Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trovi/Gamegogle and Chrome keeps redirecting


  • This topic is locked This topic is locked
12 replies to this topic

#1 Claytronic

Claytronic

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:32 AM

Posted 08 October 2015 - 01:32 PM

My sister attempted to download "Clash of Clans" on her computer and was immediately infected with a virus. The most I can get out of her is that it originally "yelled in Chinese popup windows" and that Chrome kept redirecting to random ad websites.

When connected to the internet, I was seeing Avast popping up, blocking some sort of update .exe file. I managed to get Avast to pop up while browsing the internet, and posted a few screencaps in my previous thread: http://www.bleepingcomputer.com/forums/t/592335/trovigamegogle-redirect/

 

 

FRST LOG:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-10-2015

Ran by Alyssha (administrator) on MINE (08-10-2015 14:25:40)
Running from C:\Users\Alyssha\Downloads
Loaded Profiles: Alyssha (Available Profiles: Alyssha)
Platform: Windows 8.1 Pro with Media Center (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Users\Alyssha\AppData\Local\Crsoft\crsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Users\Alyssha\AppData\Roaming\NetService\netservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-10-01] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-10-01] (AVAST Software)
ShellIconOverlayIdentifiers: [Fatlfn] -> {646BAAE7-7538-4866-8EEE-974C0AA910AB} =>  No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6CE2003A-5C6F-4FC3-81A5-0484B6CE29CA}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{A966452A-CE27-426D-BDB9-399A46158426}: [DhcpNameServer] 192.168.2.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.aqovd.com?oem=sunadcav3&uid=6VESD49S_ST9500325AS&tm=1443653110
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.aqovd.com?oem=sunadcav3&uid=6VESD49S_ST9500325AS&tm=1443653110
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.aqovd.com?oem=sunadcav3&uid=6VESD49S_ST9500325AS&tm=1443653110
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.aqovd.com?oem=sunadcav3&uid=6VESD49S_ST9500325AS&tm=1443653110
HKU\S-1-5-21-476552886-1113993686-2888164755-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ca/?ocid=iehp
HKU\S-1-5-21-476552886-1113993686-2888164755-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.aqovd.com?oem=sunadcav3&uid=6VESD49S_ST9500325AS&tm=1443653110
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-476552886-1113993686-2888164755-1002 -> DefaultScope {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-10-01] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-10-01] (AVAST Software)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-476552886-1113993686-2888164755-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Alyssha\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-10-01]
 
