Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Malware, possibly in MBR


  • This topic is locked This topic is locked
15 replies to this topic

#1 SeanieC

SeanieC

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 01 September 2015 - 02:33 PM

Hi

 

I believe my Windows 7 laptop has been infected with Malware in the last week or so. I have followed some of the standard procedures using tools like MBAR, MB Anti-Malware, ESET and HitMan Pro but I think the virus is low level, possibly in the MBR.

 

Whenever I try to execute a cleaning program that runs command line the virus triggers. It manifests itself as a crash of conhost.exe followed by a crash of icacls.exe. Windows event viewer says its is triggered by accessing GDI32.dll. At one point it was blocking Malwarebtyes Anti_Malware from accessing its update site. Although I seem to have fixed that part now I still can't get to a full clean

 

MB Anti-Malware has found Setting.DisableRegistryTools (A) which I have cleaned but still no joy

 

RogueKiller found some registry exploits like PUM.dns which again I cleaned and am not even sure are related.

 

Current status is I have a clean User profile which I have been able to use to run DDS, Rkill.exe and ComboFix.exe reports. I can post the logs on request. I don't want to go any further at this stage as the other tools seem to invoke the virus and block the completion of the reports / fixes

 

Wonder if one of you experts can help me ?

 

Many thanks

 

Sean

 

 



BC AdBot (Login to Remove)

 


m

#2 SeanieC

SeanieC
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 01 September 2015 - 03:08 PM

attaching FRST logs



#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:35 AM

Posted 02 September 2015 - 08:27 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Your FRST log was not attached. Please copy and past the content in your next reply.
Post also the Addition.txt file that was created.

My instructions on how to run the Farbar tool.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===


How is the computer running now?
Wait for further instructions.

#4 SeanieC

SeanieC
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 02 September 2015 - 08:33 AM

Hi there

 

Sorry I ended up posting again in another thread as I thought this one was void because I had replied to it with an attachment myself. You can delete this request as a result

 

http://www.bleepingcomputer.com/forums/t/588888/malware-infection-settingdisableregistrytools-a-conhostexe-crashes/

 

 

FRST log is pasted below and Additions.txt attached. I'll run AdwCleaner later and post the log

 

