Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Having trouble removing unknown infection - In need of assistance!


  • This topic is locked This topic is locked
7 replies to this topic

#1 notinfallible

notinfallible

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere and Nowhere
  • Local time:07:56 PM

Posted 19 August 2015 - 04:26 AM

Hello, I suspect that my computer has some sort of malware, but I can't get rid of it on my own.  I've scanned my computer with Avira, Malwarebytes, SUPERantispyware, Adwcleaner, Junkware Removal Tool, and TDSSkiller, but they aren't finding any malware.  Yesterday, I noticed a file named something like 'swearware/dump' that CCleaner found and deleted.  I don't remember ever seeing 'swearware' before, so I typed 'swearware' into google and didn't find anything positive about it'.  After reading about 'swearware', I searched my registry entries and found several entries with 'swearware' somewhere in the entry.  After finding several registry entries with 'swearware' in it, I downloaded and ran 'ComboFix'.  ComboFix removed an 'Orphan', but I don't remember what that file was.  

 

I'm certain that there is malware somewhere on my computer, but I am having trouble locating and removing any infection.  I need help from somebody that is bit more tech savvy than myself.  

 

While trying to submit this post, I was redirected to some page that said, "ERROR 524".  Weird.

 

Thanks!

 

=============================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-08-2015
Ran by TripleJ (administrator) on TRIPLEJ-PC (19-08-2015 03:38:47)
Running from C:\Users\TripleJ\Desktop
Loaded Profiles: TripleJ (Available Profiles: TripleJ)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
() C:\Users\TripleJ\Desktop\Core Temp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-07-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [782008 2015-07-15] (Avira Operations GmbH & Co. KG)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-04-09] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-04-09] (IvoSoft)
GroupPolicyScripts: Group Policy detected <======= ATTENTION
GroupPolicyScripts\User: Group Policy detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3321394317-4094620996-100785646-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3321394317-4094620996-100785646-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3321394317-4094620996-100785646-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3321394317-4094620996-100785646-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A0AC4A48-2CDD-4F12-8C54-EA9AA41F71E9}: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\TripleJ\AppData\Roaming\Mozilla\Firefox\Profiles\YcpOzcm8.default
FF DefaultSearchEngine.US: Google
FF Homepage: www.google.com
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-03] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Extension: Avira Browser Safety - C:\Users\TripleJ\AppData\Roaming\Mozilla\Firefox\Profiles\YcpOzcm8.default\Extensions\abs@avira.com [2015-08-08]
 