Chrome: 
=======
CHR Profile: C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-15]
CHR Extension: (Google Docs) - C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-15]
CHR Extension: (Google Drive) - C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-15]
CHR Extension: (YouTube) - C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-15]
CHR Extension: (Google Search) - C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-15]
CHR Extension: (Avast SafePrice) - C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-10-08]
CHR Extension: (Google Sheets) - C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-15]
CHR Extension: (Google Docs Offline) - C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-25]
CHR Extension: (EasyCalendar) - C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk [2015-10-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-15]
CHR Extension: (Gmail) - C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-15]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-10-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-10-01]
StartMenuInternet: Google Chrome - chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-01] (AVAST Software)
R2 Crashhd; C:\Users\Alyssha\AppData\Local\Crsoft\crsvc.exe [185800 2015-09-24] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NetTcpHandler; C:\Users\Alyssha\AppData\Roaming\NetService\netservice.exe [173088 2015-07-08] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-10-01] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-10-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-10-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-10-01] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1049880 2015-10-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [448968 2015-10-01] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-10-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-10-01] (AVAST Software)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-10-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-13] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-08 14:25 - 2015-10-08 14:25 - 00011042 _____ C:\Users\Alyssha\Downloads\FRST.txt
2015-10-08 14:24 - 2015-10-08 14:25 - 00000000 ____D C:\FRST
2015-10-08 14:23 - 2015-10-08 14:23 - 02193920 _____ (Farbar) C:\Users\Alyssha\Downloads\FRST64.exe
2015-10-03 01:15 - 2015-10-03 01:15 - 00000869 _____ C:\Users\Alyssha\Desktop\Security Check.txt
2015-10-03 01:09 - 2015-10-03 01:10 - 00002234 _____ C:\Users\Alyssha\Desktop\Rkill.txt
2015-10-03 01:08 - 2015-10-03 01:08 - 00027813 _____ C:\Users\Alyssha\Desktop\MTB.txt
2015-10-02 16:13 - 2015-10-02 16:13 - 00000755 _____ C:\Users\Alyssha\Desktop\Start Emsisoft Emergency Kit.lnk
2015-10-02 16:13 - 2015-10-02 16:13 - 00000000 ____D C:\EEK
2015-10-02 16:12 - 2015-10-02 16:11 - 167769616 _____ C:\Users\Alyssha\Desktop\EmsisoftEmergencyKit.exe
2015-10-02 16:05 - 2015-10-02 16:11 - 167769616 _____ C:\Users\Alyssha\Downloads\EmsisoftEmergencyKit.exe
2015-10-01 16:04 - 2015-10-01 16:04 - 00000000 ____D C:\Program Files (x86)\ESET
2015-10-01 16:04 - 2015-10-01 16:03 - 02870984 _____ (ESET) C:\Users\Alyssha\Desktop\esetsmartinstaller_enu.exe
2015-10-01 16:03 - 2015-10-01 16:03 - 02870984 _____ (ESET) C:\Users\Alyssha\Downloads\esetsmartinstaller_enu.exe
2015-10-01 15:16 - 2015-10-02 14:49 - 00000000 ____D C:\AdwCleaner
2015-10-01 15:10 - 2015-10-01 15:10 - 01801288 _____ (Malwarebytes) C:\Users\Alyssha\Downloads\JRT.exe
2015-10-01 15:10 - 2015-10-01 15:10 - 01801288 _____ (Malwarebytes) C:\Users\Alyssha\Desktop\JRT.exe
2015-10-01 15:09 - 2015-10-01 15:09 - 01670656 _____ C:\Users\Alyssha\Downloads\adwcleaner_5.009.exe
2015-10-01 15:09 - 2015-10-01 15:09 - 01670656 _____ C:\Users\Alyssha\Desktop\adwcleaner_5.009.exe
2015-10-01 15:07 - 2015-10-01 15:07 - 00448512 _____ (OldTimer Tools) C:\Users\Alyssha\Downloads\TFC.exe
2015-10-01 15:07 - 2015-10-01 15:07 - 00448512 _____ (OldTimer Tools) C:\Users\Alyssha\Desktop\TFC.exe
2015-10-01 15:04 - 2015-10-01 15:04 - 00001868 _____ C:\Users\Alyssha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
2015-10-01 14:54 - 2015-10-01 14:53 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Alyssha\Desktop\iExplore.exe
2015-10-01 14:53 - 2015-10-01 14:53 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Alyssha\Downloads\iExplore.exe
2015-10-01 14:34 - 2015-10-01 14:52 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-10-01 14:31 - 2015-10-01 14:30 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Alyssha\Desktop\mbar-1.09.3.1001.exe
2015-10-01 14:30 - 2015-10-01 14:30 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Alyssha\Downloads\mbar-1.09.3.1001.exe
2015-10-01 14:28 - 2015-10-01 14:27 - 00891392 _____ (Farbar) C:\Users\Alyssha\Desktop\MiniToolBox.exe
2015-10-01 14:28 - 2015-10-01 14:26 - 00899072 _____ (Farbar) C:\Users\Alyssha\Desktop\FSS.exe
2015-10-01 14:28 - 2015-10-01 14:24 - 00852720 _____ C:\Users\Alyssha\Desktop\SecurityCheck.exe
2015-10-01 14:27 - 2015-10-01 14:27 - 00891392 _____ (Farbar) C:\Users\Alyssha\Downloads\MiniToolBox.exe
2015-10-01 14:26 - 2015-10-01 14:26 - 00899072 _____ (Farbar) C:\Users\Alyssha\Downloads\FSS.exe
2015-10-01 14:26 - 2015-10-01 14:26 - 00003651 _____ C:\Users\Alyssha\Downloads\FSS.txt
2015-10-01 14:24 - 2015-10-01 14:24 - 00852720 _____ C:\Users\Alyssha\Downloads\SecurityCheck.exe
2015-10-01 14:11 - 2015-10-01 14:11 - 00000000 ____D C:\Windows\pss
2015-10-01 14:00 - 2015-10-01 14:00 - 00000000 ____D C:\Users\Alyssha\AppData\Roaming\AVAST Software
2015-10-01 13:59 - 2015-10-01 14:02 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-10-01 13:59 - 2015-10-01 13:59 - 00448968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-10-01 13:59 - 2015-10-01 13:59 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-10-01 13:59 - 2015-10-01 13:59 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-10-01 13:59 - 2015-10-01 13:59 - 00153744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-10-01 13:59 - 2015-10-01 13:59 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-10-01 13:59 - 2015-10-01 13:59 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-10-01 13:59 - 2015-10-01 13:59 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-10-01 13:59 - 2015-10-01 13:59 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-10-01 13:59 - 2015-10-01 13:59 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-10-01 13:59 - 2015-10-01 13:59 - 00001938 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-10-01 13:59 - 2015-10-01 13:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-10-01 13:59 - 2015-10-01 13:58 - 01049880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-10-01 13:56 - 2015-10-01 13:56 - 00000000 ____D C:\Program Files\AVAST Software
2015-09-30 18:45 - 2015-09-30 18:45 - 00000000 ____D C:\Users\Alyssha\AppData\Roaming\shortCutStore
2015-09-30 18:45 - 2015-09-30 18:45 - 00000000 ____D C:\Users\Alyssha\AppData\Local\Crsoft
2015-09-30 12:46 - 2015-09-30 18:33 - 00003436 _____ C:\Windows\System32\Tasks\Bluhladleiohh
2015-09-28 19:52 - 2015-10-08 13:42 - 00001028 _____ C:\Windows\Tasks\qasZ5EBnxU7Ih1dh4P7.job
2015-09-28 19:52 - 2015-09-30 18:59 - 00000000 ____D C:\Program Files (x86)\0a80516e-38bc-436f-b655-0e80d1a67ebe
2015-09-28 19:52 - 2015-09-28 19:53 - 00004030 _____ C:\Windows\System32\Tasks\qasZ5EBnxU7Ih1dh4P7
2015-09-28 19:51 - 2015-10-08 13:53 - 00001030 _____ C:\Windows\Tasks\TW9GHd8xPh7K4ygjfdNg.job
2015-09-28 19:51 - 2015-09-28 19:51 - 00004030 _____ C:\Windows\System32\Tasks\TW9GHd8xPh7K4ygjfdNg
2015-09-28 19:49 - 2015-09-30 18:45 - 00000000 ____D C:\Users\Alyssha\AppData\Roaming\RunDir
2015-09-28 19:49 - 2015-09-28 19:49 - 00000000 ____D C:\Users\Alyssha\AppData\Roaming\NetService
2015-09-28 15:43 - 2015-09-28 15:43 - 00000000 ____D C:\Users\Alyssha\AppData\Roaming\Andy
2015-09-28 15:43 - 2015-09-28 15:43 - 00000000 ____D C:\Program Files\Andy
2015-09-28 15:43 - 2015-09-16 15:42 - 00000000 ___RD C:\Users\Alyssha\AppData\Roaming\Andy_45_Online
2015-09-28 15:42 - 2015-10-08 13:42 - 00001042 _____ C:\Windows\Tasks\8PBu16E7mOmwA0M1TnKiqRgOdl.job
2015-09-28 15:42 - 2015-09-28 15:42 - 00004044 _____ C:\Windows\System32\Tasks\8PBu16E7mOmwA0M1TnKiqRgOdl
2015-09-28 15:41 - 2015-09-30 18:34 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-09-28 15:41 - 2013-08-22 09:25 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-09-28 15:40 - 2015-10-01 16:53 - 00000000 ____D C:\Users\Alyssha\AppData\Local\{BF21897D-9B89-E5C5-F611-C02DD2793CB5}
2015-09-28 15:38 - 2015-09-28 15:38 - 00031232 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2015-09-28 15:37 - 2015-10-02 17:15 - 00000000 ____D C:\Program Files (x86)\AdVPN
2015-09-28 15:32 - 2015-09-30 19:02 - 00001315 _____ C:\Users\Alyssha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Help.lnk
2015-09-28 15:32 - 2015-09-30 19:02 - 00001295 _____ C:\Users\Alyssha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uninstall.lnk
2015-09-28 15:29 - 2015-09-28 15:29 - 00000000 _____ C:\ProgramData\inf.dat
2015-09-28 15:28 - 2015-10-08 14:00 - 00000452 _____ C:\Windows\Tasks\Adobe Flash box Files Update Ver 2015928.job
2015-09-28 15:28 - 2015-09-28 15:28 - 00003494 _____ C:\Windows\System32\Tasks\Adobe Flash box Files Update Ver 2015928
2015-09-28 15:28 - 2015-09-28 15:28 - 00000000 ____D C:\Users\Alyssha\AppData\LocalLow\Unity
2015-09-28 15:28 - 2015-09-28 15:28 - 00000000 ____D C:\Users\Alyssha\AppData\Local\Unity
2015-09-28 15:28 - 2015-09-28 15:28 - 00000000 ____D C:\ProgramData\adb
2015-09-28 15:28 - 2015-09-28 15:28 - 00000000 ____D C:\ProgramData\4997GameBox_Data
