Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't remove proxy 127.0.0.1:5050 + Other Infections


  • This topic is locked This topic is locked
10 replies to this topic

#1 tsanford90

tsanford90

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 18 September 2014 - 10:26 AM

Not sure how I became infected, but I am not able to remove a proxy setting in LAN settings. I have ran the following malware programs both in regular user mode, and in safe mode with networking with no avail.

 

Malwarebytes Adaware

Spybot Search & Destroy

Anti-Malware Tool

ADWCleaner

FRST64

RogueKillerX64

Junkware Removal Tool

 

Every reboot, the proxy setting in LAN come back and I have all sorts of popups and redirects in all my browsers. I've checked the browsers and no addons, extensions or anything of that matter is there. 

 

 

Attached Files


Edited by tsanford90, 18 September 2014 - 10:31 AM.


BC AdBot (Login to Remove)

 


#2 tsanford90

tsanford90
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 18 September 2014 - 10:33 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.5 (09.16.2014:1)
OS: Windows 8.1 x64
Ran by Tyler on Thu 09/18/2014 at  8:00:24.65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 09/18/2014 at  8:03:12.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Tyler at 2014-09-18 09:58:13
Running from C:\Users\Tyler\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.3.300.265 - Adobe Systems Incorporated)
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (HKLM-x32\...\{8B1A559A-FB9D-42F5-A8A7-2F132CF28414}) (Version: 1.00.0000 - )
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.12334.0 - Cisco Consumer Products LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Horizon v2.8.0.1 (HKLM-x32\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: 2.8.0.1 - Daring Development Inc.)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.13.0.003 - HTC Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Kingo Android ROOT version 1.2.2.1915 (HKLM-x32\...\{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1) (Version: 1.2.2.1915 - Kingosoft Technology Ltd.)
K-Lite Codec Pack 10.4.5 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.4.5 - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
qBittorrent 3.1.9 (HKLM-x32\...\qbittorrent) (Version: 3.1.9 - The qBittorrent project)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.26.218.2014 - Realtek)
S Agent (Version: 1.1.47 - Samsung Electronics CO., LTD.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.42.0 - SAMSUNG Electronics Co., Ltd.)
Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SW Update (HKLM-x32\...\{D2B5F1E3-EA56-4D84-A453-A213B32974CB}) (Version: 2.1.25 - Samsung Electronics CO., LTD.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VROOT (HKLM-x32\...\{1295E43F-382A-4CB2-9E0F-079C0D7401BB}_is1) (Version: 1.7.3.4863 - Shenzhen Xinyi Network Co.,Ltd.)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

29-08-2014 15:26:45 Windows Update
05-09-2014 15:44:09 Windows Update
09-09-2014 21:43:55 Windows Update
15-09-2014 23:43:24 Removed Skype™ 6.16
18-09-2014 03:31:47 Cleaner (Spybot - Search & Destroy 2.4, administrator privileges

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2014-09-17 23:35 - 00450709 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {05480304-B328-4166-A000-8AEEB89D5B87} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0D74CEE2-2D11-438B-BC84-0CAF8A39628A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0EBB1D63-2B62-41CF-9BE3-7F517B4AA7BE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-17] (Google Inc.)
Task: {1CDE6D33-56B3-421D-9E63-8C73B812A89D} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2D4CCFA6-2C18-4733-90AC-095B6BF39DA0} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2014-03-19] (Samsung Electronics CO., LTD.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {5223A2A7-CE4A-455E-8C5E-C04D731E919B} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {6FCBB895-E100-413F-BFAE-5D72CD663AAE} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7C0A5098-F443-445C-95CD-D34443D0181B} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8B078B3A-21FD-4955-BD21-9DDD8E975E0C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-17] (Google Inc.)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9379E45B-FA5C-47E1-BB9A-9874DDEB562F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-25] (Adobe Systems Incorporated)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {B6C62BA6-FACA-4D15-BA5A-4667FFB29580} - \TidyNetwork Update No Task File <==== ATTENTION
Task: {CFACD23F-C18D-4FCF-A153-1F911A4AA31A} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2014-01-29] (Samsung Electronics CO., LTD.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D8079C40-39FC-48AE-BBCC-A6DB589BED69} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DDD9C030-59DE-48D5-B565-F2E952636A00} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {DDEEE698-F966-4938-B145-38B72B97069B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {DF617F18-AB5F-46B1-8B42-225E1C674B7E} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E6E5A45F-99D9-4DD9-AAAE-3A9F83C25700} - System32\Tasks\PerfMonitor_strtp => C:\Program Files (x86)\Optimizer Pro\PerformanceMonitor.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PerfMonitor_strtp.job => C:\Program Files (x86)\Optimizer Pro\PerformanceMonitor.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Tyler\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Tyler\SkyDrive.old:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

Name: USB2.0-CRW
Description: USB2.0-CRW
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (09/18/2014 09:56:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FRST64.exe, version: 12.9.2014.0, time stamp: 0x541330eb
Faulting module name: FRST64.exe, version: 12.9.2014.0, time stamp: 0x541330eb
Exception code: 0xc0000005
Fault offset: 0x0000000000024a00
Faulting process id: 0x8e4
Faulting application start time: 0xFRST64.exe0
Faulting application path: FRST64.exe1
Faulting module path: FRST64.exe2
Report Id: FRST64.exe3
Faulting package full name: FRST64.exe4
Faulting package-relative application ID: FRST64.exe5

System errors:
=============
Error: (09/18/2014 09:58:21 AM) (Source: DCOM) (EventID: 10005) (User: SANFORD)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (09/18/2014 09:58:21 AM) (Source: DCOM) (EventID: 10005) (User: SANFORD)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (09/18/2014 09:58:21 AM) (Source: DCOM) (EventID: 10005) (User: SANFORD)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (09/18/2014 09:58:19 AM) (Source: DCOM) (EventID: 10005) (User: SANFORD)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (09/18/2014 09:58:19 AM) (Source: DCOM) (EventID: 10005) (User: SANFORD)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (09/18/2014 09:58:17 AM) (Source: DCOM) (EventID: 10005) (User: SANFORD)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (09/18/2014 09:58:17 AM) (Source: DCOM) (EventID: 10005) (User: SANFORD)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (09/18/2014 09:58:14 AM) (Source: DCOM) (EventID: 10005) (User: SANFORD)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (09/18/2014 09:58:14 AM) (Source: DCOM) (EventID: 10005) (User: SANFORD)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (09/18/2014 09:58:08 AM) (Source: DCOM) (EventID: 10005) (User: SANFORD)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Microsoft Office Sessions:
=========================
Error: (09/18/2014 09:56:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FRST64.exe12.9.2014.0541330ebFRST64.exe12.9.2014.0541330ebc00000050000000000024a008e401cfd34841c7ffceC:\Users\Tyler\Downloads\FRST64.exeC:\Users\Tyler\Downloads\FRST64.exe03102103-3f44-11e4-826e-1867b059f7b2

CodeIntegrity Errors:
===================================
  Date: 2014-09-17 23:57:55.585
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-09-17 23:57:55.413
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-09-15 19:04:33.373
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-09-15 19:04:33.198
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-09-15 18:57:04.691
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-09-15 18:57:04.503
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-09-15 18:57:04.191
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-09-15 18:57:03.957
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-09-13 02:46:40.039
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-09-13 02:46:39.895
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: AMD A8-4500M APU with Radeon™ HD Graphics
Percentage of memory in use: 23%
Total physical RAM: 3547.09 MB
Available physical RAM: 2698.7 MB
Total Pagefile: 4187.09 MB
Available Pagefile: 3227.22 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.24 GB) (Free:412.52 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 6C8499CE)

Partition: GPT Partition Type.

