - 2014-07-17 15:49 - 00008890 _____ () C:\Users\Haydn\Downloads\FRST.txt
2014-07-17 15:49 - 2014-07-10 15:33 - 00000000 ____D () C:\FRST
2014-07-17 15:42 - 2013-10-22 14:43 - 00867596 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-17 15:39 - 2013-10-22 14:40 - 01983305 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-17 15:38 - 2014-04-29 11:48 - 00001042 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-07-17 15:38 - 2014-04-29 11:48 - 00001030 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-07-17 15:38 - 2013-10-28 18:14 - 00000894 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-17 15:38 - 2013-08-22 08:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-17 15:24 - 2013-10-28 18:14 - 00000898 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-17 15:21 - 2014-07-14 12:51 - 00002352 _____ () C:\WINDOWS\PFRO.log
2014-07-17 15:17 - 2013-10-28 18:14 - 00000000 ____D () C:\Program Files\Google
2014-07-17 15:13 - 2014-07-11 15:02 - 00000000 ____D () C:\Users\Haydn\AppData\Roaming\Lavasoft
2014-07-17 15:13 - 2014-07-11 10:37 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-07-17 15:10 - 2013-10-22 15:43 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-07-17 15:00 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-17 11:10 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-07-17 10:51 - 2014-07-17 10:52 - 00854390 _____ () C:\Users\Haydn\Desktop\SecurityCheck.exe
2014-07-17 10:51 - 2014-07-17 10:51 - 00854390 _____ () C:\Users\Haydn\Downloads\SecurityCheck.exe
2014-07-17 10:31 - 2013-10-23 13:38 - 00000064 _____ () C:\Users\Haydn\f7abcaeb11afa8d716d5721ce0ae73df02a9d630
2014-07-16 10:51 - 2014-07-16 10:51 - 168851546 _____ () C:\Users\Haydn\Desktop\regsave2.reg
2014-07-16 10:49 - 2014-07-16 10:49 - 168853934 _____ () C:\Users\Haydn\Desktop\regsave.reg
2014-07-16 10:03 - 2014-07-16 10:02 - 00659968 _____ () C:\Users\Haydn\Downloads\MicrosoftFixit50195.msi
2014-07-16 08:59 - 2014-07-16 08:59 - 00001429 _____ () C:\Users\Haydn\Desktop\FRST.txt - Shortcut.lnk
2014-07-16 08:59 - 2014-07-16 08:59 - 00001429 _____ () C:\Users\Haydn\Desktop\FRST.exe - Shortcut.lnk
2014-07-16 08:58 - 2014-07-16 08:58 - 01077248 _____ (Farbar) C:\Users\Haydn\Downloads\FRST.exe
2014-07-16 08:57 - 2014-07-16 08:56 - 01348263 _____ () C:\Users\Haydn\Downloads\adwcleaner_3.215(2).exe
2014-07-16 08:57 - 2014-07-09 11:52 - 00000000 ____D () C:\AdwCleaner
2014-07-16 08:47 - 2014-07-16 08:47 - 01348263 _____ () C:\Users\Haydn\Downloads\adwcleaner_3.215(1).exe
2014-07-15 14:51 - 2014-07-15 14:51 - 00323212 _____ () C:\Users\Haydn\Downloads\010414-KMAD-Disclosure-Checklists.zip
2014-07-15 13:27 - 2013-09-17 11:55 - 00000000 ____D () C:\ztree2
2014-07-14 14:42 - 2013-09-19 10:57 - 00000000 ____D () C:\TEMP
2014-07-14 12:51 - 2013-10-23 11:44 - 00258560 ___SH () C:\Users\Haydn\Desktop\Thumbs.db
2014-07-14 08:55 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\registration
2014-07-11 14:55 - 2014-07-11 14:55 - 05616264 _____ (Lavasoft Limited) C:\Users\Haydn\Downloads\Adaware_Installer(1).exe
2014-07-11 14:54 - 2014-07-11 14:53 - 00000000 ____D () C:\Program Files\Lavasoft
2014-07-11 14:52 - 2014-07-11 14:52 - 05616264 _____ (Lavasoft Limited) C:\Users\Haydn\Downloads\Adaware_Installer.exe
2014-07-11 14:52 - 2014-07-11 14:52 - 00044424 _____ (GFI Software) C:\WINDOWS\system32\sbbd.exe
2014-07-11 14:52 - 2014-07-11 14:52 - 00013560 _____ (GFI Software) C:\WINDOWS\system32\Drivers\gfibto.sys
2014-07-11 14:52 - 2014-07-11 14:52 - 00000000 ____D () C:\Users\Haydn\AppData\Roaming\LavasoftStatistics
2014-07-11 14:52 - 2014-07-11 14:52 - 00000000 ____D () C:\Users\Haydn\AppData\Roaming\Ad-Aware Antivirus
2014-07-11 14:52 - 2014-07-11 14:52 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-07-11 13:46 - 2014-07-11 13:46 - 00023336 _____ () C:\Users\Haydn\Desktop\dds.txt
2014-07-11 13:46 - 2014-07-11 13:46 - 00010031 _____ () C:\Users\Haydn\Desktop\attach.txt
2014-07-11 13:45 - 2014-07-11 13:45 - 00000000 ____D () C:\111
2014-07-11 13:42 - 2014-07-11 13:42 - 00002853 _____ () C:\Users\Haydn\Desktop\dds.com - Shortcut.pif