Chrome: 
=======
CHR Profile: C:\Users\TripleJ\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\TripleJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-02]
CHR Extension: (Google Docs) - C:\Users\TripleJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-02]
CHR Extension: (Google Drive) - C:\Users\TripleJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-02]
CHR Extension: (YouTube) - C:\Users\TripleJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-02]
CHR Extension: (Google Search) - C:\Users\TripleJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-02]
CHR Extension: (Google Sheets) - C:\Users\TripleJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-02]
CHR Extension: (Avira Browser Safety) - C:\Users\TripleJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-05-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\TripleJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\TripleJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-02]
CHR Extension: (Gmail) - C:\Users\TripleJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-02]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S4 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [887128 2015-07-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [461672 2015-07-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [461672 2015-07-15] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1213072 2015-07-15] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [218816 2015-07-02] (Avira Operations GmbH & Co. KG)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2015-05-02] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2015-05-02] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S3 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21007192 2014-04-30] (NVIDIA Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162528 2015-07-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-07-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-07-15] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-07-15] (Avira Operations GmbH & Co. KG)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2015-08-05] (Broadcom Corporation.)
S3 CCUSBMIDI; C:\Windows\System32\Drivers\ccusbmid.sys [26624 2012-02-24] (CASIO COMPUTER CO., LTD.) [File not signed]
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-08-07] (Disc Soft Ltd)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18776 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2015-08-06] (Duplex Secure Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-08-08] ()
R3 ALSysIO; \??\C:\Users\TripleJ\AppData\Local\Temp\ALSysIO64.sys [X]
S3 btwampfl; \??\C:\Windows\system32\drivers\btwampfl.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\DRIVERS\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-19 03:38 - 2015-08-19 03:39 - 00012115 _____ C:\Users\TripleJ\Desktop\FRST.txt
2015-08-19 03:38 - 2015-08-19 03:38 - 00000000 ____D C:\FRST
2015-08-19 03:36 - 2015-08-19 03:36 - 02173440 _____ (Farbar) C:\Users\TripleJ\Desktop\FRST64.exe
2015-08-19 03:28 - 2015-08-19 03:28 - 249596742 _____ C:\Users\TripleJ\Documents\noitartisger.reg
2015-08-19 03:21 - 2015-08-19 03:21 - 00001271 _____ C:\Users\TripleJ\Desktop\CoreTemp.ini
2015-08-18 19:01 - 2015-08-18 19:01 - 04890216 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-18 19:01 - 2015-08-18 19:01 - 00000546 _____ C:\Windows\PFRO.log
2015-08-18 16:47 - 2015-08-19 03:18 - 00000168 _____ C:\Windows\setupact.log
2015-08-18 16:47 - 2015-08-18 16:47 - 00000000 _____ C:\Windows\setuperr.log
2015-08-18 16:32 - 2015-08-18 16:32 - 00058800 _____ C:\Users\TripleJ\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-17 21:35 - 2015-08-18 14:55 - 00000000 ____D C:\Users\TripleJ\Downloads\CoreTemp64
2015-08-17 21:35 - 2015-08-17 21:35 - 00381763 _____ C:\Users\TripleJ\Downloads\CoreTemp64.zip
2015-08-17 21:35 - 2013-10-08 13:23 - 00890016 _____ C:\Users\TripleJ\Desktop\Core Temp.exe
2015-08-17 20:11 - 2015-08-17 20:11 - 00000000 ____H C:\Users\TripleJ\Documents\Default.rdp
2015-08-13 16:07 - 2015-08-13 16:07 - 00274602 _____ C:\Users\TripleJ\Downloads\CCUSBX64_INST.zip
2015-08-12 00:30 - 2015-07-30 08:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 00:30 - 2015-07-30 08:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 00:24 - 2015-07-30 13:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-12 00:24 - 2015-07-30 13:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-12 00:24 - 2015-07-30 13:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-12 00:24 - 2015-07-30 13:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-12 00:24 - 2015-07-30 13:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-12 00:24 - 2015-07-30 13:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-12 00:24 - 2015-07-30 13:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-12 00:24 - 2015-07-30 12:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-12 00:24 - 2015-07-30 12:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-12 