==================== End Of Log ============================


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Tyler (administrator) on SANFORD on 18-09-2014 09:57:06
Running from C:\Users\Tyler\Downloads
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1674493186-3825866289-3173496600-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-1674493186-3825866289-3173496600-1001\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S2].txt [1451 2014-09-18] ()
HKU\S-1-5-21-1674493186-3825866289-3173496600-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1674493186-3825866289-3173496600-1001\...\MountPoints2: {541d4ffa-c8f9-11e3-8253-1867b059f7b3} - "D:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-1674493186-3825866289-3173496600-1001\...\MountPoints2: {96afa292-d6d7-11e3-8258-1867b059f7b3} - "D:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-1674493186-3825866289-3173496600-1001\...\MountPoints2: {96afa45d-d6d7-11e3-8258-1867b059f7b3} - "D:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-1674493186-3825866289-3173496600-1001\...\MountPoints2: {cf484052-d992-11e3-8259-1867b059f7b3} - "D:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-1674493186-3825866289-3173496600-1001\...\MountPoints2: {f1fa923a-2ad5-11e4-8265-1867b059f7b3} - "D:\VZW_Software_upgrade_assistant.exe"
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

Chrome:
=======
CHR Profile: C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-18]
CHR Extension: (Google Docs) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-17]
CHR Extension: (Google Drive) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (YouTube) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-17]
CHR Extension: (Google Search) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-17]
CHR Extension: (Google Sheets) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-18]
CHR Extension: (AdBlock) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-17]
CHR Extension: (ScriptSafe) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2014-09-17]
CHR Extension: (Gmail) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
S2 Diagnostics; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [154112 2014-09-10] () [File not signed]
S2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593152 2014-01-29] (Samsung Electronics CO., LTD.)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
S2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S2 Proxy; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [154112 2014-09-10] () [File not signed]
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [728328 2014-03-30] (DEVGURU Co., LTD.)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
S2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 HtcVCom32; C:\Windows\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-30] (Windows ® Win 7 DDK provider)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [36456 2014-09-18] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-18 09:56 - 2014-09-18 09:57 - 00009736 _____ () C:\Users\Tyler\Downloads\FRST.txt
2014-09-18 09:56 - 2014-09-18 09:56 - 00000000 ____D () C:\Users\Tyler\AppData\Local\CrashDumps
2014-09-18 08:51 - 2014-09-18 09:57 - 00000000 ____D () C:\FRST
2014-09-18 08:49 - 2014-09-18 08:49 - 02105856 _____ (Farbar) C:\Users\Tyler\Downloads\FRST64.exe
2014-09-18 08:48 - 2014-09-18 08:49 - 00002635 _____ () C:\Users\Tyler\Desktop\fixlist.txt
2014-09-18 08:03 - 2014-09-18 08:03 - 00000622 _____ () C:\Users\Tyler\Desktop\JRT.txt
2014-09-18 00:11 - 2014-09-18 00:11 - 00000000 ____D () C:\Windows\ERUNT
2014-09-17 23:56 - 2014-09-17 23:56 - 01016035 _____ (Thisisu) C:\Users\Tyler\Documents\JRT.exe
2014-09-17 23:47 - 2014-09-18 08:25 - 00036456 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-09-17 23:47 - 2014-09-17 23:47 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-17 23:45 - 2014-09-17 23:45 - 05429848 _____ () C:\Users\Tyler\Documents\RogueKillerX64.exe
2014-09-17 23:36 - 2014-09-17 23:36 - 00000000 ____D () C:\Users\Tyler\Documents\ProcAlyzer Dumps
2014-09-17 23:35 - 2014-09-17 21:51 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140917-233528.backup
2014-09-17 23:18 - 2014-09-18 08:26 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-17 23:13 - 2014-09-17 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-17 23:13 - 2014-09-17 23:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-17 23:13 - 2014-09-17 23:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-17 23:13 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-17 23:13 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-17 23:13 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-17 22:59 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-17 22:58 - 2014-09-18 08:21 - 00000000 ____D () C:\AdwCleaner
2014-09-17 22:55 - 2014-09-17 22:55 - 01373475 _____ () C:\Users\Tyler\Documents\adwcleaner_3.310.exe
2014-09-17 21:56 - 2014-09-17 21:56 - 00009014 _____ () C:\Users\Tyler\Desktop\XBOX.odt
2014-09-17 21:51 - 2013-08-22 08:25 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140917-215104.backup
2014-09-17 21:25 - 2014-09-17 21:25 - 00001407 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-17 21:25 - 2014-09-17 21:25 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-09-17 21:25 - 2014-09-17 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-09-17 21:24 - 2014-09-17 21:49 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-17 21:24 - 2014-09-17 21:40 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-17 21:24 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-09-17 09:51 - 2014-08-23 02:48 - 02374784 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-09-17 09:51 - 2014-08-23 02:13 - 02084520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2014-09-17 09:51 - 2014-08-23 01:10 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-09-17 09:51 - 2014-08-23 00:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-09-17 09:51 - 2014-08-22 23:44 - 02860032 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-09-17 09:51 - 2014-08-22 23:34 - 13423104 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-09-17 09:51 - 2014-08-22 23:33 - 00796672 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2014-09-17 09:51 - 2014-08-22 23:31 - 01038336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-09-17 09:51 - 2014-08-22 23:20 - 11818496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-09-17 09:51 - 2014-07-29 20:56 - 00299520 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
2014-09-17 09:51 - 2014-07-29 00:22 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\tcpmon.dll
2014-09-17 09:51 - 2014-07-24 04:44 - 16874496 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-09-17 09:50 - 2014-07-24 10:28 - 00468288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-09-17 09:50 - 2014-07-24 10:28 - 00419648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-09-17 09:50 - 2014-07-24 10:28 - 00412992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2014-09-17 09:50 - 2014-07-24 10:28 - 00280384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2014-09-17 09:50 - 2014-07-24 10:28 - 00143680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-09-17 09:50 - 2014-07-24 10:25 - 00054752 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-17 09:50 - 2014-07-24 10:23 - 01519488 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2014-09-17 09:50 - 2014-07-24 10:23 - 00125472 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2014-09-17 09:50 - 2014-07-24 10:20 - 21266336 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-17 09:50 - 2014-07-24 10:20 - 00645592 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-09-17 09:50 - 2014-07-24 10:20 - 00263400 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2014-09-17 09:50 - 2014-07-24 10:16 - 02574208 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-09-17 09:50 - 2014-07-24 10:16 - 00211216 _____ (Microsoft Corporation) C:\Windows\system32\SndVol.exe
2014-09-17 09:50 - 2014-07-24 10:07 - 07424320 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-09-17 09:50 - 2014-07-24 10:07 - 02009920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-09-17 09:50 - 2014-07-24 10:05 - 01660048 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-09-17 09:50 - 2014-07-24 10:05 - 01519560 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-09-17 09:50 - 2014-07-24 10:05 - 01488008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-09-17 09:50 - 2014-07-24 10:05 - 01356840 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-09-17 09:50 - 2014-07-24 10:03 - 02141920 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2014-09-17 09:50 - 2014-07-24 10:03 - 00882136 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-09-17 09:50 - 2014-07-24 10:03 - 00818624 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2014-09-17 09:50 - 2014-07-24 10:03 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2014-09-17 09:50 - 2014-07-24 10:03 - 00233888 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-09-17 09:50 - 2014-07-24 10:03 - 00205512 _____ (Microsoft Corporation) C:\Windows\system32\mftranscode.dll