2015-09-28 14:39 - 2015-05-07 13:50 - 22292672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-09-28 14:39 - 2015-05-07 13:00 - 03109376 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-09-28 14:39 - 2015-05-07 12:53 - 19734960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-09-28 14:39 - 2015-05-07 12:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-09-28 14:39 - 2015-05-07 11:21 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2015-09-28 14:39 - 2015-05-07 11:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2015-09-28 14:39 - 2015-05-03 11:09 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-09-28 14:39 - 2015-05-03 10:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-09-28 14:39 - 2015-05-03 10:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-09-28 14:39 - 2015-05-03 10:49 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-09-28 14:39 - 2015-04-29 19:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2015-09-28 14:39 - 2015-04-24 22:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-09-28 14:38 - 2015-09-02 22:18 - 02531400 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-28 14:38 - 2015-09-02 22:17 - 01903848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-28 14:38 - 2015-09-02 14:48 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-28 14:38 - 2015-09-02 13:09 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-28 14:38 - 2015-07-22 10:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-28 14:38 - 2015-07-22 09:52 - 01633792 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-28 14:38 - 2015-07-17 10:15 - 00951296 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-28 14:38 - 2015-07-17 10:10 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-09-28 14:38 - 2015-07-03 17:51 - 01380056 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-09-28 14:38 - 2015-07-03 10:00 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-09-28 14:38 - 2015-06-27 07:47 - 00118616 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-28 14:38 - 2015-06-12 13:03 - 18823680 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2015-09-28 14:38 - 2015-06-12 12:36 - 15159296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2015-09-28 14:37 - 2015-07-07 05:40 - 00270168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-09-28 14:37 - 2015-07-07 05:40 - 00114520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-09-28 14:37 - 2015-07-07 05:40 - 00044560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-09-28 14:33 - 2015-07-28 19:24 - 00025776 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-09-28 14:33 - 2015-07-28 10:24 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-09-28 14:33 - 2015-07-28 10:24 - 01116160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-09-28 14:33 - 2015-07-28 10:24 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-09-28 14:33 - 2015-07-28 10:24 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-09-28 14:33 - 2015-07-28 10:24 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-09-28 14:33 - 2015-07-28 10:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-09-28 14:33 - 2015-07-14 17:59 - 01113944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-09-28 14:33 - 2015-07-14 17:59 - 00487256 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2015-09-28 14:33 - 2015-07-14 17:59 - 00393560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2015-09-28 14:33 - 2015-07-09 12:14 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-09-28 14:33 - 2015-06-26 19:21 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-09-28 14:33 - 2015-05-11 12:34 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll
2015-09-28 14:33 - 2015-04-28 09:13 - 00513480 _____ C:\Windows\SysWOW64\locale.nls
2015-09-28 14:33 - 2015-04-28 09:13 - 00513480 _____ C:\Windows\system32\locale.nls
2015-09-28 14:33 - 2015-04-23 11:47 - 03084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-09-28 14:33 - 2015-04-23 11:16 - 02471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-09-28 14:29 - 2015-07-13 15:10 - 00411455 _____ C:\Windows\system32\ApnDatabase.xml
2015-09-28 14:29 - 2015-06-11 16:12 - 02476376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-09-28 14:29 - 2015-06-11 16:12 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-09-28 14:29 - 2015-05-07 12:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-09-28 14:29 - 2015-05-03 11:07 - 07784448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2015-09-28 14:29 - 2015-05-03 10:57 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2015-09-25 12:47 - 2015-05-12 09:19 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2015-09-25 12:26 - 2015-06-19 13:07 - 02819072 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-09-25 12:21 - 2015-09-25 12:21 - 00000000 ____D C:\8176cd6f59956b31d5c9
2015-09-17 07:21 - 2015-09-17 07:21 - 00186880 _____ (TODO: <Company name>) C:\Windows\system32\rsrcs.dll
2015-09-16 16:48 - 2015-07-30 10:04 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-09-16 16:48 - 2015-07-30 09:48 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-09-16 16:39 - 2015-08-26 22:48 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-16 16:39 - 2015-08-26 14:00 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-16 16:39 - 2015-08-26 14:00 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-16 16:39 - 2015-08-26 14:00 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-16 16:39 - 2015-08-26 14:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-16 16:39 - 2015-08-26 10:46 - 03705344 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-16 16:39 - 2015-08-26 10:29 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-16 16:39 - 2015-08-26 10:27 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-16 16:39 - 2015-08-26 10:27 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-09-16 16:39 - 2015-08-26 10:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-16 16:39 - 2015-08-26 10:26 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-16 16:39 - 2015-08-26 10:26 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-16 16:39 - 2015-08-22 14:19 - 25188352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-16 16:39 - 2015-08-22 13:35 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-16 16:39 - 2015-08-22 13:34 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-16 16:39 - 2015-08-22 13:22 - 19856384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-16 16:39 - 2015-08-22 13:21 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-16 16:39 - 2015-08-22 13:20 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-16 16:39 - 2015-08-22 12:55 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-16 16:39 - 2015-08-22 12:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-16 16:39 - 2015-08-22 12:50 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-09-16 16:39 - 2015-08-22 12:45 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-16 16:39 - 2015-08-22 12:44 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-09-16 16:39 - 2015-08-22 12:41 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-16 16:39 - 2015-08-22 12:41 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-16 16:39 - 2015-08-22 12:41 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-16 16:39 - 2015-08-22 12:41 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-16 16:39 - 2015-08-22 12:39 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-16 16:39 - 2015-08-22 12:28 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-16 16:39 - 2015-08-22 12:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-16 16:39 - 2015-08-22 12:23 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-09-16 16:39 - 2015-08-22 12:22 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-16 16:39 - 2015-08-22 12:20 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-09-16 16:39 - 2015-08-22 12:18 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-16 16:39 - 2015-08-22 12:18 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-16 16:39 - 2015-08-22 12:18 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-16 16:39 - 2015-08-22 12:14 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-16 16:39 - 2015-08-22 12:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-16 16:39 - 2015-08-22 12:00 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-16 16:39 - 2015-08-22 11:56 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-16 16:39 - 2015-08-22 11:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-16 16:39 - 2015-07-30 13:18 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-16 16:39 - 2015-07-30 12:22 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-16 16:39 - 2015-07-16 16:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-16 16:39 - 2015-07-16 16:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-16 16:39 - 2015-07-16 15:53 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-09-16 16:39 - 2015-07-16 15:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-09-16 16:39 - 2015-07-16 15:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-09-16 16:39 - 2015-07-16 15:14 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-09-16 16:39 - 2015-07-16 14:52 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-09-16 16:39 - 2015-07-15 20:29 - 07458648 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-16 16:39 - 2015-07-15 20:29 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-16 16:39 - 2015-07-15 20:29 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-09-16 16:39 - 2015-07-15 20:28 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-09-16 16:39 - 2015-07-10 13:54 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-09-16 16:39 - 2015-07-09 14:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-16 16:39 - 2015-06-26 23:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-16 16:39 - 2015-06-26 23:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-16 16:39 - 2015-06-26 22:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-09-16 16:38 - 2015-09-01 22:56 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-16 16:38 - 2015-09-01 22:55 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-16 16:38 - 2015-09-01 22:50 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-16 16:38 - 2015-09-01 22:17 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-16 16:38 - 2015-09-01 22:13 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-16 16:38 - 2015-07-22 10:34 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-16 16:38 - 2015-07-22 10:33 - 01728000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2015-09-16 16:38 - 2015-07-22 10:25 - 02461184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-16 16:38 - 2015-07-22 10:25 - 01546752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2015-09-16 16:38 - 2015-07-18 14:31 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll
2015-09-16 16:38 - 2015-07-18 14:29 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2015-09-16 16:38 - 2015-07-18 14:29 - 00148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll
2015-09-16 16:38 - 2015-07-18 14:27 - 00520192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2015-09-16 16:38 - 2015-07-01 18:19 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-09-16 16:38 - 2015-07-01 18:16 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-09-16 16:38 - 2015-07-01 17:37 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-09-16 16:38 - 2015-07-01 17:35 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-09-16 16:36 - 2015-08-03 17:15 - 00074928 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-16 16:36 - 2015-08-03 17:15 - 00065600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-16 16:36 - 2015-08-01 10:22 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-16 16:36 - 2015-07-31 23:47 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe
2015-09-16 16:36 - 2015-07-31 23:45 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
2015-09-16 16:36 - 2015-07-31 23:38 - 01265152 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-16 16:36 - 2015-07-31 23:37 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2015-09-16 16:36 - 2015-07-31 23:37 - 00359936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2015-09-16 16:36 - 2015-07-29 10:37 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-09-16 16:36 - 2015-07-29 10:30 - 01381888 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-09-16 16:36 - 2015-07-29 10:23 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-09-16 16:36 - 2015-07-13 23:27 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tzsync.exe
2015-09-16 16:36 - 2015-07-13 15:46 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-16 16:36 - 2015-07-13 15:45 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-09-16 16:36 - 2015-07-10 14:19 - 01101824 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-09-16 16:36 - 2015-07-10 13:14 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-09-16 16:36 - 2015-07-10 13:13 - 07032320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-09-16 16:36 - 2015-07-10 12:31 - 06213120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-09-16 16:36 - 2015-07-09 13:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-09-16 16:36 - 2015-07-09 13:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-09-16 16:36 - 2015-07-09 12:30 - 00212992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-08 14:11 - 2015-05-17 02:03 - 01268536 _____ C:\Windows\WindowsUpdate.log
2015-10-08 14:00 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sru
2015-10-08 13:46 - 2015-05-16 23:39 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-08 13:44 - 2015-06-15 19:37 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D49EC4E5-1935-4EA5-B98B-D9687E3CEF3C}
2015-10-08 13:43 - 2015-06-20 17:50 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-03 19:12 - 2015-05-20 19:02 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2015-10-03 01:02 - 2015-06-15 19:37 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-476552886-1113993686-2888164755-1002
2015-10-03 00:44 - 2015-06-15 19:31 - 00002236 _____ C:\Users\Alyssha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet-Explorer.lnk
2015-10-02 17:19 - 2014-03-18 06:04 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-02 17:12 - 2013-08-22 10:46 - 00043277 _____ C:\Windows\setupact.log
2015-10-02 17:12 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-02 17:11 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-10-02 17:09 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\rescache
2015-10-01 17:01 - 2015-04-19 08:20 - 00000626 _____ C:\Users\Alyssha\AppData\Roaming\TW9GHd8xPh7K4ygjfdNg
2015-10-01 17:01 - 2015-04-19 08:20 - 00000626 _____ C:\Users\Alyssha\AppData\Roaming\qasZ5EBnxU7Ih1dh4P7
2015-10-01 17:01 - 2015-04-19 08:20 - 00000626 _____ C:\Users\Alyssha\AppData\Roaming\8PBu16E7mOmwA0M1TnKiqRgOdl
2015-10-01 14:33 - 2015-06-20 17:49 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-01 14:08 - 2014-03-18 05:54 - 00097988 _____ C:\Windows\PFRO.log
2015-10-01 13:54 - 2015-06-20 18:05 - 00000000 ____D C:\ProgramData\AVAST Software
2015-09-30 19:06 - 2015-06-20 17:50 - 00001114 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-30 19:06 - 2015-06-20 17:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-30 19:06 - 2015-06-20 17:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-30 19:02 - 2015-06-15 19:31 - 00000445 _____ C:\Users\Alyssha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-09-30 19:02 - 2015-06-15 19:31 - 00000443 _____ C:\Users\Alyssha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-09-30 19:02 - 2014-03-18 06:15 - 00002530 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileManager.lnk
2015-09-30 19:02 - 2013-08-22 02:57 - 00002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotosApp.lnk
2015-09-30 19:02 - 2013-08-22 02:57 - 00002201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camera.lnk
2015-09-30 19:02 - 2013-08-22 02:57 - 00000853 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop.lnk
2015-09-30 19:02 - 2013-08-22 02:54 - 00002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
2015-09-30 19:02 - 2013-08-22 02:48 - 00002269 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Store.lnk
2015-09-30 19:02 - 2013-08-22 02:45 - 00001578 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-09-30 19:01 - 2015-05-16 23:39 - 00001260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-30 19:00 - 2013-08-22 09:25 - 00000194 _____ C:\Windows\win.ini
2015-09-30 13:02 - 2013-08-22 10:44 - 00336504 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-30 13:01 - 2015-05-17 15:23 - 00000000 ____D C:\Windows\system32\appraiser
2015-09-30 13:01 - 2015-05-17 15:22 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-09-30 13:01 - 2013-08-22 11:36 - 00000000 ___RD C:\Windows\ToastData
2015-09-30 13:01 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-09-30 13:01 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-09-30 13:01 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\WinStore
2015-09-30 13:01 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-09-30 13:01 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-09-30 12:49 - 2015-06-15 19:31 - 00000000 ____D C:\Users\Alyssha
2015-09-28 15:40 - 2013-08-22 11:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-09-28 15:40 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-09-28 14:50 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
2015-09-28 14:45 - 2015-06-15 19:31 - 00000000 ____D C:\Users\Alyssha\AppData\Local\Packages
2015-09-28 14:44 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
2015-09-28 14:42 - 2015-05-17 15:23 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-09-28 14:42 - 2015-05-17 15:23 - 00000000 ___SD C:\Windows\system32\GWX
2015-09-25 12:43 - 2015-05-17 13:01 - 00000000 ____D C:\Windows\system32\MRT
2015-09-25 12:21 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-16 16:48 - 2015-05-17 15:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-09-16 16:47 - 2015-05-17 15:39 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-09-16 16:47 - 2015-05-17 15:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-09-16 16:46 - 2014-03-18 05:46 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-16 16:45 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-16 16:45 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-16 16:41 - 2015-05-16 23:39 - 00003888 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-16 16:41 - 2015-05-16 23:39 - 00003652 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-16 16:41 - 2015-05-16 23:39 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-14 21:18 - 2015-05-17 15:32 - 00812008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-14 21:18 - 2015-05-17 15:32 - 00178152 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2015-04-19 08:20 - 2015-10-01 17:01 - 0000626 _____ () C:\Users\Alyssha\AppData\Roaming\8PBu16E7mOmwA0M1TnKiqRgOdl
2015-04-19 08:20 - 2015-10-01 17:01 - 0000626 _____ () C:\Users\Alyssha\AppData\Roaming\qasZ5EBnxU7Ih1dh4P7
2015-04-19 08:20 - 2015-10-01 17:01 - 0000626 _____ () C:\Users\Alyssha\AppData\Roaming\TW9GHd8xPh7K4ygjfdNg
2015-09-28 15:29 - 2015-09-28 15:29 - 0000000 _____ () C:\ProgramData\inf.dat
 