FRST.tx

-----------

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2015
Ran by TyrAgain (administrator) on PUTER (01-09-2015 20:54:37)
Running from C:\Users\TyrAgain\Desktop
Loaded Profiles: TyrAgain (Available Profiles: Shiggz & Heather & iphone & TyrAgain & DefaultAppPool)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Skype Technologies) C:\Program Files\Skype\Updater\Updater.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
() C:\Windows\System32\winopt.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
() C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Farbar) C:\Users\TyrAgain\Desktop\TSRF.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(DoctorSoft) C:\Program Files\AnyPC Client\APLanMgrC.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [73984 2013-01-02] (Check Point Software Technologies LTD)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1770792 2010-05-20] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10082920 2011-05-18] (Realtek Semiconductor)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3780520 2015-07-31] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157992 2015-07-11] (Apple Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{16BE4C3D-3FD6-408B-B537-FE1498A5A5D3}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7F4C71FE-C6A8-4E82-A601-8D6E45ACFA1C}: [DhcpNameServer] 192.168.100.254
Tcpip\..\Interfaces\{B9DD8F0B-A91C-4335-A05D-107120A6756E}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-593423473-182427553-3595481273-1011\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-593423473-182427553-3595481273-1011\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-593423473-182427553-3595481273-1011\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKU\S-1-5-21-593423473-182427553-3595481273-1011 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKU\S-1-5-21-593423473-182427553-3595481273-1011 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKU\S-1-5-21-593423473-182427553-3595481273-1011 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2012-11-29] (RealDownloader)
BHO: ZoneAlarm Security Engine Registrar -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2012-11-22] (Check Point Software Technologies)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: WinAVI YouTube Download -> {E8DF67A1-B618-4F3F-9E7D-CBE175ADEF5B} -> C:\Program Files\WinAVI YouTube Download\YDTune.dll [2010-07-28] (ZJMedia)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2012-11-22] (Check Point Software Technologies)
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @httpwatch.com/hw_addon -> C:\Program Files\HttpWatch\Firefox\components [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin: @microsoft.com/wpi,version=1.4 -> C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll [2011-04-01] (Microsoft Corp)
FF Plugin: @pages.tvunetworks.com/WebPlayer -> C:\Program Files\TVUPlayer\npTVUAx.dll [No File]
FF Plugin: @real.com/nppl3260;version=16.0.0.282 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2012-12-24] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-05-31] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-05-31] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.0.282 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2012-12-24] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2012-11-29] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-31] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-31] (Google Inc.)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.19 -> C:\Program Files\Veetle\plugins\npVeetle.dll [No File]
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files\Veetle\Player\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-12-18] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack
FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012-12-24]
FF HKLM\...\Firefox\Extensions: [{1E2593B2-E106-4697-BCE7-A9D30DE05D73}] - C:\Program Files\HttpWatch\Firefox
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
CHR HKLM\...\Chrome\Extension: [ochbjojkpcmlfeagbaahkofepalngihg] - <no Path\update_url>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [5531008 2015-08-29] (Emsisoft Ltd)
S3 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3633576 2015-07-31] (AVG Technologies CZ, s.r.o.)
S3 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [335656 2015-07-31] (AVG Technologies CZ, s.r.o.)
S4 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [497320 2012-11-22] (Check Point Software Technologies)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S4 OberonGameConsoleService; C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [44312 2009-08-13] ()
S4 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [36352 2009-12-12] () [File not signed]
S4 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
S4 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
S2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020632 2014-04-04] (Samsung Electronics CO., LTD.)
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2448032 2013-01-02] (Check Point Software Technologies LTD)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 WinOptimizer; C:\windows\system32\winopt.exe [1736704 2011-04-30] () [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\windows\System32\DRIVERS\athr.sys [3208496 2015-05-19] (Qualcomm Atheros Communications, Inc.)
R1 Avgdiskx; C:\windows\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\windows\System32\DRIVERS\avgidsdriverx.sys [250288 2015-07-28] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\windows\System32\DRIVERS\avgidshx.sys [190944 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\windows\System32\DRIVERS\avgidsshimx.sys [31664 2015-07-23] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\windows\System32\DRIVERS\avgldx86.sys [207328 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\windows\System32\DRIVERS\avglogx.sys [290272 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\windows\System32\DRIVERS\avgmfx86.sys [186800 2015-07-28] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\windows\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\windows\System32\DRIVERS\avgtdix.sys [213984 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 epp32; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp32.sys [114072 2015-08-29] (Emsisoft GmbH)
R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [27056 2012-11-22] (Check Point Software Technologies)
S3 MTDVC2; C:\windows\System32\DRIVERS\mtdv2ku2.sys [12288 2003-10-15] (Matsubleepa Electric Industrial Co., Ltd.)
S3 MTDVC2_ENUM; C:\windows\System32\DRIVERS\mtdv2ks2.sys [11648 2003-10-11] (Matsubleepa Electric Industrial Co., Ltd.)
