Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware blocking access to certain websites


  • This topic is locked This topic is locked
14 replies to this topic

#1 aphw

aphw

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 20 June 2015 - 06:31 PM

Following on from a thread in "Am I infected? What do I do?" (can't post the URL as I'm browsing through a proxy - this website is one of the ones that's blocked - so hopefully you can find it in my recent posts).

As I wrote there:

On Windows 7. Most malware-removal-related sites are blocked, this one included, along with various news sites, Facebook, Amazon and others (some come and go, some only partly load, some are blocked completely and permanently, as if the server were down).

This started when a rogue Flash plug-in installed an executable in C:\ProgramData (bin2dbex).

Any help would be appreciated. I ran RKill and Rootkit Remover (McAfee) and nothing came up.

Cheers,

Andy

Edit: oh, it also hides all hidden and system files every time I turn my laptop on.

Edit again: hosts file is clean.

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Andy (administrator) on ANDY-LAPTOP on 21-06-2015 00:23:42
Running from C:\Users\Andy\Desktop
Loaded Profiles: Andy (Available Profiles: Andy)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser path: "C:\Program Files (x86)\Opera\Opera.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\SmartAudio3.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Greenshot\Greenshot.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHTE.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
() C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
(Nero AG) C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Nero AG) C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
() C:\Users\Andy\Desktop\SecuriatyCheack.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\hh.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Farbar) C:\Users\Andy\Desktop\FSS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Farbar) C:\Users\Andy\Desktop\MiniToolBox.exe
(Malwarebytes Corp.) C:\Users\Andy\Desktop\mbar-1.09.1.1004andy.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Malwarebytes Corporation) C:\Users\Andy\Desktop\mbar\mbar.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
(Malwarebytes Corporation ) C:\Users\Andy\Desktop\mbam-setup-2.1.6.1022.exe
() C:\Users\Andy\AppData\Local\Temp\is-0S27M.tmp\mbam-setup-2.1.6.1022.tmp
(Malwarebytes Corporation ) C:\Users\Andy\Desktop\mbam-setup-2.1.6.1022.exe
() C:\Users\Andy\AppData\Local\Temp\is-1FBOA.tmp\mbam-setup-2.1.6.1022.tmp
(Malwarebytes Corporation) C:\Program Files (x86)\MBAM\mbam.exe
(Malwarebytes Corporation ) C:\Users\Andy\Desktop\mbam-setup-2.1.6.1022.exe
() C:\Users\Andy\AppData\Local\Temp\is-KE9UL.tmp\mbam-setup-2.1.6.1022.tmp
(Malwarebytes Corporation ) C:\Users\Andy\Desktop\mbam-setup-2.1.6.1022.exe
() C:\Users\Andy\AppData\Local\Temp\is-NG5O1.tmp\mbam-setup-2.1.6.1022.tmp
(Malwarebytes Corporation ) C:\Users\Andy\Desktop\mbam-setup-2.1.6.1022.exe
() C:\Users\Andy\AppData\Local\Temp\is-2JVHD.tmp\mbam-setup-2.1.6.1022.tmp
(Malwarebytes Corporation ) C:\Users\Andy\Desktop\mbam-setup-2.1.6.1022.exe
() C:\Users\Andy\AppData\Local\Temp\is-08B9S.tmp\mbam-setup-2.1.6.1022.tmp
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2895656 2012-01-17] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1628288 2011-09-08] (Conexant Systems, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-30] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-02-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-26] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [66872 2011-12-31] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-21-2006735408-881728403-4128587805-1000\...\Run: [Greenshot] => C:\Program Files (x86)\Greenshot\Greenshot.exe [548864 2010-07-12] ()
HKU\S-1-5-21-2006735408-881728403-4128587805-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5628800 2012-10-16] (SUPERAntiSpyware.com)
HKU\S-1-5-21-2006735408-881728403-4128587805-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTE.EXE [239488 2011-04-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2006735408-881728403-4128587805-1000\...\Run: [BBC] => [X]
HKU\S-1-5-21-2006735408-881728403-4128587805-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785280 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-21-2006735408-881728403-4128587805-1000\...\CurrentVersion\Windows: [Load] C:\ProgramDataa\mspyruxfda.exea <===== ATTENTION
HKU\S-1-5-21-2006735408-881728403-4128587805-1000\...\Policies\Explorer: [RestrictRun] 0
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2006735408-881728403-4128587805-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{4ee9dfdc-4f4f-4534-84a5-ee2b115a408d} <======= ATTENTION (Policy restriction on IP)
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page =/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page =/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2006735408-881728403-4128587805-1000\Software\Microsoft\Internet Explorer\Main,Search Page =/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2006735408-881728403-4128587805-1000\Software\Microsoft\Internet Explorer\Main,Start Page =/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M046F22E5-7719-4859-8781-38A612D0BD33&SearchSource=55&CUI=&UM=5&UP=SP1230F165-9EEE-4212-B680-212BCE98591F&SSPV=
SearchScopes: HKLM -> DefaultScope {766021D2-9210-4531-ABEF-DDB6D985E906} URL =/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {766021D2-9210-4531-ABEF-DDB6D985E906} URL =/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {766021D2-9210-4531-ABEF-DDB6D985E906} URL =/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {766021D2-9210-4531-ABEF-DDB6D985E906} URL =/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2006735408-881728403-4128587805-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M046F22E5-7719-4859-8781-38A612D0BD33&SearchSource=58&CUI=&UM=5&UP=SP1230F165-9EEE-4212-B680-212BCE98591F&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2006735408-881728403-4128587805-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M046F22E5-7719-4859-8781-38A612D0BD33&SearchSource=58&CUI=&UM=5&UP=SP1230F165-9EEE-4212-B680-212BCE98591F&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2006735408-881728403-4128587805-1000 -> {766021D2-9210-4531-ABEF-DDB6D985E906} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-16] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-08-28] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-08-28] (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 131.111.12.20 131.111.8.42