Files to move or delete:
====================
C:\ProgramData\inf.dat
 
 
Some files in TEMP:
====================
C:\Users\Alyssha\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-02 15:10
 
==================== End of FRST.txt ============================

Attached Files


Edited by Claytronic, 08 October 2015 - 01:41 PM.


BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:32 AM

Posted 08 October 2015 - 01:43 PM

:welcome:

Hello Claytronic,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 Claytronic

Claytronic
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:32 AM

Posted 10 October 2015 - 05:36 PM

Hi Jo, sorry for the late reply.
 
 
SECURITY CHECK LOG
 
 Results of screen317's Security Check version 1.009  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender   
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Google Chrome (45.0.2454.101) 
 Google Chrome (45.0.2454.93) 
````````Process Check: objlist.exe by Laurent````````
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
 
__________________________________
 
MBAR LOG
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.3.9200 Windows 8.1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.18036
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.128000 GHz
Memory total: 6097158144, free: 4479582208
 
=======================================
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.3.9200 Windows 8.1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.18036
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.128000 GHz
Memory total: 6097158144, free: 4474515456
 
Downloaded database version: v2015.10.10.06
Downloaded database version: v2015.10.06.01
Downloaded database version: v2015.10.09.01
Initializing...
======================
------------ Kernel report ------------
     10/10/2015 18:15:33
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\system32\DRIVERS\bcmwl63a.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\aswStm.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\aswHwid.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\rdpvideominiport.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\cdd.dll
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\mouhid.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2015.10.10.06
  rootkit: v2015.10.06.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe00062f634e0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe00062f62b20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe00062f634e0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe00062e28510, DeviceName: \Device\00000029\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\HdAudio.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\spaceport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\spaceport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1)
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 8B41364D
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 716800
    Partition is bootable
    Partition file system is NTFS
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 718848  Numsec = 976052224
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffe000638d9220, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe00063f05860, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe000638d9220, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffe000638d9b10, DeviceName: \Device\00000039\, DriverName: \Driver\USBSTOR\
------------ End ----------
File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\COMPOSITEBUS.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\SPACEPORT.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED\{646BAAE7-7538-4866-8EEE-974C0AA910AB} --> [Adware.ChinAd]
File "C:\ProgramData\AVAST Software\Avast\log\AvastSvc.log" is compressed (flags = 1)
File "C:\ProgramData\AVAST Software\Avast\log\AvastUI.log" is compressed (flags = 1)
File "C:\ProgramData\AVAST Software\Avast\log\CommChannel.Protocol.log" is compressed (flags = 1)
File "C:\ProgramData\AVAST Software\Avast\log\GrimeFighter2.log" is compressed (flags = 1)
File "C:\ProgramData\AVAST Software\Avast\log\StreamFilter.log" is compressed (flags = 1)
File "C:\Windows\System32\CIRCoInst.dll" is compressed (flags = 1)
File "C:\Windows\System32\iscsilog.dll" is compressed (flags = 1)
File "C:\Windows\System32\streamci.dll" is compressed (flags = 1)
File "C:\Windows\System32\SysFxUI.dll" is compressed (flags = 1)
File "C:\Windows\System32\WpdMtp.dll" is compressed (flags = 1)
File "C:\Windows\System32\WpdMtpUS.dll" is compressed (flags = 1)
File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1)
------------ Kernel report ------------
     10/10/2015 18:28:13
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\system32\DRIVERS\bcmwl63a.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\aswStm.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\aswHwid.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\rdpvideominiport.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\cdd.dll
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\mouhid.sys
----------- End -----------
Infected: C:\Windows\System32\Tasks\Adobe Flash box Files Update Ver 2015928 --> [Adware.ChinAd]
Infected: C:\Windows\Tasks\Adobe Flash box Files Update Ver 2015928.job --> [Adware.ChinAd]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Adobe Flash box Files Update Ver 2015928 --> [Adware.ChinAd]
Infected: C:\ProgramData\4997GameBox_Data --> [Adware.ChinAd]
Infected: C:\ProgramData\4997GameBox_Data\filecache.ini --> [Adware.ChinAd]
Infected: C:\ProgramData\4997GameBox_Data\soft_download.ini --> [Adware.ChinAd]
Infected: C:\ProgramData\4997GameBox_Data\soft_installrun.ini --> [Adware.ChinAd]
Scan finished
 
 
___________________________________
 
ADWCLEANER LOG
 
# AdwCleaner v5.009 - Logfile created 08/10/2015 at 23:48:47
# Updated 27/09/2015 by Xplode
# Database : 2015-09-27.1 [Local]
# Operating system : Windows 8.1 Pro with Media Center  (x64)
# Username : Alyssha - MINE
# Running from : C:\Users\Alyssha\Desktop\adwcleaner_5.009.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk
 
***** [ Files ] *****
 
File Found : C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_papbadoldddalgcjcicnikcfenodpghp_0
File Found : C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\papbadoldddalgcjcicnikcfenodpghp
File Found : C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lkadffjmnaiokkdncgdlecdegajoiemi_0
File Found : C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkadffjmnaiokkdncgdlecdegajoiemi
File Found : C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jcgcoifbkbphhjnekfkmohklfaimhikk_0.localstorage
File Found : C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jcgcoifbkbphhjnekfkmohklfaimhikk_0.localstorage-journal
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : jcgcoifbkbphhjnekfkmohklfaimhikk
 
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1906 bytes] ##########

Edited by Claytronic, 10 October 2015 - 05:37 PM.


#4 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:32 AM

Posted 10 October 2015 - 05:51 PM

Hello Claytronic,
 

***


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop, but you are Running from C:\Users\Alyssha\Downloads ) as fixlist.txt

 
start
CreateRestorePoint:
CloseProcesses:
() C:\Users\Alyssha\AppData\Local\Crsoft\crsvc.exe
() C:\Users\Alyssha\AppData\Roaming\NetService\netservice.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-476552886-1113993686-2888164755-1002 -> DefaultScope {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = 
EmptyTemp:
DisableService: Crashhd
DisableService: NetTcpHandler
R2 NetTcpHandler; C:\Users\Alyssha\AppData\Roaming\NetService\netservice.exe [173088 2015-07-08] ()
R2 Crashhd; C:\Users\Alyssha\AppData\Local\Crsoft\crsvc.exe [185800 2015-09-24] ()
C:\Users\Alyssha\AppData\Local\Crsoft
C:\ProgramData\inf.dat
C:\Users\Alyssha\AppData\Roaming\NetService
Task: C:\Windows\Tasks\8PBu16E7mOmwA0M1TnKiqRgOdl.job => C:\Users\Alyssha\AppData\Roaming\8PBu16E7mOmwA0M1TnKiqRgOdl.exe <==== ATTENTION
Task: C:\Windows\Tasks\qasZ5EBnxU7Ih1dh4P7.job => C:\Users\Alyssha\AppData\Roaming\qasZ5EBnxU7Ih1dh4P7.exe <==== ATTENTION
Task: C:\Windows\Tasks\TW9GHd8xPh7K4ygjfdNg.job => C:\Users\Alyssha\AppData\Roaming\TW9GHd8xPh7K4ygjfdNg.exe <==== ATTENTION
end


NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.


***


FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 Claytronic

Claytronic
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:32 AM

Posted 10 October 2015 - 06:00 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-10-2015
Ran by Alyssha (administrator) on MINE (10-10-2015 18:59:14)
Running from C:\Users\Alyssha\Downloads
Loaded Profiles: Alyssha (Available Profiles: Alyssha)
Platform: Windows 8.1 Pro with Media Center (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Users\Alyssha\AppData\Local\Crsoft\crsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Users\Alyssha\AppData\Roaming\NetService\netservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-10-01] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-10-01] (AVAST Software)
ShellIconOverlayIdentifiers: [Fatlfn] -> {646BAAE7-7538-4866-8EEE-974C0AA910AB} =>  No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6CE2003A-5C6F-4FC3-81A5-0484B6CE29CA}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{A966452A-CE27-426D-BDB9-399A46158426}: [DhcpNameServer] 192.168.2.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.aqovd.com?oem=sunadcav3&uid=6VESD49S_ST9500325AS&tm=1443653110
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.aqovd.com?oem=sunadcav3&uid=6VESD49S_ST9500325AS&tm=1443653110
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.aqovd.com?oem=sunadcav3&uid=6VESD49S_ST9500325AS&tm=1443653110
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.aqovd.com?oem=sunadcav3&uid=6VESD49S_ST9500325AS&tm=1443653110
HKU\S-1-5-21-476552886-1113993686-2888164755-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ca/?ocid=iehp
HKU\S-1-5-21-476552886-1113993686-2888164755-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.aqovd.com?oem=sunadcav3&uid=6VESD49S_ST9500325AS&tm=1443653110
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-476552886-1113993686-2888164755-1002 -> DefaultScope {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-10-01] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-10-01] (AVAST Software)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-476552886-1113993686-2888164755-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Alyssha\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-10-01]
 
Chrome: 
=======
CHR Profile: C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-15]
CHR Extension: (Google Docs) - C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-15]
CHR Extension: (Google Drive) - C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-15]
CHR Extension: (YouTube) - C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-15]
CHR Extension: (Google Search) - C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-15]
CHR Extension: (Avast SafePrice) - C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-10-08]
CHR Extension: (Google Sheets) - C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-15]
CHR Extension: (Google Docs Offline) - C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-25]
CHR Extension: (EasyCalendar) - C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk [2015-10-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-15]
CHR Extension: (Gmail) - C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-15]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-10-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-10-01]
StartMenuInternet: Google Chrome - chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-01] (AVAST Software)