S3 OSFMount; C:\Program Files\OSFMount\OSFMount.sys [353208 2013-10-18] (PassMark Software)
S3 SL3Usb; C:\windows\System32\Drivers\SL3Usb.sys [45048 2013-03-15] (Cristalink Ltd)
S3 SL3UsbNoSSL; C:\windows\System32\Drivers\SL3UsbNoSSL.sys [45048 2013-03-15] (Cristalink Ltd)
R0 sptd; C:\windows\System32\Drivers\sptd.sys [691696 2013-06-03] () [File not signed]
S3 strmdrv; C:\windows\System32\Drivers\strmdrv.sys [35016 2011-05-18] (Rane Corporation)
R3 tap0901; C:\windows\System32\DRIVERS\tap0901.sys [26624 2011-12-15] (The OpenVPN Project)
R1 TRLNDISMON; C:\windows\System32\DRIVERS\TRLNDISMON.sys [25760 2014-12-09] (Tarlogic)
R1 Vsdatant; C:\windows\System32\DRIVERS\vsdatant.sys [454744 2012-12-13] (Check Point Software Technologies LTD)
U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 catchme; \??\C:\Users\TyrAgain\AppData\Local\Temp\catchme.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotDev; system32\DRIVERS\motodrv.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-01 20:54 - 2015-09-01 20:56 - 00017784 _____ C:\Users\TyrAgain\Desktop\FRST.txt
2015-09-01 20:51 - 2015-09-01 20:51 - 01690624 _____ (Farbar) C:\Users\TyrAgain\Desktop\TSRF.exe
2015-08-31 23:46 - 2015-08-31 23:46 - 00034605 _____ C:\Users\TyrAgain\Desktop\attach.txt
2015-08-31 23:46 - 2015-08-31 23:46 - 00023945 _____ C:\Users\TyrAgain\Desktop\dds.txt
2015-08-31 23:30 - 2015-08-31 23:30 - 00688992 ____R (Swearware) C:\Users\TyrAgain\Desktop\other.com
2015-08-31 23:18 - 2015-08-31 23:18 - 00023259 _____ C:\ComboFix.txt
2015-08-31 22:40 - 2015-08-31 23:42 - 00002860 _____ C:\Users\TyrAgain\Desktop\Rkill.txt
2015-08-31 22:39 - 2015-08-31 22:39 - 00000000 ____D C:\Users\TyrAgain\AppData\Roaming\AVG2015
2015-08-31 22:39 - 2015-08-31 22:39 - 00000000 ____D C:\Users\TyrAgain\AppData\Roaming\Apple Computer
2015-08-31 22:39 - 2015-08-31 22:39 - 00000000 ____D C:\Users\TyrAgain\AppData\Local\Avg2015
2015-08-31 22:37 - 2015-08-31 22:37 - 00001413 _____ C:\Users\TyrAgain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-31 22:37 - 2015-08-31 22:37 - 00000000 ____D C:\Users\TyrAgain\AppData\Roaming\Adobe
2015-08-31 22:37 - 2015-08-31 22:37 - 00000000 ____D C:\Users\TyrAgain\AppData\Local\VirtualStore
2015-08-31 22:32 - 2015-08-31 22:32 - 00091096 _____ C:\Users\TyrAgain\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-31 22:30 - 2015-08-29 09:07 - 18772040 _____ C:\Users\TyrAgain\Desktop\RogueKiller(1).exe
2015-08-31 22:30 - 2015-08-28 17:25 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\TyrAgain\Desktop\rkill.exe
2015-08-31 22:29 - 2015-08-31 22:49 - 05635666 ____R (Swearware) C:\Users\TyrAgain\Desktop\ComboFix.exe
2015-08-31 22:29 - 2015-08-31 22:38 - 00000000 ____D C:\Users\TyrAgain
2015-08-31 22:29 - 2015-08-31 22:29 - 00000020 ___SH C:\Users\TyrAgain\ntuser.ini
2015-08-31 22:29 - 2012-12-09 16:08 - 00000000 ____D C:\Users\TyrAgain\AppData\Roaming\TuneUp Software
2015-08-31 22:29 - 2012-08-15 08:32 - 00000000 ____D C:\Users\TyrAgain\AppData\Local\Microsoft Help
2015-08-31 22:29 - 2010-10-14 21:51 - 00001093 _____ C:\Users\TyrAgain\Desktop\CyberLink YouCam.lnk
2015-08-31 22:29 - 2010-10-14 21:51 - 00000000 ____D C:\Users\TyrAgain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
2015-08-31 22:29 - 2010-01-14 04:11 - 00001144 _____ C:\Users\TyrAgain\Desktop\CyberLink DVD Suite.lnk
2015-08-31 22:29 - 2010-01-14 04:11 - 00000000 ____D C:\Users\TyrAgain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2015-08-31 22:29 - 2009-07-14 05:42 - 00000000 ___RD C:\Users\TyrAgain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-31 22:29 - 2009-07-14 05:37 - 00000000 ___RD C:\Users\TyrAgain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-08-31 20:00 - 2015-08-31 20:00 - 00000606 _____ C:\Users\Shiggz\Desktop\JRT.txt
2015-08-31 15:47 - 2015-08-31 15:47 - 187015855 _____ C:\windows\MEMORY.DMP
2015-08-31 14:54 - 2015-08-31 14:58 - 00013030 _____ C:\Users\Heather\Downloads\MTB.txt
2015-08-31 14:52 - 2015-08-31 14:52 - 00891392 _____ (Farbar) C:\Users\Heather\Downloads\MiniToolBox.exe
2015-08-31 14:50 - 2015-08-31 14:51 - 00003171 _____ C:\Users\Heather\Desktop\FSS.txt
2015-08-31 14:49 - 2015-08-31 14:49 - 00899072 _____ (Farbar) C:\Users\Heather\Desktop\FSS.exe
2015-08-31 14:49 - 2015-08-31 14:49 - 00224713 _____ C:\Users\Heather\Documents\gmer.log
2015-08-31 14:11 - 2015-08-31 14:11 - 00380416 _____ C:\Users\Heather\Desktop\8k4b4g22.exe
2015-08-31 14:05 - 2015-08-31 20:32 - 00000000 ____D C:\Users\Heather\AppData\Local\CrashDumps
2015-08-31 14:04 - 2015-08-31 14:04 - 00000000 ____D C:\windows\system32\%LOCALAPPDATA%
2015-08-31 13:47 - 2015-08-31 13:47 - 00106282 _____ C:\Users\Shiggz\Downloads\OTL.Txt
2015-08-31 13:47 - 2015-08-31 13:47 - 00087028 _____ C:\Users\Shiggz\Downloads\Extras.Txt
2015-08-31 13:30 - 2015-08-31 13:30 - 00000161 _____ C:\Users\Shiggz\Desktop\scan.txt
2015-08-31 13:27 - 2015-08-31 13:27 - 00602112 _____ (OldTimer Tools) C:\Users\Shiggz\Downloads\OTL.exe
2015-08-31 13:06 - 2015-08-31 13:06 - 00001222 _____ C:\Users\Shiggz\Desktop\Revo Uninstaller.lnk
2015-08-31 13:06 - 2015-08-31 13:06 - 00000000 ____D C:\Program Files\VS Revo Group
2015-08-31 12:59 - 2015-08-31 12:59 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Shiggz\Downloads\revosetup (1).exe
2015-08-31 09:32 - 2015-08-31 09:32 - 11069616 _____ (VS Revo Group ) C:\Users\Shiggz\Downloads\RevoUninProSetup.exe
2015-08-31 09:31 - 2015-08-31 09:31 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Shiggz\Downloads\revosetup.exe
2015-08-30 21:39 - 2015-08-30 21:39 - 00000555 _____ C:\Users\Shiggz\Desktop\aswMBR1.txt
2015-08-30 19:36 - 2015-08-30 19:36 - 00000000 ____D C:\Program Files\ESET
2015-08-30 19:35 - 2015-08-30 19:36 - 02870984 _____ (ESET) C:\Users\Shiggz\Desktop\esetsmartinstaller_enu.exe
2015-08-30 19:28 - 2015-08-30 19:28 - 00001809 _____ C:\Users\Shiggz\Desktop\aswMBR.txt
2015-08-30 19:28 - 2015-08-30 19:28 - 00000512 _____ C:\Users\Shiggz\Desktop\MBR.dat
2015-08-30 18:28 - 2015-08-30 18:28 - 05198336 _____ (AVAST Software) C:\Users\Shiggz\Desktop\aswMBR.exe
2015-08-30 18:24 - 2015-08-30 18:24 - 00852704 _____ C:\Users\Shiggz\Desktop\SecurityCheck.exe
2015-08-30 17:34 - 2015-08-30 17:34 - 00000992 _____ C:\windows\system32\.crusader
2015-08-30 17:10 - 2015-08-30 17:10 - 01156296 _____ (Adobe Systems Incorporated) C:\Users\Shiggz\Downloads\uninstall_flash_player.exe
2015-08-30 17:05 - 2015-08-30 17:05 - 00007506 _____ C:\windows\DPINST.LOG
2015-08-30 16:38 - 2015-08-30 16:38 - 09723600 _____ (Microsoft Corporation) C:\Users\Shiggz\Downloads\WindowsUpdateAgent-7.6-x86.exe
2015-08-30 08:34 - 2015-08-31 15:21 - 00000000 ____D C:\Users\Shiggz\Desktop\mbar
2015-08-30 08:13 - 2015-08-30 08:13 - 00066497 _____ C:\Users\Shiggz\Downloads\shexview.zip