00:24 - 2015-07-30 12:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-12 00:24 - 2015-07-30 12:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-12 00:24 - 2015-07-30 12:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-12 00:24 - 2015-07-30 12:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-12 00:24 - 2015-07-30 11:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-12 00:24 - 2015-07-30 11:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-12 00:24 - 2015-07-30 11:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-12 00:24 - 2015-07-20 13:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-12 00:24 - 2015-07-20 13:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-12 00:24 - 2015-07-20 13:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-12 00:24 - 2015-07-20 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-12 00:24 - 2015-07-20 13:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-12 00:24 - 2015-07-20 13:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-12 00:24 - 2015-07-20 13:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-12 00:24 - 2015-07-20 13:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-12 00:24 - 2015-07-20 13:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-12 00:24 - 2015-07-20 13:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-12 00:24 - 2015-07-20 13:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-12 00:24 - 2015-07-20 12:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-12 00:24 - 2015-07-20 12:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-12 00:24 - 2015-07-20 12:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-12 00:24 - 2015-07-20 12:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-12 00:24 - 2015-07-20 12:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-12 00:24 - 2015-07-16 14:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-12 00:24 - 2015-07-16 14:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-08-12 00:24 - 2015-07-16 14:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-12 00:24 - 2015-07-16 14:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-12 00:24 - 2015-07-16 14:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-12 00:24 - 2015-07-16 14:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-12 00:24 - 2015-07-15 13:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-12 00:24 - 2015-07-15 13:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-12 00:24 - 2015-07-15 13:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-12 00:24 - 2015-07-15 13:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-12 00:24 - 2015-07-15 13:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-12 00:24 - 2015-07-15 13:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-12 00:24 - 2015-07-15 13:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-12 00:24 - 2015-07-15 13:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-12 00:24 - 2015-07-15 13:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-12 00:24 - 2015-07-15 13:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-12 00:24 - 2015-07-15 13:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-12 00:24 - 2015-07-15 13:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-12 00:24 - 2015-07-15 13:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-12 00:24 - 2015-07-15 13:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-12 00:24 - 2015-07-15 13:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-12 00:24 - 2015-07-15 13:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-12 00:24 - 2015-07-15 13:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-12 00:24 - 2015-07-15 13:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-12 00:24 - 2015-07-15 13:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-12 00:24 - 2015-07-15 13:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-12 00:24 - 2015-07-15 13:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-12 00:24 - 2015-07-15 13:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-12 00:24 - 2015-07-15 13:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-12 00:24 - 2015-07-15 13:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-12 00:24 - 2015-07-15 13:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-12 00:24 - 2015-07-15 13:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-12 00:24 - 2015-07-15 13:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-12 00:24 - 2015-07-15 13:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-12 00:24 - 2015-07-15 13:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-12 00:24 - 2015-07-15 13:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-12 00:24 - 2015-07-15 13:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-12 00:24 - 2015-07-15 13:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-12 00:24 - 2015-07-15 13:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-12 00:24 - 2015-07-15 13:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-12 00:24 - 2015-07-15 13:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-12 00:24 - 2015-07-15 13:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-12 00:24 - 2015-07-15 13:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-12 00:24 - 2015-07-15 13:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-12 00:24 - 2015-07-15 13:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-12 00:24 - 2015-07-15 13:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 13:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 13:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 13:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 12:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-12 00:24 - 2015-07-15 12:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-12 00:24 - 2015-07-15 12:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-12 00:24 - 2015-07-15 12:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-12 00:24 - 2015-07-15 12:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-12 00:24 - 2015-07-15 12:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-12 00:24 - 2015-07-15 12:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-12 00:24 - 2015-07-15 12:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-12 00:24 - 2015-07-15 12:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-12 00:24 - 2015-07-15 12:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-12 00:24 - 2015-07-15 12:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-12 00:24 - 2015-07-15 12:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-12 00:24 - 2015-07-15 12:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-12 00:24 - 2015-07-15 12:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-12 00:24 - 2015-07-15 12:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-12 00:24 - 2015-07-15 12:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-12 00:24 - 2015-07-15 12:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-12 00:24 - 2015-07-15 12:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-12 00:24 - 2015-07-15 12:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-12 00:24 - 2015-07-15 12:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-12 00:24 - 2015-07-15 12:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-12 00:24 - 2015-07-15 12:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-12 00:24 - 2015-07-15 12:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-12 00:24 - 2015-07-15 12:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-12 00:24 - 2015-07-15 12:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-12 00:24 - 2015-07-15 12:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 12:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 11:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-12 00:24 - 2015-07-15 11:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-12 00:24 - 2015-07-15 11:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-12 00:24 - 2015-07-15 11:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-12 00:24 - 2015-07-15 11:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-12 00:24 - 2015-07-15 11:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 11:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 11:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 00:24 - 2015-07-15 11:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-12 00:24 - 2015-07-11 08:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-08-12 00:24 - 2015-07-10 12:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-12 00:24 - 2015-07-10 12:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-12 00:24 - 2015-07-09 12:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 00:24 - 2015-07-09 12:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 00:24 - 2015-07-09 12:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-12 00:24 - 2015-07-01 15:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 00:24 - 2015-07-01 15:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-12 00:24 - 2015-07-01 15:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-12 00:24 - 2015-07-01 15:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-10 20:48 - 2015-08-10 20:48 - 00000000 ____D C:\Users\TripleJ\AppData\Roaming\Macromedia
2015-08-10 20:42 - 2015-08-10 20:42 - 00000000 ____D C:\Users\TripleJ\AppData\Roaming\Adobe
2015-08-10 07:20 - 2015-08-10 07:20 - 00000000 ____D C:\Users\TripleJ\AppData\Roaming\Maize Sampler Player
2015-08-10 06:57 - 2015-08-10 06:57 - 00000000 ____D C:\Users\TripleJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bojo Software
2015-08-10 06:57 - 2015-08-10 06:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bojo Software
2015-08-10 00:57 - 2015-08-18 15:12 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2015-08-10 00:57 - 2015-08-10 00:57 - 02218504 _____ C:\Users\TripleJ\Downloads\instspeedfan451.exe
2015-08-10 00:57 - 2015-08-10 00:57 - 00001007 _____ C:\Users\TripleJ\Desktop\SpeedFan.lnk