2014-09-17 09:50 - 2014-07-24 09:57 - 02515264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-09-17 09:50 - 2014-07-24 09:57 - 00475968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-09-17 09:50 - 2014-07-24 08:50 - 00098048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2014-09-17 09:50 - 2014-07-24 08:48 - 02410976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-09-17 09:50 - 2014-07-24 08:48 - 00180208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVol.exe
2014-09-17 09:50 - 2014-07-24 08:46 - 18760328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-09-17 09:50 - 2014-07-24 08:46 - 00477200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-09-17 09:50 - 2014-07-24 08:36 - 02145472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-09-17 09:50 - 2014-07-24 08:36 - 00707536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-09-17 09:50 - 2014-07-24 08:36 - 00674512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2014-09-17 09:50 - 2014-07-24 08:36 - 00355800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2014-09-17 09:50 - 2014-07-24 08:36 - 00180720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mftranscode.dll
2014-09-17 09:50 - 2014-07-24 06:51 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\KBDRUM.DLL
2014-09-17 09:50 - 2014-07-24 06:46 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2014-09-17 09:50 - 2014-07-24 06:45 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-09-17 09:50 - 2014-07-24 06:44 - 00674816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-09-17 09:50 - 2014-07-24 06:43 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2014-09-17 09:50 - 2014-07-24 06:42 - 01200640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2014-09-17 09:50 - 2014-07-24 06:42 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2014-09-17 09:50 - 2014-07-24 06:42 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NdisImPlatform.sys
2014-09-17 09:50 - 2014-07-24 06:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys
2014-09-17 09:50 - 2014-07-24 06:33 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-09-17 09:50 - 2014-07-24 06:33 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-17 09:50 - 2014-07-24 06:06 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\iasnap.dll
2014-09-17 09:50 - 2014-07-24 06:05 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\usbmon.dll
2014-09-17 09:50 - 2014-07-24 06:05 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-09-17 09:50 - 2014-07-24 05:51 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRUM.DLL
2014-09-17 09:50 - 2014-07-24 05:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersGPExt.dll
2014-09-17 09:50 - 2014-07-24 05:33 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-09-17 09:50 - 2014-07-24 05:32 - 00207360 _____ (Microsoft Corporation) C:\Windows\system32\powercfg.cpl
2014-09-17 09:50 - 2014-07-24 05:20 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2014-09-17 09:50 - 2014-07-24 05:18 - 01089024 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2014-09-17 09:50 - 2014-07-24 05:12 - 00878592 _____ (Microsoft Corporation) C:\Windows\system32\ActionCenter.dll
2014-09-17 09:50 - 2014-07-24 05:10 - 01844224 _____ (Microsoft Corporation) C:\Windows\system32\Display.dll
2014-09-17 09:50 - 2014-07-24 05:10 - 00834560 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-09-17 09:50 - 2014-07-24 05:10 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-09-17 09:50 - 2014-07-24 05:10 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasnap.dll
2014-09-17 09:50 - 2014-07-24 05:09 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-09-17 09:50 - 2014-07-24 05:06 - 00438272 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2014-09-17 09:50 - 2014-07-24 05:05 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersShell.dll
2014-09-17 09:50 - 2014-07-24 04:53 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\prnntfy.dll
2014-09-17 09:50 - 2014-07-24 04:52 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2014-09-17 09:50 - 2014-07-24 04:40 - 00557056 _____ (Microsoft Corporation) C:\Windows\system32\PrintDialogs.dll
2014-09-17 09:50 - 2014-07-24 04:39 - 00770048 _____ (Microsoft Corporation) C:\Windows\system32\WorkfoldersControl.dll
2014-09-17 09:50 - 2014-07-24 04:33 - 01741824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2014-09-17 09:50 - 2014-07-24 04:32 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2014-09-17 09:50 - 2014-07-24 04:27 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-09-17 09:50 - 2014-07-24 04:27 - 00779264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-09-17 09:50 - 2014-07-24 04:25 - 00832512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActionCenter.dll
2014-09-17 09:50 - 2014-07-24 04:24 - 01817088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Display.dll
2014-09-17 09:50 - 2014-07-24 04:23 - 00328704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2014-09-17 09:50 - 2014-07-24 04:21 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2014-09-17 09:50 - 2014-07-24 04:18 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wlansvcpal.dll
2014-09-17 09:50 - 2014-07-24 04:16 - 12730880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-09-17 09:50 - 2014-07-24 04:13 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prnntfy.dll
2014-09-17 09:50 - 2014-07-24 04:12 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2014-09-17 09:50 - 2014-07-24 04:11 - 00356864 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-09-17 09:50 - 2014-07-24 04:11 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\wshbth.dll
2014-09-17 09:50 - 2014-07-24 04:10 - 00540672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
2014-09-17 09:50 - 2014-07-24 04:09 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
2014-09-17 09:50 - 2014-07-24 04:04 - 00183808 _____ (Microsoft Corp.) C:\Windows\system32\Defrag.exe
2014-09-17 09:50 - 2014-07-24 04:03 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2014-09-17 09:50 - 2014-07-24 04:02 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-09-17 09:50 - 2014-07-24 03:53 - 01261056 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2014-09-17 09:50 - 2014-07-24 03:53 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\defragsvc.dll
2014-09-17 09:50 - 2014-07-24 03:49 - 01287680 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2014-09-17 09:50 - 2014-07-24 03:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2014-09-17 09:50 - 2014-07-24 03:49 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
2014-09-17 09:50 - 2014-07-24 03:48 - 00659968 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Bluetooth.dll
2014-09-17 09:50 - 2014-07-24 03:47 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2014-09-17 09:50 - 2014-07-24 03:43 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshbth.dll
2014-09-17 09:50 - 2014-07-24 03:39 - 02397184 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2014-09-17 09:50 - 2014-07-24 03:38 - 00371200 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2014-09-17 09:50 - 2014-07-24 03:32 - 01532416 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2014-09-17 09:50 - 2014-07-24 03:30 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2014-09-17 09:50 - 2014-07-24 03:29 - 00439296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll
2014-09-17 09:50 - 2014-07-24 03:28 - 00595456 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.dll
2014-09-17 09:50 - 2014-07-24 03:27 - 00907776 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-09-17 09:50 - 2014-07-24 03:23 - 01404416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2014-09-17 09:50 - 2014-07-24 03:22 - 00487936 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2014-09-17 09:50 - 2014-07-24 03:21 - 01231872 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2014-09-17 09:50 - 2014-07-24 03:21 - 00302080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2014-09-17 09:50 - 2014-07-24 03:20 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll
2014-09-17 09:50 - 2014-07-24 03:19 - 00388608 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-09-17 09:50 - 2014-07-24 03:18 - 00795136 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2014-09-17 09:50 - 2014-07-24 03:16 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\VAN.dll