2015-08-30 08:00 - 2015-08-30 08:01 - 00060902 _____ C:\Users\Shiggz\Desktop\Addition.txt
2015-08-30 07:57 - 2015-08-31 20:01 - 00052600 _____ C:\Users\Shiggz\Desktop\FRST.txt
2015-08-30 07:56 - 2015-09-01 20:54 - 00000000 ____D C:\FRST
2015-08-29 14:27 - 2015-08-31 22:05 - 00000000 ____D C:\Users\Shiggz\AppData\Local\CrashDumps
2015-08-29 12:39 - 2015-08-31 18:17 - 00000000 ____D C:\AdwCleaner
2015-08-29 10:52 - 2015-08-31 20:16 - 05635666 ____R (Swearware) C:\Users\Shiggz\Desktop\ComboFix.exe
2015-08-29 10:35 - 2015-08-29 10:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-29 10:34 - 2015-08-31 21:52 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-08-29 10:34 - 2015-08-31 21:30 - 00170200 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-29 10:34 - 2015-08-31 21:29 - 00094936 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2015-08-29 09:32 - 2015-08-29 09:32 - 00091096 _____ C:\Users\Shiggz\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-29 09:14 - 2015-08-29 09:14 - 01690624 _____ (Farbar) C:\Users\Shiggz\Desktop\FRST.exe
2015-08-29 09:13 - 2015-08-29 09:13 - 01798640 _____ (Malwarebytes Corporation) C:\Users\Shiggz\Desktop\JRT.exe
2015-08-29 09:13 - 2015-08-29 09:13 - 01618432 _____ C:\Users\Shiggz\Desktop\adwcleaner_5.004.exe
2015-08-29 09:11 - 2015-08-29 09:11 - 16563304 _____ (Malwarebytes Corp.) C:\Users\Shiggz\Desktop\mbar-1.09.2.1008.exe
2015-08-29 09:06 - 2015-08-29 09:07 - 18772040 _____ C:\Users\Shiggz\Downloads\RogueKiller(1).exe
2015-08-29 09:05 - 2015-08-31 21:07 - 00035064 _____ C:\windows\system32\Drivers\TrueSight.sys
2015-08-29 09:05 - 2015-08-29 09:06 - 00000000 ____D C:\ProgramData\RogueKiller
2015-08-29 09:05 - 2015-08-29 09:05 - 18772040 _____ C:\Users\Shiggz\Desktop\RogueKiller.exe
2015-08-29 00:21 - 2015-09-01 20:46 - 00345918 _____ C:\windows\WindowsUpdate.log
2015-08-29 00:16 - 2015-09-01 20:53 - 00001568 _____ C:\windows\setupact.log
2015-08-29 00:16 - 2015-08-31 23:27 - 00016554 _____ C:\windows\PFRO.log
2015-08-29 00:16 - 2015-08-29 00:16 - 00000000 _____ C:\windows\setuperr.log
2015-08-29 00:02 - 2015-08-29 00:03 - 00005230 _____ C:\Users\Heather\Desktop\Rkill.txt
2015-08-28 23:31 - 2015-08-28 23:31 - 00000172 _____ C:\Users\Heather\Documents\cc_20150828_233059.reg
2015-08-28 23:30 - 2015-08-28 23:30 - 00094500 _____ C:\Users\Heather\Documents\cc_20150828_233001.reg
2015-08-28 23:30 - 2015-08-28 23:30 - 00000528 _____ C:\Users\Heather\Documents\cc_20150828_233033.reg
2015-08-28 21:20 - 2015-08-30 22:09 - 00000000 ____D C:\Program Files\HitmanPro
2015-08-28 21:18 - 2015-08-30 17:34 - 00000000 ____D C:\ProgramData\HitmanPro
2015-08-28 21:13 - 2015-08-28 21:13 - 04904874 _____ C:\Users\Shiggz\Downloads\Windows6.1-KB2731771-x86.msu
2015-08-28 18:54 - 2015-08-28 18:54 - 00011264 _____ C:\windows\system32\IAMDB.NDB
2015-08-28 18:49 - 2015-08-31 22:14 - 00000000 ____D C:\Users\Shiggz\Downloads\backups
2015-08-28 18:15 - 2015-08-28 18:15 - 00007768 _____ C:\Users\Shiggz\Downloads\hijackthis.log
2015-08-28 18:07 - 2015-08-28 18:07 - 00388608 _____ (Trend Micro Inc.) C:\Users\Shiggz\Downloads\HijackThis.exe
2015-08-28 17:25 - 2015-08-31 22:14 - 00003026 _____ C:\Users\Shiggz\Desktop\Rkill.txt
2015-08-28 17:25 - 2015-08-28 17:25 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Shiggz\Downloads\rkill.exe
2015-08-28 08:42 - 2015-08-28 08:42 - 00245528 _____ (Kaspersky Lab, Yury Parshin) C:\windows\system32\Drivers\83605599.sys
2015-08-28 08:41 - 2015-08-28 08:41 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Shiggz\Desktop\tdsskiller.exe
2015-08-28 07:59 - 2011-06-26 07:45 - 00256000 _____ C:\windows\PEV.exe
2015-08-28 07:59 - 2010-11-07 18:20 - 00208896 _____ C:\windows\MBR.exe
2015-08-28 07:59 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-08-28 07:59 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-08-28 07:59 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-08-28 07:59 - 2000-08-31 01:00 - 00098816 _____ C:\windows\sed.exe
2015-08-28 07:59 - 2000-08-31 01:00 - 00080412 _____ C:\windows\grep.exe
2015-08-28 07:59 - 2000-08-31 01:00 - 00068096 _____ C:\windows\zip.exe
2015-08-28 07:58 - 2015-08-31 23:18 - 00000000 ____D C:\Qoobox
2015-08-28 00:47 - 2015-08-28 08:17 - 00000000 ____D C:\windows\erdnt
2015-08-25 03:00 - 2015-08-11 01:33 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-08-25 03:00 - 2015-08-11 01:20 - 19871232 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-08-24 20:06 - 2015-08-24 20:08 - 00000400 ____H C:\Users\Shiggz\.swfinfo
2015-08-16 14:29 - 2015-08-16 14:29 - 00002646 _____ C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-08-16 14:27 - 2015-08-16 14:27 - 00018669 _____ C:\Users\Heather\Downloads\[kat.cr]tomtom.map.europe.1gb.west.950.6544.torrent
2015-08-16 14:26 - 2015-08-16 14:26 - 00060326 _____ C:\Users\Heather\Downloads\navigon.torrent
2015-08-16 10:37 - 2015-08-16 10:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2015-08-16 10:28 - 2015-08-16 10:28 - 00000000 ____D C:\Users\Heather\AppData\Local\GWX
2015-08-15 11:16 - 2015-08-15 11:16 - 00000000 ____H C:\windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2015-08-15 11:11 - 2015-08-15 11:11 - 01302408 _____ C:\Users\Shiggz\Downloads\Superuser-3.1.3__46___-efghi-signed_Final.rar
2015-08-15 11:08 - 2015-08-15 11:09 - 00000000 ____D C:\Program Files\Odin
2015-08-15 11:03 - 2015-08-15 11:03 - 00282404 _____ C:\Users\Shiggz\Downloads\Samsung_Galaxy_Tab_10.1_root.zip
2015-08-15 10:20 - 2015-08-15 10:20 - 00001948 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2015-08-15 09:47 - 2015-05-21 07:02 - 00581192 _____ (Microsoft Corporation) C:\windows\system32\WinUSBCoInstaller.dll
2015-08-15 09:47 - 2015-05-21 07:02 - 00184192 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\windows\system32\Drivers\ssudmdm.sys
2015-08-15 09:47 - 2015-05-21 07:02 - 00089984 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\windows\system32\Drivers\ssudbus.sys
2015-08-15 09:41 - 2013-10-30 12:06 - 00821824 _____ (Devguru Co., Ltd.) C:\windows\system32\dgderapi.dll
2015-08-15 09:30 - 2015-08-15 09:50 - 00000000 ____D C:\Users\Shiggz\Documents\SelfMV
2015-08-12 23:00 - 2015-07-30 14:13 - 00103120 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 20:10 - 2015-07-20 18:56 - 02943488 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-08-12 20:10 - 2015-07-20 18:56 - 02061312 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-08-12 20:10 - 2015-07-20 18:56 - 00566784 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-08-12 20:10 - 2015-07-20 18:56 - 00173056 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-08-12 20:10 - 2015-07-20 18:56 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-08-12 20:10 - 2015-07-20 18:56 - 00093184 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-08-12 20:10 - 2015-07-20 18:56 - 00073728 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-08-12 20:10 - 2015-07-20 18:56 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-08-12 20:10 - 2015-07-20 18:56 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-08-12 20:10 - 2015-07-20 18:56 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-08-12 20:10 - 2015-07-20 18:56 - 00011776 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-08-12 20:10 - 2015-07-09 18:42 - 00179712 _____ (Microsoft Corporation) C:\windows\system32\notepad.exe