2015-08-10 00:57 - 2015-08-10 00:57 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2015-08-10 00:57 - 2015-08-10 00:57 - 00000000 ____D C:\Users\TripleJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2015-08-09 21:06 - 2015-08-09 21:06 - 05655432 _____ (Canneverbe Limited ) C:\Users\TripleJ\Downloads\cdbxp_setup_4.5.5.5767.exe
2015-08-09 21:06 - 2015-08-09 21:06 - 00001147 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk
2015-08-09 21:06 - 2015-08-09 21:06 - 00001105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2015-08-09 21:06 - 2015-08-09 21:06 - 00000000 ____D C:\Users\TripleJ\AppData\Roaming\Canneverbe Limited
2015-08-09 21:06 - 2015-08-09 21:06 - 00000000 ____D C:\ProgramData\Canneverbe Limited
2015-08-09 21:06 - 2015-08-09 21:06 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2015-08-09 00:11 - 2015-08-09 00:11 - 00000000 ____D C:\ProgramData\HitmanPro
2015-08-08 23:05 - 2015-08-08 23:05 - 00000000 ____D C:\Users\TripleJ\AppData\Roaming\Avira
2015-08-08 23:03 - 2015-07-15 08:37 - 00162528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-08-08 23:03 - 2015-07-15 08:37 - 00141416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-08-08 23:03 - 2015-07-15 08:37 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-08-08 23:03 - 2015-07-15 08:37 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-08-08 23:02 - 2015-08-08 23:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-08-08 23:02 - 2015-08-08 23:03 - 00000000 ____D C:\ProgramData\Avira
2015-08-08 23:02 - 2015-08-08 23:02 - 04721376 _____ (Avira Operations GmbH & Co. KG) C:\Users\TripleJ\Downloads\avira_en_av_55c6d0cd258f2__ws.exe
2015-08-08 23:02 - 2015-08-08 23:02 - 00001188 _____ C:\Users\Public\Desktop\Avira.lnk
2015-08-08 22:50 - 2015-08-19 03:21 - 00576337 _____ C:\Windows\WindowsUpdate.log
2015-08-08 22:41 - 2015-08-08 22:41 - 00000000 ____D C:\Users\TripleJ\AppData\Local\Šž
2015-08-08 21:57 - 2015-08-08 21:57 - 00448512 _____ (OldTimer Tools) C:\Users\TripleJ\Desktop\TFC.exe
2015-08-08 21:52 - 2015-08-08 21:52 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-08-08 21:51 - 2015-08-08 21:58 - 00000000 ____D C:\ProgramData\RogueKiller
2015-08-08 21:49 - 2015-08-08 21:49 - 00783640 _____ (McAfee, Inc.) C:\Users\TripleJ\Desktop\RootKit Remover.exe
2015-08-08 21:48 - 2015-08-08 21:48 - 18718280 _____ C:\Users\TripleJ\Desktop\RogueKiller.exe
2015-08-08 21:47 - 2015-08-08 21:47 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\TripleJ\Desktop\TDSSkiller.exe
2015-08-08 09:14 - 2015-08-08 09:14 - 01797896 _____ (Malwarebytes Corporation) C:\Users\TripleJ\Desktop\JRT.exe
2015-08-07 22:51 - 2015-08-07 22:51 - 00000000 ____D C:\Users\TripleJ\Documents\Alcohol 52%
2015-08-07 22:13 - 2015-08-08 22:35 - 00000000 ____D C:\Users\TripleJ\AppData\Local\Disc_Soft_Ltd
2015-08-07 22:13 - 2015-08-07 22:13 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2015-08-07 22:11 - 2015-08-07 22:11 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2015-08-07 21:55 - 2015-08-07 21:55 - 01709792 _____ (Disc Soft Ltd.) C:\Users\TripleJ\Downloads\DTLiteInstaller.exe
2015-08-07 19:40 - 2015-08-07 22:52 - 00000334 _____ C:\Users\TripleJ\Documents\ax_files.xml
2015-08-06 22:46 - 2015-08-06 22:46 - 00381608 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2015-08-06 22:44 - 2015-08-06 22:44 - 07668472 _____ (Alcohol Soft Development Team) C:\Users\TripleJ\Downloads\Alcohol52_FE_2.0.3.7612_1b9cdef546ae8457cf002fd2a71fdec7.exe
2015-08-05 21:08 - 2015-08-18 14:53 - 00000000 ____D C:\Users\TripleJ\AppData\Local\CrashDumps
2015-08-05 20:59 - 2015-08-05 20:59 - 00000000 ____D C:\Users\TripleJ\Documents\Bluetooth Exchange Folder
2015-08-05 20:55 - 2015-08-05 20:54 - 00172760 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\bcbtums.sys
2015-08-05 20:55 - 2015-08-05 20:54 - 00071703 _____ C:\Windows\system32\Drivers\BCM20702B0_002.001.014.0527.0607.hex
2015-08-05 20:50 - 2015-08-05 20:50 - 00000000 ____D C:\Users\TripleJ\Downloads\SetupBtwDownloadSE
2015-08-03 22:53 - 2015-08-03 22:53 - 00001304 _____ C:\Users\TripleJ\Desktop\Notepad.lnk
2015-08-03 22:52 - 2015-08-03 22:52 - 00001949 _____ C:\Users\TripleJ\Desktop\CleanMem.lnk
2015-08-03 20:23 - 2015-08-03 20:23 - 00001102 _____ C:\Users\Public\Desktop\Malware Bytes.lnk
2015-08-02 02:19 - 2015-08-02 02:19 - 00000000 ____D C:\Windows\Sun
2015-08-02 02:13 - 2015-08-02 02:13 - 00562784 _____ (Oracle Corporation) C:\Users\TripleJ\Downloads\jxpiinstall.exe
2015-08-02 02:08 - 2015-08-02 02:08 - 05127432 _____ (Piriform Ltd) C:\Users\TripleJ\Downloads\spsetup128.exe
2015-08-02 02:08 - 2015-08-02 02:08 - 00000796 _____ C:\Users\Public\Desktop\Speccy.lnk
2015-08-02 02:08 - 2015-08-02 02:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2015-08-02 02:08 - 2015-08-02 02:08 - 00000000 ____D C:\Program Files\Speccy
2015-08-01 17:44 - 2015-08-01 17:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-08-01 17:42 - 2015-08-01 17:44 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2015-08-01 17:42 - 2015-08-01 17:42 - 00000000 ____D C:\Program Files (x86)\FreeCodecPack