2014-09-17 09:50 - 2014-07-24 03:16 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2014-09-17 09:50 - 2014-07-24 03:15 - 00828416 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-17 09:50 - 2014-07-24 03:15 - 00721408 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.dll
2014-09-17 09:50 - 2014-07-24 03:15 - 00432128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2014-09-17 09:50 - 2014-07-24 03:10 - 01029632 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-09-17 09:50 - 2014-07-24 03:10 - 00889344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2014-09-17 09:50 - 2014-07-24 03:10 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-09-17 09:50 - 2014-07-24 03:10 - 00371712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2014-09-17 09:50 - 2014-07-24 03:08 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2014-09-17 09:50 - 2014-07-24 03:08 - 00162816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiapi.dll
2014-09-17 09:50 - 2014-07-24 03:07 - 01705472 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-17 09:50 - 2014-07-24 03:05 - 00448000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VAN.dll
2014-09-17 09:50 - 2014-07-24 03:04 - 00667136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-17 09:50 - 2014-07-24 03:02 - 03465216 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-17 09:50 - 2014-07-24 03:01 - 05833216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2014-09-17 09:50 - 2014-07-24 03:01 - 01992192 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-09-17 09:50 - 2014-07-24 03:01 - 01126912 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2014-09-17 09:50 - 2014-07-24 02:58 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2014-09-17 09:50 - 2014-07-24 02:58 - 00288768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2014-09-17 09:50 - 2014-07-24 02:54 - 01290752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2014-09-17 09:50 - 2014-07-24 02:50 - 01182208 _____ (Microsoft Corporation) C:\Windows\system32\printui.dll
2014-09-17 09:50 - 2014-07-24 02:50 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-09-17 09:50 - 2014-07-24 02:49 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2014-09-17 09:50 - 2014-07-24 02:47 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2014-09-17 09:50 - 2014-07-24 02:46 - 08652800 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2014-09-17 09:50 - 2014-07-24 02:44 - 01057792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printui.dll
2014-09-17 09:50 - 2014-07-24 02:43 - 02696704 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2014-09-17 09:50 - 2014-07-24 02:43 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-09-17 09:50 - 2014-07-24 02:43 - 00200192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2014-09-17 09:50 - 2014-07-24 02:41 - 00459264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2014-09-17 09:50 - 2014-07-24 02:39 - 02642944 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-17 09:50 - 2014-07-24 02:38 - 06649344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-09-17 09:50 - 2014-07-24 02:38 - 05777408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-09-17 09:50 - 2014-07-24 02:33 - 03360768 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-09-17 09:50 - 2014-07-24 02:30 - 02318336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-17 09:50 - 2014-07-24 02:28 - 01600000 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
2014-09-17 09:50 - 2014-07-23 23:11 - 00513544 _____ () C:\Windows\SysWOW64\locale.nls
2014-09-17 09:50 - 2014-07-23 23:11 - 00513544 _____ () C:\Windows\system32\locale.nls
2014-09-17 09:50 - 2014-07-12 00:55 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\wisp.dll
2014-09-17 09:50 - 2014-07-11 23:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wisp.dll
2014-09-17 09:50 - 2014-07-11 23:13 - 01417216 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-17 09:50 - 2014-07-04 07:59 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2014-09-17 09:50 - 2014-07-04 05:29 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\AppxSip.dll
2014-09-17 09:50 - 2014-07-04 05:20 - 01656832 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2014-09-17 09:50 - 2014-07-04 05:06 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxSip.dll
2014-09-17 09:50 - 2014-07-04 05:00 - 01351168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2014-09-17 09:50 - 2014-07-04 04:30 - 00544768 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll
2014-09-17 09:50 - 2014-07-04 04:27 - 00474112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll
2014-09-17 09:50 - 2014-06-27 01:22 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-09-17 09:50 - 2014-06-25 19:32 - 01029632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2014-09-17 09:50 - 2014-06-25 19:29 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\dab.dll
2014-09-17 09:50 - 2014-06-19 18:37 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-09-17 09:50 - 2014-06-18 21:13 - 00310080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-09-17 09:50 - 2014-06-14 01:03 - 02389504 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-17 09:50 - 2014-06-14 00:46 - 02071552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-17 09:50 - 2014-06-07 07:46 - 00216368 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2014-09-17 09:50 - 2014-06-07 05:20 - 00189016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2014-09-17 09:50 - 2014-06-05 09:00 - 01118040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-09-17 09:50 - 2014-06-05 05:18 - 01018368 _____ (Microsoft Corporation) C:\Windows\system32\aclui.dll
2014-09-17 09:50 - 2014-06-05 04:42 - 00889856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aclui.dll
2014-09-17 09:50 - 2014-05-31 00:00 - 01463808 _____ (Microsoft Corporation) C:\Windows\system32\wsecedit.dll
2014-09-17 09:50 - 2014-05-30 23:18 - 01319936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsecedit.dll
2014-09-17 09:50 - 2014-05-29 01:23 - 00427008 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2014-09-17 09:50 - 2014-05-29 00:25 - 00313856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2014-09-17 09:50 - 2014-05-29 00:20 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-09-17 09:50 - 2014-05-26 02:26 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\AppxSysprep.dll
2014-09-17 09:50 - 2014-05-10 05:12 - 00387896 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2014-09-17 09:50 - 2014-05-10 03:46 - 00335680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2014-09-17 09:50 - 2014-05-05 23:41 - 00486744 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2014-09-17 09:50 - 2014-05-05 19:55 - 00391000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2014-09-17 09:50 - 2014-03-24 21:27 - 00160600 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll
2014-09-17 09:50 - 2014-03-24 21:27 - 00123920 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2014-09-17 09:50 - 2014-03-24 20:20 - 00128568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2014-09-17 09:50 - 2014-03-24 20:20 - 00127544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll
2014-09-17 09:49 - 2014-07-24 06:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-09-17 09:49 - 2014-07-24 06:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTT102.DLL
2014-09-17 09:49 - 2014-07-24 06:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-09-17 09:49 - 2014-07-24 06:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-09-17 09:49 - 2014-07-24 06:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-09-17 09:49 - 2014-07-24 06:51 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-09-17 09:49 - 2014-07-24 06:47 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-09-17 09:49 - 2014-07-24 06:43 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthmodem.sys
2014-09-17 09:49 - 2014-07-24 06:41 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys
2014-09-17 09:49 - 2014-07-24 06:22 - 00308736 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2014-09-17 09:49 - 2014-07-24 05:52 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-09-17 09:49 - 2014-07-24 05:52 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTT102.DLL
2014-09-17 09:49 - 2014-07-24 05:52 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-09-17 09:49 - 2014-07-24 05:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-09-17 09:49 - 2014-07-24 05:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-09-17 09:49 - 2014-07-24 05:51 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-09-17 09:49 - 2014-07-24 04:42 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\powercfg.cpl