2014-07-11 13:37 - 2014-07-11 13:37 - 00688992 _____ (Swearware) C:\Users\Haydn\Downloads\dds.com
2014-07-11 13:09 - 2014-07-11 13:08 - 46320616 _____ (GridinSoft LLC) C:\Users\Haydn\Downloads\gtk-2.2.3.8-setup.exe
2014-07-11 12:35 - 2014-07-11 12:35 - 00505695 _____ () C:\Users\Haydn\Desktop\IEDiag.cab
2014-07-11 12:01 - 2013-08-22 07:13 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-11 12:00 - 2013-10-22 14:38 - 00000000 ____D () C:\Users\Haydn
2014-07-11 11:58 - 2014-02-28 18:11 - 00000000 ____D () C:\ProgramData\ProductData
2014-07-11 11:57 - 2013-08-22 08:22 - 00474288 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-11 11:33 - 2014-07-11 11:33 - 00001197 _____ () C:\Users\Haydn\Desktop\Trojan Killer.lnk
2014-07-11 10:59 - 2014-07-11 10:59 - 00000000 ____D () C:\ProgramData\GridinSoft
2014-07-11 10:58 - 2014-07-11 10:57 - 03026176 _____ (GridinSoft) C:\Users\Haydn\Downloads\TrojanKillerInstallerST.exe
2014-07-11 10:42 - 2014-07-11 10:40 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-11 10:40 - 2014-07-11 10:39 - 10278752 _____ (SurfRight B.V.) C:\Users\Haydn\Downloads\HitmanPro.exe
2014-07-11 10:36 - 2014-07-11 10:36 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Haydn\Downloads\revosetup.exe
2014-07-11 09:09 - 2014-07-11 09:09 - 00000005 _____ () C:\WINDOWS\system32\lMMLDeleteUserData42107612FX.tmp
2014-07-11 09:09 - 2014-06-10 15:27 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2014-07-11 09:09 - 2014-05-28 10:53 - 00000000 ____D () C:\Users\Haydn\AppData\Roaming\HTC
2014-07-11 09:09 - 2014-05-28 10:53 - 00000000 ____D () C:\ProgramData\HTC
2014-07-11 09:09 - 2014-05-28 10:53 - 00000000 ____D () C:\Program Files\HTC
2014-07-10 17:31 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-10 17:10 - 2014-05-13 15:02 - 00000000 ____D () C:\Users\Haydn\Desktop\Old Firefox Data
2014-07-10 17:01 - 2014-07-09 12:01 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-07-10 17:01 - 2014-07-03 07:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-07-10 17:01 - 2014-07-03 07:21 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi
2014-07-10 17:01 - 2014-06-25 15:49 - 00000000 ____D () C:\Users\Haydn\AppData\Roaming\uTorrent
2014-07-10 17:01 - 2014-05-22 11:32 - 00000000 ____D () C:\Users\Haydn\AppData\Roaming\ProductData
2014-07-10 17:01 - 2013-12-16 13:27 - 00000000 ____D () C:\Users\Haydn\AppData\Roaming\IrfanView
2014-07-10 17:01 - 2013-10-28 10:12 - 00000000 ____D () C:\Users\Haydn\AppData\Roaming\Public Sync
2014-07-10 17:01 - 2013-09-30 04:57 - 00000000 ____D () C:\WINDOWS\ShellNew
2014-07-10 17:01 - 2013-09-30 04:57 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 17:01 - 2013-08-22 09:17 - 00000000 __RSD () C:\WINDOWS\Media
2014-07-10 17:01 - 2013-08-22 09:17 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-10 17:01 - 2013-08-22 09:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-07-10 17:01 - 2013-08-22 09:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-10 17:01 - 2013-08-22 09:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-07-10 17:01 - 2013-08-22 09:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-10 17:01 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-10 17:01 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\en-GB
2014-07-10 17:01 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\Camera
2014-07-10 17:01 - 2013-08-22 09:17 - 00000000 ____D () C:\Program Files\Windows Defender
2014-07-10 17:01 - 2013-08-22 09:17 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-07-10 17:00 - 2014-07-10 15:37 - 00000000 ____D () C:\WINDOWS\erdnt
2014-07-10 17:00 - 2014-07-10 14:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-10 17:00 - 2014-07-10 14:00 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-10 17:00 - 2014-07-09 12:01 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-07-10 17:00 - 2014-06-23 13:26 - 00000000 ____D () C:\ProgramData\Installations
2014-07-10 17:00 - 2013-10-22 16:33 - 00000000 ____D () C:\Program Files\MSBuild
2014-07-10 17:00 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\MUI