2015-08-12 20:10 - 2015-07-09 18:42 - 00179712 _____ (Microsoft Corporation) C:\windows\notepad.exe
2015-08-12 20:10 - 2015-07-01 21:30 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2015-08-12 20:10 - 2015-07-01 21:30 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2015-08-12 20:09 - 2015-07-30 18:57 - 01987584 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2015-08-12 20:09 - 2015-07-30 18:57 - 01251328 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-08-12 20:09 - 2015-07-30 18:57 - 00909824 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-08-12 20:09 - 2015-07-30 18:57 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-08-12 20:09 - 2015-07-30 18:57 - 00034304 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-08-12 20:09 - 2015-07-30 18:57 - 00026624 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-08-12 20:09 - 2015-07-30 18:57 - 00010240 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-08-12 20:09 - 2015-07-30 17:52 - 02384384 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-08-12 20:09 - 2015-07-30 17:49 - 00299520 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-08-12 20:09 - 2015-07-21 01:12 - 00342736 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-08-12 20:09 - 2015-07-16 21:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-08-12 20:09 - 2015-07-16 20:51 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-08-12 20:09 - 2015-07-16 20:51 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-08-12 20:09 - 2015-07-16 20:50 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-08-12 20:09 - 2015-07-16 20:50 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-08-12 20:09 - 2015-07-16 20:43 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-08-12 20:09 - 2015-07-16 20:43 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-08-12 20:09 - 2015-07-16 20:41 - 00479232 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-08-12 20:09 - 2015-07-16 20:39 - 00664064 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-08-12 20:09 - 2015-07-16 20:39 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-08-12 20:09 - 2015-07-16 20:39 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-08-12 20:09 - 2015-07-16 20:38 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-08-12 20:09 - 2015-07-16 20:32 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-08-12 20:09 - 2015-07-16 20:29 - 00418304 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-08-12 20:09 - 2015-07-16 20:24 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-08-12 20:09 - 2015-07-16 20:20 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-08-12 20:09 - 2015-07-16 20:19 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-08-12 20:09 - 2015-07-16 20:17 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-08-12 20:09 - 2015-07-16 20:12 - 06131200 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-08-12 20:09 - 2015-07-16 20:12 - 00856064 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2015-08-12 20:09 - 2015-07-16 20:12 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2015-08-12 20:09 - 2015-07-16 20:10 - 12856832 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-08-12 20:09 - 2015-07-16 20:06 - 02052608 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-08-12 20:09 - 2015-07-16 20:06 - 00689152 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-08-12 20:09 - 2015-07-16 20:06 - 00685568 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-08-12 20:09 - 2015-07-16 20:05 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-08-12 20:09 - 2015-07-16 19:42 - 01951232 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-08-12 20:09 - 2015-07-16 19:38 - 01310720 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-08-12 20:09 - 2015-07-16 19:37 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-08-12 20:09 - 2015-07-16 16:14 - 00355840 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2015-08-12 20:09 - 2015-07-15 18:59 - 03989952 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-08-12 20:09 - 2015-07-15 18:59 - 03934656 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-08-12 20:09 - 2015-07-15 18:59 - 00137664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-08-12 20:09 - 2015-07-15 18:59 - 00078784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-08-12 20:09 - 2015-07-15 18:59 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-08-12 20:09 - 2015-07-15 18:56 - 01308160 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-08-12 20:09 - 2015-07-15 18:55 - 01159168 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll
2015-08-12 20:09 - 2015-07-15 18:55 - 00400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-08-12 20:09 - 2015-07-15 18:55 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-08-12 20:09 - 2015-07-15 18:55 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-08-12 20:09 - 2015-07-15 18:55 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-08-12 20:09 - 2015-07-15 18:55 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-08-12 20:09 - 2015-07-15 18:55 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-08-12 20:09 - 2015-07-15 18:55 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-08-12 20:09 - 2015-07-15 18:55 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-08-12 20:09 - 2015-07-15 18:54 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-08-12 20:09 - 2015-07-15 18:54 - 00655360 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-08-12 20:09 - 2015-07-15 18:54 - 00552960 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-08-12 20:09 - 2015-07-15 18:54 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-08-12 20:09 - 2015-07-15 18:54 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-08-12 20:09 - 2015-07-15 18:54 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-08-12 20:09 - 2015-07-15 18:54 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-08-12 20:09 - 2015-07-15 18:54 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-08-12 20:09 - 2015-07-15 18:54 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2015-08-12 20:09 - 2015-07-15 18:54 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-08-12 