2014-09-17 09:49 - 2014-07-24 04:14 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2014-09-17 09:49 - 2014-07-24 04:04 - 00492032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintDialogs.dll
2014-09-17 09:49 - 2014-07-24 03:58 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\BluetoothApis.dll
2014-09-17 09:49 - 2014-07-24 03:49 - 01361408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2014-09-17 09:49 - 2014-07-24 03:36 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BluetoothApis.dll
2014-09-17 09:49 - 2014-07-24 03:24 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-17 09:49 - 2014-07-24 03:18 - 01144320 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2014-09-17 09:49 - 2014-07-24 03:18 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-17 09:49 - 2014-07-24 03:13 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\SndVolSSO.dll
2014-09-17 09:49 - 2014-07-24 03:12 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-17 09:49 - 2014-07-24 03:06 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-17 09:49 - 2014-07-24 03:00 - 02100736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll
2014-09-17 09:49 - 2014-07-12 00:23 - 00436224 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-09-17 09:49 - 2014-07-11 23:33 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-09-17 09:49 - 2014-07-09 18:19 - 00387391 _____ () C:\Windows\system32\ApnDatabase.xml
2014-09-17 09:49 - 2014-05-28 23:36 - 00344576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-09-17 09:42 - 2014-08-14 19:36 - 00146752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2014-09-15 19:12 - 2014-09-16 19:47 - 00000000 ____D () C:\Users\Tyler\Documents\Xbox Backup - Dont Delete
2014-09-15 19:00 - 2014-09-15 19:00 - 00000000 ____D () C:\Users\Tyler\AppData\Local\Daring_Development_Inc
2014-09-15 18:55 - 2014-09-15 18:55 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-09-15 18:55 - 2014-09-15 18:55 - 00000000 ____D () C:\Program Files\MSBuild
2014-09-15 18:55 - 2014-09-15 18:55 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-09-15 18:55 - 2014-09-15 18:55 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-09-15 18:53 - 2013-08-02 23:48 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2014-09-15 18:53 - 2013-08-02 23:48 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-09-15 18:53 - 2013-08-02 23:41 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2014-09-15 18:53 - 2013-08-02 23:41 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-09-15 18:52 - 2014-06-09 17:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-09-15 18:52 - 2014-06-09 17:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-09-15 18:39 - 2014-09-15 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Horizon
2014-09-15 18:39 - 2014-09-15 18:39 - 00000000 ____D () C:\Program Files (x86)\Daring Development
2014-09-15 18:21 - 2014-09-17 23:27 - 00000290 _____ () C:\Windows\Tasks\PerfMonitor_strtp.job
2014-09-15 18:21 - 2014-09-17 21:30 - 00001024 _____ () C:\.rnd
2014-09-15 18:21 - 2014-09-15 18:21 - 00002484 _____ () C:\Windows\System32\Tasks\PerfMonitor_strtp
2014-09-15 16:15 - 2014-09-15 16:26 - 907950003 _____ () C:\Users\Tyler\Desktop\American.Dad.S10E02.A.Boy.Named.Michael.1080p.WEB-DL.DD5.1.H.264-NTb.mkv
2014-09-10 20:12 - 2014-09-17 10:58 - 00011888 _____ () C:\Users\Tyler\Desktop\Buy.odt
2014-09-10 09:30 - 2014-09-10 09:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-10 09:29 - 2014-09-10 09:30 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-10 09:29 - 2014-09-10 09:30 - 00000000 ____D () C:\Program Files\iTunes
2014-09-10 09:29 - 2014-09-10 09:30 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-10 09:29 - 2014-09-10 09:29 - 00000000 ____D () C:\Program Files\iPod
2014-09-10 09:21 - 2014-09-12 16:10 - 00000000 ____D () C:\Users\Tyler\Documents\Ty Phone Backup - DONT TOUCH
2014-09-09 17:19 - 2014-08-15 20:56 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-09 17:19 - 2014-08-15 20:54 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-09 17:19 - 2014-08-15 20:43 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-09 17:19 - 2014-08-15 20:25 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-09 17:19 - 2014-08-15 20:22 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-09 17:19 - 2014-08-15 20:20 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-09 17:19 - 2014-08-15 20:19 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-09 17:19 - 2014-08-15 19:53 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-09 17:18 - 2014-08-15 21:40 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-09 17:18 - 2014-08-15 21:04 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-09 17:18 - 2014-08-15 21:00 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-09 17:18 - 2014-08-15 21:00 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-09 17:18 - 2014-08-15 20:45 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-09 17:18 - 2014-08-15 20:32 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-09 17:18 - 2014-08-15 20:18 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-09 17:18 - 2014-08-15 20:18 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-09 17:18 - 2014-08-15 20:11 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-09 17:18 - 2014-08-15 20:06 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-09 17:18 - 2014-08-15 20:05 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-09 17:18 - 2014-08-15 20:05 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-09 17:18 - 2014-08-15 20:03 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-09 17:18 - 2014-08-15 20:03 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-09 17:18 - 2014-08-15 19:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-09 17:18 - 2014-08-15 19:56 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-09 17:18 - 2014-08-15 19:53 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-09 17:18 - 2014-08-15 19:53 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-09 17:18 - 2014-08-15 19:51 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-09 17:18 - 2014-08-15 19:45 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-09 17:18 - 2014-08-15 19:44 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-09 17:18 - 2014-08-15 19:44 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-09 17:18 - 2014-08-15 19:34 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-09 17:18 - 2014-08-15 19:20 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-09 17:18 - 2014-08-15 19:18 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-09 17:18 - 2014-08-15 19:14 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-09 17:18 - 2014-08-15 19:12 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-09 14:35 - 2014-07-23 22:20 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2014-09-09 14:35 - 2014-07-23 22:20 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2014-09-09 14:34 - 2014-08-01 19:18 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-09-04 23:12 - 2014-09-04 23:12 - 00000299 _____ () C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk
2014-09-04 16:59 - 2014-09-04 16:59 - 00000005 _____ () C:\Windows\SysWOW64\lMMLDeleteUserData42107612FX.tmp
2014-09-04 15:45 - 2014-09-04 17:00 - 00000000 ____D () C:\Users\Tyler\AppData\Roaming\HTC
2014-09-04 15:39 - 2014-09-04 15:45 - 00000000 ____D () C:\Users\Tyler\Documents\HTC
2014-09-04 15:38 - 2014-09-04 17:00 - 00000000 ____D () C:\ProgramData\HTC
2014-09-04 15:36 - 2014-09-04 17:00 - 00000000 ____D () C:\Program Files (x86)\HTC
2014-09-04 15:36 - 2014-09-04 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
2014-09-04 15:36 - 2014-09-04 15:36 - 00000000 ____D () C:\Program Files (x86)\Spirent Communications
2014-09-04 15:35 - 2014-09-04 15:35 - 00000000 ____D () C:\Users\Tyler\AppData\Local\Downloaded Installations
2014-08-31 23:52 - 2014-09-17 23:30 - 00000000 ____D () C:\Users\Tyler\SkyDrive
2014-08-30 19:22 - 2014-09-17 22:53 - 00016511 _____ () C:\Users\Tyler\Desktop\ASAP.odt
2014-08-30 19:00 - 2014-09-17 21:23 - 00011080 _____ () C:\Users\Tyler\Desktop\Bills.ods
2014-08-30 19:00 - 2014-08-30 19:00 - 00008477 _____ () C:\Users\Tyler\Documents\Bills.ods
2014-08-30 18:59 - 2014-09-17 21:46 - 00013539 _____ () C:\Users\Tyler\Desktop\Passwords.ods
2014-08-30 18:58 - 2014-08-30 18:59 - 00012288 ___SH () C:\Users\Tyler\Documents\Thumbs.db
2014-08-30 13:23 - 2014-08-30 18:57 - 00011582 _____ () C:\Users\Tyler\Documents\Passwords.ods
2014-08-28 03:38 - 2014-08-22 19:42 - 04148224 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-27 11:18 - 2014-08-27 11:27 - 00000000 ____D () C:\Users\Tyler\Documents\Upload to foodstamps
2014-08-27 10:49 - 2014-08-27 10:49 - 00000000 __SHD () C:\Users\Tyler\AppData\Local\EmieUserList
2014-08-27 10:49 - 2014-08-27 10:49 - 00000000 __SHD () C:\Users\Tyler\AppData\Local\EmieSiteList