2015-08-01 17:41 - 2015-08-09 19:05 - 00000000 ____D C:\Users\TripleJ\AppData\Roaming\DVDVideoSoft
2015-08-01 17:40 - 2015-08-01 17:40 - 10975456 _____ (ELTIMA Software ) C:\Users\TripleJ\Downloads\airy.exe
2015-08-01 17:39 - 2015-08-01 17:39 - 64540344 _____ (DVDVideoSoft Ltd. ) C:\Users\TripleJ\Downloads\FreeStudio.exe
2015-07-30 02:40 - 2015-07-30 02:40 - 07514112 _____ C:\Users\TripleJ\Documents\Jones26006.m2ts
2015-07-30 02:40 - 2015-07-30 02:40 - 00000076 _____ C:\Users\TripleJ\Documents\Jones26006.m2ts.sfl
2015-07-30 02:20 - 2015-07-30 02:20 - 00000000 ____D C:\Program Files (x86)\Lame For Audacity
2015-07-30 02:02 - 2015-08-04 06:08 - 00000000 ____D C:\Users\TripleJ\AppData\Roaming\Audacity
2015-07-30 02:02 - 2015-07-30 02:20 - 00000000 ____D C:\Program Files (x86)\Audacity
2015-07-30 02:02 - 2015-07-30 02:02 - 00001019 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-07-30 02:02 - 2015-07-30 02:02 - 00001007 _____ C:\Users\Public\Desktop\Audacity.lnk
2015-07-30 02:00 - 2015-07-30 02:00 - 24210616 _____ (Audacity Team ) C:\Users\TripleJ\Downloads\audacity-win-2.1.0.exe
2015-07-29 15:21 - 2015-08-13 07:37 - 00000975 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-07-29 15:21 - 2015-07-29 15:21 - 06609608 _____ (Piriform Ltd) C:\Users\TripleJ\Downloads\ccsetup508.exe
2015-07-29 15:21 - 2015-07-29 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-07-28 03:32 - 2015-07-28 03:35 - 00000000 ____D C:\Users\TripleJ\AppData\Roaming\ImgBurn
2015-07-28 03:32 - 2015-07-28 03:32 - 00017430 _____ C:\Users\TripleJ\Documents\My Project.ibb
2015-07-28 02:49 - 2015-07-28 02:49 - 00001895 _____ C:\Users\TripleJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2015-07-28 02:49 - 2015-07-28 02:49 - 00000000 ____D C:\Users\TripleJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ImgBurn
2015-07-28 02:49 - 2015-07-28 02:49 - 00000000 ____D C:\Program Files (x86)\ImgBurn
2015-07-28 02:48 - 2015-07-28 02:48 - 03469871 _____ (LIGHTNING UK!) C:\Users\TripleJ\Downloads\SetupImgBurn_2.5.8.0.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-19 03:27 - 2009-07-13 23:45 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-19 03:27 - 2009-07-13 23:45 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-19 03:18 - 2015-05-02 04:34 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-19 03:18 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-18 21:54 - 2015-05-02 23:06 - 00001080 _____ C:\Windows\system32\settingsbkup.sfm
2015-08-18 21:54 - 2015-05-02 23:06 - 00001080 _____ C:\Windows\system32\settings.sfm
2015-08-18 19:44 - 2015-05-06 13:06 - 00000000 ____D C:\Cakewalk Projects
2015-08-18 16:41 - 2015-05-08 23:35 - 00000000 ____D C:\Windows\erdnt
2015-08-18 16:35 - 2009-07-14 00:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-18 16:29 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2015-08-18 15:09 - 2015-05-02 11:05 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-18 14:47 - 2009-07-13 22:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-18 14:39 - 2015-05-07 09:17 - 00000000 ____D C:\AdwCleaner
2015-08-17 06:22 - 2015-05-02 03:36 - 00000000 ____D C:\Users\TripleJ
2015-08-17 06:20 - 2015-06-21 22:13 - 00988160 ___SH C:\Users\TripleJ\Thumbs.db
2015-08-17 02:13 - 2015-05-05 05:10 - 00000000 ____D C:\Users\TripleJ\AppData\Roaming\vlc
2015-08-12 04:45 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-08-12 04:18 - 2015-05-07 11:23 - 00000000 ____D C:\Users\TripleJ\AppData\Roaming\uTorrent
2015-08-12 00:29 - 2015-05-02 05:33 - 00000000 ____D C:\Windows\system32\MRT
2015-08-12 00:25 - 2015-05-02 05:33 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-10 20:49 - 2015-07-16 13:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-10 07:21 - 2015-05-07 09:00 - 00000000 ____D C:\Users\TripleJ\AppData\Roaming\Celemony Software GmbH
2015-08-10 06:25 - 2015-05-10 08:26 - 00000000 ____D C:\Users\TripleJ\Downloads\Music Stuff
2015-08-09 21:01 - 2009-07-13 23:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-08-09 00:43 - 2015-05-08 22:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\East West Symphonic Choirs
2015-08-08 23:05 - 2015-07-16 13:35 - 00000000 ____D C:\Program Files (x86)\Avira
2015-08-08 23:02 - 2015-05-02 10:57 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-08 22:00 - 2015-05-02 11:07 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-08-05 21:29 - 2009-07-14 00:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-03 20:23 - 2015-05-02 11:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-03 20:23 - 2015-05-02 11:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-30 03:58 - 2015-05-02 07:15 - 00000000 __SHD C:\Users\TripleJ\AppData\Local\EmieUserList
2015-07-30 03:58 - 2015-05-02 07:15 - 00000000 __SHD C:\Users\TripleJ\AppData\Local\EmieSiteList
2015-07-30 03:58 - 2015-05-02 07:15 - 00000000 __SHD C:\Users\TripleJ\AppData\Local\EmieBrowserModeList
2015-07-29 15:21 - 2015-07-13 12:04 - 00000000 ____D C:\Program Files\CCleaner
 