20:09 - 2015-07-15 18:54 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-08-12 20:09 - 2015-07-15 18:54 - 00010752 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-08-12 20:09 - 2015-07-15 18:53 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-08-12 20:09 - 2015-07-15 18:49 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-08-12 20:09 - 2015-07-15 18:48 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-08-12 20:09 - 2015-07-15 18:44 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-08-12 20:09 - 2015-07-15 18:44 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-08-12 20:09 - 2015-07-15 17:36 - 00225792 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-08-12 20:09 - 2015-07-15 17:36 - 00124416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-08-12 20:09 - 2015-07-15 17:36 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-08-12 20:08 - 2015-07-16 20:49 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-08-12 20:08 - 2015-07-16 20:45 - 02279424 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-08-12 20:08 - 2015-07-16 20:12 - 04520448 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-08-12 20:08 - 2015-07-15 03:55 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll
2015-08-12 20:08 - 2015-07-10 18:34 - 12875776 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-08-12 20:07 - 2015-07-15 03:55 - 01390592 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2015-08-12 20:07 - 2015-07-15 03:55 - 01241088 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-08-12 20:07 - 2015-07-15 03:51 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2015-08-12 20:07 - 2015-07-15 03:51 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-08-10 21:49 - 2015-08-10 21:49 - 00000000 ____H C:\windows\system32\Drivers\Msft_Kernel_strmdrv_01007.Wdf
2015-08-10 21:48 - 2011-05-18 10:42 - 00035016 _____ (Rane Corporation) C:\windows\system32\Drivers\strmdrv.sys
2015-08-10 21:48 - 2008-03-27 17:49 - 01112288 _____ (Microsoft Corporation) C:\windows\system32\WdfCoInstaller01007.dll
2015-08-10 21:47 - 2015-08-10 21:47 - 00000000 ____D C:\Users\Shiggz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Serato
2015-08-10 21:47 - 2015-08-10 21:47 - 00000000 ____D C:\Program Files\Serato
2015-08-10 21:41 - 2015-08-10 21:43 - 229802384 _____ C:\Users\Shiggz\Downloads\Serato DJ 1.7.7.zip
2015-08-07 13:26 - 2015-08-07 13:26 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-08-07 13:26 - 2015-08-07 13:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-08-07 13:25 - 2015-08-07 13:26 - 00000000 ____D C:\Program Files\iTunes
2015-08-07 13:25 - 2015-08-07 13:25 - 00000000 ____D C:\Program Files\iPod
2015-08-07 13:16 - 2015-08-07 13:17 - 00000000 ____D C:\Program Files\QuickTime
2015-08-07 13:16 - 2015-08-07 13:16 - 00001815 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-08-07 13:16 - 2015-08-07 13:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-08-02 17:33 - 2015-08-02 17:33 - 00000000 ____D C:\Users\Shiggz\AppData\Local\GWX
2015-08-02 13:21 - 2015-08-02 13:21 - 00000000 ____D C:\Users\Shiggz\Desktop\Tor Browser
2015-08-02 12:38 - 2015-08-02 12:38 - 00000000 ____D C:\windows\system32\appraiser
2015-08-02 12:37 - 2015-08-02 12:45 - 00000000 ___SD C:\windows\system32\GWX
2015-08-02 12:13 - 2015-01-09 00:44 - 00419936 _____ C:\windows\system32\locale.nls
2015-08-02 11:34 - 2015-08-02 11:35 - 00000000 ____D C:\1e1621226f8167fdd5c2cd3e8aaca9
2015-08-02 11:31 - 2015-04-11 04:07 - 00054656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\stream.sys
2015-08-02 11:31 - 2015-01-29 04:02 - 02311168 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2015-08-02 11:30 - 2015-07-25 18:51 - 00015808 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2015-08-02 11:30 - 2015-07-25 18:47 - 00628736 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-08-02 11:30 - 2015-07-25 18:47 - 00587264 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-08-02 11:30 - 2015-07-25 18:46 - 00924160 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-08-02 11:30 - 2015-07-25 18:46 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-08-02 11:30 - 2015-07-25 18:46 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-08-02 11:30 - 2015-07-25 18:46 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-08-02 11:30 - 2015-07-25 18:40 - 00932864 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-08-02 11:30 - 2015-06-03 21:17 - 01167520 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2015-08-02 11:30 - 2015-06-03 21:17 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-08-02 11:30 - 2015-05-25 19:01 - 00853504 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-08-02 11:30 - 2015-05-25 19:01 - 00641536 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-08-02 11:30 - 2015-05-25 19:01 - 00635392 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-08-02 11:30 - 2015-05-25 19:01 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
2015-08-02 11:30 - 2015-05-25 19:00 - 00364544 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
2015-08-02 11:30 - 2015-05-25 19:00 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\logman.exe
2015-08-02 11:30 - 2015-05-25 19:00 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe
2015-08-02 11:30 - 2015-05-25 19:00 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\relog.exe
2015-08-02 11:30 - 2015-05-25 19:00 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe
2015-08-02 11:30 - 2015-05-25 17:53 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-08-02 11:29 - 2015-04-27 20:05 - 00179200 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-08-02 11:29 - 2015-04-27 20:04 - 01174528 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-08-02 11:29 - 2015-04-27 20:04 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-08-02 11:29 - 2015-04-27 20:04 - 00103936 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-08-02 11:29 - 2015-03-14 04:04 - 01372160 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2015-08-02 11:29 - 2015-03-14 04:04 - 00067584 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2015-08-02 11:28 - 2015-03-04 05:11 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2015-08-02 11:28 - 2015-03-04 05:10 - 00295936 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-08-02 11:28 - 2015-03-04 05:10 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-08-02 11:28 - 2015-03-04 05:10 - 00020992 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-08-02 11:22 - 2015-05-09 19:09 - 00715200 _____ (Microsoft Corporation) C:\windows\system32\mcupdate_GenuineIntel.dll
2015-08-02 10:28 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_43.dll
2015-08-02 10:28 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_43.dll