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-18 09:57 - 2014-09-18 09:56 - 00009736 _____ () C:\Users\Tyler\Downloads\FRST.txt
2014-09-18 09:57 - 2014-09-18 08:51 - 00000000 ____D () C:\FRST
2014-09-18 09:56 - 2014-09-18 09:56 - 00000000 ____D () C:\Users\Tyler\AppData\Local\CrashDumps
2014-09-18 08:49 - 2014-09-18 08:49 - 02105856 _____ (Farbar) C:\Users\Tyler\Downloads\FRST64.exe
2014-09-18 08:49 - 2014-09-18 08:48 - 00002635 _____ () C:\Users\Tyler\Desktop\fixlist.txt
2014-09-18 08:26 - 2014-09-17 23:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-18 08:25 - 2014-09-17 23:47 - 00036456 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-09-18 08:22 - 2014-04-17 07:15 - 01656475 _____ () C:\Windows\WindowsUpdate.log
2014-09-18 08:22 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-18 08:21 - 2014-09-17 22:58 - 00000000 ____D () C:\AdwCleaner
2014-09-18 08:21 - 2014-04-17 01:05 - 00007670 _____ () C:\Windows\PFRO.log
2014-09-18 08:21 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-09-18 08:18 - 2013-08-22 09:46 - 00051938 _____ () C:\Windows\setupact.log
2014-09-18 08:03 - 2014-09-18 08:03 - 00000622 _____ () C:\Users\Tyler\Desktop\JRT.txt
2014-09-18 07:52 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-09-18 07:50 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
2014-09-18 00:19 - 2014-04-17 20:44 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1674493186-3825866289-3173496600-1001
2014-09-18 00:11 - 2014-09-18 00:11 - 00000000 ____D () C:\Windows\ERUNT
2014-09-17 23:56 - 2014-09-17 23:56 - 01016035 _____ (Thisisu) C:\Users\Tyler\Documents\JRT.exe
2014-09-17 23:47 - 2014-09-17 23:47 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-17 23:45 - 2014-09-17 23:45 - 05429848 _____ () C:\Users\Tyler\Documents\RogueKillerX64.exe
2014-09-17 23:41 - 2014-05-25 13:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-17 23:41 - 2014-04-17 21:26 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-17 23:36 - 2014-09-17 23:36 - 00000000 ____D () C:\Users\Tyler\Documents\ProcAlyzer Dumps
2014-09-17 23:30 - 2014-08-31 23:52 - 00000000 ____D () C:\Users\Tyler\SkyDrive
2014-09-17 23:29 - 2014-04-17 21:26 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-17 23:27 - 2014-09-15 18:21 - 00000290 _____ () C:\Windows\Tasks\PerfMonitor_strtp.job
2014-09-17 23:13 - 2014-09-17 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-17 23:13 - 2014-09-17 23:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-17 23:13 - 2014-09-17 23:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-17 22:55 - 2014-09-17 22:55 - 01373475 _____ () C:\Users\Tyler\Documents\adwcleaner_3.310.exe
2014-09-17 22:53 - 2014-08-30 19:22 - 00016511 _____ () C:\Users\Tyler\Desktop\ASAP.odt
2014-09-17 22:53 - 2014-05-04 21:44 - 00607744 ___SH () C:\Users\Tyler\Desktop\Thumbs.db
2014-09-17 22:41 - 2014-04-17 07:11 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-17 22:35 - 2013-08-22 09:44 - 00362544 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-17 21:56 - 2014-09-17 21:56 - 00009014 _____ () C:\Users\Tyler\Desktop\XBOX.odt
2014-09-17 21:51 - 2014-09-17 23:35 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140917-233528.backup
2014-09-17 21:49 - 2014-09-17 21:24 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-17 21:46 - 2014-08-30 18:59 - 00013539 _____ () C:\Users\Tyler\Desktop\Passwords.ods
2014-09-17 21:40 - 2014-09-17 21:24 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-17 21:30 - 2014-09-15 18:21 - 00001024 _____ () C:\.rnd
2014-09-17 21:25 - 2014-09-17 21:25 - 00001407 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-17 21:25 - 2014-09-17 21:25 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-09-17 21:25 - 2014-09-17 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-09-17 21:23 - 2014-08-30 19:00 - 00011080 _____ () C:\Users\Tyler\Desktop\Bills.ods
2014-09-17 19:34 - 2014-04-21 20:08 - 00511488 ___SH () C:\Users\Tyler\Downloads\Thumbs.db
2014-09-17 13:14 - 2013-08-22 14:11 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-17 13:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\ToastData
2014-09-17 13:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-09-17 13:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-17 13:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-17 13:14 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\WinStore
2014-09-17 13:14 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\SysWOW64\setup
2014-09-17 13:14 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\SysWOW64\InputMethod
2014-09-17 13:14 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\setup
2014-09-17 13:14 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\oobe
2014-09-17 10:58 - 2014-09-10 20:12 - 00011888 _____ () C:\Users\Tyler\Desktop\Buy.odt
2014-09-17 10:04 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-09-16 19:47 - 2014-09-15 19:12 - 00000000 ____D () C:\Users\Tyler\Documents\Xbox Backup - Dont Delete
2014-09-15 19:03 - 2014-09-15 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Horizon
2014-09-15 19:00 - 2014-09-15 19:00 - 00000000 ____D () C:\Users\Tyler\AppData\Local\Daring_Development_Inc
2014-09-15 18:55 - 2014-09-15 18:55 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-09-15 18:55 - 2014-09-15 18:55 - 00000000 ____D () C:\Program Files\MSBuild
2014-09-15 18:55 - 2014-09-15 18:55 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-09-15 18:55 - 2014-09-15 18:55 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-09-15 18:44 - 2014-06-27 23:06 - 00000000 ____D () C:\ProgramData\Skype
2014-09-15 18:42 - 2014-07-24 15:35 - 00022552 _____ () C:\Windows\DPINST.LOG
2014-09-15 18:39 - 2014-09-15 18:39 - 00000000 ____D () C:\Program Files (x86)\Daring Development
2014-09-15 18:21 - 2014-09-15 18:21 - 00002484 _____ () C:\Windows\System32\Tasks\PerfMonitor_strtp
2014-09-15 17:48 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\Resources
2014-09-15 16:26 - 2014-09-15 16:15 - 907950003 _____ () C:\Users\Tyler\Desktop\American.Dad.S10E02.A.Boy.Named.Michael.1080p.WEB-DL.DD5.1.H.264-NTb.mkv
2014-09-12 19:16 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\rescache
2014-09-12 16:10 - 2014-09-10 09:21 - 00000000 ____D () C:\Users\Tyler\Documents\Ty Phone Backup - DONT TOUCH
2014-09-10 09:30 - 2014-09-10 09:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-10 09:30 - 2014-09-10 09:29 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-10 09:30 - 2014-09-10 09:29 - 00000000 ____D () C:\Program Files\iTunes
2014-09-10 09:30 - 2014-09-10 09:29 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-10 09:29 - 2014-09-10 09:29 - 00000000 ____D () C:\Program Files\iPod
2014-09-10 05:12 - 2014-04-17 22:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 05:03 - 2014-04-17 22:15 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-09 17:19 - 2014-06-11 01:48 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-09 17:19 - 2014-06-11 01:48 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-09 17:19 - 2014-06-11 01:43 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-09 17:19 - 2014-06-11 01:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-09 17:19 - 2014-06-11 01:43 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-09 17:19 - 2014-06-11 01:43 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-09 17:19 - 2014-06-11 01:43 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-09 17:19 - 2014-06-11 01:43 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-09 17:19 - 2014-06-11 01:43 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-09 17:19 - 2014-06-11 01:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-09 17:19 - 2014-06-11 01:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-09 17:19 - 2014-06-11 01:43 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-09 17:19 - 2014-06-11 01:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-09 17:19 - 2014-06-11 01:43 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-09 17:19 - 2014-04-17 21:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-09 17:19 - 2014-04-17 21:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-09 16:43 - 2014-08-09 21:44 - 00000000 ____D () C:\Users\Tyler\AppData\Roaming\vlc
2014-09-04 23:12 - 2014-09-04 23:12 - 00000299 _____ () C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk
2014-09-04 17:00 - 2014-09-04 15:45 - 00000000 ____D () C:\Users\Tyler\AppData\Roaming\HTC
2014-09-04 17:00 - 2014-09-04 15:38 - 00000000 ____D () C:\ProgramData\HTC
2014-09-04 17:00 - 2014-09-04 15:36 - 00000000 ____D () C:\Program Files (x86)\HTC
2014-09-04 16:59 - 2014-09-04 16:59 - 00000005 _____ () C:\Windows\SysWOW64\lMMLDeleteUserData42107612FX.tmp
2014-09-04 16:59 - 2014-09-04 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
2014-09-04 15:45 - 2014-09-04 15:39 - 00000000 ____D () C:\Users\Tyler\Documents\HTC
2014-09-04 15:39 - 2014-04-18 20:52 - 00000000 ____D () C:\Users\Tyler\AppData\Roaming\Apple Computer
2014-09-04 15:39 - 2014-04-18 20:52 - 00000000 ____D () C:\Users\Tyler\AppData\Local\Apple Computer
2014-09-04 15:36 - 2014-09-04 15:36 - 00000000 ____D () C:\Program Files (x86)\Spirent Communications
2014-09-04 15:35 - 2014-09-04 15:35 - 00000000 ____D () C:\Users\Tyler\AppData\Local\Downloaded Installations
2014-09-02 15:06 - 2014-05-18 19:12 - 00706016 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-02 15:06 - 2014-05-18 19:12 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-31 23:56 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Tyler\AppData\Local\Packages
2014-08-31 23:52 - 2014-04-17 07:18 - 00000000 __RDO () C:\Users\Tyler\SkyDrive.old
2014-08-31 23:52 - 2014-04-17 07:15 - 00000000 ____D () C:\Users\Tyler
2014-08-30 19:00 - 2014-08-30 19:00 - 00008477 _____ () C:\Users\Tyler\Documents\Bills.ods
2014-08-30 18:59 - 2014-08-30 18:58 - 00012288 ___SH () C:\Users\Tyler\Documents\Thumbs.db
2014-08-30 18:57 - 2014-08-30 13:23 - 00011582 _____ () C:\Users\Tyler\Documents\Passwords.ods
2014-08-28 15:29 - 2014-05-19 16:58 - 00659440 _____ () C:\Windows\couponprinter_x64.ocx
2014-08-28 15:29 - 2014-05-19 16:56 - 00444912 _____ () C:\Windows\CouponPrinter.ocx
2014-08-27 21:22 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-27 11:27 - 2014-08-27 11:18 - 00000000 ____D () C:\Users\Tyler\Documents\Upload to foodstamps
2014-08-27 10:49 - 2014-08-27 10:49 - 00000000 __SHD () C:\Users\Tyler\AppData\Local\EmieUserList
2014-08-27 10:49 - 2014-08-27 10:49 - 00000000 __SHD () C:\Users\Tyler\AppData\Local\EmieSiteList
2014-08-24 17:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-08-23 02:48 - 2014-09-17 09:51 - 02374784 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-08-23 02:13 - 2014-09-17 09:51 - 02084520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2014-08-23 01:10 - 2014-09-17 09:51 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-08-23 00:32 - 2014-09-17 09:51 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-08-22 23:44 - 2014-09-17 09:51 - 02860032 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-08-22 23:34 - 2014-09-17 09:51 - 13423104 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-08-22 23:33 - 2014-09-17 09:51 - 00796672 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2014-08-22 23:31 - 2014-09-17 09:51 - 01038336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-08-22 23:20 - 2014-09-17 09:51 - 11818496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-08-22 19:42 - 2014-08-28 03:38 - 04148224 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 13:48 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-19 13:48 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-08-19 13:48 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\FileManager
2014-08-19 13:48 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\Camera