R2 Crashhd; C:\Users\Alyssha\AppData\Local\Crsoft\crsvc.exe [185800 2015-09-24] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NetTcpHandler; C:\Users\Alyssha\AppData\Roaming\NetService\netservice.exe [173088 2015-07-08] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-10-01] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-10-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-10-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-10-01] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1049880 2015-10-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [448968 2015-10-01] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-10-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-10-01] (AVAST Software)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-10-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-13] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-10 18:58 - 2015-10-10 18:58 - 00001242 _____ C:\Users\Alyssha\Downloads\fixlist.txt
2015-10-10 18:58 - 2015-10-10 18:58 - 00000000 ____D C:\Users\Alyssha\Downloads\FRST-OlderVersion
2015-10-10 18:14 - 2015-10-10 18:36 - 00000000 ____D C:\Users\Alyssha\Desktop\mbar
2015-10-08 23:50 - 2015-10-08 23:50 - 00001985 _____ C:\Users\Alyssha\Desktop\AdwCleaner[S4].txt
2015-10-08 23:46 - 2015-10-08 23:46 - 00000869 _____ C:\Users\Alyssha\Desktop\checkup.txt
2015-10-08 14:26 - 2015-10-08 14:26 - 00026428 _____ C:\Users\Alyssha\Downloads\Addition.txt
2015-10-08 14:25 - 2015-10-10 18:59 - 00011114 _____ C:\Users\Alyssha\Downloads\FRST.txt
2015-10-08 14:24 - 2015-10-10 18:59 - 00000000 ____D C:\FRST
2015-10-08 14:23 - 2015-10-10 18:58 - 02195456 _____ (Farbar) C:\Users\Alyssha\Downloads\FRST64.exe
2015-10-02 16:13 - 2015-10-02 16:13 - 00000755 _____ C:\Users\Alyssha\Desktop\Start Emsisoft Emergency Kit.lnk
2015-10-02 16:13 - 2015-10-02 16:13 - 00000000 ____D C:\EEK
2015-10-02 16:12 - 2015-10-02 16:11 - 167769616 _____ C:\Users\Alyssha\Desktop\EmsisoftEmergencyKit.exe
2015-10-02 16:05 - 2015-10-02 16:11 - 167769616 _____ C:\Users\Alyssha\Downloads\EmsisoftEmergencyKit.exe
2015-10-01 16:04 - 2015-10-01 16:04 - 00000000 ____D C:\Program Files (x86)\ESET
2015-10-01 16:04 - 2015-10-01 16:03 - 02870984 _____ (ESET) C:\Users\Alyssha\Desktop\esetsmartinstaller_enu.exe
2015-10-01 16:03 - 2015-10-01 16:03 - 02870984 _____ (ESET) C:\Users\Alyssha\Downloads\esetsmartinstaller_enu.exe
2015-10-01 15:16 - 2015-10-08 23:48 - 00000000 ____D C:\AdwCleaner
2015-10-01 15:10 - 2015-10-01 15:10 - 01801288 _____ (Malwarebytes) C:\Users\Alyssha\Downloads\JRT.exe
2015-10-01 15:10 - 2015-10-01 15:10 - 01801288 _____ (Malwarebytes) C:\Users\Alyssha\Desktop\JRT.exe
2015-10-01 15:09 - 2015-10-01 15:09 - 01670656 _____ C:\Users\Alyssha\Downloads\adwcleaner_5.009.exe
2015-10-01 15:09 - 2015-10-01 15:09 - 01670656 _____ C:\Users\Alyssha\Desktop\adwcleaner_5.009.exe
2015-10-01 15:07 - 2015-10-01 15:07 - 00448512 _____ (OldTimer Tools) C:\Users\Alyssha\Downloads\TFC.exe
2015-10-01 15:07 - 2015-10-01 15:07 - 00448512 _____ (OldTimer Tools) C:\Users\Alyssha\Desktop\TFC.exe
2015-10-01 15:04 - 2015-10-01 15:04 - 00001868 _____ C:\Users\Alyssha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
2015-10-01 14:54 - 2015-10-01 14:53 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Alyssha\Desktop\iExplore.exe
2015-10-01 14:53 - 2015-10-01 14:53 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Alyssha\Downloads\iExplore.exe
2015-10-01 14:34 - 2015-10-10 18:36 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-10-01 14:31 - 2015-10-01 14:30 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Alyssha\Desktop\mbar-1.09.3.1001.exe
2015-10-01 14:30 - 2015-10-01 14:30 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Alyssha\Downloads\mbar-1.09.3.1001.exe
2015-10-01 14:28 - 2015-10-01 14:27 - 00891392 _____ (Farbar) C:\Users\Alyssha\Desktop\MiniToolBox.exe
2015-10-01 14:28 - 2015-10-01 14:26 - 00899072 _____ (Farbar) C:\Users\Alyssha\Desktop\FSS.exe
2015-10-01 14:28 - 2015-10-01 14:24 - 00852720 _____ C:\Users\Alyssha\Desktop\SecurityCheck.exe
2015-10-01 14:27 - 2015-10-01 14:27 - 00891392 _____ (Farbar) C:\Users\Alyssha\Downloads\MiniToolBox.exe
2015-10-01 14:26 - 2015-10-01 14:26 - 00899072 _____ (Farbar) C:\Users\Alyssha\Downloads\FSS.exe
2015-10-01 14:26 - 2015-10-01 14:26 - 00003651 _____ C:\Users\Alyssha\Downloads\FSS.txt
2015-10-01 14:24 - 2015-10-01 14:24 - 00852720 _____ C:\Users\Alyssha\Downloads\SecurityCheck.exe
2015-10-01 14:11 - 2015-10-01 14:11 - 00000000 ____D C:\Windows\pss
2015-10-01 14:00 - 2015-10-01 14:00 - 00000000 ____D C:\Users\Alyssha\AppData\Roaming\AVAST Software
2015-10-01 13:59 - 2015-10-01 14:02 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-10-01 13:59 - 2015-10-01 13:59 - 00448968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-10-01 13:59 - 2015-10-01 13:59 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-10-01 13:59 - 2015-10-01 13:59 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-10-01 13:59 - 2015-10-01 13:59 - 00153744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-10-01 13:59 - 2015-10-01 13:59 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-10-01 13:59 - 2015-10-01 13:59 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-10-01 13:59 - 2015-10-01 13:59 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-10-01 13:59 - 2015-10-01 13:59 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-10-01 13:59 - 2015-10-01 13:59 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-10-01 13:59 - 2015-10-01 13:59 - 00001938 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-10-01 13:59 - 2015-10-01 13:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-10-01 13:59 - 2015-10-01 13:58 - 01049880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-10-01 13:56 - 2015-10-01 13:56 - 00000000 ____D C:\Program Files\AVAST Software
2015-09-30 18:45 - 2015-09-30 18:45 - 00000000 ____D C:\Users\Alyssha\AppData\Roaming\shortCutStore
2015-09-30 18:45 - 2015-09-30 18:45 - 00000000 ____D C:\Users\Alyssha\AppData\Local\Crsoft
2015-09-30 12:46 - 2015-09-30 18:33 - 00003436 _____ C:\Windows\System32\Tasks\Bluhladleiohh
2015-09-28 19:52 - 2015-10-10 18:09 - 00001028 _____ C:\Windows\Tasks\qasZ5EBnxU7Ih1dh4P7.job
2015-09-28 19:52 - 2015-09-30 18:59 - 00000000 ____D C:\Program Files (x86)\0a80516e-38bc-436f-b655-0e80d1a67ebe
2015-09-28 19:52 - 2015-09-28 19:53 - 00004030 _____ C:\Windows\System32\Tasks\qasZ5EBnxU7Ih1dh4P7
2015-09-28 19:51 - 2015-10-10 18:09 - 00001030 _____ C:\Windows\Tasks\TW9GHd8xPh7K4ygjfdNg.job
2015-09-28 19:51 - 2015-09-28 19:51 - 00004030 _____ C:\Windows\System32\Tasks\TW9GHd8xPh7K4ygjfdNg
2015-09-28 19:49 - 2015-09-30 18:45 - 00000000 ____D C:\Users\Alyssha\AppData\Roaming\RunDir
2015-09-28 19:49 - 2015-09-28 19:49 - 00000000 ____D C:\Users\Alyssha\AppData\Roaming\NetService
2015-09-28 15:43 - 2015-09-28 15:43 - 00000000 ____D C:\Users\Alyssha\AppData\Roaming\Andy
2015-09-28 15:43 - 2015-09-28 15:43 - 00000000 ____D C:\Program Files\Andy
2015-09-28 15:43 - 2015-09-16 15:42 - 00000000 ___RD C:\Users\Alyssha\AppData\Roaming\Andy_45_Online
2015-09-28 15:42 - 2015-10-10 18:09 - 00001042 _____ C:\Windows\Tasks\8PBu16E7mOmwA0M1TnKiqRgOdl.job
2015-09-28 15:42 - 2015-09-28 15:42 - 00004044 _____ C:\Windows\System32\Tasks\8PBu16E7mOmwA0M1TnKiqRgOdl
2015-09-28 15:41 - 2015-09-30 18:34 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-09-28 15:41 - 2013-08-22 09:25 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-09-28 15:40 - 2015-10-01 16:53 - 00000000 ____D C:\Users\Alyssha\AppData\Local\{BF21897D-9B89-E5C5-F611-C02DD2793CB5}
2015-09-28 15:38 - 2015-09-28 15:38 - 00031232 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2015-09-28 15:37 - 2015-10-02 17:15 - 00000000 ____D C:\Program Files (x86)\AdVPN
2015-09-28 15:32 - 2015-09-30 19:02 - 00001315 _____ C:\Users\Alyssha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Help.lnk
2015-09-28 15:32 - 2015-09-30 19:02 - 00001295 _____ C:\Users\Alyssha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uninstall.lnk
2015-09-28 15:29 - 2015-09-28 15:29 - 00000000 _____ C:\ProgramData\inf.dat
2015-09-28 15:28 - 2015-10-10 18:30 - 00000452 _____ C:\Windows\Tasks\Adobe Flash box Files Update Ver 2015928.job
2015-09-28 15:28 - 2015-09-28 15:28 - 00003494 _____ C:\Windows\System32\Tasks\Adobe Flash box Files Update Ver 2015928
2015-09-28 15:28 - 2015-09-28 15:28 - 00000000 ____D C:\Users\Alyssha\AppData\LocalLow\Unity
2015-09-28 15:28 - 2015-09-28 15:28 - 00000000 ____D C:\Users\Alyssha\AppData\Local\Unity
2015-09-28 15:28 - 2015-09-28 15:28 - 00000000 ____D C:\ProgramData\adb
2015-09-28 15:28 - 2015-09-28 15:28 - 00000000 ____D C:\ProgramData\4997GameBox_Data
2015-09-28 14:39 - 2015-05-07 13:50 - 22292672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-09-28 14:39 - 2015-05-07 13:00 - 03109376 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-09-28 14:39 - 2015-05-07 12:53 - 19734960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-09-28 14:39 - 2015-05-07 12:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-09-28 14:39 - 2015-05-07 11:21 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2015-09-28 14:39 - 2015-05-07 11:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2015-09-28 14:39 - 2015-05-03 11:09 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-09-28 14:39 - 2015-05-03 10:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-09-28 14:39 - 2015-05-03 10:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-09-28 14:39 - 2015-05-03 10:49 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-09-28 14:39 - 2015-04-29 19:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2015-09-28 14:39 - 2015-04-24 22:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-09-28 14:38 - 2015-09-02 22:18 - 02531400 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-28 14:38 - 2015-09-02 22:17 - 01903848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-28 14:38 - 2015-09-02 14:48 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-28 14:38 - 2015-09-02 13:09 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-28 14:38 - 2015-07-22 10:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-28 14:38 - 2015-07-22 09:52 - 01633792 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-28 14:38 - 2015-07-17 10:15 - 00951296 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-28 14:38 - 2015-07-17 10:10 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-09-28 14:38 - 2015-07-03 17:51 - 01380056 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-09-28 14:38 - 2015-07-03 10:00 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-09-28 14:38 - 2015-06-27 07:47 - 00118616 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-28 14:38 - 2015-06-12 13:03 - 18823680 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2015-09-28 14:38 - 2015-06-12 12:36 - 15159296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2015-09-28 14:37 - 2015-07-07 05:40 - 00270168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-09-28 14:37 - 2015-07-07 05:40 - 00114520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-09-28 14:37 - 2015-07-07 05:40 - 00044560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-09-28 14:33 - 2015-07-28 19:24 - 00025776 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-09-28 14:33 - 2015-07-28 10:24 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-09-28 14:33 - 2015-07-28 10:24 - 01116160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-09-28 14:33 - 2015-07-28 10:24 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-09-28 14:33 - 2015-07-28 10:24 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-09-28 14:33 - 2015-07-28 10:24 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-09-28 14:33 - 2015-07-28 10:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-09-28 14:33 - 2015-07-14 17:59 - 01113944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-09-28 14:33 - 2015-07-14 17:59 - 00487256 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2015-09-28 14:33 - 2015-07-14 17:59 - 00393560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2015-09-28 14:33 - 2015-07-09 12:14 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-09-28 14:33 - 2015-06-26 19:21 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-09-28 14:33 - 2015-05-11 12:34 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll
2015-09-28 14:33 - 2015-04-28 09:13 - 00513480 _____ C:\Windows\SysWOW64\locale.nls
2015-09-28 14:33 - 2015-04-28 09:13 - 00513480 _____ C:\Windows\system32\locale.nls
2015-09-28 14:33 - 2015-04-23 11:47 - 03084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-09-28 14:33 - 2015-04-23 11:16 - 02471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-09-28 14:29 - 2015-07-13 15:10 - 00411455 _____ C:\Windows\system32\ApnDatabase.xml
2015-09-28 14:29 - 2015-06-11 16:12 - 02476376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-09-28 14:29 - 2015-06-11 16:12 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-09-28 14:29 - 2015-05-07 12:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-09-28 14:29 - 2015-05-03 11:07 - 07784448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2015-09-28 14:29 - 2015-05-03 10:57 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2015-09-25 12:47 - 2015-05-12 09:19 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2015-09-25 12:26 - 2015-06-19 13:07 - 02819072 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-09-25 12:21 - 2015-09-25 12:21 - 00000000 ____D C:\8176cd6f59956b31d5c9
2015-09-17 07:21 - 2015-09-17 07:21 - 00186880 _____ (TODO: <Company name>) C:\Windows\system32\rsrcs.dll
2015-09-16 16:48 - 2015-07-30 10:04 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-09-16 16:48 - 2015-07-30 09:48 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-09-16 16:39 - 2015-08-26 22:48 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-16 16:39 - 2015-08-26 14:00 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-16 16:39 - 2015-08-26 14:00 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-16 16:39 - 2015-08-26 14:00 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-16 16:39 - 2015-08-26 14:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-16 16:39 - 2015-08-26 10:46 - 03705344 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-16 16:39 - 2015-08-26 10:29 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-16 16:39 - 2015-08-26 10:27 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-16 16:39 - 2015-08-26 10:27 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-09-16 16:39 - 2015-08-26 10:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-16 16:39 - 2015-08-26 10:26 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-16 16:39 - 2015-08-26 10:26 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-16 16:39 - 2015-08-22 14:19 - 25188352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-16 16:39 - 2015-08-22 13:35 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-16 16:39 - 2015-08-22 13:34 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-16 16:39 - 2015-08-22 13:22 - 19856384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-16 16:39 - 2015-08-22 13:21 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-16 16:39 - 2015-08-22 13:20 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-16 16:39 - 2015-08-22 12:55 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-16 16:39 - 2015-08-22 12:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-16 16:39 - 2015-08-22 12:50 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-09-16 16:39 - 2015-08-22 12:45 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-16 16:39 - 2015-08-22 12:44 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-09-16 16:39 - 2015-08-22 12:41 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-16 16:39 - 2015-08-22 12:41 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-16 16:39 - 2015-08-22 12:41 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-16 16:39 - 2015-08-22 12:41 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-16 16:39 - 2015-08-22 12:39 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-16 16:39 - 2015-08-22 12:28 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-16 16:39 - 2015-08-22 12:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-16 16:39 - 2015-08-22 12:23 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-09-16 16:39 - 2015-08-22 12:22 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-16 16:39 - 2015-08-22 12:20 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-09-16 16:39 - 2015-08-22 12:18 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-16 16:39 - 2015-08-22 12:18 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-16 16:39 - 2015-08-22 12:18 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-16 16:39 - 2015-08-22 12:14 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-16 16:39 - 2015-08-22 12:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-16 16:39 - 2015-08-22 12:00 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-16 16:39 - 2015-08-22 11:56 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-16 16:39 - 2015-08-22 11:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-16 16:39 - 2015-07-30 13:18 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-16 16:39 - 2015-07-30 12:22 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-16 16:39 - 2015-07-16 16:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-16 16:39 - 2015-07-16 16:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-16 16:39 - 2015-07-16 15:53 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-09-16 16:39 - 2015-07-16 15:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-09-16 16:39 - 2015-07-16 15:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-09-16 16:39 - 2015-07-16 15:14 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-09-16 16:39 - 2015-07-16 14:52 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-09-16 16:39 - 2015-07-15 20:29 - 07458648 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-16 16:39 - 2015-07-15 20:29 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-16 16:39 - 2015-07-15 20:29 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-09-16 16:39 - 2015-07-15 20:28 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-09-16 16:39 - 2015-07-10 13:54 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-09-16 16:39 - 2015-07-09 14:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-16 16:39 - 2015-06-26 23:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-16 16:39 - 2015-06-26 23:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-16 16:39 - 2015-06-26 22:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-09-16 16:38 - 2015-09-01 22:56 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-16 16:38 - 2015-09-01 22:55 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-16 16:38 - 2015-09-01 22:50 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-16 16:38 - 2015-09-01 22:17 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-16 16:38 - 2015-09-01 22:13 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-16 16:38 - 2015-07-22 10:34 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-16 16:38 - 2015-07-22 10:33 - 01728000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2015-09-16 16:38 - 2015-07-22 10:25 - 02461184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-16 16:38 - 2015-07-22 10:25 - 01546752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2015-09-16 16:38 - 2015-07-18 14:31 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll
2015-09-16 16:38 - 2015-07-18 14:29 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2015-09-16 16:38 - 2015-07-18 14:29 - 00148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll
2015-09-16 16:38 - 2015-07-18 14:27 - 00520192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2015-09-16 16:38 - 2015-07-01 18:19 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-09-16 16:38 - 2015-07-01 18:16 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-09-16 16:38 - 2015-07-01 17:37 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-09-16 16:38 - 2015-07-01 17:35 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-09-16 16:36 - 2015-08-03 17:15 - 00074928 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-16 16:36 - 2015-08-03 17:15 - 00065600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-16 16:36 - 2015-08-01 10:22 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-16 16:36 - 2015-07-31 23:47 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe
2015-09-16 16:36 - 2015-07-31 23:45 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
2015-09-16 16:36 - 2015-07-31 23:38 - 01265152 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-16 16:36 - 2015-07-31 23:37 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2015-09-16 16:36 - 2015-07-31 23:37 - 00359936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2015-09-16 16:36 - 2015-07-29 10:37 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-09-16 16:36 - 2015-07-29 10:30 - 01381888 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-09-16 16:36 - 2015-07-29 10:23 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-09-16 16:36 - 2015-07-13 23:27 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tzsync.exe
2015-09-16 16:36 - 2015-07-13 15:46 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-16 16:36 - 2015-07-13 15:45 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-09-16 16:36 - 2015-07-10 14:19 - 01101824 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-09-16 16:36 - 2015-07-10 13:14 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-09-16 16:36 - 2015-07-10 13:13 - 07032320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-09-16 16:36 - 2015-07-10 12:31 - 06213120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-09-16 16:36 - 2015-07-09 13:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-09-16 16:36 - 2015-07-09 13:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-09-16 16:36 - 2015-07-09 12:30 - 00212992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-10 18:56 - 2015-05-17 15:23 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-10-10 18:56 - 2015-05-17 15:23 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-10 18:56 - 2015-05-17 02:03 - 01344589 _____ C:\Windows\WindowsUpdate.log
2015-10-10 18:55 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
2015-10-10 18:46 - 2015-05-16 23:39 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-10 18:38 - 2015-06-20 17:50 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-10 18:14 - 2015-06-20 17:49 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-10 18:12 - 2015-06-15 19:37 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D49EC4E5-1935-4EA5-B98B-D9687E3CEF3C}
2015-10-10 18:12 - 2015-05-20 19:02 - 00003754 _____ C:\Windows\System32\Tasks\AutoKMS
2015-10-10 18:09 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sru
2015-10-03 01:02 - 2015-06-15 19:37 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-476552886-1113993686-2888164755-1002
2015-10-03 00:44 - 2015-06-15 19:31 - 00002236 _____ C:\Users\Alyssha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet-Explorer.lnk
2015-10-02 17:19 - 2014-03-18 06:04 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-02 17:12 - 2013-08-22 10:46 - 00043277 _____ C:\Windows\setupact.log
2015-10-02 17:12 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-02 17:11 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-10-02 17:09 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\rescache
2015-10-01 17:01 - 2015-04-19 08:20 - 00000626 _____ C:\Users\Alyssha\AppData\Roaming\TW9GHd8xPh7K4ygjfdNg
2015-10-01 17:01 - 2015-04-19 08:20 - 00000626 _____ C:\Users\Alyssha\AppData\Roaming\qasZ5EBnxU7Ih1dh4P7
2015-10-01 17:01 - 2015-04-19 08:20 - 00000626 _____ C:\Users\Alyssha\AppData\Roaming\8PBu16E7mOmwA0M1TnKiqRgOdl
2015-10-01 14:08 - 2014-03-18 05:54 - 00097988 _____ C:\Windows\PFRO.log
2015-10-01 13:54 - 2015-06-20 18:05 - 00000000 ____D C:\ProgramData\AVAST Software