2015-08-02 10:27 - 2015-08-02 10:27 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-02 10:26 - 2015-08-02 10:26 - 00001819 _____ C:\Users\Shiggz\Desktop\Kodi.lnk
2015-08-02 10:24 - 2015-08-31 13:10 - 00000000 ____D C:\Program Files\Kodi
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-01 20:55 - 2010-11-14 10:45 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2015-09-01 20:54 - 2010-10-17 01:08 - 00000882 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-01 20:53 - 2009-07-14 05:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-09-01 20:47 - 2009-07-14 05:34 - 00014736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-01 20:47 - 2009-07-14 05:34 - 00014736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-31 23:39 - 2010-11-22 19:34 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-593423473-182427553-3595481273-1001UA.job
2015-08-31 23:12 - 2009-07-14 03:04 - 00000215 _____ C:\windows\system.ini
2015-08-31 23:11 - 2010-10-17 01:08 - 00000886 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-31 21:02 - 2009-07-14 05:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-08-31 20:28 - 2011-11-13 09:56 - 00000000 ____D C:\Users\Heather\AppData\Roaming\CheckPoint
2015-08-31 19:47 - 2012-04-25 20:46 - 00000000 ____D C:\Users\Shiggz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Juniper Networks
2015-08-31 19:41 - 2012-04-25 20:45 - 00000000 ____D C:\Users\Shiggz\AppData\Roaming\Juniper Networks
2015-08-31 19:30 - 2015-04-22 11:09 - 00000000 ____D C:\Users\Shiggz\AppData\Local\Unity
2015-08-31 19:27 - 2011-01-22 12:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-08-31 19:06 - 2013-10-16 19:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HttpWatch Basic Edition
2015-08-31 18:59 - 2010-10-17 01:07 - 00000000 ____D C:\Program Files\Google
2015-08-31 18:59 - 2010-10-14 22:18 - 00000000 ____D C:\Users\Shiggz\AppData\Local\Google
2015-08-31 18:42 - 2011-11-13 20:30 - 00000000 ____D C:\Users\Shiggz\AppData\Roaming\CheckPoint
2015-08-31 17:41 - 2010-12-18 12:03 - 00000000 ____D C:\ProgramData\MFAData
2015-08-31 17:34 - 2010-10-14 21:32 - 00000000 ____D C:\Program Files\Adobe
2015-08-31 17:33 - 2014-08-25 10:52 - 00000000 ____D C:\Users\Shiggz\AppData\Local\Adobe
2015-08-31 17:20 - 2014-02-16 21:58 - 00000000 ____D C:\Users\Shiggz\AppData\Local\FullTiltPoker
2015-08-31 17:10 - 2012-09-30 17:42 - 00000000 ____D C:\Users\Shiggz\AppData\Roaming\StreamTorrent
2015-08-31 15:47 - 2010-10-26 10:55 - 00000000 ____D C:\windows\Minidump
2015-08-31 14:06 - 2014-08-25 16:48 - 00000000 ____D C:\Program Files\CCleaner
2015-08-31 13:58 - 2009-07-26 21:57 - 00000000 ____D C:\windows\Sec
2015-08-31 13:54 - 2010-10-15 00:07 - 00000000 ____D C:\Users\Shiggz\AppData\Roaming\Mozilla
2015-08-31 13:13 - 2013-08-25 16:08 - 00660188 _____ C:\windows\system32\xml_backup.XML
2015-08-31 13:11 - 2012-04-25 20:48 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-08-30 21:28 - 2012-04-12 22:31 - 00000000 ____D C:\Temp
2015-08-30 21:28 - 2010-11-08 09:49 - 00000000 ____D C:\Program Files\uTorrent
2015-08-30 16:22 - 2010-11-22 19:34 - 00000860 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-593423473-182427553-3595481273-1001Core.job
2015-08-30 08:33 - 2009-07-26 21:06 - 00884430 _____ C:\windows\system32\PerfStringBackup.INI
2015-08-29 00:35 - 2010-10-14 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Casual Games
2015-08-29 00:35 - 2010-10-14 21:32 - 00000000 ____D C:\Program Files\Samsung Casual Games
2015-08-29 00:32 - 2010-11-06 14:40 - 00000000 ____D C:\Program Files\Java
2015-08-28 23:33 - 2010-12-07 18:09 - 00000000 ____D C:\Users\Heather\AppData\Roaming\uTorrent
2015-08-28 23:33 - 2010-12-06 13:05 - 00000000 ____D C:\Users\Heather\AppData\Roaming\Skype
2015-08-28 22:24 - 2014-07-06 12:49 - 00000000 ____D C:\ProgramData\Emsisoft
2015-08-28 19:00 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\LogFiles
2015-08-28 08:19 - 2009-07-14 03:37 - 00000000 ___RD C:\Users\Public
2015-08-28 00:12 - 2015-06-12 10:24 - 00000000 ____D C:\Program Files\Common Files\AV
2015-08-25 08:20 - 2014-11-21 21:19 - 00000935 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-08-25 08:20 - 2014-11-21 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-08-24 20:06 - 2010-10-14 21:31 - 00000000 ____D C:\Users\Shiggz
2015-08-24 15:56 - 2009-07-14 03:37 - 00000000 ____D C:\windows\rescache
2015-08-16 15:01 - 2012-10-17 14:13 - 00000000 ____D C:\Users\Heather\AppData\Roaming\tor
2015-08-16 10:37 - 2010-10-27 20:52 - 00000000 ____D C:\Program Files\TomTom HOME 2
2015-08-16 10:33 - 2010-11-14 22:55 - 00000000 ____D C:\Users\Heather\AppData\Local\Downloaded Installations
2015-08-15 17:02 - 2014-05-05 20:44 - 00000000 ____D C:\_acestream_cache_
2015-08-15 10:24 - 2009-07-14 03:37 - 00000000 ____D C:\windows\Microsoft.NET
2015-08-15 10:18 - 2013-10-05 17:41 - 00000000 ____D C:\Program Files\MarkAny
2015-08-15 09:50 - 2013-10-05 15:49 - 00000000 ____D C:\Users\Shiggz\AppData\Local\Samsung
2015-08-15 09:42 - 2010-01-14 04:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-08-15 09:41 - 2010-01-14 04:12 - 00000000 ____D C:\ProgramData\SAMSUNG
2015-08-15 09:41 - 2010-01-14 04:00 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-08-15 09:40 - 2010-01-14 04:02 - 00000000 ____D C:\Program Files\Samsung
2015-08-15 09:33 - 2013-10-05 15:49 - 00000000 ____D C:\Users\Shiggz\AppData\Roaming\Samsung
2015-08-15 07:41 - 2009-07-14 05:33 - 00365160 _____ C:\windows\system32\FNTCACHE.DAT
2015-08-12 23:28 - 2010-10-14 21:39 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-12 23:26 - 2010-10-24 00:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-12 23:26 - 2010-10-14 21:50 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-12 23:20 - 2013-08-08 17:51 - 00000000 ____D C:\windows\system32\MRT
2015-08-12 23:07 - 2010-10-16 19:09 - 129304528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-08-10 21:45 - 2013-02-15 23:09 - 00000000 ____D C:\windows\Downloaded Installations
2015-08-07 13:25 - 2015-06-12 13:27 - 00000000 ____D C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-08-07 13:25 - 2014-06-02 18:48 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-08-07 07:04 - 2014-04-15 22:17 - 00000000 ____D C:\Program Files\Tor Browser
2015-08-04 18:23 - 2009-07-14 03:37 - 00000000 ____D C:\windows\AppCompat
2015-08-02 12:38 - 2014-04-30 23:15 - 00000000 ___SD C:\windows\system32\CompatTel
2015-08-02 12:38 - 2009-07-14 03:37 - 00000000 ____D C:\windows\tracing
2015-08-02 12:37 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\AdvancedInstallers
2015-08-02 12:09 - 2014-07-08 20:36 - 00000000 ___RD C:\Program Files\Skype
2015-08-02 12:09 - 2010-10-16 20:25 - 00000000 ____D C:\ProgramData\Skype
 