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll [2013-04-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll [2013-04-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.6.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-08-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.6.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-08-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] ()
FF Plugin HKU\S-1-5-21-2006735408-881728403-4128587805-1000: @TrianglePlayer -> C:\Users\Andy\AppData\Roaming\TrianglePlayer\NPTrianglePlayer.dll [2012-11-16] ()
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR Profile: C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-17]
CHR Extension: (YouTube) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-28]
CHR Extension: (Google Search) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-28]
CHR Extension: (Google Wallet) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-08]
CHR Extension: (Gmail) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com) [File not signed]
S4 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2496832 2014-05-14] (Client Connect LTD)
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2011-10-12] (Conexant Systems, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [14848 2011-12-15] () [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S4 UI Assistant Service; C:\Program Files (x86)\ZTE Join Air\AssistantServices.exe [241664 2009-03-24] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)
S2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R5 mbamchameleon; C:\Windows\System32\Drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-20] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-06-18] ()
R3 vodafone_K380x-z_dc_enum; C:\Windows\System32\DRIVERS\vodafone_K380x-z_dc_enum.sys [75776 2010-05-20] (Vodafone)
S3 ZTEusbwwan; C:\Windows\System32\DRIVERS\ZTEusbwwan.sys [237056 2011-04-29] (ZTE Incorporated)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MFE_RR; \??\C:\Users\Andy\AppData\Local\Temp\mfe_rr.sys [X]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-21 00:19 - 2015-06-21 00:23 - 00048132 _____ C:\Users\Andy\Desktop\Addition.txt
2015-06-21 00:18 - 2015-06-21 00:23 - 00021616 _____ C:\Users\Andy\Desktop\FRST.txt
2015-06-21 00:17 - 2015-06-21 00:23 - 00000000 ____D C:\FRST
2015-06-21 00:16 - 2015-06-21 00:16 - 02109952 _____ (Farbar) C:\Users\Andy\Desktop\FRST64.exe
2015-06-20 21:02 - 2015-06-20 21:02 - 00017686 _____ C:\Users\Andy\Desktop\MBAM.txt
2015-06-20 19:18 - 2015-06-20 19:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MBAM
2015-06-20 19:18 - 2015-06-20 19:18 - 00000000 ____D C:\Program Files (x86)\MBAM
2015-06-20 19:18 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-20 19:18 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-20 19:17 - 2015-06-20 19:17 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Andy\Desktop\mbam-setup-2.1.6.1022.exe
2015-06-20 16:11 - 2015-06-20 16:11 - 00040619 _____ C:\Users\Andy\Desktop\Result.txt
2015-06-20 16:10 - 2015-06-20 16:10 - 00002607 _____ C:\Users\Andy\Desktop\FSS.txt
2015-06-20 16:06 - 2015-06-20 16:06 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Andy\Desktop\mbar-1.09.1.1004.exe
2015-06-20 16:03 - 2015-06-20 16:03 - 00403456 _____ (Farbar) C:\Users\Andy\Desktop\MiniToolBox.exe
2015-06-20 16:02 - 2015-06-20 16:02 - 00415232 _____ (Farbar) C:\Users\Andy\Desktop\FSS.exe
2015-06-20 16:00 - 2015-06-20 16:00 - 00852662 _____ C:\Users\Andy\Desktop\SecuriatyCheack.exe
2015-06-20 03:59 - 2015-06-20 03:59 - 00006989 _____ C:\Users\Andy\Documents\STUFF 200615.txt
2015-06-19 03:15 - 2015-06-19 03:15 - 00012338 _____ C:\Users\Andy\Documents\STUFF 190615.txt
2015-06-18 21:57 - 2015-06-20 21:19 - 00000000 ____D C:\Users\Andy\AppData\Local\CrashDumps
2015-06-18 21:46 - 2015-06-19 03:13 - 00000000 ____D C:\ProgramData\RogueKiller
2015-06-18 21:46 - 2015-06-18 21:46 - 17659640 _____ C:\Users\Andy\Desktop\RoagueKilalera.exe
2015-06-18 21:46 - 2015-06-18 21:46 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-06-18 04:00 - 2015-06-18 04:00 - 00009532 _____ C:\Users\Andy\Documents\STUFF 180615.txt
2015-06-18 03:01 - 2015-06-18 03:01 - 00390776 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\TrufosAlt.sys
2015-06-18 02:55 - 2015-06-18 02:55 - 15590849 _____ C:\Users\Andy\Desktop\bd_rem_tool.zip
2015-06-18 02:55 - 2015-06-18 02:55 - 00000000 ____D C:\Users\Andy\Desktop\bd_rem_tool
2015-06-18 02:48 - 2015-06-18 02:48 - 00380416 _____ C:\Users\Andy\Desktop\wz1vqv0y.exe
2015-06-18 02:18 - 2015-06-20 19:19 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-18 02:18 - 2015-06-18 02:40 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-18 02:18 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-18 02:10 - 2015-06-20 16:17 - 00000000 ____D C:\Users\Andy\Desktop\mbar
2015-06-18 02:09 - 2015-06-18 02:09 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Andy\Desktop\mbar-1.09.1.1004andy.exe
2015-06-18 01:55 - 2015-06-18 01:56 - 00000310 _____ C:\Users\Andy\Desktop\RootkitRemover_20150618_015547.log
2015-06-18 01:55 - 2015-06-18 01:55 - 00783120 _____ (McAfee, Inc.) C:\Users\Andy\Desktop\rootkitremoverandy.exe
2015-06-17 03:58 - 2015-06-17 03:58 - 00008689 _____ C:\Users\Andy\Documents\STUFF 170615.txt
2015-06-16 03:57 - 2015-06-16 03:57 - 00005925 _____ C:\Users\Andy\Documents\STUFF 160615.txt
2015-06-15 04:00 - 2015-06-15 04:00 - 00017705 _____ C:\Users\Andy\Documents\STUFF 150615.txt
2015-06-14 23:56 - 2015-06-14 23:56 - 00013966 _____ C:\Users\Andy\Documents\Multiple_WMP.zip
2015-06-14 23:56 - 2015-06-14 23:56 - 00000000 ____D C:\Users\Andy\Documents\Multiple_WMP
2015-06-14 20:51 - 2015-06-14 20:51 - 00024688 _____ C:\Users\Andy\Documents\clickerHeroSave11.txt
2015-06-14 17:55 - 2015-06-14 17:56 - 00000000 ____D C:\32788R22FWJFW
2015-06-14 03:59 - 2015-06-14 03:59 - 00017073 _____ C:\Users\Andy\Documents\STUFF 140615.txt
2015-06-13 04:00 - 2015-06-13 04:00 - 00008556 _____ C:\Users\Andy\Documents\STUFF 130615.txt
2015-06-13 03:59 - 2015-06-13 03:59 - 00017114 _____ C:\Users\Andy\Documents\STUFF 130615 UNICODE.txt
2015-06-12 03:34 - 2015-06-12 03:34 - 00010168 _____ C:\Users\Andy\Documents\STUFF 120615.txt
2015-06-11 03:40 - 2015-06-11 03:40 - 00014705 _____ C:\Users\Andy\Documents\STUFF 110615.txt
2015-06-10 20:41 - 2015-06-10 20:41 - 00000000 ____D C:\Users\Andy\AppData\Local\GWX
2015-06-10 03:46 - 2015-06-10 03:46 - 00013596 _____ C:\Users\Andy\Documents\STUFF 100615.txt
2015-06-10 02:12 - 2015-05-25 19:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 02:12 - 2015-05-25 19:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 02:12 - 2015-05-25 19:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 02:12 - 2015-05-25 19:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 02:12 - 2015-05-25 19:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 02:12 - 2015-05-25 19:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 02:12 - 2015-05-25 19:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 02:12 - 2015-05-25 19:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 02:12 - 2015-05-25 19:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 02:12 - 2015-05-25 19:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 02:12 - 2015-05-25 19:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 02:12 - 2015-05-25 19:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-10 02:12 - 2015-05-25 19:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 02:12 - 2015-05-25 19:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 02:12 - 2015-05-25 19:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 02:12 - 2015-05-25 19:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-10 02:12 - 2015-05-25 19:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 02:12 - 2015-05-25 19:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 02:12 - 2015-05-25 19:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 02:12 - 2015-05-25 19:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 02:12 - 2015-05-25 19:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 02:12 - 2015-05-25 19:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 02:12 - 2015-05-25 19:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 02:12 - 2015-05-25 19:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 02:12 - 2015-05-25 19:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-10 02:12 - 2015-05-25 19:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-10 02:12 - 2015-05-25 19:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 02:12 - 2015-05-25 19:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 02:12 - 2015-05-25 19:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 02:12 - 2015-05-25 19:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 02:12 - 2015-05-25 19:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 02:12 - 2015-05-25 19:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 02:12 - 2015-05-25 19:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 02:12 - 2015-05-25 19:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 02:12 - 2015-05-25 19:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 02:12 - 2015-05-25 19:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 02:12 - 2015-05-25 19:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 02:12 - 2015-05-25 19:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 02:12 - 2015-05-25 19:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 02:12 - 2015-05-25 19:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 02:12 - 2015-05-25 19:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-10 02:12 - 2015-05-25 19:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-10 02:12 - 2015-05-25 19:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-10 02:12 - 2015-05-25 19:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-10 02:12 - 2015-05-25 19:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-10 02:12 - 2015-05-25 19:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-10 02:12 - 2015-05-25 19:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-10 02:12 - 2015-05-25 19:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-10 02:12 - 2015-05-25 19:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-10 02:12 - 2015-05-25 19:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-10 02:12 - 2015-05-25 19:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-10 02:12 - 2015-05-25 19:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-10 02:12 - 2015-05-25 19:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-10 02:12 - 2015-05-25 19:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-10 02:12 - 2015-05-25 19:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-10 02:12 - 2015-05-25 19:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-10 02:12 - 2015-05-25 19:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-10 02:12 - 2015-05-25 19:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-10 02:12 - 2015-05-25 19:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-10 02:12 - 2015-05-25 19:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-10 02:12 - 2015-05-25 19:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-10 02:12 - 2015-05-25 19:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-10 02:12 - 2015-05-25 19:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-10 02:12 - 2015-05-25 18:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-10 02:12 - 2015-05-25 18:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-10 02:12 - 2015-05-25 18:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-10 02:12 - 2015-05-25 18:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-10 02:12 - 2015-05-25 18:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-10 02:12 - 2015-05-25 18:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 02:12 - 2015-05-25 18:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 02:12 - 2015-05-25 17:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-10 02:12 - 2015-05-25 17:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-10 02:12 - 2015-05-25 17:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 17:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 02:12 - 2015-04-29 19:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 02:12 - 2015-04-29 19:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 02:12 - 2015-04-29 19:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 02:12 - 2015-04-29 19:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 02:12 - 2015-04-29 19:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 02:12 - 2015-04-29 19:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 02:12 - 2015-04-29 19:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 02:12 - 2015-04-29 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 02:12 - 2015-04-29 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 02:12 - 2015-04-29 19:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 02:11 - 2015-06-01 20:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 02:11 - 2015-06-01 19:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 02:11 - 2015-05-27 15:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 02:11 - 2015-05-27 15:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 02:11 - 2015-05-23 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 02:11 - 2015-05-23 04:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 02:11 - 2015-05-23 04:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 02:11 - 2015-05-23 04:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 02:11 - 2015-05-23 04:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 02:11 - 2015-05-23 04:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 02:11 - 2015-05-23 04:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 02:11 - 2015-05-23 04:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 02:11 - 2015-05-23 04:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 02:11 - 2015-05-23 04:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 02:11 - 2015-05-23 04:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 02:11 - 2015-05-23 04:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 02:11 - 2015-05-23 04:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 02:11 - 2015-05-23 03:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 02:11 - 2015-05-23 03:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 02:11 - 2015-05-23 03:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 02:11 - 2015-05-23 03:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 02:11 - 2015-05-23 03:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 02:11 - 2015-05-23 03:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 02:11 - 2015-05-23 03:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 02:11 - 2015-05-23 03:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 02:11 - 2015-05-23 03:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 02:11 - 2015-05-23 03:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 02:11 - 2015-05-23 03:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 02:11 - 2015-05-23 03:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 02:11 - 2015-05-23 03:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 02:11 - 2015-05-22 20:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 02:11 - 2015-05-22 20:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 02:11 - 2015-05-22 20:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 02:11 - 2015-05-22 20:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 02:11 - 2015-05-22 20:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 02:11 - 2015-05-22 20:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 02:11 - 2015-05-22 20:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 02:11 - 2015-05-22 19:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 02:11 - 2015-05-22 19:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 02:11 - 2015-05-22 19:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 02:11 - 2015-05-22 19:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 02:11 - 2015-05-22 19:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 02:11 - 2015-05-22 19:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 02:11 - 2015-05-22 19:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 02:11 - 2015-05-22 19:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 02:11 - 2015-05-22 19:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 02:11 - 2015-05-22 19:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 02:11 - 2015-05-22 19:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 02:11 - 2015-05-22 19:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 02:11 - 2015-05-22 19:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 02:11 - 2015-05-22 19:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 02:11 - 2015-05-22 19:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 02:11 - 2015-05-22 19:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 02:11 - 2015-05-22 19:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 02:11 - 2015-05-22 19:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 02:11 - 2015-05-22 19:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 02:11 - 2015-05-22 18:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 02:11 - 2015-05-22 18:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 02:11 - 2015-05-22 18:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 02:11 - 2015-05-22 18:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 02:11 - 2015-04-24 19:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 02:11 - 2015-04-24 18:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 02:11 - 2015-04-11 04:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-10 00:09 - 2015-06-10 00:10 - 00000000 ____D C:\AdwCleaner
2015-06-09 21:49 - 2015-06-09 21:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2015-06-09 21:49 - 2015-06-09 21:49 - 00000000 ____D C:\Program Files (x86)\WinPcap
2015-06-09 21:48 - 2015-06-09 21:48 - 00000000 ____D C:\Users\Andy\Documents\wireshark
2015-06-09 21:47 - 2015-06-09 21:47 - 29892320 _____ (PortableApps.com) C:\Users\Andy\Documents\WiresharkPortable-1.12.5.paf.exe
2015-06-09 02:02 - 2015-06-09 02:02 - 00009778 _____ C:\Users\Andy\Documents\STUFF 090615.txt
2015-06-08 04:32 - 2015-06-08 04:32 - 00013886 _____ C:\Users\Andy\Documents\STUFF 080615.txt
2015-06-07 03:59 - 2015-06-07 03:59 - 00018507 _____ C:\Users\Andy\Documents\STUFF 070615.txt
2015-06-06 17:15 - 2015-06-06 17:15 - 00000000 ____D C:\Windows\pss
2015-06-06 13:44 - 2015-06-08 04:32 - 00003628 _____ C:\Windows\System32\Tasks\DevicePairingWizard
2015-06-06 03:57 - 2015-06-06 03:57 - 00013912 _____ C:\Users\Andy\Documents\STUFF 060615.txt
2015-06-05 23:56 - 2015-06-05 23:56 - 00000000 ____D C:\Program Files (x86)\ver3PassShow - Copy
2015-06-05 21:43 - 2015-05-22 19:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-05 21:43 - 2015-05-22 19:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-05 21:43 - 2015-05-22 19:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-05 21:43 - 2015-05-22 19:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-05 21:43 - 2015-05-22 19:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-05 21:43 - 2015-05-22 19:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-05 21:43 - 2015-05-22 19:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-05 21:43 - 2015-05-21 14:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-05 03:59 - 2015-06-05 03:59 - 00013624 _____ C:\Users\Andy\Documents\STUFF 050615.txt
2015-06-04 03:09 - 2015-06-04 03:09 - 00013148 _____ C:\Users\Andy\Documents\STUFF 040615.txt
2015-06-03 03:56 - 2015-06-03 03:56 - 00005104 _____ C:\Users\Andy\Documents\STUFF 030615.txt
2015-06-02 02:36 - 2015-06-02 02:36 - 00008951 _____ C:\Users\Andy\Documents\STUFF 020615.txt
2015-06-01 03:58 - 2015-06-01 03:58 - 00018944 _____ C:\Users\Andy\Documents\STUFF 010615.txt
2015-05-31 03:55 - 2015-05-31 03:55 - 00014316 _____ C:\Users\Andy\Documents\STUFF 310515.txt
2015-05-30 02:49 - 2015-05-30 02:49 - 00011151 _____ C:\Users\Andy\Documents\STUFF 300515.txt
2015-05-29 03:37 - 2015-05-29 03:37 - 00013293 _____ C:\Users\Andy\Documents\STUFF 290515.txt
2015-05-28 02:39 - 2015-05-28 02:39 - 00009962 _____ C:\Users\Andy\Documents\STUFF 280515.txt
2015-05-27 02:15 - 2015-05-27 02:15 - 00007137 _____ C:\Users\Andy\Documents\STUFF 270515.txt
2015-05-26 02:36 - 2015-05-26 02:36 - 00010212 _____ C:\Users\Andy\Documents\STUFF 260515.txt
2015-05-25 02:53 - 2015-05-25 02:53 - 00015852 _____ C:\Users\Andy\Documents\STUFF 250515.txt
2015-05-24 04:00 - 2015-05-24 04:00 - 00000000 _____ C:\Windows\SysWOW64\shoB2DA.tmp
2015-05-24 03:58 - 2015-05-24 03:58 - 00012240 _____ C:\Users\Andy\Documents\STUFF 240515.txt
2015-05-23 03:28 - 2015-05-23 03:28 - 00008283 _____ C:\Users\Andy\Documents\STUFF 230515.txt
2015-05-22 03:07 - 2015-05-22 03:07 - 00017587 _____ C:\Users\Andy\Documents\STUFF 220515.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-21 00:14 - 2012-08-22 20:59 - 00000000 ___HD C:\Users\Andy\AppData\Roaming\Skype
2015-06-21 00:09 - 2012-08-19 20:59 - 00000000 ____D C:\Users\Andy\Documents\Screenshots
2015-06-21 00:04 - 2012-10-28 19:33 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-20 23:39 - 2012-04-16 23:09 - 01752212 _____ C:\Windows\WindowsUpdate.log
2015-06-20 22:08 - 2009-07-14 05:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-20 22:08 - 2009-07-14 05:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-20 19:18 - 2012-10-24 22:23 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Malwarebytes
2015-06-20 19:18 - 2012-10-24 22:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-20 19:18 - 2012-10-24 22:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-06-20 15:04 - 2012-10-28 19:33 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-20 14:28 - 2013-11-08 02:33 - 00000000 ____D C:\Users\Andy\AppData\Local\Nero
2015-06-20 14:13 - 2012-04-16 23:52 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2015-06-20 14:13 - 2012-04-16 23:52 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2015-06-20 14:13 - 2012-04-16 23:34 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2015-06-20 14:13 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-20 14:13 - 2009-07-14 05:51 - 00107805 _____ C:\Windows\setupact.log
2015-06-18 02:45 - 2014-05-26 16:11 - 00000056 _____ C:\Windows\system32\Drivers\etc\hosts.umbrella
2015-06-18 02:04 - 2012-10-28 19:09 - 00000000 ____D C:\Users\Andy\Desktop\rkill
2015-06-18 02:03 - 2012-10-28 19:09 - 00002446 _____ C:\Users\Andy\Desktop\Rkill.txt
2015-06-18 00:07 - 2012-04-16 23:37 - 00000000 ____D C:\ProgramData\Skype
2015-06-16 00:42 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-14 03:58 - 2012-11-03 18:14 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-06-12 23:39 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2015-06-11 03:14 - 2014-12-31 15:20 - 00000000 __SHD C:\Users\Andy\AppData\Local\EmieBrowserModeList
2015-06-11 03:14 - 2014-04-24 23:56 - 00000000 __SHD C:\Users\Andy\AppData\Local\EmieUserList
2015-06-11 03:14 - 2014-04-24 23:56 - 00000000 __SHD C:\Users\Andy\AppData\Local\EmieSiteList
2015-06-10 21:06 - 2012-10-28 19:33 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-10 20:45 - 2009-07-14 06:13 - 00783424 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-10 20:40 - 2009-07-14 05:45 - 00269128 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-10 03:48 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-10 03:08 - 2013-07-25 02:06 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 03:02 - 2012-08-08 17:28 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-07 03:57 - 2013-11-08 02:40 - 00000000 ____D C:\Users\Andy\AppData\Roaming\vlc
2015-06-06 13:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\oobe
2015-06-06 03:59 - 2014-12-10 04:08 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-06 03:59 - 2014-05-07 02:37 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-05 23:56 - 2015-01-29 23:40 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-06-04 21:58 - 2010-11-21 04:24 - 00237056 ___SH (Steve Hutchesson) C:\ProgramData\mspyruxfd.exe

