Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware infection, Setting.DisableRegistryTools (A), conhost.exe crashes


  • This topic is locked This topic is locked
2 replies to this topic

#1 SeanieC

SeanieC

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 02 September 2015 - 04:11 AM

Hi

 

I believe my Windows 7 laptop has been infected with Malware in the last week or so. I have used some of the standard tools like MBAR, MB Anti-Malware, ESET and HitMan Pro but I think the virus is low level, possibly in the MBR.

 

The virus manifests itself as a crash of conhost.exe followed by a crash of icacls.exe. Windows event viewer says its is triggered by accessing GDI32.dll. At one point it was blocking Malwarebtyes Anti_Malware from accessing its update site. Although I seem to have fixed that part now I still can't get to a full clean

 

MB Anti-Malware has found Setting.DisableRegistryTools (A) which I have cleaned but still no joy

 

RogueKiller found some registry exploits like PUM.dns which again I cleaned and am not even sure are related.

 

Current status is I have a clean User profile which I have been able to use to run DDS, Rkill.exe, and FSRT I don't want to go any further at this stage as the other tools seem to invoke the virus and block the completion of the reports / fixes

 

FSRT log 

-----------

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2015
Ran by TyrAgain (administrator) on PUTER (01-09-2015 20:54:37)
Running from C:\Users\TyrAgain\Desktop
Loaded Profiles: TyrAgain (Available Profiles: Shiggz & Heather & iphone & TyrAgain & DefaultAppPool)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Skype Technologies) C:\Program Files\Skype\Updater\Updater.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
() C:\Windows\System32\winopt.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
() C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Farbar) C:\Users\TyrAgain\Desktop\TSRF.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(DoctorSoft) C:\Program Files\AnyPC Client\APLanMgrC.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [73984 2013-01-02] (Check Point Software Technologies LTD)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1770792 2010-05-20] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10082920 2011-05-18] (Realtek Semiconductor)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3780520 2015-07-31] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157992 2015-07-11] (Apple Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{16BE4C3D-3FD6-408B-B537-FE1498A5A5D3}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7F4C71FE-C6A8-4E82-A601-8D6E45ACFA1C}: [DhcpNameServer] 192.168.100.254
Tcpip\..\Interfaces\{B9DD8F0B-A91C-4335-A05D-107120A6756E}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-593423473-182427553-3595481273-1011\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-593423473-182427553-3595481273-1011\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-593423473-182427553-3595481273-1011\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKU\S-1-5-21-593423473-182427553-3595481273-1011 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKU\S-1-5-21-593423473-182427553-3595481273-1011 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKU\S-1-5-21-593423473-182427553-3595481273-1011 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2012-11-29] (RealDownloader)
BHO: ZoneAlarm Security Engine Registrar -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2012-11-22] (Check Point Software Technologies)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: WinAVI YouTube Download -> {E8DF67A1-B618-4F3F-9E7D-CBE175ADEF5B} -> C:\Program Files\WinAVI YouTube Download\YDTune.dll [2010-07-28] (ZJMedia)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2012-11-22] (Check Point Software Technologies)
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @httpwatch.com/hw_addon -> C:\Program Files\HttpWatch\Firefox\components [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin: @microsoft.com/wpi,version=1.4 -> C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll [2011-04-01] (Microsoft Corp)
FF Plugin: @pages.tvunetworks.com/WebPlayer -> C:\Program Files\TVUPlayer\npTVUAx.dll [No File]
FF Plugin: @real.com/nppl3260;version=16.0.0.282 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2012-12-24] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-05-31] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-05-31] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.0.282 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2012-12-24] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2012-11-29] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-31] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-31] (Google Inc.)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.19 -> C:\Program Files\Veetle\plugins\npVeetle.dll [No File]
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files\Veetle\Player\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-12-18] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack
FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012-12-24]
FF HKLM\...\Firefox\Extensions: [{1E2593B2-E106-4697-BCE7-A9D30DE05D73}] - C:\Program Files\HttpWatch\Firefox