==================== Files in the root of some directories =======
 
2010-10-14 21:32 - 2009-08-17 05:16 - 0131368 _____ () C:\ProgramData\FullRemove.exe
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-24 15:42
 
==================== End of FRST.txt ============================
 
 

 

 

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:35 AM

Posted 02 September 2015 - 09:35 AM



Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-593423473-182427553-3595481273-1011\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-593423473-182427553-3595481273-1011 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
FF Plugin: @httpwatch.com/hw_addon -> C:\Program Files\HttpWatch\Firefox\components [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @pages.tvunetworks.com/WebPlayer -> C:\Program Files\TVUPlayer\npTVUAx.dll [No File]
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.19 -> C:\Program Files\Veetle\plugins\npVeetle.dll [No File]
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files\Veetle\Player\npvlc.dll [No File]
CHR HKLM\...\Chrome\Extension: [ochbjojkpcmlfeagbaahkofepalngihg] - <no Path\update_url>
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 catchme; \??\C:\Users\TyrAgain\AppData\Local\Temp\catchme.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotDev; system32\DRIVERS\motodrv.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#6 SeanieC

SeanieC
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 02 September 2015 - 01:14 PM

Computer seems to be running well now, thank you. No more crashes of conhost.exe so far. The only problem I can see is that now MBAM cannot connect to the update server again

 

Fixlog.txt attached



#7 SeanieC

SeanieC
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 02 September 2015 - 02:21 PM

AdwCleaner log below and fixlog.txt attached

 

# AdwCleaner v5.004 - Logfile created 02/09/2015 at 19:37:11
# Updated 26/08/2015 by Xplode
# Database : 2015-08-31.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : Shiggz - PUTER
# Running from : C:\Users\Shiggz\Desktop\adwcleaner_5.004.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Users\Heather\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
[-] Folder Deleted : C:\Users\Shiggz\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar

***** [ Files ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec

***** [ Web browsers ] *****

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [889 bytes] ##########

Attached Files



#8 SeanieC

SeanieC
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 02 September 2015 - 02:26 PM

MBAM report found two suspicious registry entried for Setting.DisableRegistryTools(A). I have cleaned them

 

Emsisoft Anti-Malware - Version 10.0.0.5641
Last update: 31/08/2015 23:14:31
Initiated by:

Scan settings:

Scan type: Quick Scan
Objects: Rootkits, Memory, Traces

Detect PUPs: Off
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 02/09/2015 20:22:57
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS   Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-593423473-182427553-3595481273-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS   Setting.DisableRegistryTools (A)

Scanned 61235
Found 2

Scan end: 02/09/2015 20:24:12
Scan time: 0:01:15



#9 SeanieC

SeanieC
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 02 September 2015 - 03:16 PM

Virus seems to be back - multiple crashes of conhost.exe and icacls.exe have returned



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:35 AM

Posted 03 September 2015 - 07:01 AM

Please Download and run the ComboFix tool.

How to use ComboFix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Follow the instructions on the page.

Post the content of the C:\ComboFix.txt file for my review.

p.s.
When all is well you can remove the tool by following the Uninstall instructions on the same page.

====

#11 SeanieC

SeanieC
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 03 September 2015 - 02:29 PM

ComboFix.txt attached

Attached Files



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:35 AM

Posted 04 September 2015 - 07:28 AM

Nothing suspicious was found.

Check the integrity of the operating system files.
How to run sfc /Scannow
http://support.microsoft.com/kb/929833
===

Then try this.

Restore your Windows 7 to the Last good configuration
Follow the instructions on this page.

http://windows.microsoft.com/en-ca/windows/using-last-known-good-configuration#1TC=windows-7
<<<>>>

Keep me posted.

#13 SeanieC

SeanieC
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 04 September 2015 - 02:00 PM

thanks sfc scan showed no problems. I've noticed that the problem does not occur when I temp disable AVG which had an update just before the problem started happening. I'm going to uninstall. DO you have any other freeware anti-virus recommendations ?

 

Thanks for all your help

 

Sean



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:35 AM

Posted 05 September 2015 - 07:33 AM


Download and run the AVG removal utility.

http://www.avg.com/us-en/utilities

Restart the computer normally and reinstall it. It may solve your problem.

For other Free Anti-virus programs you will find all you need in this closing speech.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#15 SeanieC

SeanieC
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 05 September 2015 - 12:18 PM

thank you so much nasdaq you realy helped me understand and fix the problem. Issue can be closed now

 

Sean






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users