==================== Files in the root of some directories =======

2012-09-16 18:28 - 2014-04-10 02:23 - 0000600 _____ () C:\Users\Andy\AppData\Local\PUTTY.RND
2015-04-08 03:28 - 2015-04-08 03:28 - 0007603 _____ () C:\Users\Andy\AppData\Local\Resmon.ResmonCfg
2010-11-21 04:24 - 2015-06-04 21:58 - 0237056 ___SH (Steve Hutchesson) C:\ProgramData\mspyruxfd.exe

Files to move or delete:
====================
C:\ProgramData\mspyruxfd.exe


Some files in TEMP:
====================
C:\Users\Andy\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Andy\AppData\Local\Temp\KB01178774.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-13 17:49

==================== End of log ============================

Edited by aphw, 20 June 2015 - 06:33 PM.


BC AdBot (Login to Remove)

 


m

#2 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:30 AM

Posted 21 June 2015 - 07:37 AM

:welcome:

Hello aphw,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 aphw

aphw
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 22 June 2015 - 06:25 PM

Security Check (copied from previous thread):

Results of screen317's Security Check version 1.004
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Java 7 Update 6
Java version 32-bit out of Date!
Adobe Flash Player 11.7.700.169 Flash Player out of Date!
Google Chrome (43.0.2357.124)
Google Chrome (43.0.2357.81)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````

Edited by aphw, 22 June 2015 - 06:26 PM.


#4 aphw

aphw
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 22 June 2015 - 06:27 PM

MBAR (run earlier):

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
main: v2014.11.18.05
rootkit: v2014.11.12.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17843
Andy :: ANDY-LAPTOP [administrator]

18/06/2015 02:18:59
mbar-log-2015-06-18 (02-18-59).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 343868
Time elapsed: 20 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKU\S-1-5-21-2006735408-881728403-4128587805-1000\CONTROL PANEL\DESKTOP|SCRNSAVE.EXE (Trojan.Agent.EV) -> Data: "C:\Users\Andy\AppData\Roaming\Microsoft\Windows\IEUpdate\DevicePairingWizard.exe" -> Delete on reboot. [7ebf8db01a62a19562c3f451a65d04fc]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Edited by aphw, 22 June 2015 - 06:28 PM.


#5 aphw

aphw
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 22 June 2015 - 06:31 PM

AdwCleaner:

# AdwCleaner v4.207 - Logfile created 23/06/2015 at 00:28:30
# Updated 21/06/2015 by Xplode
# Database : 2015-06-21.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Andy - ANDY-LAPTOP
# Running from : C:\Users\Andy\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : CltMngSvc

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\Andy\Desktop\eBay.lnk
Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\Program Files (x86)\ver3PassShow - Copy
Folder Found : C:\Users\Andy\AppData\Local\SearchProtect

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Headlight
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\SOFTWARE\SearchProtect

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.trovi.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M046F22E5-7719-4859-8781-38A612D0BD33&SearchSource=55&CUI=&UM=5&UP=SP1230F165-9EEE-4212-B680-212BCE98591F&SSPV=

-\\ Google Chrome v43.0.2357.130

[C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
[C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M046F22E5-7719-4859-8781-38A612D0BD33&SearchSource=58&CUI=&UM=5&UP=SP1230F165-9EEE-4212-B680-212BCE98591F&q={searchTerms}&SSPV=
[C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Found [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M046F22E5-7719-4859-8781-38A612D0BD33&SearchSource=55&CUI=&UM=5&UP=SP1230F165-9EEE-4212-B680-212BCE98591F&SSPV=
[C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Found [Startup_URLs] : hxxp://www.trovi.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M046F22E5-7719-4859-8781-38A612D0BD33&SearchSource=55&CUI=&UM=5&UP=SP1230F165-9EEE-4212-B680-212BCE98591F&SSPV=

*************************

AdwCleaner[R0].txt - [3425 bytes] - [10/06/2015 00:09:27]
AdwCleaner[R1].txt - [2981 bytes] - [23/06/2015 00:28:30]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [3040 bytes] ##########

Edited by aphw, 22 June 2015 - 06:41 PM.


#6 aphw

aphw
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 22 June 2015 - 06:44 PM

As I said in the other thread, I've had Trovi / Search Protect / PassShow on my laptop for some time now (all they have done is mess up Internet Explorer, which is no loss), so they aren't obvious suspects.

#7 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:30 AM

Posted 23 June 2015 - 10:30 AM

Hello aphw,

Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Run the Farbar Recovery Scan Tool again.
  • Double-click to run FSRT / FSRT64. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#8 aphw

aphw
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 24 June 2015 - 08:54 PM