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
CHR HKLM\...\Chrome\Extension: [ochbjojkpcmlfeagbaahkofepalngihg] - <no Path\update_url>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [5531008 2015-08-29] (Emsisoft Ltd)
S3 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3633576 2015-07-31] (AVG Technologies CZ, s.r.o.)
S3 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [335656 2015-07-31] (AVG Technologies CZ, s.r.o.)
S4 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [497320 2012-11-22] (Check Point Software Technologies)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S4 OberonGameConsoleService; C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [44312 2009-08-13] ()
S4 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [36352 2009-12-12] () [File not signed]
S4 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
S4 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
S2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020632 2014-04-04] (Samsung Electronics CO., LTD.)
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2448032 2013-01-02] (Check Point Software Technologies LTD)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 WinOptimizer; C:\windows\system32\winopt.exe [1736704 2011-04-30] () [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\windows\System32\DRIVERS\athr.sys [3208496 2015-05-19] (Qualcomm Atheros Communications, Inc.)
R1 Avgdiskx; C:\windows\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\windows\System32\DRIVERS\avgidsdriverx.sys [250288 2015-07-28] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\windows\System32\DRIVERS\avgidshx.sys [190944 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\windows\System32\DRIVERS\avgidsshimx.sys [31664 2015-07-23] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\windows\System32\DRIVERS\avgldx86.sys [207328 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\windows\System32\DRIVERS\avglogx.sys [290272 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\windows\System32\DRIVERS\avgmfx86.sys [186800 2015-07-28] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\windows\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\windows\System32\DRIVERS\avgtdix.sys [213984 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 epp32; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp32.sys [114072 2015-08-29] (Emsisoft GmbH)
R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [27056 2012-11-22] (Check Point Software Technologies)
S3 MTDVC2; C:\windows\System32\DRIVERS\mtdv2ku2.sys [12288 2003-10-15] (Matsubleepa Electric Industrial Co., Ltd.)
S3 MTDVC2_ENUM; C:\windows\System32\DRIVERS\mtdv2ks2.sys [11648 2003-10-11] (Matsubleepa Electric Industrial Co., Ltd.)
S3 OSFMount; C:\Program Files\OSFMount\OSFMount.sys [353208 2013-10-18] (PassMark Software)
S3 SL3Usb; C:\windows\System32\Drivers\SL3Usb.sys [45048 2013-03-15] (Cristalink Ltd)
S3 SL3UsbNoSSL; C:\windows\System32\Drivers\SL3UsbNoSSL.sys [45048 2013-03-15] (Cristalink Ltd)
R0 sptd; C:\windows\System32\Drivers\sptd.sys [691696 2013-06-03] () [File not signed]
S3 strmdrv; C:\windows\System32\Drivers\strmdrv.sys [35016 2011-05-18] (Rane Corporation)
R3 tap0901; C:\windows\System32\DRIVERS\tap0901.sys [26624 2011-12-15] (The OpenVPN Project)
R1 TRLNDISMON; C:\windows\System32\DRIVERS\TRLNDISMON.sys [25760 2014-12-09] (Tarlogic)
R1 Vsdatant; C:\windows\System32\DRIVERS\vsdatant.sys [454744 2012-12-13] (Check Point Software Technologies LTD)
U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 catchme; \??\C:\Users\TyrAgain\AppData\Local\Temp\catchme.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotDev; system32\DRIVERS\motodrv.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-01 20:54 - 2015-09-01 20:56 - 00017784 _____ C:\Users\TyrAgain\Desktop\FRST.txt
2015-09-01 20:51 - 2015-09-01 20:51 - 01690624 _____ (Farbar) C:\Users\TyrAgain\Desktop\TSRF.exe
2015-08-31 23:46 - 2015-08-31 23:46 - 00034605 _____ C:\Users\TyrAgain\Desktop\attach.txt
2015-08-31 23:46 - 2015-08-31 23:46 - 00023945 _____ C:\Users\TyrAgain\Desktop\dds.txt
2015-08-31 23:30 - 2015-08-31 23:30 - 00688992 ____R (Swearware) C:\Users\TyrAgain\Desktop\other.com
2015-08-31 23:18 - 2015-08-31 23:18 - 00023259 _____ C:\ComboFix.txt
2015-08-31 22:40 - 2015-08-31 23:42 - 00002860 _____ C:\Users\TyrAgain\Desktop\Rkill.txt
2015-08-31 22:39 - 2015-08-31 22:39 - 00000000 ____D C:\Users\TyrAgain\AppData\Roaming\AVG2015
2015-08-31 22:39 - 2015-08-31 22:39 - 00000000 ____D C:\Users\TyrAgain\AppData\Roaming\Apple Computer
2015-08-31 22:39 - 2015-08-31 22:39 - 00000000 ____D C:\Users\TyrAgain\AppData\Local\Avg2015
2015-08-31 22:37 - 2015-08-31 22:37 - 00001413 _____ C:\Users\TyrAgain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-31 22:37 - 2015-08-31 22:37 - 00000000 ____D C:\Users\TyrAgain\AppData\Roaming\Adobe
2015-08-31 22:37 - 2015-08-31 22:37 - 00000000 ____D C:\Users\TyrAgain\AppData\Local\VirtualStore
2015-08-31 22:32 - 2015-08-31 22:32 - 00091096 _____ C:\Users\TyrAgain\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-31 22:30 - 2015-08-29 09:07 - 18772040 _____ C:\Users\TyrAgain\Desktop\RogueKiller(1).exe
2015-08-31 22:30 - 2015-08-28 17:25 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\TyrAgain\Desktop\rkill.exe