Some content of TEMP:
====================
C:\Users\Tyler\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Tyler\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-06 20:50

==================== End Of Log ============================



#3 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 AM

Posted 18 September 2014 - 10:44 AM

Hi there,

let's read out some data first:


Please download this attached Attached File  fixlist.txt   836bytes   8 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#4 tsanford90

tsanford90
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 18 September 2014 - 11:12 AM

Thanks for the speedy response aharonov!

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by Tyler at 2014-09-18 11:09:06 Run:1
Running from C:\Users\Tyler\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
REG: reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings"
REG: reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections"
REG: reg query "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings"
REG: reg query "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections"
REG: reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings"
REG: reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections"
REG: reg query "HKCU\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings"
REG: reg query "HKCU\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections"
REG: reg query "HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters" /s
*****************

========= reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" =========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
    CodeBaseSearchPath    REG_SZ    CODEBASE
    EnablePunycode    REG_DWORD    0x1
    WarnOnIntranet    REG_DWORD    0x1
    MinorVersion    REG_SZ    0
    ActiveXCache    REG_SZ    C:\Windows\Downloaded Program Files

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedBehaviors
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragImageExts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ApprovedActiveXInstallSites
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Last Update
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\NoFileLifetimeExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Passport
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\PluggableProtocols
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Secure Mime Handlers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

========= End of Reg: =========

========= reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" =========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    WinHttpSettings    REG_BINARY    1800000000000000010000000000000000000000

 

========= End of Reg: =========

========= reg query "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" =========

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings
    CodeBaseSearchPath    REG_SZ    CODEBASE
    WarnOnIntranet    REG_DWORD    0x1
    EnablePunycode    REG_DWORD    0x1
    MinorVersion    REG_SZ    0
    ActiveXCache    REG_SZ    C:\Windows\Downloaded Program Files

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedBehaviors
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragImageExts
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Last Update
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\NoFileLifetimeExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\P3P
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Passport
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\PluggableProtocols
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Secure Mime Handlers
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SO
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

========= End of Reg: =========

========= reg query "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" =========

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    WinHttpSettings    REG_BINARY    1800000000000000010000000000000000000000

 

========= End of Reg: =========

========= reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" =========

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
    User Agent    REG_SZ    Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    IE5_UA_Backup_Flag    REG_SZ    5.0
    ZonesSecurityUpgrade    REG_BINARY    BA03FCCB365ACF01
    EmailName    REG_SZ    IEUser@
    AutoConfigProxy    REG_SZ    wininet.dll
    MimeExclusionListForCache    REG_SZ    multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
    WarnOnPost    REG_BINARY    01000000
    UseSchannelDirectly    REG_BINARY    01000000
    EnableHttp1_1    REG_DWORD    0x1
    UrlEncoding    REG_DWORD    0x0
    SecureProtocols    REG_DWORD    0xaa0
    PrivacyAdvanced    REG_DWORD    0x0
    DisableCachingOfSSLPages    REG_DWORD    0x0
    WarnonZoneCrossing    REG_DWORD    0x0
    CertificateRevocation    REG_DWORD    0x1
    EnableNegotiate    REG_DWORD    0x1
    MigrateProxy    REG_DWORD    0x1
    ProxyEnable    REG_DWORD    0x1
    EnableAutodial    REG_DWORD    0x0
    NoNetAutodial    REG_DWORD    0x0
    ProxyHttp1.1    REG_DWORD    0x1
    EnableSPDY3_0    REG_DWORD    0x1
    BackgroundConnections    REG_DWORD    0x1
    EnablePunycode    REG_DWORD    0x1
    ShowPunycode    REG_DWORD    0x0
    CreateUriCacheSize    REG_DWORD    0x50
    CoInternetCombineIUriCacheSize    REG_DWORD    0x50
    SecurityIdIUriCacheSize    REG_DWORD    0x1e
    SpecialFoldersCacheSize    REG_DWORD    0x8
    SyncMode5    REG_DWORD    0x4
    PrivDiscUiShown    REG_DWORD    0x1
    WarnOnIntranet    REG_DWORD    0x1
    ProxyServer    REG_SZ    127.0.0.1:5050
    ProxyOverride    REG_SZ   

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Activities
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\CACHE
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Passport
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WebSocket
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

========= End of Reg: =========

========= reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" =========

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    DefaultConnectionSettings    REG_BINARY    460000005B020000030000000E0000003132372E302E302E313A353035300000000000000000000000000000000000000000000000000000000000000000000000000300000002000000C0A8016400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A801930000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001700000000000000200100009D3890D728882A703F57FE6C0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
    SavedLegacySettings    REG_BINARY    4600000031040000030000000E0000003132372E302E302E313A353035300000000000000000000000000000000000000000000000000000000000000000000000000300000002000000C0A8016400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A801930000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001700000000000000200100009D3890D728882A703F57FE6C0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

 

========= End of Reg: =========

========= reg query "HKCU\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" =========

ERROR: The system was unable to find the specified registry key or value.