2014-07-10 16:58 - 2012-07-26 07:43 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-10 16:54 - 2014-07-10 16:53 - 28694720 _____ (Microsoft Corporation) C:\Users\Haydn\Downloads\Windows-KB890830-V5.14.exe
2014-07-10 16:49 - 2014-07-10 16:49 - 00001492 _____ () C:\Users\Haydn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-10 16:46 - 2013-10-22 16:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-10 16:46 - 2013-09-18 17:22 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-10 16:45 - 2014-07-10 16:45 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-10 16:29 - 2014-07-10 16:29 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Haydn\Downloads\SpyHunter-Installer.exe
2014-07-10 15:37 - 2014-07-10 15:37 - 00000000 ___SD () C:\32788R22FWJFW
2014-07-10 15:34 - 2014-07-10 15:33 - 00031441 _____ () C:\Users\Haydn\Downloads\Addition.txt
2014-07-10 15:12 - 2014-07-10 16:17 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-07-10 15:12 - 2014-07-10 16:17 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-07-10 15:11 - 2014-07-10 15:11 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-07-10 15:11 - 2014-07-10 15:11 - 01871704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-07-10 15:11 - 2014-07-10 15:11 - 00865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-10 15:11 - 2014-07-10 15:11 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2014-07-10 15:11 - 2014-07-10 15:11 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2014-07-10 15:11 - 2014-07-10 15:11 - 00382296 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2014-07-10 15:11 - 2014-07-10 15:11 - 00376152 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-07-10 15:11 - 2014-07-10 15:11 - 00338264 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-07-10 15:11 - 2014-07-10 15:11 - 00337752 _____ (Microsoft Corporation) C:\WINDOWS\system32\halmacpi.dll
2014-07-10 15:11 - 2014-07-10 15:11 - 00337752 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-07-10 15:11 - 2014-07-10 15:11 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-10 15:11 - 2014-07-10 15:11 - 00286040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-07-10 15:11 - 2014-07-10 15:11 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2014-07-10 15:11 - 2014-07-10 15:11 - 00244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
2014-07-10 15:11 - 2014-07-10 15:11 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-07-10 15:11 - 2014-07-10 15:11 - 00188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
2014-07-10 15:11 - 2014-07-10 15:11 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2014-07-10 15:11 - 2014-07-10 15:11 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
2014-07-10 15:11 - 2014-07-10 15:11 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
2014-07-10 15:11 - 2014-07-10 15:11 - 00072536 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2014-07-10 15:11 - 2014-07-10 15:11 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2014-07-10 15:11 - 2014-07-10 15:11 - 00023384 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2014-07-10 14:19 - 2014-07-10 14:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Haydn\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-10 14:01 - 2014-07-10 14:01 - 00001492 _____ () C:\Users\Haydn\Desktop\JRT.txt
2014-07-10 14:00 - 2014-07-10 14:00 - 01016261 _____ (Thisisu) C:\Users\Haydn\Downloads\JRT.exe
2014-07-09 12:04 - 2014-05-01 14:46 - 00000000 ____D () C:\Program Files\Common Files\Sage SData
2014-07-09 12:04 - 2014-05-01 14:43 - 00000000 ____D () C:\ProgramData\Sage
2014-07-09 12:01 - 2014-07-09 12:01 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\system32\subinacl.exe
2014-07-09 11:47 - 2014-07-09 11:47 - 01348263 _____ () C:\Users\Haydn\Downloads\adwcleaner_3.215.exe
2014-07-09 09:55 - 2013-08-22 07:13 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-09 09:34 - 2014-07-09 09:34 - 00466028 _____ () C:\Users\Haydn\Downloads\return(3)
2014-07-08 11:50 - 2014-07-08 11:50 - 99596461 _____ () C:\Users\Haydn\Desktop\ASC_Portable.zip