2015-08-31 22:29 - 2015-08-31 22:49 - 05635666 ____R (Swearware) C:\Users\TyrAgain\Desktop\ComboFix.exe
2015-08-31 22:29 - 2015-08-31 22:38 - 00000000 ____D C:\Users\TyrAgain
2015-08-31 22:29 - 2015-08-31 22:29 - 00000020 ___SH C:\Users\TyrAgain\ntuser.ini
2015-08-31 22:29 - 2012-12-09 16:08 - 00000000 ____D C:\Users\TyrAgain\AppData\Roaming\TuneUp Software
2015-08-31 22:29 - 2012-08-15 08:32 - 00000000 ____D C:\Users\TyrAgain\AppData\Local\Microsoft Help
2015-08-31 22:29 - 2010-10-14 21:51 - 00001093 _____ C:\Users\TyrAgain\Desktop\CyberLink YouCam.lnk
2015-08-31 22:29 - 2010-10-14 21:51 - 00000000 ____D C:\Users\TyrAgain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
2015-08-31 22:29 - 2010-01-14 04:11 - 00001144 _____ C:\Users\TyrAgain\Desktop\CyberLink DVD Suite.lnk
2015-08-31 22:29 - 2010-01-14 04:11 - 00000000 ____D C:\Users\TyrAgain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2015-08-31 22:29 - 2009-07-14 05:42 - 00000000 ___RD C:\Users\TyrAgain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-31 22:29 - 2009-07-14 05:37 - 00000000 ___RD C:\Users\TyrAgain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-08-31 20:00 - 2015-08-31 20:00 - 00000606 _____ C:\Users\Shiggz\Desktop\JRT.txt
2015-08-31 15:47 - 2015-08-31 15:47 - 187015855 _____ C:\windows\MEMORY.DMP
2015-08-31 14:54 - 2015-08-31 14:58 - 00013030 _____ C:\Users\Heather\Downloads\MTB.txt
2015-08-31 14:52 - 2015-08-31 14:52 - 00891392 _____ (Farbar) C:\Users\Heather\Downloads\MiniToolBox.exe
2015-08-31 14:50 - 2015-08-31 14:51 - 00003171 _____ C:\Users\Heather\Desktop\FSS.txt
2015-08-31 14:49 - 2015-08-31 14:49 - 00899072 _____ (Farbar) C:\Users\Heather\Desktop\FSS.exe
2015-08-31 14:49 - 2015-08-31 14:49 - 00224713 _____ C:\Users\Heather\Documents\gmer.log
2015-08-31 14:11 - 2015-08-31 14:11 - 00380416 _____ C:\Users\Heather\Desktop\8k4b4g22.exe
2015-08-31 14:05 - 2015-08-31 20:32 - 00000000 ____D C:\Users\Heather\AppData\Local\CrashDumps
2015-08-31 14:04 - 2015-08-31 14:04 - 00000000 ____D C:\windows\system32\%LOCALAPPDATA%
2015-08-31 13:47 - 2015-08-31 13:47 - 00106282 _____ C:\Users\Shiggz\Downloads\OTL.Txt
2015-08-31 13:47 - 2015-08-31 13:47 - 00087028 _____ C:\Users\Shiggz\Downloads\Extras.Txt
2015-08-31 13:30 - 2015-08-31 13:30 - 00000161 _____ C:\Users\Shiggz\Desktop\scan.txt
2015-08-31 13:27 - 2015-08-31 13:27 - 00602112 _____ (OldTimer Tools) C:\Users\Shiggz\Downloads\OTL.exe
2015-08-31 13:06 - 2015-08-31 13:06 - 00001222 _____ C:\Users\Shiggz\Desktop\Revo Uninstaller.lnk
2015-08-31 13:06 - 2015-08-31 13:06 - 00000000 ____D C:\Program Files\VS Revo Group
2015-08-31 12:59 - 2015-08-31 12:59 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Shiggz\Downloads\revosetup (1).exe
2015-08-31 09:32 - 2015-08-31 09:32 - 11069616 _____ (VS Revo Group ) C:\Users\Shiggz\Downloads\RevoUninProSetup.exe
2015-08-31 09:31 - 2015-08-31 09:31 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Shiggz\Downloads\revosetup.exe
2015-08-30 21:39 - 2015-08-30 21:39 - 00000555 _____ C:\Users\Shiggz\Desktop\aswMBR1.txt
2015-08-30 19:36 - 2015-08-30 19:36 - 00000000 ____D C:\Program Files\ESET
2015-08-30 19:35 - 2015-08-30 19:36 - 02870984 _____ (ESET) C:\Users\Shiggz\Desktop\esetsmartinstaller_enu.exe
2015-08-30 19:28 - 2015-08-30 19:28 - 00001809 _____ C:\Users\Shiggz\Desktop\aswMBR.txt
2015-08-30 19:28 - 2015-08-30 19:28 - 00000512 _____ C:\Users\Shiggz\Desktop\MBR.dat
2015-08-30 18:28 - 2015-08-30 18:28 - 05198336 _____ (AVAST Software) C:\Users\Shiggz\Desktop\aswMBR.exe
2015-08-30 18:24 - 2015-08-30 18:24 - 00852704 _____ C:\Users\Shiggz\Desktop\SecurityCheck.exe
2015-08-30 17:34 - 2015-08-30 17:34 - 00000992 _____ C:\windows\system32\.crusader
2015-08-30 17:10 - 2015-08-30 17:10 - 01156296 _____ (Adobe Systems Incorporated) C:\Users\Shiggz\Downloads\uninstall_flash_player.exe
2015-08-30 17:05 - 2015-08-30 17:05 - 00007506 _____ C:\windows\DPINST.LOG
2015-08-30 16:38 - 2015-08-30 16:38 - 09723600 _____ (Microsoft Corporation) C:\Users\Shiggz\Downloads\WindowsUpdateAgent-7.6-x86.exe
2015-08-30 08:34 - 2015-08-31 15:21 - 00000000 ____D C:\Users\Shiggz\Desktop\mbar
2015-08-30 08:13 - 2015-08-30 08:13 - 00066497 _____ C:\Users\Shiggz\Downloads\shexview.zip
2015-08-30 08:00 - 2015-08-30 08:01 - 00060902 _____ C:\Users\Shiggz\Desktop\Addition.txt
2015-08-30 07:57 - 2015-08-31 20:01 - 00052600 _____ C:\Users\Shiggz\Desktop\FRST.txt
2015-08-30 07:56 - 2015-09-01 20:54 - 00000000 ____D C:\FRST
2015-08-29 14:27 - 2015-08-31 22:05 - 00000000 ____D C:\Users\Shiggz\AppData\Local\CrashDumps
2015-08-29 12:39 - 2015-08-31 18:17 - 00000000 ____D C:\AdwCleaner
2015-08-29 10:52 - 2015-08-31 20:16 - 05635666 ____R (Swearware) C:\Users\Shiggz\Desktop\ComboFix.exe
2015-08-29 10:35 - 2015-08-29 10:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-29 10:34 - 2015-08-31 21:52 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-08-29 10:34 - 2015-08-31 21:30 - 00170200 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-29 10:34 - 2015-08-31 21:29 - 00094936 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2015-08-29 09:32 - 2015-08-29 09:32 - 00091096 _____ C:\Users\Shiggz\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-29 09:14 - 2015-08-29 09:14 - 01690624 _____ (Farbar) C:\Users\Shiggz\Desktop\FRST.exe