========= End of Reg: =========

========= reg query "HKCU\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" =========

ERROR: The system was unable to find the specified registry key or value.

========= End of Reg: =========

========= reg query "HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters" /s =========

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters
    ServiceDllUnloadOnStop    REG_DWORD    0x1
    ServiceDll    REG_EXPAND_SZ    %SystemRoot%\System32\nlasvc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Cache
    KnownProxylessGatewaysV4    REG_BINARY    060014F1E9EED90000414E020006C8B373064B990000394E020006C8B373064B99180042006100740074006C0065005400650073007400650064002C4E0200
    KnownProxylessGatewaysV6    REG_BINARY    060014F1E9EED90000414E020006C8B373064B99180042006100740074006C0065005400650073007400650064002C4E0200
    OpportunisticInternetGatewaysV4    REG_BINARY    060014F1E9EED90000414E020006C8B373064B990000414E020006C8B373064B99180042006100740074006C006500540065007300740065006400414E0200
    OpportunisticInternetGatewaysV6    REG_BINARY    060014F1E9EED90000414E0200

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet
    ActiveWebProbePathV6    REG_SZ    ncsi.txt
    ActiveWebProbePath    REG_SZ    ncsi.txt
    ActiveDnsProbeHost    REG_SZ    dns.msftncsi.com
    EnableActiveProbing    REG_DWORD    0x1
    PassivePollPeriod    REG_DWORD    0xf
    ActiveWebProbeContentV6    REG_SZ    Microsoft NCSI
    ActiveDnsProbeContentV6    REG_SZ    fd3e:4f5a:5b81::1
    ActiveWebProbeContent    REG_SZ    Microsoft NCSI
    ActiveDnsProbeContent    REG_SZ    131.107.255.255
    ActiveWebProbeHost    REG_SZ    www.msftncsi.com
    StaleThreshold    REG_DWORD    0x1e
    ActiveWebProbeHostV6    REG_SZ    ipv6.msftncsi.com
    WebTimeout    REG_DWORD    0x23
    ActiveDnsProbeHostV6    REG_SZ    dns.msftncsi.com

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies
    (Default)    REG_SZ    1127.0.0.1:5050

 

========= End of Reg: =========

==== End of Fixlog ====



#5 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 AM

Posted 18 September 2014 - 12:30 PM

Is the proxy setting coming back after this fix and the reboot?


Please download this attached Attached File  fixlist.txt   685bytes   6 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#6 tsanford90

tsanford90
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 18 September 2014 - 01:36 PM

After a restart, the proxy settings are still there under LAN. I even manually unchecked and rebooted again, and they still come back. The other issue is still present which is anytime I click any link in any browser new windows / tabs open up as well. In google, there is also a new set of ads below the search bar called "ads by hoist search."

 

Also from my experience whenever there is a proxy setup with 127.0.0.1, its usually an application thats running, and 5050 is the port that its communicating with. I'm sure you already knew this, but how do we find the actually application / virus / malware that is working with these proxy settings?

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by Tyler at 2014-09-18 13:29:08 Run:3
Running from C:\Users\Tyler\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
REG: reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
REG: reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
REG: reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v MigrateProxy /f
REG: reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v DefaultConnectionSettings /f
REG: reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v SavedLegacySettings /f
REG: reg delete "HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies" /ve /f
Reboot:
*****************
 
 
========= reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v MigrateProxy /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v DefaultConnectionSettings /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v SavedLegacySettings /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies" /ve /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
 
The system needed a reboot. 
 
==== End of Fixlog ====

Edited by tsanford90, 18 September 2014 - 01:42 PM.


#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 AM

Posted 18 September 2014 - 02:15 PM

Still the same after this fix?


Please download this attached Attached File  fixlist.txt   1.51KB   8 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#8 tsanford90

tsanford90
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 18 September 2014 - 05:38 PM

Applied the fix, restarted 3 times for safe measure and all is well again. No more LAN proxy, and no more redirects or unwanted ads in google. Thank you aharonov! Attached is the log in case its needed. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014 Ran by Tyler at 2014-09-18 17:22:17 Run:4 Running from C:\Users\Tyler\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: Task: {B6C62BA6-FACA-4D15-BA5A-4667FFB29580} - \TidyNetwork Update No Task File <==== ATTENTION Task: {E6E5A45F-99D9-4DD9-AAAE-3A9F83C25700} - System32\Tasks\PerfMonitor_strtp => C:\Program Files (x86)\Optimizer Pro\PerformanceMonitor.exe <==== ATTENTION Task: C:\Windows\Tasks\PerfMonitor_strtp.job => C:\Program Files (x86)\Optimizer Pro\PerformanceMonitor.exe <==== ATTENTION S2 Diagnostics; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [154112 2014-09-10] () [File not signed] S2 Proxy; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [154112 2014-09-10] () [File not signed] C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe S2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [X] C:\Program Files (x86)\Coupons C:\Program Files (x86)\Optimizer Pro REG: reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f REG: reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f REG: reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v MigrateProxy /f REG: reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v DefaultConnectionSettings /f REG: reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v SavedLegacySettings /f REG: reg delete "HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies" /ve /f Reboot: ***************** Processes closed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B6C62BA6-FACA-4D15-BA5A-4667FFB29580}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6C62BA6-FACA-4D15-BA5A-4667FFB29580}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TidyNetwork Update" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E6E5A45F-99D9-4DD9-AAAE-3A9F83C25700}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6E5A45F-99D9-4DD9-AAAE-3A9F83C25700}" => Key deleted successfully. C:\Windows\System32\Tasks\PerfMonitor_strtp => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PerfMonitor_strtp" => Key deleted successfully. C:\Windows\Tasks\PerfMonitor_strtp.job => Moved successfully. Diagnostics => Service deleted successfully. Proxy => Service deleted successfully. C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe => Moved successfully. CouponPrinterService => Service deleted successfully. "C:\Program Files (x86)\Coupons" => File/Directory not found. "C:\Program Files (x86)\Optimizer Pro" => File/Directory not found. ========= reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v MigrateProxy /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v DefaultConnectionSettings /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v SavedLegacySettings /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete "HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies" /ve /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= The system needed a reboot. ==== End of Fixlog ====

#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 AM

Posted 18 September 2014 - 05:54 PM

Great, let's do a final check up then:


Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 AM

Posted 29 September 2014 - 09:12 AM

I haven't heard from you for some time.
Do you still need help?

#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 AM

Posted 04 October 2014 - 09:27 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users