I didn't want to do a clean from AdwCleaner as I didn't want to close all my windows. I then ran JRT (which ended up closing most of my windows): ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 7.1.3 (06.24.2015:3) OS: Windows 7 Home Premium x64 Ran by Andy on 25/06/2015 at 1:59:46.48 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2006735408-881728403-4128587805-1000\Software\Microsoft\Internet Explorer\Main\\Start Page ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} ~~~ Files Successfully deleted: [File] C:\Users\Andy\desktop\ebay.lnk ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\Andy\appdata\local\{5194FD99-5F75-41FD-BAF4-C84B17AE6C6B} Successfully deleted: [Empty Folder] C:\Users\Andy\appdata\local\{D963873B-8E9B-4E21-8B6E-E50995AB4341} Successfully deleted: [Folder] C:\Program Files (x86)\searchprotect Successfully deleted: [Folder] C:\ProgramData\pcdr Successfully deleted: [Folder] C:\Users\Andy\appdata\local\searchprotect Successfully deleted: [Folder] C:\Users\Andy\AppData\Roaming\getrighttogo Successfully deleted: [Folder] C:\Users\Andy\AppData\Roaming\pcdr ~~~ Chrome [C:\Users\Andy\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset [C:\Users\Andy\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted: [C:\Users\Andy\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset [C:\Users\Andy\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 25/06/2015 at 2:02:28.69 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I then reran AdwCleaner: # AdwCleaner v4.207 - Logfile created 25/06/2015 at 02:11:17 # Updated 21/06/2015 by Xplode # Database : 2015-06-21.1 [Server] # Operating system : Windows 7 Home Premium Service Pack 1 (x64) # Username : Andy - ANDY-LAPTOP # Running from : C:\Users\Andy\Desktop\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** Service Found : CltMngSvc ***** [ Files / Folders ] ***** File Found : C:\END Folder Found : C:\Program Files (x86)\ver3PassShow - Copy ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17840 -\\ Google Chrome v43.0.2357.130 [C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms} [C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M046F22E5-7719-4859-8781-38A612D0BD33&SearchSource=58&CUI=&UM=5&UP=SP1230F165-9EEE-4212-B680-212BCE98591F&q={searchTerms}&SSPV= [C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Found [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M046F22E5-7719-4859-8781-38A612D0BD33&SearchSource=55&CUI=&UM=5&UP=SP1230F165-9EEE-4212-B680-212BCE98591F&SSPV= [C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Found [Startup_URLs] : hxxp://www.trovi.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M046F22E5-7719-4859-8781-38A612D0BD33&SearchSource=55&CUI=&UM=5&UP=SP1230F165-9EEE-4212-B680-212BCE98591F&SSPV= ************************* AdwCleaner[R0].txt - [3425 bytes] - [10/06/2015 00:09:27] AdwCleaner[R1].txt - [3135 bytes] - [23/06/2015 00:28:30] AdwCleaner[R2].txt - [3194 bytes] - [24/06/2015 22:36:20] AdwCleaner[R3].txt - [2222 bytes] - [25/06/2015 02:03:44] AdwCleaner[R4].txt - [2144 bytes] - [25/06/2015 02:11:17] ########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [2203 bytes] ########## Should I manually remove the proxy key? The other key doesn't seem to exist. FRST: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015 Ran by Andy (administrator) on ANDY-LAPTOP on 25-06-2015 02:49:10 Running from C:\Users\Andy\Desktop Loaded Profiles: Andy (Available Profiles: Andy) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser path: "C:\Program Files (x86)\Opera\Opera.exe" "%1") Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingApp.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingBar.exe (Opera Software) C:\Program Files (x86)\Opera\opera.exe () C:\Users\Andy\Desktop\wz1vqv0y.exe () C:\Users\Andy\Desktop\AdwCleaner.exe (Microsoft Corporation) C:\Windows\regedit.exe () C:\Program Files (x86)\Greenshot\Greenshot.exe () C:\Users\Andy\Desktop\AdwCleaner.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2895656 2012-01-17] (ELAN Microelectronics Corp.) HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1628288 2011-09-08] (Conexant Systems, Inc.) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-30] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation) HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-02-16] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd) HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-26] (Dell, Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-16] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-16] (Adobe Systems Incorporated) HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [66872 2011-12-31] () HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKLM\...\Policies\Explorer: [RestrictRun] 0 HKU\S-1-5-21-2006735408-881728403-4128587805-1000\...\Run: [Greenshot] => C:\Program Files (x86)\Greenshot\Greenshot.exe [548864 2010-07-12] () HKU\S-1-5-21-2006735408-881728403-4128587805-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5628800 2012-10-16] (SUPERAntiSpyware.com) HKU\S-1-5-21-2006735408-881728403-4128587805-1000\...\Run: [BBC] => [X] HKU\S-1-5-21-2006735408-881728403-4128587805-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785280 2015-06-02] (Skype Technologies S.A.) HKU\S-1-5-21-2006735408-881728403-4128587805-1000\...\CurrentVersion\Windows: [Load] C:\ProgramDataa\mspyruxfda.exea <===== ATTENTION HKU\S-1-5-21-2006735408-881728403-4128587805-1000\...\Policies\Explorer: [RestrictRun] 0 GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2006735408-881728403-4128587805-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{4ee9dfdc-4f4f-4534-84a5-ee2b115a408d} <======= ATTENTION (Policy restriction on IP) HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2006735408-881728403-4128587805-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> DefaultScope {766021D2-9210-4531-ABEF-DDB6D985E906} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {766021D2-9210-4531-ABEF-DDB6D985E906} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {766021D2-9210-4531-ABEF-DDB6D985E906} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {766021D2-9210-4531-ABEF-DDB6D985E906} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-2006735408-881728403-4128587805-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKU\S-1-5-21-2006735408-881728403-4128587805-1000 -> {766021D2-9210-4531-ABEF-DDB6D985E906} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-16] (Adobe Systems Incorporated) BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-08-28] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.) BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-08-28] (Oracle Corporation) Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.) DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 131.111.12.20 131.111.8.42 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll [2013-04-13] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll [2013-04-13] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] () FF Plugin-x32: @java.com/DTPlugin,version=10.6.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-08-28] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.6.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-08-28] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] () FF Plugin HKU\S-1-5-21-2006735408-881728403-4128587805-1000: @TrianglePlayer -> C:\Users\Andy\AppData\Roaming\TrianglePlayer\NPTrianglePlayer.dll [2012-11-16] () FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK Chrome: ======= CHR Profile: C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-17] CHR Extension: (YouTube) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-28] CHR Extension: (Google Search) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-28] CHR Extension: (Google Wallet) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-08] CHR Extension: (Gmail) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-28] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com) [File not signed] S2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2011-10-12] (Conexant Systems, Inc.) S2 MBAMService; C:\Program Files (x86)\MBAM\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] () S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [14848 2011-12-15] () [File not signed] S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.) S4 UI Assistant Service; C:\Program Files (x86)\ZTE Join Air\AssistantServices.exe [241664 2009-03-24] () [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation) U4 CltMngSvco; C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [X] S2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-06-18] () R3 vodafone_K380x-z_dc_enum; C:\Windows\System32\DRIVERS\vodafone_K380x-z_dc_enum.sys [75776 2010-05-20] (Vodafone) S3 ZTEusbwwan; C:\Windows\System32\DRIVERS\ZTEusbwwan.sys [237056 2011-04-29] (ZTE Incorporated) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 MFE_RR; \??\C:\Users\Andy\AppData\Local\Temp\mfe_rr.sys [X] S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X] U3 pwliqpob; \??\C:\Users\Andy\AppData\Local\Temp\pwliqpob.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-25 02:02 - 2015-06-25 02:02 - 00002540 _____ C:\Users\Andy\Desktop\JRT.txt 2015-06-25 01:59 - 2015-06-25 01:59 - 00000207 _____ C:\Windows\tweaking.com-regbackup-ANDY-LAPTOP-Windows-7-Home-Premium-(64-bit).dat 2015-06-25 01:59 - 2015-06-25 01:59 - 00000000 ____D C:\RegBackup 2015-06-24 22:35 - 2015-06-24 22:35 - 02951948 _____ (Malwarebytes Corporation) C:\Users\Andy\Desktop\JRT.exe 2015-06-24 03:33 - 2015-06-24 03:33 - 00009431 _____ C:\Users\Andy\Documents\STUFF 240615.txt 2015-06-23 03:53 - 2015-06-23 03:53 - 00013207 _____ C:\Users\Andy\Documents\STUFF 230615.txt 2015-06-22 03:38 - 2015-06-22 03:38 - 00000000 _____ C:\Windows\SysWOW64\shoD48E.tmp 2015-06-22 03:33 - 2015-06-22 03:33 - 00040392 _____ C:\Users\Andy\Documents\STUFF 220615 UNICODE.txt 2015-06-22 03:33 - 2015-06-22 03:33 - 00020195 _____ C:\Users\Andy\Documents\STUFF 220615.txt 2015-06-22 02:07 - 2015-06-22 02:07 - 02244096 _____ C:\Users\Andy\Desktop\AdwCleaner.exe 2015-06-21 04:03 - 2015-06-21 04:03 - 00016874 _____ C:\Users\Andy\Documents\STUFF 210615.txt 2015-06-21 00:19 - 2015-06-21 00:24 - 00048132 _____ C:\Users\Andy\Desktop\Addition.txt 2015-06-21 00:18 - 2015-06-25 02:49 - 00016022 _____ C:\Users\Andy\Desktop\FRST.txt 2015-06-21 00:17 - 2015-06-25 02:49 - 00000000 ____D C:\FRST 2015-06-21 00:16 - 2015-06-21 00:16 - 02109952 _____ (Farbar) C:\Users\Andy\Desktop\FRST64.exe 2015-06-20 21:02 - 2015-06-20 21:02 - 00017686 _____ C:\Users\Andy\Desktop\MBAM.txt 2015-06-20 19:18 - 2015-06-20 19:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MBAM 2015-06-20 19:18 - 2015-06-20 19:18 - 00000000 ____D C:\Program Files (x86)\MBAM 2015-06-20 19:18 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-06-20 19:18 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-06-20 19:17 - 2015-06-20 19:17 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Andy\Desktop\mbam-setup-2.1.6.1022.exe 2015-06-20 16:11 - 2015-06-20 16:11 - 00040619 _____ C:\Users\Andy\Desktop\Result.txt 2015-06-20 16:10 - 2015-06-20 16:10 - 00002607 _____ C:\Users\Andy\Desktop\FSS.txt 2015-06-20 16:06 - 2015-06-20 16:06 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Andy\Desktop\mbar-1.09.1.1004.exe 2015-06-20 16:03 - 2015-06-20 16:03 - 00403456 _____ (Farbar) C:\Users\Andy\Desktop\MiniToolBox.exe 2015-06-20 16:02 - 2015-06-20 16:02 - 00415232 _____ (Farbar) C:\Users\Andy\Desktop\FSS.exe 2015-06-20 16:00 - 2015-06-20 16:00 - 00852662 _____ C:\Users\Andy\Desktop\SecuriatyCheack.exe 2015-06-20 03:59 - 2015-06-20 03:59 - 00006989 _____ C:\Users\Andy\Documents\STUFF 200615.txt 2015-06-19 03:15 - 2015-06-19 03:15 - 00012338 _____ C:\Users\Andy\Documents\STUFF 190615.txt 2015-06-18 21:57 - 2015-06-24 03:30 - 00000000 ____D C:\Users\Andy\AppData\Local\CrashDumps 2015-06-18 21:46 - 2015-06-19 03:13 - 00000000 ____D C:\ProgramData\RogueKiller 2015-06-18 21:46 - 2015-06-18 21:46 - 17659640 _____ C:\Users\Andy\Desktop\RoagueKilalera.exe 2015-06-18 21:46 - 2015-06-18 21:46 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys 2015-06-18 04:00 - 2015-06-18 04:00 - 00009532 _____ C:\Users\Andy\Documents\STUFF 180615.txt 2015-06-18 03:01 - 2015-06-18 03:01 - 00390776 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\TrufosAlt.sys 2015-06-18 02:55 - 2015-06-18 02:55 - 15590849 _____ C:\Users\Andy\Desktop\bd_rem_tool.zip 2015-06-18 02:55 - 2015-06-18 02:55 - 00000000 ____D C:\Users\Andy\Desktop\bd_rem_tool 2015-06-18 02:48 - 2015-06-18 02:48 - 00380416 _____ C:\Users\Andy\Desktop\wz1vqv0y.exe 2015-06-18 02:18 - 2015-06-23 00:21 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-06-18 02:18 - 2015-06-20 19:19 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-06-18 02:18 - 2015-06-18 02:40 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-06-18 02:10 - 2015-06-20 16:17 - 00000000 ____D C:\Users\Andy\Desktop\mbar 2015-06-18 02:09 - 2015-06-18 02:09 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Andy\Desktop\mbar-1.09.1.1004andy.exe 2015-06-18 01:55 - 2015-06-18 01:56 - 00000310 _____ C:\Users\Andy\Desktop\RootkitRemover_20150618_015547.log 2015-06-18 01:55 - 2015-06-18 01:55 - 00783120 _____ (McAfee, Inc.) C:\Users\Andy\Desktop\rootkitremoverandy.exe 2015-06-17 03:58 - 2015-06-17 03:58 - 00008689 _____ C:\Users\Andy\Documents\STUFF 170615.txt 2015-06-16 03:57 - 2015-06-16 03:57 - 00005925 _____ C:\Users\Andy\Documents\STUFF 160615.txt 2015-06-15 04:00 - 2015-06-15 04:00 - 00017705 _____ C:\Users\Andy\Documents\STUFF 150615.txt 2015-06-14 23:56 - 2015-06-14 23:56 - 00013966 _____ C:\Users\Andy\Documents\Multiple_WMP.zip 2015-06-14 23:56 - 2015-06-14 23:56 - 00000000 ____D C:\Users\Andy\Documents\Multiple_WMP 2015-06-14 20:51 - 2015-06-14 20:51 - 00024688 _____ C:\Users\Andy\Documents\clickerHeroSave11.txt 2015-06-14 17:55 - 2015-06-14 17:56 - 00000000 ____D C:\32788R22FWJFW 2015-06-14 03:59 - 2015-06-14 03:59 - 00017073 _____ C:\Users\Andy\Documents\STUFF 140615.txt 2015-06-13 04:00 - 2015-06-13 04:00 - 00008556 _____ C:\Users\Andy\Documents\STUFF 130615.txt 2015-06-13 03:59 - 2015-06-13 03:59 - 00017114 _____ C:\Users\Andy\Documents\STUFF 130615 UNICODE.txt 2015-06-12 03:34 - 2015-06-12 03:34 - 00010168 _____ C:\Users\Andy\Documents\STUFF 120615.txt 2015-06-11 03:40 - 2015-06-11 03:40 - 00014705 _____ C:\Users\Andy\Documents\STUFF 110615.txt 2015-06-10 20:41 - 2015-06-10 20:41 - 00000000 ____D C:\Users\Andy\AppData\Local\GWX 2015-06-10 03:46 - 2015-06-10 03:46 - 00013596 _____ C:\Users\Andy\Documents\STUFF 100615.txt 2015-06-10 02:12 - 2015-05-25 19:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-06-10 02:12 - 2015-05-25 19:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-06-10 02:12 - 2015-05-25 19:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-06-10 02:12 - 2015-05-25 19:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-06-10 02:12 - 2015-05-25 19:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-06-10 02:12 - 2015-05-25 19:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-06-10 02:12 - 2015-05-25 19:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-06-10 02:12 - 2015-05-25 19:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-06-10 02:12 - 2015-05-25 19:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-06-10 02:12 - 2015-05-25 19:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-06-10 02:12 - 2015-05-25 19:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-06-10 02:12 - 2015-05-25 19:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-06-10 02:12 - 2015-05-25 19:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-06-10 02:12 - 2015-05-25 19:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-06-10 02:12 - 2015-05-25 19:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-06-10 02:12 - 2015-05-25 19:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-06-10 02:12 - 2015-05-25 19:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-06-10 02:12 - 2015-05-25 19:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-06-10 02:12 - 2015-05-25 19:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-06-10 02:12 - 2015-05-25 19:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll 2015-06-10 02:12 - 2015-05-25 19:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-06-10 02:12 - 2015-05-25 19:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-06-10 02:12 - 2015-05-25 19:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-06-10 02:12 - 2015-05-25 19:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-06-10 02:12 - 2015-05-25 19:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-06-10 02:12 - 2015-05-25 19:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-06-10 02:12 - 2015-05-25 19:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-06-10 02:12 - 2015-05-25 19:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe 2015-06-10 02:12 - 2015-05-25 19:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-06-10 02:12 - 2015-05-25 19:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-06-10 02:12 - 2015-05-25 19:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-06-10 02:12 - 2015-05-25 19:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe 2015-06-10 02:12 - 2015-05-25 19:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-06-10 02:12 - 2015-05-25 19:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe 2015-06-10 02:12 - 2015-05-25 19:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-06-10 02:12 - 2015-05-25 19:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe 2015-06-10 02:12 - 2015-05-25 19:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-06-10 02:12 - 2015-05-25 19:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-06-10 02:12 - 2015-05-25 19:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe 2015-06-10 02:12 - 2015-05-25 19:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-06-10 02:12 - 2015-05-25 19:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-06-10 02:12 - 2015-05-25 19:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-06-10 02:12 - 2015-05-25 19:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-06-10 02:12 - 2015-05-25 19:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 19:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 19:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 19:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 19:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 19:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 19:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 19:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 19:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-06-10 02:12 - 2015-05-25 19:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-06-10 02:12 - 2015-05-25 19:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-06-10 02:12 - 2015-05-25 19:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-06-10 02:12 - 2015-05-25 19:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-06-10 02:12 - 2015-05-25 19:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-06-10 02:12 - 2015-05-25 19:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-06-10 02:12 - 2015-05-25 19:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-06-10 02:12 - 2015-05-25 19:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-06-10 02:12 - 2015-05-25 19:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-06-10 02:12 - 2015-05-25 19:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll 2015-06-10 02:12 - 2015-05-25 19:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-06-10 02:12 - 2015-05-25 19:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-06-10 02:12 - 2015-05-25 19:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-06-10 02:12 - 2015-05-25 19:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-06-10 02:12 - 2015-05-25 19:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-06-10 02:12 - 2015-05-25 19:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe 2015-06-10 02:12 - 2015-05-25 19:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe 2015-06-10 02:12 - 2015-05-25 19:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-06-10 02:12 - 2015-05-25 19:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe 2015-06-10 02:12 - 2015-05-25 19:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe 2015-06-10 02:12 - 2015-05-25 19:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-06-10 02:12 - 2015-05-25 19:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe 2015-06-10 02:12 - 2015-05-25 18:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-06-10 02:12 - 2015-05-25 18:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-06-10 02:12 - 2015-05-25 18:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-06-10 02:12 - 2015-05-25 18:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-06-10 02:12 - 2015-05-25 18:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-06-10 02:12 - 2015-05-25 18:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-06-10 02:12 - 2015-05-25 18:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-06-10 02:12 - 2015-05-25 18:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-06-10 02:12 - 2015-05-25 18:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 18:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 18:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 18:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 18:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 18:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 18:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 18:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-06-10 02:12 - 2015-05-25 18:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-06-10 02:12 - 2015-05-25 17:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-06-10 02:12 - 2015-05-25 17:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-06-10 02:12 - 2015-05-25 17:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 17:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-06-10 02:12 - 2015-05-25 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-06-10 02:12 - 2015-04-29 19:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-06-10 02:12 - 2015-04-29 19:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-06-10 02:12 - 2015-04-29 19:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-06-10 02:12 - 2015-04-29 19:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-06-10 02:12 - 2015-04-29 19:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2015-06-10 02:12 - 2015-04-29 19:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2015-06-10 02:12 - 2015-04-29 19:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2015-06-10 02:12 - 2015-04-29 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2015-06-10 02:12 - 2015-04-29 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2015-06-10 02:12 - 2015-04-29 19:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2015-06-10 02:11 - 2015-06-01 20:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-06-10 02:11 - 2015-06-01 19:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-06-10 02:11 - 2015-05-27 15:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-06-10 02:11 - 2015-05-27 15:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-06-10 02:11 - 2015-05-23 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-06-10 02:11 - 2015-05-23 04:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-06-10 02:11 - 2015-05-23 04:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-06-10 02:11 - 2015-05-23 04:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-06-10 02:11 - 2015-05-23 04:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-06-10 02:11 - 2015-05-23 04:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-06-10 02:11 - 2015-05-23 04:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-06-10 02:11 - 2015-05-23 04:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-06-10 02:11 - 2015-05-23 04:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-06-10 02:11 - 2015-05-23 04:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-06-10 02:11 - 2015-05-23 04:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-06-10 02:11 - 2015-05-23 04:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-06-10 02:11 - 2015-05-23 04:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-06-10 02:11 - 2015-05-23 03:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-06-10 02:11 - 2015-05-23 03:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-06-10 02:11 - 2015-05-23 03:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-06-10 02:11 - 2015-05-23 03:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-06-10 02:11 - 2015-05-23 03:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-06-10 02:11 - 2015-05-23 03:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-06-10 02:11 - 2015-05-23 03:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-06-10 02:11 - 2015-05-23 03:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-06-10 02:11 - 2015-05-23 03:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-06-10 02:11 - 2015-05-23 03:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-06-10 02:11 - 2015-05-23 03:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-06-10 02:11 - 2015-05-23 03:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-06-10 02:11 - 2015-05-23 03:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-06-10 02:11 - 2015-05-22 20:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-06-10 02:11 - 2015-05-22 20:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-06-10 02:11 - 2015-05-22 20:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-06-10 02:11 - 2015-05-22 20:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-06-10 02:11 - 2015-05-22 20:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-06-10 02:11 - 2015-05-22 20:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-06-10 02:11 - 2015-05-22 20:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-06-10 02:11 - 2015-05-22 19:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-06-10 02:11 - 2015-05-22 19:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-06-10 02:11 - 2015-05-22 19:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-06-10 02:11 - 2015-05-22 19:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-06-10 02:11 - 2015-05-22 19:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-06-10 02:11 - 2015-05-22 19:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-06-10 02:11 - 2015-05-22 19:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-06-10 02:11 - 2015-05-22 19:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-06-10 02:11 - 2015-05-22 19:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-06-10 02:11 - 2015-05-22 19:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-06-10 02:11 - 2015-05-22 19:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-06-10 02:11 - 2015-05-22 19:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-06-10 02:11 - 2015-05-22 19:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-06-10 02:11 - 2015-05-22 19:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-06-10 02:11 - 2015-05-22 19:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-06-10 02:11 - 2015-05-22 19:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-06-10 02:11 - 2015-05-22 19:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-06-10 02:11 - 2015-05-22 19:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-06-10 02:11 - 2015-05-22 19:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-06-10 02:11 - 2015-05-22 18:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-06-10 02:11 - 2015-05-22 18:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-06-10 02:11 - 2015-05-22 18:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-06-10 02:11 - 2015-05-22 18:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-06-10 02:11 - 2015-04-24 19:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2015-06-10 02:11 - 2015-04-24 18:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2015-06-10 02:11 - 2015-04-11 04:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys 2015-06-10 00:09 - 2015-06-25 02:11 - 00000000 ____D C:\AdwCleaner 2015-06-09 21:49 - 2015-06-09 21:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap 2015-06-09 21:49 - 2015-06-09 21:49 - 00000000 ____D C:\Program Files (x86)\WinPcap 2015-06-09 21:48 - 2015-06-09 21:48 - 00000000 ____D C:\Users\Andy\Documents\wireshark 2015-06-09 21:47 - 2015-06-09 21:47 - 29892320 _____ (PortableApps.com) C:\Users\Andy\Documents\WiresharkPortable-1.12.5.paf.exe 2015-06-09 02:02 - 2015-06-09 02:02 - 00009778 _____ C:\Users\Andy\Documents\STUFF 090615.txt 2015-06-08 04:32 - 2015-06-08 04:32 - 00013886 _____ C:\Users\Andy\Documents\STUFF 080615.txt 2015-06-07 03:59 - 2015-06-07 03:59 - 00018507 _____ C:\Users\Andy\Documents\STUFF 070615.txt 2015-06-06 17:15 - 2015-06-06 17:15 - 00000000 ____D C:\Windows\pss 2015-06-06 13:44 - 2015-06-08 04:32 - 00003628 _____ C:\Windows\System32\Tasks\DevicePairingWizard 2015-06-06 03:57 - 2015-06-06 03:57 - 00013912 _____ C:\Users\Andy\Documents\STUFF 060615.txt 2015-06-05 23:56 - 2015-06-05 23:56 - 00000000 ____D C:\Program Files (x86)\ver3PassShow - Copy 2015-06-05 21:43 - 2015-05-22 19:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-06-05 21:43 - 2015-05-22 19:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-06-05 21:43 - 2015-05-22 19:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-06-05 21:43 - 2015-05-22 19:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-06-05 21:43 - 2015-05-22 19:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-06-05 21:43 - 2015-05-22 19:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-06-05 21:43 - 2015-05-22 19:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-06-05 21:43 - 2015-05-21 14:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-06-05 03:59 - 2015-06-05 03:59 - 00013624 _____ C:\Users\Andy\Documents\STUFF 050615.txt 2015-06-04 03:09 - 2015-06-04 03:09 - 00013148 _____ C:\Users\Andy\Documents\STUFF 040615.txt 2015-06-03 03:56 - 2015-06-03 03:56 - 00005104 _____ C:\Users\Andy\Documents\STUFF 030615.txt 2015-06-02 02:36 - 2015-06-02 02:36 - 00008951 _____ C:\Users\Andy\Documents\STUFF 020615.txt 2015-06-01 03:58 - 2015-06-01 03:58 - 00018944 _____ C:\Users\Andy\Documents\STUFF 010615.txt 2015-05-31 03:55 - 2015-05-31 03:55 - 00014316 _____ C:\Users\Andy\Documents\STUFF 310515.txt 2015-05-30 02:49 - 2015-05-30 02:49 - 00011151 _____ C:\Users\Andy\Documents\STUFF 300515.txt 2015-05-29 03:37 - 2015-05-29 03:37 - 00013293 _____ C:\Users\Andy\Documents\STUFF 290515.txt 2015-05-28 02:39 - 2015-05-28 02:39 - 00009962 _____ C:\Users\Andy\Documents\STUFF 280515.txt 2015-05-27 02:15 - 2015-05-27 02:15 - 00007137 _____ C:\Users\Andy\Documents\STUFF 270515.txt 2015-05-26 02:36 - 2015-05-26 02:36 - 00010212 _____ C:\Users\Andy\Documents\STUFF 260515.txt ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-25 02:19 - 2012-08-22 20:59 - 00000000 ___HD C:\Users\Andy\AppData\Roaming\Skype 2015-06-25 02:07 - 2012-08-19 20:59 - 00000000 ____D C:\Users\Andy\Documents\Screenshots 2015-06-25 02:04 - 2012-10-28 19:33 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-25 00:26 - 2012-04-16 23:09 - 01990635 _____ C:\Windows\WindowsUpdate.log 2015-06-24 21:20 - 2009-07-14 05:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-24 21:20 - 2009-07-14 05:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-24 21:06 - 2012-04-16 23:34 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2015-06-24 21:05 - 2012-10-28 19:33 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-24 21:05 - 2012-04-16 23:52 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks 2015-06-24 21:05 - 2012-04-16 23:52 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks 2015-06-24 21:05 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-24 21:05 - 2009-07-14 05:51 - 00108029 _____ C:\Windows\setupact.log 2015-06-23 23:08 - 2013-11-08 02:33 - 00000000 ____D C:\Users\Andy\AppData\Local\Nero 2015-06-22 21:08 - 2012-10-28 19:33 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-06-21 12:25 - 2010-11-21 04:47 - 00179874 _____ C:\Windows\PFRO.log 2015-06-20 19:18 - 2012-10-24 22:23 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Malwarebytes 2015-06-20 19:18 - 2012-10-24 22:23 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-06-20 19:18 - 2012-10-24 22:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2015-06-18 02:45 - 2014-05-26 16:11 - 00000056 _____ C:\Windows\system32\Drivers\etc\hosts.umbrella 2015-06-18 02:04 - 2012-10-28 19:09 - 00000000 ____D C:\Users\Andy\Desktop\rkill 2015-06-18 02:03 - 2012-10-28 19:09 - 00002446 _____ C:\Users\Andy\Desktop\Rkill.txt 2015-06-18 00:07 - 2012-04-16 23:37 - 00000000 ____D C:\ProgramData\Skype 2015-06-16 00:42 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2015-06-14 03:58 - 2012-11-03 18:14 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2015-06-12 23:39 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2015-06-11 03:14 - 2014-12-31 15:20 - 00000000 __SHD C:\Users\Andy\AppData\Local\EmieBrowserModeList 2015-06-11 03:14 - 2014-04-24 23:56 - 00000000 __SHD C:\Users\Andy\AppData\Local\EmieUserList 2015-06-11 03:14 - 2014-04-24 23:56 - 00000000 __SHD C:\Users\Andy\AppData\Local\EmieSiteList 2015-06-10 20:45 - 2009-07-14 06:13 - 00783424 _____ C:\Windows\system32\PerfStringBackup.INI 2015-06-10 20:40 - 2009-07-14 05:45 - 00269128 _____ C:\Windows\system32\FNTCACHE.DAT 2015-06-10 03:48 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-06-10 03:08 - 2013-07-25 02:06 - 00000000 ____D C:\Windows\system32\MRT 2015-06-10 03:02 - 2012-08-08 17:28 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-06-07 03:57 - 2013-11-08 02:40 - 00000000 ____D C:\Users\Andy\AppData\Roaming\vlc 2015-06-06 13:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\oobe 2015-06-06 03:59 - 2014-12-10 04:08 - 00000000 ____D C:\Windows\system32\appraiser 2015-06-06 03:59 - 2014-05-07 02:37 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-06-05 23:56 - 2015-01-29 23:40 - 00000258 __RSH C:\ProgramData\ntuser.pol 2015-06-04 21:58 - 2010-11-21 04:24 - 00237056 ___SH (Steve Hutchesson) C:\ProgramData\mspyruxfd.exe ==================== Files in the root of some directories ======= 2012-09-16 18:28 - 2014-04-10 02:23 - 0000600 _____ () C:\Users\Andy\AppData\Local\PUTTY.RND 2015-04-08 03:28 - 2015-04-08 03:28 - 0007603 _____ () C:\Users\Andy\AppData\Local\Resmon.ResmonCfg 2010-11-21 04:24 - 2015-06-04 21:58 - 0237056 ___SH (Steve Hutchesson) C:\ProgramData\mspyruxfd.exe Files to move or delete: ==================== C:\ProgramData\mspyruxfd.exe Some files in TEMP: ==================== C:\Users\Andy\AppData\Local\Temp\dllnt_dump.dll C:\Users\Andy\AppData\Local\Temp\KB01178774.exe C:\Users\Andy\AppData\Local\Temp\Quarantine.exe C:\Users\Andy\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-23 03:23 ==================== End of log ============================ mspyruxfd.exe is the executable that was run when the malware started (renamed version of bin2dbex). No changes to problems accessing websites.