2015-08-29 09:13 - 2015-08-29 09:13 - 01798640 _____ (Malwarebytes Corporation) C:\Users\Shiggz\Desktop\JRT.exe
2015-08-29 09:13 - 2015-08-29 09:13 - 01618432 _____ C:\Users\Shiggz\Desktop\adwcleaner_5.004.exe
2015-08-29 09:11 - 2015-08-29 09:11 - 16563304 _____ (Malwarebytes Corp.) C:\Users\Shiggz\Desktop\mbar-1.09.2.1008.exe
2015-08-29 09:06 - 2015-08-29 09:07 - 18772040 _____ C:\Users\Shiggz\Downloads\RogueKiller(1).exe
2015-08-29 09:05 - 2015-08-31 21:07 - 00035064 _____ C:\windows\system32\Drivers\TrueSight.sys
2015-08-29 09:05 - 2015-08-29 09:06 - 00000000 ____D C:\ProgramData\RogueKiller
2015-08-29 09:05 - 2015-08-29 09:05 - 18772040 _____ C:\Users\Shiggz\Desktop\RogueKiller.exe
2015-08-29 00:21 - 2015-09-01 20:46 - 00345918 _____ C:\windows\WindowsUpdate.log
2015-08-29 00:16 - 2015-09-01 20:53 - 00001568 _____ C:\windows\setupact.log
2015-08-29 00:16 - 2015-08-31 23:27 - 00016554 _____ C:\windows\PFRO.log
2015-08-29 00:16 - 2015-08-29 00:16 - 00000000 _____ C:\windows\setuperr.log
2015-08-29 00:02 - 2015-08-29 00:03 - 00005230 _____ C:\Users\Heather\Desktop\Rkill.txt
2015-08-28 23:31 - 2015-08-28 23:31 - 00000172 _____ C:\Users\Heather\Documents\cc_20150828_233059.reg
2015-08-28 23:30 - 2015-08-28 23:30 - 00094500 _____ C:\Users\Heather\Documents\cc_20150828_233001.reg
2015-08-28 23:30 - 2015-08-28 23:30 - 00000528 _____ C:\Users\Heather\Documents\cc_20150828_233033.reg
2015-08-28 21:20 - 2015-08-30 22:09 - 00000000 ____D C:\Program Files\HitmanPro
2015-08-28 21:18 - 2015-08-30 17:34 - 00000000 ____D C:\ProgramData\HitmanPro
2015-08-28 21:13 - 2015-08-28 21:13 - 04904874 _____ C:\Users\Shiggz\Downloads\Windows6.1-KB2731771-x86.msu
2015-08-28 18:54 - 2015-08-28 18:54 - 00011264 _____ C:\windows\system32\IAMDB.NDB
2015-08-28 18:49 - 2015-08-31 22:14 - 00000000 ____D C:\Users\Shiggz\Downloads\backups
2015-08-28 18:15 - 2015-08-28 18:15 - 00007768 _____ C:\Users\Shiggz\Downloads\hijackthis.log
2015-08-28 18:07 - 2015-08-28 18:07 - 00388608 _____ (Trend Micro Inc.) C:\Users\Shiggz\Downloads\HijackThis.exe
2015-08-28 17:25 - 2015-08-31 22:14 - 00003026 _____ C:\Users\Shiggz\Desktop\Rkill.txt
2015-08-28 17:25 - 2015-08-28 17:25 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Shiggz\Downloads\rkill.exe
2015-08-28 08:42 - 2015-08-28 08:42 - 00245528 _____ (Kaspersky Lab, Yury Parshin) C:\windows\system32\Drivers\83605599.sys
2015-08-28 08:41 - 2015-08-28 08:41 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Shiggz\Desktop\tdsskiller.exe
2015-08-28 07:59 - 2011-06-26 07:45 - 00256000 _____ C:\windows\PEV.exe
2015-08-28 07:59 - 2010-11-07 18:20 - 00208896 _____ C:\windows\MBR.exe
2015-08-28 07:59 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-08-28 07:59 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-08-28 07:59 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-08-28 07:59 - 2000-08-31 01:00 - 00098816 _____ C:\windows\sed.exe
2015-08-28 07:59 - 2000-08-31 01:00 - 00080412 _____ C:\windows\grep.exe
2015-08-28 07:59 - 2000-08-31 01:00 - 00068096 _____ C:\windows\zip.exe
2015-08-28 07:58 - 2015-08-31 23:18 - 00000000 ____D C:\Qoobox
2015-08-28 00:47 - 2015-08-28 08:17 - 00000000 ____D C:\windows\erdnt
2015-08-25 03:00 - 2015-08-11 01:33 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-08-25 03:00 - 2015-08-11 01:20 - 19871232 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-08-24 20:06 - 2015-08-24 20:08 - 00000400 ____H C:\Users\Shiggz\.swfinfo
2015-08-16 14:29 - 2015-08-16 14:29 - 00002646 _____ C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-08-16 14:27 - 2015-08-16 14:27 - 00018669 _____ C:\Users\Heather\Downloads\[kat.cr]tomtom.map.europe.1gb.west.950.6544.torrent
2015-08-16 14:26 - 2015-08-16 14:26 - 00060326 _____ C:\Users\Heather\Downloads\navigon.torrent
2015-08-16 10:37 - 2015-08-16 10:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2015-08-16 10:28 - 2015-08-16 10:28 - 00000000 ____D C:\Users\Heather\AppData\Local\GWX
2015-08-15 11:16 - 2015-08-15 11:16 - 00000000 ____H C:\windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2015-08-15 11:11 - 2015-08-15 11:11 - 01302408 _____ C:\Users\Shiggz\Downloads\Superuser-3.1.3__46___-efghi-signed_Final.rar
2015-08-15 11:08 - 2015-08-15 11:09 - 00000000 ____D C:\Program Files\Odin
2015-08-15 11:03 - 2015-08-15 11:03 - 00282404 _____ C:\Users\Shiggz\Downloads\Samsung_Galaxy_Tab_10.1_root.zip
2015-08-15 10:20 - 2015-08-15 10:20 - 00001948 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2015-08-15 09:47 - 2015-05-21 07:02 - 00581192 _____ (Microsoft Corporation) C:\windows\system32\WinUSBCoInstaller.dll
2015-08-15 09:47 - 2015-05-21 07:02 - 00184192 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\windows\system32\Drivers\ssudmdm.sys
2015-08-15 09:47 - 2015-05-21 07:02 - 00089984 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\windows\system32\Drivers\ssudbus.sys
2015-08-15 09:41 - 2013-10-30 12:06 - 00821824 _____ (Devguru Co., Ltd.) C:\windows\system32\dgderapi.dll
2015-08-15 09:30 - 2015-08-15 09:50 - 00000000 ____D C:\Users\Shiggz\Documents\SelfMV