2014-07-07 16:46 - 2014-07-07 16:46 - 51277824 _____ () C:\WINDOWS\system32\config\SOFTWARE.iobit
2014-07-07 16:46 - 2014-07-07 16:46 - 00409600 _____ () C:\WINDOWS\system32\config\DEFAULT.iobit
2014-07-07 16:46 - 2014-07-07 16:46 - 00032768 _____ () C:\WINDOWS\system32\config\SAM.iobit
2014-07-07 16:46 - 2014-07-07 16:46 - 00028672 _____ () C:\WINDOWS\system32\config\SECURITY.iobit
2014-07-04 16:38 - 2014-07-04 16:38 - 00013054 _____ () C:\Users\Haydn\Desktop\MP PAYROLL TRANSFERS.xlsx
2014-07-04 14:23 - 2014-07-04 14:23 - 00465945 _____ () C:\Users\Haydn\Downloads\return(2)
2014-07-04 13:50 - 2014-07-04 13:50 - 00466014 _____ () C:\Users\Haydn\Downloads\return(1)
2014-07-03 12:48 - 2013-10-31 06:12 - 00082432 _____ (KYOCERA Document Solutions Inc.) C:\WINDOWS\system32\KXPLM32.DLL
2014-07-03 12:47 - 2014-07-03 12:45 - 42991706 _____ () C:\Users\Haydn\Downloads\KXDrv_6.0.3323_...P2x35_P7035.zip
2014-07-03 07:21 - 2014-07-03 07:21 - 00000968 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-06-26 17:38 - 2013-09-20 15:05 - 93585272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-06-25 15:50 - 2014-06-25 15:50 - 00000907 _____ () C:\Users\Haydn\Desktop\µTorrent.lnk
2014-06-25 15:50 - 2014-06-25 15:50 - 00000887 _____ () C:\Users\Haydn\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-06-25 15:49 - 2014-06-25 15:49 - 01837904 _____ (BitTorrent Inc.) C:\Users\Haydn\Downloads\uTorrent.exe
2014-06-25 13:34 - 2014-06-25 13:34 - 00268726 _____ () C:\Users\Haydn\Downloads\pgpsw-speed-cams-rKvyJ-(12-062).zip
2014-06-24 13:11 - 2014-06-24 13:11 - 00000000 ____D () C:\Users\Default\AppData\Roaming\IObit
2014-06-24 13:11 - 2014-06-24 13:11 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\IObit
2014-06-23 13:26 - 2014-06-23 13:25 - 07082136 _____ () C:\Users\Haydn\Downloads\Nokia_Connectivity_Cable_Driver.exe
2014-06-23 11:42 - 2014-06-23 11:42 - 00038920 ____H (LogMeIn Inc.) C:\WINDOWS\system32\Drivers\Hamdrv.sys
2014-06-19 09:40 - 2014-07-10 17:11 - 00000124 _____ () C:\Users\Haydn\Documents\indexfile.txt
2014-06-19 01:16 - 2014-07-09 04:08 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-06-19 00:32 - 2014-07-09 04:08 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-06-19 00:12 - 2014-07-09 04:08 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-06-18 23:59 - 2014-07-09 04:08 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-06-18 23:58 - 2014-07-09 04:08 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-06-18 23:57 - 2014-07-09 04:08 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-06-18 23:52 - 2014-07-09 04:08 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-06-18 23:52 - 2014-07-09 04:08 - 00595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-06-18 23:49 - 2014-07-09 04:08 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-06-18 23:45 - 2014-07-09 04:08 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-06-18 23:35 - 2014-07-09 04:08 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-06-18 23:13 - 2014-07-09 04:08 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-06-18 23:09 - 2014-07-09 04:08 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-06-18 23:07 - 2014-07-09 04:08 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-06-18 11:01 - 2014-05-29 10:40 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-17 09:29 - 2014-06-17 09:29 - 07315296 _____ (IObit ) C:\Users\Haydn\Downloads\startmenu-setup.exe
2014-06-17 09:29 - 2014-06-17 09:29 - 00002067 _____ () C:\Users\Public\Desktop\Start Menu 8.lnk
2014-06-17 09:29 - 2014-06-17 09:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8
2014-06-17 09:27 - 2014-06-17 09:27 - 00000144 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-06-17 09:27 - 2014-02-28 18:20 - 00165659 _____ () C:\MyXML.xml

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-17 11:10

==================== End Of Log ============================



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,198 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:19 AM

Posted 17 July 2014 - 10:16 AM

Please keep me posted.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users