#9 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:30 AM

Posted 25 June 2015 - 07:19 AM

Do not open or use other applications while one of our Tools is running!

Your latest FRST log is bad formatted and unusable for me, we need it like it was with post #1, with each entry in a new line.

Please follow the instructions:
 

Hello aphw,

Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


Run the Farbar Recovery Scan Tool again.
  • Double-click to run FSRT / FSRT64. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#10 aphw

aphw
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 27 June 2015 - 01:29 PM

I didn't want to do a clean from AdwCleaner as I didn't want to close all my windows. I then ran JRT (which ended up closing most of my windows):

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.1.3 (06.24.2015:3)
OS: Windows 7 Home Premium x64
Ran by Andy on 25/06/2015 at 1:59:46.48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2006735408-881728403-4128587805-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}



~~~ Files

Successfully deleted: [File] C:\Users\Andy\desktop\ebay.lnk



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Andy\appdata\local\{5194FD99-5F75-41FD-BAF4-C84B17AE6C6B}
Successfully deleted: [Empty Folder] C:\Users\Andy\appdata\local\{D963873B-8E9B-4E21-8B6E-E50995AB4341}
Successfully deleted: [Folder] C:\Program Files (x86)\searchprotect
Successfully deleted: [Folder] C:\ProgramData\pcdr
Successfully deleted: [Folder] C:\Users\Andy\appdata\local\searchprotect
Successfully deleted: [Folder] C:\Users\Andy\AppData\Roaming\getrighttogo
Successfully deleted: [Folder] C:\Users\Andy\AppData\Roaming\pcdr



~~~ Chrome


[C:\Users\Andy\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Andy\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Andy\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Andy\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25/06/2015 at 2:02:28.69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


I then reran AdwCleaner:

# AdwCleaner v4.207 - Logfile created 27/06/2015 at 19:26:40
# Updated 21/06/2015 by Xplode
# Database : 2015-06-21.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Andy - ANDY-LAPTOP
# Running from : C:\Users\Andy\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END
Folder Found : C:\Program Files (x86)\ver3PassShow - Copy

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Google Chrome v43.0.2357.130

[C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
[C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&amp;ctid=CT3324790&amp;octid=EB_ORIGINAL_CTID&amp;ISID=M046F22E5-7719-4859-8781-38A612D0BD33&amp;SearchSource=58&amp;CUI=&amp;UM=5&amp;UP=SP1230F165-9EEE-4212-B680-212BCE98591F&amp;q={searchTerms}&amp;SSPV=
[C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Found [Homepage] : hxxp://www.trovi.com/?gd=&amp;ctid=CT3324790&amp;octid=EB_ORIGINAL_CTID&amp;ISID=M046F22E5-7719-4859-8781-38A612D0BD33&amp;SearchSource=55&amp;CUI=&amp;UM=5&amp;UP=SP1230F165-9EEE-4212-B680-212BCE98591F&amp;SSPV=
[C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Found [Startup_URLs] : hxxp://www.trovi.com/?gd=&amp;ctid=CT3324790&amp;octid=EB_ORIGINAL_CTID&amp;ISID=M046F22E5-7719-4859-8781-38A612D0BD33&amp;SearchSource=55&amp;CUI=&amp;UM=5&amp;UP=SP1230F165-9EEE-4212-B680-212BCE98591F&amp;SSPV=

*************************

AdwCleaner[R0].txt - [3425 bytes] - [10/06/2015 00:09:27]
AdwCleaner[R1].txt - [3135 bytes] - [23/06/2015 00:28:30]
AdwCleaner[R2].txt - [3194 bytes] - [24/06/2015 22:36:20]
AdwCleaner[R3].txt - [2222 bytes] - [25/06/2015 02:03:44]
AdwCleaner[R4].txt - [2282 bytes] - [25/06/2015 02:11:17]
AdwCleaner[R5].txt - [2314 bytes] - [27/06/2015 19:25:27]
AdwCleaner[R6].txt - [2235 bytes] - [27/06/2015 19:26:40]

########## EOF - C:\AdwCleaner\AdwCleaner[R6].txt - [2294 bytes] ##########

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Andy (administrator) on ANDY-LAPTOP on 25-06-2015 02:49:10
Running from C:\Users\Andy\Desktop
Loaded Profiles: Andy (Available Profiles: Andy)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser path: "C:\Program Files (x86)\Opera\Opera.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingApp.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingBar.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
() C:\Users\Andy\Desktop\wz1vqv0y.exe
() C:\Users\Andy\Desktop\AdwCleaner.exe
(Microsoft Corporation) C:\Windows\regedit.exe
() C:\Program Files (x86)\Greenshot\Greenshot.exe
() C:\Users\Andy\Desktop\AdwCleaner.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] =&gt; C:\Program Files\Elantech\ETDCtrl.exe [2895656 2012-01-17] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IntelTBRunOnce] =&gt; wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [SmartAudio] =&gt; C:\Program Files\CONEXANT\SA3\SACpl.exe [1628288 2011-09-08] (Conexant Systems, Inc.)
HKLM\...\Run: [BTMTrayAgent] =&gt; rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM-x32\...\Run: [IAStorIcon] =&gt; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-30] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] =&gt; C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] =&gt; c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-02-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] =&gt; C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell DataSafe Online] =&gt; C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-26] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] =&gt; C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] =&gt; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NeroLauncher] =&gt; C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [66872 2011-12-31] ()
HKLM-x32\...\Run: [APSDaemon] =&gt; C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] =&gt; C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] =&gt; C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-21-2006735408-881728403-4128587805-1000\...\Run: [Greenshot] =&gt; C:\Program Files (x86)\Greenshot\Greenshot.exe [548864 2010-07-12] ()
HKU\S-1-5-21-2006735408-881728403-4128587805-1000\...\Run: [SUPERAntiSpyware] =&gt; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5628800 2012-10-16] (SUPERAntiSpyware.com)
HKU\S-1-5-21-2006735408-881728403-4128587805-1000\...\Run: [BBC] =&gt; [X]
HKU\S-1-5-21-2006735408-881728403-4128587805-1000\...\Run: [Skype] =&gt; C:\Program Files (x86)\Skype\Phone\Skype.exe [28785280 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-21-2006735408-881728403-4128587805-1000\...\CurrentVersion\Windows: [Load] C:\ProgramDataa\mspyruxfda.exea &lt;===== ATTENTION
HKU\S-1-5-21-2006735408-881728403-4128587805-1000\...\Policies\Explorer: [RestrictRun] 0
GroupPolicy: Group Policy on Chrome detected &lt;======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2006735408-881728403-4128587805-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction &lt;======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{4ee9dfdc-4f4f-4534-84a5-ee2b115a408d} &lt;======= ATTENTION (Policy restriction on IP)
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page =/isapi/redir.dll?prd=ie&amp;ar=iesearch
HKU\S-1-5-21-2006735408-881728403-4128587805-1000\Software\Microsoft\Internet Explorer\Main,Search Page =/isapi/redir.dll?prd=ie&amp;ar=iesearch
SearchScopes: HKLM -&gt; DefaultScope {766021D2-9210-4531-ABEF-DDB6D985E906} URL =/search?q={searchTerms}&amp;form=DLCDF8&amp;pc=MDDR&amp;src=IE-SearchBox
SearchScopes: HKLM -&gt; {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -&gt; {766021D2-9210-4531-ABEF-DDB6D985E906} URL =/search?q={searchTerms}&amp;form=DLCDF8&amp;pc=MDDR&amp;src=IE-SearchBox
SearchScopes: HKLM-x32 -&gt; DefaultScope {766021D2-9210-4531-ABEF-DDB6D985E906} URL =/search?q={searchTerms}&amp;form=DLCDF8&amp;pc=MDDR&amp;src=IE-SearchBox
SearchScopes: HKLM-x32 -&gt; {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -&gt; {766021D2-9210-4531-ABEF-DDB6D985E906} URL =/search?q={searchTerms}&amp;form=DLCDF8&amp;pc=MDDR&amp;src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2006735408-881728403-4128587805-1000 -&gt; DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-2006735408-881728403-4128587805-1000 -&gt; {766021D2-9210-4531-ABEF-DDB6D985E906} URL =
BHO: Windows Live ID Sign-in Helper -&gt; {9030D464-4C02-4ABF-8ECC-5164760863C6} -&gt; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Bing Bar Helper -&gt; {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -&gt; C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Adobe PDF Link Helper -&gt; {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -&gt; C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-16] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -&gt; {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -&gt; C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-08-28] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -&gt; {9030D464-4C02-4ABF-8ECC-5164760863C6} -&gt; C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Bing Bar Helper -&gt; {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -&gt; C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -&gt; {DBC80044-A445-435b-BC74-9C25C1C588A9} -&gt; C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-08-28] (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 131.111.12.20 131.111.8.42