2015-08-12 23:00 - 2015-07-30 14:13 - 00103120 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 20:10 - 2015-07-20 18:56 - 02943488 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-08-12 20:10 - 2015-07-20 18:56 - 02061312 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-08-12 20:10 - 2015-07-20 18:56 - 00566784 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-08-12 20:10 - 2015-07-20 18:56 - 00173056 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-08-12 20:10 - 2015-07-20 18:56 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-08-12 20:10 - 2015-07-20 18:56 - 00093184 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-08-12 20:10 - 2015-07-20 18:56 - 00073728 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-08-12 20:10 - 2015-07-20 18:56 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-08-12 20:10 - 2015-07-20 18:56 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-08-12 20:10 - 2015-07-20 18:56 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-08-12 20:10 - 2015-07-20 18:56 - 00011776 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-08-12 20:10 - 2015-07-09 18:42 - 00179712 _____ (Microsoft Corporation) C:\windows\system32\notepad.exe
2015-08-12 20:10 - 2015-07-09 18:42 - 00179712 _____ (Microsoft Corporation) C:\windows\notepad.exe
2015-08-12 20:10 - 2015-07-01 21:30 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2015-08-12 20:10 - 2015-07-01 21:30 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2015-08-12 20:09 - 2015-07-30 18:57 - 01987584 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2015-08-12 20:09 - 2015-07-30 18:57 - 01251328 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-08-12 20:09 - 2015-07-30 18:57 - 00909824 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-08-12 20:09 - 2015-07-30 18:57 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-08-12 20:09 - 2015-07-30 18:57 - 00034304 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-08-12 20:09 - 2015-07-30 18:57 - 00026624 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-08-12 20:09 - 2015-07-30 18:57 - 00010240 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-08-12 20:09 - 2015-07-30 17:52 - 02384384 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-08-12 20:09 - 2015-07-30 17:49 - 00299520 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-08-12 20:09 - 2015-07-21 01:12 - 00342736 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-08-12 20:09 - 2015-07-16 21:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-08-12 20:09 - 2015-07-16 20:51 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-08-12 20:09 - 2015-07-16 20:51 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-08-12 20:09 - 2015-07-16 20:50 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-08-12 20:09 - 2015-07-16 20:50 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-08-12 20:09 - 2015-07-16 20:43 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-08-12 20:09 - 2015-07-16 20:43 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-08-12 20:09 - 2015-07-16 20:41 - 00479232 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-08-12 20:09 - 2015-07-16 20:39 - 00664064 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-08-12 20:09 - 2015-07-16 20:39 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-08-12 20:09 - 2015-07-16 20:39 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-08-12 20:09 - 2015-07-16 20:38 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-08-12 20:09 - 2015-07-16 20:32 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-08-12 20:09 - 2015-07-16 20:29 - 00418304 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-08-12 20:09 - 2015-07-16 20:24 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-08-12 20:09 - 2015-07-16 20:20 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-08-12 20:09 - 2015-07-16 20:19 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-08-12 20:09 - 2015-07-16 20:17 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-08-12 20:09 - 2015-07-16 20:12 - 06131200 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-08-12 20:09 - 2015-07-16 20:12 - 00856064 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2015-08-12 20:09 - 2015-07-16 20:12 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2015-08-12 20:09 - 2015-07-16 20:10 - 12856832 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-08-12 20:09 - 2015-07-16 20:06 - 02052608 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-08-12 20:09 - 2015-07-16 20:06 - 00689152 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-08-12 20:09 - 2015-07-16 20:06 - 00685568 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-08-12 20:09 - 2015-07-16 20:05 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-08-12 20:09 - 2015-07-16 19:42 - 01951232 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-08-12 20:09 - 2015-07-16 19:38 - 01310720 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-08-12 20:09 - 2015-07-16 19:37 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-08-12 20:09 - 2015-07-16 16:14 - 00355840 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2015-08-12 20:09 - 2015-07-15 18:59 - 03989952 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-08-12 20:09 - 2015-07-15 18:59 - 03934656 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-08-12 20:09 - 2015-07-15 18:59 - 00137664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-08-12 20:09 - 2015-07-15 18:59 - 00078784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-08-12 20:09 - 2015-07-15 18:59 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-08-12 20:09 - 2015-07-15 18:56 - 01308160 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-08-12 20:09 - 2015-07-15 18:55 - 01159168 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll
2015-08-12 20:09 - 2015-07-15 18:55 - 00400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-08-12 20:09 - 2015-07-15 18:55 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-08-12 20:09 - 2015-07-15 18:55 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-08-12 20:09 - 2015-07-15 18:55 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-08-12 20:09 - 2015-07-15 18:55 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-08-12 20:09 - 2015-07-15 18:55 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-08-12 20:09 - 2015-07-15 18:55 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-08-12 20:09 - 2015-07-15 18:55 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-08-12 20:09 - 2015-07-15 18:54 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-08-12 20:09 - 2015-07-15 18:54 - 00655360 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-08-12 20:09 - 2015-07-15 18:54 - 00552960 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-08-12 20:09 - 2015-07-15 18:54 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-08-12 20:09 - 2015-07-15 18:54 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-08-12 20:09 - 2015-07-15 18:54 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-08-12 20:09 - 2015-07-15 18:54 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-08-12 20:09 - 2015-07-15 18:54 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-08-12 20:09 - 2015-07-15 18:54 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2015-08-12 20:09 - 2015-07-15 18:54 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-08-12 20:09 - 2015-07-15 18:54 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-08-12 20:09 - 2015-07-15 18:54 - 00010752 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-08-12 20:09 - 2015-07-15 18:53 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-08-12 20:09 - 2015-07-15 18:49 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-08-12 20:09 - 2015-07-15 18:48 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-08-12 20:09 - 2015-07-15 18:44 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-08-12 20:09 - 2015-07-15 18:44 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-08-12 20:09 - 2015-07-15 17:36 - 00225792 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-08-12 20:09 - 2015-07-15 17:36 - 00124416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-08-12 20:09 - 2015-07-15 17:36 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-08-12 20:08 - 2015-07-16 20:49 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-08-12 20:08 - 2015-07-16 20:45 - 02279424 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-08-12 20:08 - 2015-07-16 20:12 - 04520448 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-08-12 20:08 - 2015-07-15 03:55 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll
2015-08-12 20:08 - 2015-07-10 18:34 - 12875776 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-08-12 20:07 - 2015-07-15 03:55 - 01390592 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2015-08-12 20:07 - 2015-07-15 03:55 - 01241088 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-08-12 20:07 - 2015-07-15 03:51 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2015-08-12 20:07 - 2015-07-15 03:51 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-08-10 21:49 - 2015-08-10 21:49 - 00000000 ____H C:\windows\system32\Drivers\Msft_Kernel_strmdrv_01007.Wdf
2015-08-10 21:48 - 2011-05-18 10:42 - 00035016 _____ (Rane Corporation) C:\windows\system32\Drivers\strmdrv.sys
2015-08-10 21:48 - 2008-03-27 17:49 - 01112288 _____ (Microsoft Corporation) C:\windows\system32\WdfCoInstaller01007.dll
2015-08-10 21:47 - 2015-08-10 21:47 - 00000000 ____D C:\Users\Shiggz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Serato
2015-08-10 21:47 - 2015-08-10 21:47 - 00000000 ____D C:\Program Files\Serato
2015-08-10 21:41 - 2015-08-10 21:43 - 229802384 _____ C:\Users\Shiggz\Downloads\Serato DJ 1.7.7.zip
2015-08-07 13:26 - 2015-08-07 13:26 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-08-07 13:26 - 2015-08-07 13:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-08-07 13:25 - 2015-08-07 13:26 - 00000000 ____D C:\Program Files\iTunes
2015-08-07 13:25 - 2015-08-07 13:25 - 00000000 ____D C:\Program Files\iPod
2015-08-07 13:16 - 2015-08-07 13:17 - 00000000 ____D C:\Program Files\QuickTime
2015-08-07 13:16 - 2015-08-07 13:16 - 00001815 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-08-07 13:16 - 2015-08-07 13:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-08-02 17:33 - 2015-08-02 17:33 - 00000000 ____D C:\Users\Shiggz\AppData\Local\GWX
2015-08-02 13:21 - 2015-08-02 13:21 - 00000000 ____D C:\Users\Shiggz\Desktop\Tor Browser
2015-08-02 12:38 - 2015-08-02 12:38 - 00000000 ____D C:\windows\system32\appraiser
2015-08-02 12:37 - 2015-08-02 12:45 - 00000000 ___SD C:\windows\system32\GWX
2015-08-02 12:13 - 2015-01-09 00:44 - 00419936 _____ C:\windows\system32\locale.nls
2015-08-02 11:34 - 2015-08-02 11:35 - 00000000 ____D C:\1e1621226f8167fdd5c2cd3e8aaca9