==================== Files in the root of some directories =======
 
2015-05-07 23:09 - 2015-05-07 23:09 - 0300827 _____ () C:\Program Files (x86)\unins000.dat
2015-05-07 23:09 - 2015-05-07 23:09 - 0722680 _____ () C:\Program Files (x86)\unins000.exe
2015-06-15 07:37 - 2015-06-15 07:37 - 0000132 _____ () C:\Users\TripleJ\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
2015-05-13 02:49 - 2015-05-13 02:49 - 0000017 _____ () C:\Users\TripleJ\AppData\Local\resmon.resmoncfg
 
Some files in TEMP:
====================
C:\Users\TripleJ\AppData\Local\Temp\avgnt.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-12 00:59
 

==================== End of log ============================ 

 

Attached Files


The most important thing in communication is to hear what isn't being said.

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:56 PM

Posted 20 August 2015 - 08:30 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicyScripts: Group Policy detected <======= ATTENTION
GroupPolicyScripts\User: Group Policy detected <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3321394317-4094620996-100785646-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Avira Browser Safety) - C:\Users\TripleJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-05-02]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
R3 ALSysIO; \??\C:\Users\TripleJ\AppData\Local\Temp\ALSysIO64.sys [X]
S3 btwampfl; \??\C:\Windows\system32\drivers\btwampfl.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\DRIVERS\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
AlternateDataStreams: C:\Program Files\Common Files\Microsoft Shared:3xjCIYwE5CMImOAEiAxn9mCR
AlternateDataStreams: C:\Program Files\Common Files\System:4Km8LxtMOs0tCamCY
AlternateDataStreams: C:\ProgramData\Microsoft:CzNdyVodc5d6FdTks81ftMN
AlternateDataStreams: C:\ProgramData\Microsoft:ddKtxmsnUxgjUvcEQfpwiPJ

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.