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -&gt; C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll [2013-04-13] ()
FF Plugin: @microsoft.com/GENUINE -&gt; disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -&gt; c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -&gt; C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll [2013-04-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -&gt; C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.6.2 -&gt; C:\Windows\SysWOW64\npDeployJava1.dll [2012-08-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.6.2 -&gt; C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-08-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -&gt; disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -&gt; c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -&gt; C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -&gt; C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -&gt; C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -&gt; C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -&gt; C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -&gt; C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -&gt; C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] ()
FF Plugin HKU\S-1-5-21-2006735408-881728403-4128587805-1000: @TrianglePlayer -&gt; C:\Users\Andy\AppData\Roaming\TrianglePlayer\NPTrianglePlayer.dll [2012-11-16] ()
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR Profile: C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-17]
CHR Extension: (YouTube) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-28]
CHR Extension: (Google Search) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-28]
CHR Extension: (Google Wallet) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-08]
CHR Extension: (Gmail) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com) [File not signed]
S2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2011-10-12] (Conexant Systems, Inc.)
S2 MBAMService; C:\Program Files (x86)\MBAM\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [14848 2011-12-15] () [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S4 UI Assistant Service; C:\Program Files (x86)\ZTE Join Air\AssistantServices.exe [241664 2009-03-24] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)
U4 CltMngSvco; C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [X]
S2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-06-18] ()
R3 vodafone_K380x-z_dc_enum; C:\Windows\System32\DRIVERS\vodafone_K380x-z_dc_enum.sys [75776 2010-05-20] (Vodafone)
S3 ZTEusbwwan; C:\Windows\System32\DRIVERS\ZTEusbwwan.sys [237056 2011-04-29] (ZTE Incorporated)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MFE_RR; \??\C:\Users\Andy\AppData\Local\Temp\mfe_rr.sys [X]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
U3 pwliqpob; \??\C:\Users\Andy\AppData\Local\Temp\pwliqpob.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-25 02:02 - 2015-06-25 02:02 - 00002540 _____ C:\Users\Andy\Desktop\JRT.txt
2015-06-25 01:59 - 2015-06-25 01:59 - 00000207 _____ C:\Windows\tweaking.com-regbackup-ANDY-LAPTOP-Windows-7-Home-Premium-(64-bit).dat
2015-06-25 01:59 - 2015-06-25 01:59 - 00000000 ____D C:\RegBackup
2015-06-24 22:35 - 2015-06-24 22:35 - 02951948 _____ (Malwarebytes Corporation) C:\Users\Andy\Desktop\JRT.exe
2015-06-24 03:33 - 2015-06-24 03:33 - 00009431 _____ C:\Users\Andy\Documents\STUFF 240615.txt
2015-06-23 03:53 - 2015-06-23 03:53 - 00013207 _____ C:\Users\Andy\Documents\STUFF 230615.txt
2015-06-22 03:38 - 2015-06-22 03:38 - 00000000 _____ C:\Windows\SysWOW64\shoD48E.tmp
2015-06-22 03:33 - 2015-06-22 03:33 - 00040392 _____ C:\Users\Andy\Documents\STUFF 220615 UNICODE.txt
2015-06-22 03:33 - 2015-06-22 03:33 - 00020195 _____ C:\Users\Andy\Documents\STUFF 220615.txt
2015-06-22 02:07 - 2015-06-22 02:07 - 02244096 _____ C:\Users\Andy\Desktop\AdwCleaner.exe
2015-06-21 04:03 - 2015-06-21 04:03 - 00016874 _____ C:\Users\Andy\Documents\STUFF 210615.txt
2015-06-21 00:19 - 2015-06-21 00:24 - 00048132 _____ C:\Users\Andy\Desktop\Addition.txt
2015-06-21 00:18 - 2015-06-25 02:49 - 00016022 _____ C:\Users\Andy\Desktop\FRST.txt
2015-06-21 00:17 - 2015-06-25 02:49 - 00000000 ____D C:\FRST
2015-06-21 00:16 - 2015-06-21 00:16 - 02109952 _____ (Farbar) C:\Users\Andy\Desktop\FRST64.exe
2015-06-20 21:02 - 2015-06-20 21:02 - 00017686 _____ C:\Users\Andy\Desktop\MBAM.txt
2015-06-20 19:18 - 2015-06-20 19:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MBAM
2015-06-20 19:18 - 2015-06-20 19:18 - 00000000 ____D C:\Program Files (x86)\MBAM
2015-06-20 19:18 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-20 19:18 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-20 19:17 - 2015-06-20 19:17 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Andy\Desktop\mbam-setup-2.1.6.1022.exe
2015-06-20 16:11 - 2015-06-20 16:11 - 00040619 _____ C:\Users\Andy\Desktop\Result.txt
2015-06-20 16:10 - 2015-06-20 16:10 - 00002607 _____ C:\Users\Andy\Desktop\FSS.txt
2015-06-20 16:06 - 2015-06-20 16:06 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Andy\Desktop\mbar-1.09.1.1004.exe
2015-06-20 16:03 - 2015-06-20 16:03 - 00403456 _____ (Farbar) C:\Users\Andy\Desktop\MiniToolBox.exe
2015-06-20 16:02 - 2015-06-20 16:02 - 00415232 _____ (Farbar) C:\Users\Andy\Desktop\FSS.exe
2015-06-20 16:00 - 2015-06-20 16:00 - 00852662 _____ C:\Users\Andy\Desktop\SecuriatyCheack.exe
2015-06-20 03:59 - 2015-06-20 03:59 - 00006989 _____ C:\Users\Andy\Documents\STUFF 200615.txt
2015-06-19 03:15 - 2015-06-19 03:15 - 00012338 _____ C:\Users\Andy\Documents\STUFF 190615.txt
2015-06-18 21:57 - 2015-06-24 03:30 - 00000000 ____D C:\Users\Andy\AppData\Local\CrashDumps
2015-06-18 21:46 - 2015-06-19 03:13 - 00000000 ____D C:\ProgramData\RogueKiller
2015-06-18 21:46 - 2015-06-18 21:46 - 17659640 _____ C:\Users\Andy\Desktop\RoagueKilalera.exe
2015-06-18 21:46 - 2015-06-18 21:46 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-06-18 04:00 - 2015-06-18 04:00 - 00009532 _____ C:\Users\Andy\Documents\STUFF 180615.txt
2015-06-18 03:01 - 2015-06-18 03:01 - 00390776 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\TrufosAlt.sys
2015-06-18 02:55 - 2015-06-18 02:55 - 15590849 _____ C:\Users\Andy\Desktop\bd_rem_tool.zip
2015-06-18 02:55 - 2015-06-18 02:55 - 00000000 ____D C:\Users\Andy\Desktop\bd_rem_tool
2015-06-18 02:48 - 2015-06-18 02:48 - 00380416 _____ C:\Users\Andy\Desktop\wz1vqv0y.exe
2015-06-18 02:18 - 2015-06-23 00:21 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-18 02:18 - 2015-06-20 19:19 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-18 02:18 - 2015-06-18 02:40 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-18 02:10 - 2015-06-20 16:17 - 00000000 ____D C:\Users\Andy\Desktop\mbar
2015-06-18 02:09 - 2015-06-18 02:09 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Andy\Desktop\mbar-1.09.1.1004andy.exe
2015-06-18 01:55 - 2015-06-18 01:56 - 00000310 _____ C:\Users\Andy\Desktop\RootkitRemover_20150618_015547.log
2015-06-18 01:55 - 2015-06-18 01:55 - 00783120 _____ (McAfee, Inc.) C:\Users\Andy\Desktop\rootkitremoverandy.exe
2015-06-17 03:58 - 2015-06-17 03:58 - 00008689 _____ C:\Users\Andy\Documents\STUFF 170615.txt
2015-06-16 03:57 - 2015-06-16 03:57 - 00005925 _____ C:\Users\Andy\Documents\STUFF 160615.txt
2015-06-15 04:00 - 2015-06-15 04:00 - 00017705 _____ C:\Users\Andy\Documents\STUFF 150615.txt
2015-06-14 23:56 - 2015-06-14 23:56 - 00013966 _____ C:\Users\Andy\Documents\Multiple_WMP.zip
2015-06-14 23:56 - 2015-06-14 23:56 - 00000000 ____D C:\Users\Andy\Documents\Multiple_WMP
2015-06-14 20:51 - 2015-06-14 20:51 - 00024688 _____ C:\Users\Andy\Documents\clickerHeroSave11.txt
2015-06-14 17:55 - 2015-06-14 17:56 - 00000000 ____D C:\32788R22FWJFW
2015-06-14 03:59 - 2015-06-14 03:59 - 00017073 _____ C:\Users\Andy\Documents\STUFF 140615.txt
2015-06-13 04:00 - 2015-06-13 04:00 - 00008556 _____ C:\Users\Andy\Documents\STUFF 130615.txt
2015-06-13 03:59 - 2015-06-13 03:59 - 00017114 _____ C:\Users\Andy\Documents\STUFF 130615 UNICODE.txt
2015-06-12 03:34 - 2015-06-12 03:34 - 00010168 _____ C:\Users\Andy\Documents\STUFF 120615.txt
2015-06-11 03:40 - 2015-06-11 03:40 - 00014705 _____ C:\Users\Andy\Documents\STUFF 110615.txt
2015-06-10 20:41 - 2015-06-10 20:41 - 00000000 ____D C:\Users\Andy\AppData\Local\GWX
2015-06-10 03:46 - 2015-06-10 03:46 - 00013596 _____ C:\Users\Andy\Documents\STUFF 100615.txt
2015-06-10 02:12 - 2015-05-25 19:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 02:12 - 2015-05-25 19:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 02:12 - 2015-05-25 19:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 02:12 - 2015-05-25 19:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 02:12 - 2015-05-25 19:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 02:12 - 2015-05-25 19:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 02:12 - 2015-05-25 19:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 02:12 - 2015-05-25 19:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 02:12 - 2015-05-25 19:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 02:12 - 2015-05-25 19:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 02:12 - 2015-05-25 19:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 02:12 - 2015-05-25 19:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-10 02:12 - 2015-05-25 19:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 02:12 - 2015-05-25 19:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 02:12 - 2015-05-25 19:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 02:12 - 2015-05-25 19:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-10 02:12 - 2015-05-25 19:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 02:12 - 2015-05-25 19:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 02:12 - 2015-05-25 19:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 02:12 - 2015-05-25 19:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 02:12 - 2015-05-25 19:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 02:12 - 2015-05-25 19:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 02:12 - 2015-05-25 19:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 02:12 - 2015-05-25 19:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 02:12 - 2015-05-25 19:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-10 02:12 - 2015-05-25 19:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-10 02:12 - 2015-05-25 19:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 02:12 - 2015-05-25 19:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 02:12 - 2015-05-25 19:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 02:12 - 2015-05-25 19:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 02:12 - 2015-05-25 19:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 02:12 - 2015-05-25 19:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 02:12 - 2015-05-25 19:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 02:12 - 2015-05-25 19:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 02:12 - 2015-05-25 19:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 02:12 - 2015-05-25 19:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 02:12 - 2015-05-25 19:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 02:12 - 2015-05-25 19:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 02:12 - 2015-05-25 19:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 02:12 - 2015-05-25 19:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 02:12 - 2015-05-25 19:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 19:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-10 02:12 - 2015-05-25 19:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-10 02:12 - 2015-05-25 19:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-10 02:12 - 2015-05-25 19:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-10 02:12 - 2015-05-25 19:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-10 02:12 - 2015-05-25 19:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-10 02:12 - 2015-05-25 19:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-10 02:12 - 2015-05-25 19:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-10 02:12 - 2015-05-25 19:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-10 02:12 - 2015-05-25 19:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-10 02:12 - 2015-05-25 19:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-10 02:12 - 2015-05-25 19:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-10 02:12 - 2015-05-25 19:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-10 02:12 - 2015-05-25 19:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-10 02:12 - 2015-05-25 19:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-10 02:12 - 2015-05-25 19:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-10 02:12 - 2015-05-25 19:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-10 02:12 - 2015-05-25 19:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-10 02:12 - 2015-05-25 19:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-10 02:12 - 2015-05-25 19:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-10 02:12 - 2015-05-25 19:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-10 02:12 - 2015-05-25 19:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-10 02:12 - 2015-05-25 19:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-10 02:12 - 2015-05-25 18:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-10 02:12 - 2015-05-25 18:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-10 02:12 - 2015-05-25 18:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-10 02:12 - 2015-05-25 18:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-10 02:12 - 2015-05-25 18:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-10 02:12 - 2015-05-25 18:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 18:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 02:12 - 2015-05-25 18:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 02:12 - 2015-05-25 17:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-10 02:12 - 2015-05-25 17:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-10 02:12 - 2015-05-25 17:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 17:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 02:12 - 2015-05-25 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 02:12 - 2015-04-29 19:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 02:12 - 2015-04-29 19:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 02:12 - 2015-04-29 19:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 02:12 - 2015-04-29 19:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 02:12 - 2015-04-29 19:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 02:12 - 2015-04-29 19:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 02:12 - 2015-04-29 19:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 02:12 - 2015-04-29 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 02:12 - 2015-04-29 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 02:12 - 2015-04-29 19:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 02:11 - 2015-06-01 20:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 02:11 - 2015-06-01 19:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 02:11 - 2015-05-27 15:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 02:11 - 2015-05-27 15:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 02:11 - 2015-05-23 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 02:11 - 2015-05-23 04:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 02:11 - 2015-05-23 04:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 02:11 - 2015-05-23 04:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 02:11 - 2015-05-23 04:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 02:11 - 2015-05-23 04:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 02:11 - 2015-05-23 04:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 02:11 - 2015-05-23 04:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 02:11 - 2015-05-23 04:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 02:11 - 2015-05-23 04:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 02:11 - 2015-05-23 04:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 02:11 - 2015-05-23 04:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 02:11 - 2015-05-23 04:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 02:11 - 2015-05-23 03:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 02:11 - 2015-05-23 03:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 02:11 - 2015-05-23 03:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 02:11 - 2015-05-23 03:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 02:11 - 2015-05-23 03:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 02:11 - 2015-05-23 03:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 02:11 - 2015-05-23 03:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 02:11 - 2015-05-23 03:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 02:11 - 2015-05-23 03:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 02:11 - 2015-05-23 03:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 02:11 - 2015-05-23 03:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 02:11 - 2015-05-23 03:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 02:11 - 2015-05-23 03:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 02:11 - 2015-05-22 20:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 02:11 - 2015-05-22 20:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 02:11 - 2015-05-22 20:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 02:11 - 2015-05-22 20:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 02:11 - 2015-05-22 20:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 02:11 - 2015-05-22 20:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 02:11 - 2015-05-22 20:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 02:11 - 2015-05-22 19:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 02:11 - 2015-05-22 19:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 02:11 - 2015-05-22 19:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 02:11 - 2015-05-22 19:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 02:11 - 2015-05-22 19:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 02:11 - 2015-05-22 19:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 02:11 - 2015-05-22 19:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 02:11 - 2015-05-22 19:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 02:11 - 2015-05-22 19:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 02:11 - 2015-05-22 19:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 02:11 - 2015-05-22 19:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 02:11 - 2015-05-22 19:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 02:11 - 2015-05-22 19:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 02:11 - 2015-05-22 19:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 02:11 - 2015-05-22 19:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 02:11 - 2015-05-22 19:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 02:11 - 2015-05-22 19:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 02:11 - 2015-05-22 19:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 02:11 - 2015-05-22 19:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 02:11 - 2015-05-22 18:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 02:11 - 2015-05-22 18:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 02:11 - 2015-05-22 18:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 02:11 - 2015-05-22 18:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 02:11 - 2015-04-24 19:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 02:11 - 2015-04-24 18:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 02:11 - 2015-04-11 04:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-10 00:09 - 2015-06-25 02:11 - 00000000 ____D C:\AdwCleaner
2015-06-09 21:49 - 2015-06-09 21:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2015-06-09 21:49 - 2015-06-09 21:49 - 00000000 ____D C:\Program Files (x86)\WinPcap
2015-06-09 21:48 - 2015-06-09 21:48 - 00000000 ____D C:\Users\Andy\Documents\wireshark
2015-06-09 21:47 - 2015-06-09 21:47 - 29892320 _____ (PortableApps.com) C:\Users\Andy\Documents\WiresharkPortable-1.12.5.paf.exe
2015-06-09 02:02 - 2015-06-09 02:02 - 00009778 _____ C:\Users\Andy\Documents\STUFF 090615.txt
2015-06-08 04:32 - 2015-06-08 04:32 - 00013886 _____ C:\Users\Andy\Documents\STUFF 080615.txt
2015-06-07 03:59 - 2015-06-07 03:59 - 00018507 _____ C:\Users\Andy\Documents\STUFF 070615.txt
2015-06-06 17:15 - 2015-06-06 17:15 - 00000000 ____D C:\Windows\pss
2015-06-06 13:44 - 2015-06-08 04:32 - 00003628 _____ C:\Windows\System32\Tasks\DevicePairingWizard
2015-06-06 03:57 - 2015-06-06 03:57 - 00013912 _____ C:\Users\Andy\Documents\STUFF 060615.txt
2015-06-05 23:56 - 2015-06-05 23:56 - 00000000 ____D C:\Program Files (x86)\ver3PassShow - Copy
2015-06-05 21:43 - 2015-05-22 19:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-05 21:43 - 2015-05-22 19:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-05 21:43 - 2015-05-22 19:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-05 21:43 - 2015-05-22 19:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-05 21:43 - 2015-05-22 19:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-05 21:43 - 2015-05-22 19:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-05 21:43 - 2015-05-22 19:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-05 21:43 - 2015-05-21 14:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-05 03:59 - 2015-06-05 03:59 - 00013624 _____ C:\Users\Andy\Documents\STUFF 050615.txt
2015-06-04 03:09 - 2015-06-04 03:09 - 00013148 _____ C:\Users\Andy\Documents\STUFF 040615.txt
2015-06-03 03:56 - 2015-06-03 03:56 - 00005104 _____ C:\Users\Andy\Documents\STUFF 030615.txt
2015-06-02 02:36 - 2015-06-02 02:36 - 00008951 _____ C:\Users\Andy\Documents\STUFF 020615.txt
2015-06-01 03:58 - 2015-06-01 03:58 - 00018944 _____ C:\Users\Andy\Documents\STUFF 010615.txt
2015-05-31 03:55 - 2015-05-31 03:55 - 00014316 _____ C:\Users\Andy\Documents\STUFF 310515.txt
2015-05-30 02:49 - 2015-05-30 02:49 - 00011151 _____ C:\Users\Andy\Documents\STUFF 300515.txt
2015-05-29 03:37 - 2015-05-29 03:37 - 00013293 _____ C:\Users\Andy\Documents\STUFF 290515.txt
2015-05-28 02:39 - 2015-05-28 02:39 - 00009962 _____ C:\Users\Andy\Documents\STUFF 280515.txt
2015-05-27 02:15 - 2015-05-27 02:15 - 00007137 _____ C:\Users\Andy\Documents\STUFF 270515.txt
2015-05-26 02:36 - 2015-05-26 02:36 - 00010212 _____ C:\Users\Andy\Documents\STUFF 260515.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-25 02:19 - 2012-08-22 20:59 - 00000000 ___HD C:\Users\Andy\AppData\Roaming\Skype
2015-06-25 02:07 - 2012-08-19 20:59 - 00000000 ____D C:\Users\Andy\Documents\Screenshots
2015-06-25 02:04 - 2012-10-28 19:33 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-25 00:26 - 2012-04-16 23:09 - 01990635 _____ C:\Windows\WindowsUpdate.log
2015-06-24 21:20 - 2009-07-14 05:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-24 21:20 - 2009-07-14 05:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-24 21:06 - 2012-04-16 23:34 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2015-06-24 21:05 - 2012-10-28 19:33 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-24 21:05 - 2012-04-16 23:52 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2015-06-24 21:05 - 2012-04-16 23:52 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2015-06-24 21:05 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-24 21:05 - 2009-07-14 05:51 - 00108029 _____ C:\Windows\setupact.log
2015-06-23 23:08 - 2013-11-08 02:33 - 00000000 ____D C:\Users\Andy\AppData\Local\Nero
2015-06-22 21:08 - 2012-10-28 19:33 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-21 12:25 - 2010-11-21 04:47 - 00179874 _____ C:\Windows\PFRO.log
2015-06-20 19:18 - 2012-10-24 22:23 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Malwarebytes
2015-06-20 19:18 - 2012-10-24 22:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-20 19:18 - 2012-10-24 22:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-06-18 02:45 - 2014-05-26 16:11 - 00000056 _____ C:\Windows\system32\Drivers\etc\hosts.umbrella
2015-06-18 02:04 - 2012-10-28 19:09 - 00000000 ____D C:\Users\Andy\Desktop\rkill
2015-06-18 02:03 - 2012-10-28 19:09 - 00002446 _____ C:\Users\Andy\Desktop\Rkill.txt
2015-06-18 00:07 - 2012-04-16 23:37 - 00000000 ____D C:\ProgramData\Skype
2015-06-16 00:42 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-14 03:58 - 2012-11-03 18:14 - 00000000 ____D C:\ProgramData\Spybot - Search &amp; Destroy
2015-06-12 23:39 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2015-06-11 03:14 - 2014-12-31 15:20 - 00000000 __SHD C:\Users\Andy\AppData\Local\EmieBrowserModeList
2015-06-11 03:14 - 2014-04-24 23:56 - 00000000 __SHD C:\Users\Andy\AppData\Local\EmieUserList
2015-06-11 03:14 - 2014-04-24 23:56 - 00000000 __SHD C:\Users\Andy\AppData\Local\EmieSiteList
2015-06-10 20:45 - 2009-07-14 06:13 - 00783424 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-10 20:40 - 2009-07-14 05:45 - 00269128 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-10 03:48 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-10 03:08 - 2013-07-25 02:06 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 03:02 - 2012-08-08 17:28 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-07 03:57 - 2013-11-08 02:40 - 00000000 ____D C:\Users\Andy\AppData\Roaming\vlc
2015-06-06 13:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\oobe
2015-06-06 03:59 - 2014-12-10 04:08 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-06 03:59 - 2014-05-07 02:37 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-05 23:56 - 2015-01-29 23:40 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-06-04 21:58 - 2010-11-21 04:24 - 00237056 ___SH (Steve Hutchesson) C:\ProgramData\mspyruxfd.exe