2015-08-02 11:31 - 2015-04-11 04:07 - 00054656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\stream.sys
2015-08-02 11:31 - 2015-01-29 04:02 - 02311168 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2015-08-02 11:30 - 2015-07-25 18:51 - 00015808 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2015-08-02 11:30 - 2015-07-25 18:47 - 00628736 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-08-02 11:30 - 2015-07-25 18:47 - 00587264 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-08-02 11:30 - 2015-07-25 18:46 - 00924160 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-08-02 11:30 - 2015-07-25 18:46 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-08-02 11:30 - 2015-07-25 18:46 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-08-02 11:30 - 2015-07-25 18:46 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-08-02 11:30 - 2015-07-25 18:40 - 00932864 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-08-02 11:30 - 2015-06-03 21:17 - 01167520 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2015-08-02 11:30 - 2015-06-03 21:17 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-08-02 11:30 - 2015-05-25 19:01 - 00853504 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-08-02 11:30 - 2015-05-25 19:01 - 00641536 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-08-02 11:30 - 2015-05-25 19:01 - 00635392 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-08-02 11:30 - 2015-05-25 19:01 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
2015-08-02 11:30 - 2015-05-25 19:00 - 00364544 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
2015-08-02 11:30 - 2015-05-25 19:00 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\logman.exe
2015-08-02 11:30 - 2015-05-25 19:00 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe
2015-08-02 11:30 - 2015-05-25 19:00 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\relog.exe
2015-08-02 11:30 - 2015-05-25 19:00 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe
2015-08-02 11:30 - 2015-05-25 17:53 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-08-02 11:29 - 2015-04-27 20:05 - 00179200 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-08-02 11:29 - 2015-04-27 20:04 - 01174528 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-08-02 11:29 - 2015-04-27 20:04 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-08-02 11:29 - 2015-04-27 20:04 - 00103936 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-08-02 11:29 - 2015-03-14 04:04 - 01372160 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2015-08-02 11:29 - 2015-03-14 04:04 - 00067584 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2015-08-02 11:28 - 2015-03-04 05:11 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2015-08-02 11:28 - 2015-03-04 05:10 - 00295936 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-08-02 11:28 - 2015-03-04 05:10 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-08-02 11:28 - 2015-03-04 05:10 - 00020992 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-08-02 11:22 - 2015-05-09 19:09 - 00715200 _____ (Microsoft Corporation) C:\windows\system32\mcupdate_GenuineIntel.dll
2015-08-02 10:28 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_43.dll
2015-08-02 10:28 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_43.dll
2015-08-02 10:27 - 2015-08-02 10:27 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-02 10:26 - 2015-08-02 10:26 - 00001819 _____ C:\Users\Shiggz\Desktop\Kodi.lnk
2015-08-02 10:24 - 2015-08-31 13:10 - 00000000 ____D C:\Program Files\Kodi
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-01 20:55 - 2010-11-14 10:45 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2015-09-01 20:54 - 2010-10-17 01:08 - 00000882 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-01 20:53 - 2009-07-14 05:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-09-01 20:47 - 2009-07-14 05:34 - 00014736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-01 20:47 - 2009-07-14 05:34 - 00014736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-31 23:39 - 2010-11-22 19:34 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-593423473-182427553-3595481273-1001UA.job
2015-08-31 23:12 - 2009-07-14 03:04 - 00000215 _____ C:\windows\system.ini
2015-08-31 23:11 - 2010-10-17 01:08 - 00000886 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-31 21:02 - 2009-07-14 05:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-08-31 20:28 - 2011-11-13 09:56 - 00000000 ____D C:\Users\Heather\AppData\Roaming\CheckPoint
2015-08-31 19:47 - 2012-04-25 20:46 - 00000000 ____D C:\Users\Shiggz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Juniper Networks
2015-08-31 19:41 - 2012-04-25 20:45 - 00000000 ____D C:\Users\Shiggz\AppData\Roaming\Juniper Networks
2015-08-31 19:30 - 2015-04-22 11:09 - 00000000 ____D C:\Users\Shiggz\AppData\Local\Unity
2015-08-31 19:27 - 2011-01-22 12:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-08-31 19:06 - 2013-10-16 19:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HttpWatch Basic Edition
2015-08-31 18:59 - 2010-10-17 01:07 - 00000000 ____D C:\Program Files\Google
2015-08-31 18:59 - 2010-10-14 22:18 - 00000000 ____D C:\Users\Shiggz\AppData\Local\Google
2015-08-31 18:42 - 2011-11-13 20:30 - 00000000 ____D C:\Users\Shiggz\AppData\Roaming\CheckPoint