Any remaining issues?

#3 notinfallible

notinfallible
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere and Nowhere
  • Local time:07:56 PM

Posted 21 August 2015 - 04:36 AM

I'm sorry about how long it took me to realize that you responded.  My notification settings must have altered at some point.  

 

The computer seems to boot up quicker.  

 

Thanks! Here is the log....

 

Fix result of Farbar Recovery Scan Tool (x64) Version:21-08-2015
Ran by TripleJ (2015-08-21 04:27:37) Run:1
Running from C:\Users\TripleJ\Desktop
Loaded Profiles: TripleJ (Available Profiles: TripleJ)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
GroupPolicyScripts: Group Policy detected <======= ATTENTION
GroupPolicyScripts\User: Group Policy detected <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3321394317-4094620996-100785646-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Avira Browser Safety) - C:\Users\TripleJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-05-02]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
R3 ALSysIO; \??\C:\Users\TripleJ\AppData\Local\Temp\ALSysIO64.sys [X]
S3 btwampfl; \??\C:\Windows\system32\drivers\btwampfl.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\DRIVERS\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
AlternateDataStreams: C:\Program Files\Common Files\Microsoft Shared:3xjCIYwE5CMImOAEiAxn9mCR
AlternateDataStreams: C:\Program Files\Common Files\System:4Km8LxtMOs0tCamCY
AlternateDataStreams: C:\ProgramData\Microsoft:CzNdyVodc5d6FdTks81ftMN
AlternateDataStreams: C:\ProgramData\Microsoft:ddKtxmsnUxgjUvcEQfpwiPJ
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3321394317-4094620996-100785646-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\TripleJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => moved successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => key removed successfully
ALSysIO => service removed successfully
btwampfl => service removed successfully
btwaudio => service removed successfully
btwavdt => service removed successfully
btwl2cap => service removed successfully
btwrchid => service removed successfully
catchme => service removed successfully
C:\Program Files\Common Files\Microsoft Shared => ":3xjCIYwE5CMImOAEiAxn9mCR" ADS removed successfully.
C:\Program Files\Common Files\System => ":4Km8LxtMOs0tCamCY" ADS removed successfully.
C:\ProgramData\Microsoft => ":CzNdyVodc5d6FdTks81ftMN" ADS removed successfully.
C:\ProgramData\Microsoft => ":ddKtxmsnUxgjUvcEQfpwiPJ" ADS removed successfully.
EmptyTemp: => 415.8 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 04:28:00 ====

The most important thing in communication is to hear what isn't being said.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:56 PM

Posted 21 August 2015 - 10:49 AM

Any remaining issues?

#5 notinfallible

notinfallible
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere and Nowhere
  • Local time:07:56 PM

Posted 21 August 2015 - 11:44 AM

My computer is running fine, but I was still able to find a couple registry keys that say 'swearware' in them.  I'll attach a screen capture of one of the keys.  I believe it's in the autorun.inf file.

 

 

1_zpshwtg44vh.png


The most important thing in communication is to hear what isn't being said.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:56 PM

Posted 22 August 2015 - 07:13 AM

My computer is running fine, but I was still able to find a couple registry keys that say 'swearware' in them.


These key were created by ComboFix.

There is nothing to worry about.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#7 notinfallible

notinfallible
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere and Nowhere
  • Local time:07:56 PM

Posted 22 August 2015 - 08:30 AM

I think I'm good to go.  

 

Thanks for the help!  I appreciate it much more than I can articulate!


The most important thing in communication is to hear what isn't being said.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:56 PM

Posted 22 August 2015 - 09:33 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users