==================== Files in the root of some directories =======

2012-09-16 18:28 - 2014-04-10 02:23 - 0000600 _____ () C:\Users\Andy\AppData\Local\PUTTY.RND
2015-04-08 03:28 - 2015-04-08 03:28 - 0007603 _____ () C:\Users\Andy\AppData\Local\Resmon.ResmonCfg
2010-11-21 04:24 - 2015-06-04 21:58 - 0237056 ___SH (Steve Hutchesson) C:\ProgramData\mspyruxfd.exe

Files to move or delete:
====================
C:\ProgramData\mspyruxfd.exe


Some files in TEMP:
====================
C:\Users\Andy\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Andy\AppData\Local\Temp\KB01178774.exe
C:\Users\Andy\AppData\Local\Temp\Quarantine.exe
C:\Users\Andy\AppData\Local\Temp\sqlite3.dll


==================== Bamital &amp; volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe =&gt; File is digitally signed
C:\Windows\System32\wininit.exe =&gt; File is digitally signed
C:\Windows\SysWOW64\wininit.exe =&gt; File is digitally signed
C:\Windows\explorer.exe =&gt; File is digitally signed
C:\Windows\SysWOW64\explorer.exe =&gt; File is digitally signed
C:\Windows\System32\svchost.exe =&gt; File is digitally signed
C:\Windows\SysWOW64\svchost.exe =&gt; File is digitally signed
C:\Windows\System32\services.exe =&gt; File is digitally signed
C:\Windows\System32\User32.dll =&gt; File is digitally signed
C:\Windows\SysWOW64\User32.dll =&gt; File is digitally signed
C:\Windows\System32\userinit.exe =&gt; File is digitally signed
C:\Windows\SysWOW64\userinit.exe =&gt; File is digitally signed
C:\Windows\System32\rpcss.dll =&gt; File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys =&gt; File is digitally signed


LastRegBack: 2015-06-23 03:23

==================== End of log ============================

Edited by aphw, 27 June 2015 - 01:29 PM.


#11 aphw

aphw
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 27 June 2015 - 01:32 PM

Sorry forgot to edit the post to correct the formatting. I know it's a pain but I can't close absolutely all my programs. The first registry key mentioned in the AdwCleaner log doesn't appear to exist. mspyruxfd.exe is the executable that was run when the malware started (renamed version of bin2dbex). No changes to problems accessing websites. Thanks.

#12 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:30 AM

Posted 27 June 2015 - 02:43 PM

Hello aphw,

this fix will cause a reboot, close all your other programs before running the fix!
 

***


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt

 
start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
HKU\S-1-5-21-2006735408-881728403-4128587805-1000\...\CurrentVersion\Windows: [Load] C:\ProgramDataa\mspyruxfda.exea ===== ATTENTION
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
C:\ProgramData\mspyruxfd.exe
C:\ProgramDataa\mspyruxfda.exea 
HKU\S-1-5-21-2006735408-881728403-4128587805-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{4ee9dfdc-4f4f-4534-84a5-ee2b115a408d} ======= ATTENTION (Policy restriction on IP)
U4 CltMngSvco; C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [X]
S2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MFE_RR; \??\C:\Users\Andy\AppData\Local\Temp\mfe_rr.sys [X]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
U3 pwliqpob; \??\C:\Users\Andy\AppData\Local\Temp\pwliqpob.sys [X]
end


NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.


***


FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#13 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:30 AM

Posted 01 July 2015 - 07:41 AM

Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Threads will be closed if no response after 3 days.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#14 aphw

aphw
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 01 July 2015 - 08:52 PM

Hi, sorry I'm being kept very busy at the moment.

#15 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:30 AM

Posted 08 July 2015 - 01:04 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users