2015-08-31 17:41 - 2010-12-18 12:03 - 00000000 ____D C:\ProgramData\MFAData
2015-08-31 17:34 - 2010-10-14 21:32 - 00000000 ____D C:\Program Files\Adobe
2015-08-31 17:33 - 2014-08-25 10:52 - 00000000 ____D C:\Users\Shiggz\AppData\Local\Adobe
2015-08-31 17:20 - 2014-02-16 21:58 - 00000000 ____D C:\Users\Shiggz\AppData\Local\FullTiltPoker
2015-08-31 17:10 - 2012-09-30 17:42 - 00000000 ____D C:\Users\Shiggz\AppData\Roaming\StreamTorrent
2015-08-31 15:47 - 2010-10-26 10:55 - 00000000 ____D C:\windows\Minidump
2015-08-31 14:06 - 2014-08-25 16:48 - 00000000 ____D C:\Program Files\CCleaner
2015-08-31 13:58 - 2009-07-26 21:57 - 00000000 ____D C:\windows\Sec
2015-08-31 13:54 - 2010-10-15 00:07 - 00000000 ____D C:\Users\Shiggz\AppData\Roaming\Mozilla
2015-08-31 13:13 - 2013-08-25 16:08 - 00660188 _____ C:\windows\system32\xml_backup.XML
2015-08-31 13:11 - 2012-04-25 20:48 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-08-30 21:28 - 2012-04-12 22:31 - 00000000 ____D C:\Temp
2015-08-30 21:28 - 2010-11-08 09:49 - 00000000 ____D C:\Program Files\uTorrent
2015-08-30 16:22 - 2010-11-22 19:34 - 00000860 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-593423473-182427553-3595481273-1001Core.job
2015-08-30 08:33 - 2009-07-26 21:06 - 00884430 _____ C:\windows\system32\PerfStringBackup.INI
2015-08-29 00:35 - 2010-10-14 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Casual Games
2015-08-29 00:35 - 2010-10-14 21:32 - 00000000 ____D C:\Program Files\Samsung Casual Games
2015-08-29 00:32 - 2010-11-06 14:40 - 00000000 ____D C:\Program Files\Java
2015-08-28 23:33 - 2010-12-07 18:09 - 00000000 ____D C:\Users\Heather\AppData\Roaming\uTorrent
2015-08-28 23:33 - 2010-12-06 13:05 - 00000000 ____D C:\Users\Heather\AppData\Roaming\Skype
2015-08-28 22:24 - 2014-07-06 12:49 - 00000000 ____D C:\ProgramData\Emsisoft
2015-08-28 19:00 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\LogFiles
2015-08-28 08:19 - 2009-07-14 03:37 - 00000000 ___RD C:\Users\Public
2015-08-28 00:12 - 2015-06-12 10:24 - 00000000 ____D C:\Program Files\Common Files\AV
2015-08-25 08:20 - 2014-11-21 21:19 - 00000935 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-08-25 08:20 - 2014-11-21 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-08-24 20:06 - 2010-10-14 21:31 - 00000000 ____D C:\Users\Shiggz
2015-08-24 15:56 - 2009-07-14 03:37 - 00000000 ____D C:\windows\rescache
2015-08-16 15:01 - 2012-10-17 14:13 - 00000000 ____D C:\Users\Heather\AppData\Roaming\tor
2015-08-16 10:37 - 2010-10-27 20:52 - 00000000 ____D C:\Program Files\TomTom HOME 2
2015-08-16 10:33 - 2010-11-14 22:55 - 00000000 ____D C:\Users\Heather\AppData\Local\Downloaded Installations
2015-08-15 17:02 - 2014-05-05 20:44 - 00000000 ____D C:\_acestream_cache_
2015-08-15 10:24 - 2009-07-14 03:37 - 00000000 ____D C:\windows\Microsoft.NET
2015-08-15 10:18 - 2013-10-05 17:41 - 00000000 ____D C:\Program Files\MarkAny
2015-08-15 09:50 - 2013-10-05 15:49 - 00000000 ____D C:\Users\Shiggz\AppData\Local\Samsung
2015-08-15 09:42 - 2010-01-14 04:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-08-15 09:41 - 2010-01-14 04:12 - 00000000 ____D C:\ProgramData\SAMSUNG
2015-08-15 09:41 - 2010-01-14 04:00 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-08-15 09:40 - 2010-01-14 04:02 - 00000000 ____D C:\Program Files\Samsung
2015-08-15 09:33 - 2013-10-05 15:49 - 00000000 ____D C:\Users\Shiggz\AppData\Roaming\Samsung
2015-08-15 07:41 - 2009-07-14 05:33 - 00365160 _____ C:\windows\system32\FNTCACHE.DAT
2015-08-12 23:28 - 2010-10-14 21:39 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-12 23:26 - 2010-10-24 00:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-12 23:26 - 2010-10-14 21:50 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-12 23:20 - 2013-08-08 17:51 - 00000000 ____D C:\windows\system32\MRT
2015-08-12 23:07 - 2010-10-16 19:09 - 129304528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-08-10 21:45 - 2013-02-15 23:09 - 00000000 ____D C:\windows\Downloaded Installations
2015-08-07 13:25 - 2015-06-12 13:27 - 00000000 ____D C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-08-07 13:25 - 2014-06-02 18:48 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-08-07 07:04 - 2014-04-15 22:17 - 00000000 ____D C:\Program Files\Tor Browser
2015-08-04 18:23 - 2009-07-14 03:37 - 00000000 ____D C:\windows\AppCompat
2015-08-02 12:38 - 2014-04-30 23:15 - 00000000 ___SD C:\windows\system32\CompatTel
2015-08-02 12:38 - 2009-07-14 03:37 - 00000000 ____D C:\windows\tracing
2015-08-02 12:37 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\AdvancedInstallers
2015-08-02 12:09 - 2014-07-08 20:36 - 00000000 ___RD C:\Program Files\Skype
2015-08-02 12:09 - 2010-10-16 20:25 - 00000000 ____D C:\ProgramData\Skype
 
==================== Files in the root of some directories =======
 
2010-10-14 21:32 - 2009-08-17 05:16 - 0131368 _____ () C:\ProgramData\FullRemove.exe
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-24 15:42
 
==================== End of FRST.txt ============================

 

Many thanks

 

Sean

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:27 PM

Posted 02 September 2015 - 09:15 AM

Duplicate post the topic will be closed.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:27 PM

Posted 02 September 2015 - 09:16 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users