2015-09-30 19:06 - 2015-06-20 17:50 - 00001114 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-30 19:06 - 2015-06-20 17:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-30 19:06 - 2015-06-20 17:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-30 19:02 - 2015-06-15 19:31 - 00000445 _____ C:\Users\Alyssha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-09-30 19:02 - 2015-06-15 19:31 - 00000443 _____ C:\Users\Alyssha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-09-30 19:02 - 2014-03-18 06:15 - 00002530 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileManager.lnk
2015-09-30 19:02 - 2013-08-22 02:57 - 00002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotosApp.lnk
2015-09-30 19:02 - 2013-08-22 02:57 - 00002201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camera.lnk
2015-09-30 19:02 - 2013-08-22 02:57 - 00000853 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop.lnk
2015-09-30 19:02 - 2013-08-22 02:54 - 00002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
2015-09-30 19:02 - 2013-08-22 02:48 - 00002269 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Store.lnk
2015-09-30 19:02 - 2013-08-22 02:45 - 00001578 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-09-30 19:01 - 2015-05-16 23:39 - 00001260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-30 19:00 - 2013-08-22 09:25 - 00000194 _____ C:\Windows\win.ini
2015-09-30 13:02 - 2013-08-22 10:44 - 00336504 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-30 13:01 - 2015-05-17 15:23 - 00000000 ____D C:\Windows\system32\appraiser
2015-09-30 13:01 - 2015-05-17 15:22 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-09-30 13:01 - 2013-08-22 11:36 - 00000000 ___RD C:\Windows\ToastData
2015-09-30 13:01 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-09-30 13:01 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-09-30 13:01 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\WinStore
2015-09-30 13:01 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-09-30 13:01 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-09-30 12:49 - 2015-06-15 19:31 - 00000000 ____D C:\Users\Alyssha
2015-09-28 15:40 - 2013-08-22 11:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-09-28 15:40 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-09-28 14:50 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
2015-09-28 14:45 - 2015-06-15 19:31 - 00000000 ____D C:\Users\Alyssha\AppData\Local\Packages
2015-09-25 12:43 - 2015-05-17 13:01 - 00000000 ____D C:\Windows\system32\MRT
2015-09-25 12:21 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-16 16:48 - 2015-05-17 15:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-09-16 16:47 - 2015-05-17 15:39 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-09-16 16:47 - 2015-05-17 15:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-09-16 16:46 - 2014-03-18 05:46 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-16 16:45 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-16 16:45 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-16 16:41 - 2015-05-16 23:39 - 00003888 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-16 16:41 - 2015-05-16 23:39 - 00003652 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-16 16:41 - 2015-05-16 23:39 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-14 21:18 - 2015-05-17 15:32 - 00812008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-14 21:18 - 2015-05-17 15:32 - 00178152 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2015-04-19 08:20 - 2015-10-01 17:01 - 0000626 _____ () C:\Users\Alyssha\AppData\Roaming\8PBu16E7mOmwA0M1TnKiqRgOdl
2015-04-19 08:20 - 2015-10-01 17:01 - 0000626 _____ () C:\Users\Alyssha\AppData\Roaming\qasZ5EBnxU7Ih1dh4P7
2015-04-19 08:20 - 2015-10-01 17:01 - 0000626 _____ () C:\Users\Alyssha\AppData\Roaming\TW9GHd8xPh7K4ygjfdNg
2015-09-28 15:29 - 2015-09-28 15:29 - 0000000 _____ () C:\ProgramData\inf.dat
 
Files to move or delete:
====================
C:\ProgramData\inf.dat
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-02 15:10
 
==================== End of FRST.txt ============================


#6 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:32 AM

Posted 10 October 2015 - 06:06 PM

Sorry, but you did not run the fixlist.


Hello Claytronic,
 

***


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop, but you are running it from C:\Users\Alyssha\Downloads ) as fixlist.txt

 
start
CreateRestorePoint:
CloseProcesses:
() C:\Users\Alyssha\AppData\Local\Crsoft\crsvc.exe
() C:\Users\Alyssha\AppData\Roaming\NetService\netservice.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-476552886-1113993686-2888164755-1002 -> DefaultScope {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = 
EmptyTemp:
DisableService: Crashhd
DisableService: NetTcpHandler
R2 NetTcpHandler; C:\Users\Alyssha\AppData\Roaming\NetService\netservice.exe [173088 2015-07-08] ()
R2 Crashhd; C:\Users\Alyssha\AppData\Local\Crsoft\crsvc.exe [185800 2015-09-24] ()
C:\Users\Alyssha\AppData\Local\Crsoft
C:\ProgramData\inf.dat
C:\Users\Alyssha\AppData\Roaming\NetService
Task: C:\Windows\Tasks\8PBu16E7mOmwA0M1TnKiqRgOdl.job => C:\Users\Alyssha\AppData\Roaming\8PBu16E7mOmwA0M1TnKiqRgOdl.exe <==== ATTENTION
Task: C:\Windows\Tasks\qasZ5EBnxU7Ih1dh4P7.job => C:\Users\Alyssha\AppData\Roaming\qasZ5EBnxU7Ih1dh4P7.exe <==== ATTENTION
Task: C:\Windows\Tasks\TW9GHd8xPh7K4ygjfdNg.job => C:\Users\Alyssha\AppData\Roaming\TW9GHd8xPh7K4ygjfdNg.exe <==== ATTENTION
end


NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 Claytronic

Claytronic
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:32 AM

Posted 10 October 2015 - 06:17 PM

Whoops! Sorry about that Jo, was a little distracted.

 

FIXLIST LOG:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:10-10-2015
Ran by Alyssha (2015-10-10 19:09:01) Run:1
Running from C:\Users\Alyssha\Downloads
Loaded Profiles: Alyssha (Available Profiles: Alyssha)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
() C:\Users\Alyssha\AppData\Local\Crsoft\crsvc.exe
() C:\Users\Alyssha\AppData\Roaming\NetService\netservice.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-476552886-1113993686-2888164755-1002 -> DefaultScope {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = 
EmptyTemp:
DisableService: Crashhd
DisableService: NetTcpHandler
R2 NetTcpHandler; C:\Users\Alyssha\AppData\Roaming\NetService\netservice.exe [173088 2015-07-08] ()
R2 Crashhd; C:\Users\Alyssha\AppData\Local\Crsoft\crsvc.exe [185800 2015-09-24] ()
C:\Users\Alyssha\AppData\Local\Crsoft
C:\ProgramData\inf.dat
C:\Users\Alyssha\AppData\Roaming\NetService
Task: C:\Windows\Tasks\8PBu16E7mOmwA0M1TnKiqRgOdl.job => C:\Users\Alyssha\AppData\Roaming\8PBu16E7mOmwA0M1TnKiqRgOdl.exe <==== ATTENTION
Task: C:\Windows\Tasks\qasZ5EBnxU7Ih1dh4P7.job => C:\Users\Alyssha\AppData\Roaming\qasZ5EBnxU7Ih1dh4P7.exe <==== ATTENTION
Task: C:\Windows\Tasks\TW9GHd8xPh7K4ygjfdNg.job => C:\Users\Alyssha\AppData\Roaming\TW9GHd8xPh7K4ygjfdNg.exe <==== ATTENTION
end
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Users\Alyssha\AppData\Local\Crsoft\crsvc.exe => No running process found
C:\Users\Alyssha\AppData\Roaming\NetService\netservice.exe => No running process found
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-476552886-1113993686-2888164755-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
Crashhd => service was disabled
NetTcpHandler => service was disabled
NetTcpHandler => service removed successfully
Crashhd => service removed successfully
C:\Users\Alyssha\AppData\Local\Crsoft => moved successfully
C:\ProgramData\inf.dat => moved successfully
C:\Users\Alyssha\AppData\Roaming\NetService => moved successfully
C:\Windows\Tasks\8PBu16E7mOmwA0M1TnKiqRgOdl.job => moved successfully
C:\Windows\Tasks\qasZ5EBnxU7Ih1dh4P7.job => moved successfully
C:\Windows\Tasks\TW9GHd8xPh7K4ygjfdNg.job => moved successfully
EmptyTemp: => 139 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 19:09:33 ====
 
_________________________________________
 
 
FRST64 LOG:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-10-2015
Ran by Alyssha (administrator) on MINE (10-10-2015 19:15:18)
Running from C:\Users\Alyssha\Downloads
Loaded Profiles: Alyssha (Available Profiles: Alyssha)
Platform: Windows 8.1 Pro with Media Center (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-10-01] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-10-01] (AVAST Software)
ShellIconOverlayIdentifiers: [Fatlfn] -> {646BAAE7-7538-4866-8EEE-974C0AA910AB} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6CE2003A-5C6F-4FC3-81A5-0484B6CE29CA}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{A966452A-CE27-426D-BDB9-399A46158426}: [DhcpNameServer] 192.168.2.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.aqovd.com?oem=sunadcav3&uid=6VESD49S_ST9500325AS&tm=1443653110
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.aqovd.com?oem=sunadcav3&uid=6VESD49S_ST9500325AS&tm=1443653110
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.aqovd.com?oem=sunadcav3&uid=6VESD49S_ST9500325AS&tm=1443653110
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.aqovd.com?oem=sunadcav3&uid=6VESD49S_ST9500325AS&tm=1443653110
HKU\S-1-5-21-476552886-1113993686-2888164755-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ca/?ocid=iehp
HKU\S-1-5-21-476552886-1113993686-2888164755-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.aqovd.com?oem=sunadcav3&uid=6VESD49S_ST9500325AS&tm=1443653110
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-10-01] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-10-01] (AVAST Software)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-476552886-1113993686-2888164755-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Alyssha\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-10-01]
 
Chrome: 
=======
CHR Profile: C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-15]
CHR Extension: (Google Docs) - C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-15]
CHR Extension: (Google Drive) - C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-15]
CHR Extension: (YouTube) - C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-15]
CHR Extension: (Google Search) - C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-15]
CHR Extension: (Avast SafePrice) - C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-10-08]
CHR Extension: (Google Sheets) - C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-15]
CHR Extension: (Google Docs Offline) - C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-15]
CHR Extension: (Gmail) - C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-15]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-10-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-10-01]
StartMenuInternet: Google Chrome - chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-01] (AVAST Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-10-01] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-10-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-10-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-10-01] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1049880 2015-10-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [448968 2015-10-01] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-10-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-10-01] (AVAST Software)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-10-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-13] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-10 19:11 - 2015-10-10 19:11 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-10-10 18:58 - 2015-10-10 18:58 - 00000000 ____D C:\Users\Alyssha\Downloads\FRST-OlderVersion
2015-10-10 18:14 - 2015-10-10 18:36 - 00000000 ____D C:\Users\Alyssha\Desktop\mbar
2015-10-08 23:50 - 2015-10-08 23:50 - 00001985 _____ C:\Users\Alyssha\Desktop\AdwCleaner[S4].txt
2015-10-08 23:46 - 2015-10-08 23:46 - 00000869 _____ C:\Users\Alyssha\Desktop\checkup.txt
2015-10-08 14:26 - 2015-10-08 14:26 - 00026428 _____ C:\Users\Alyssha\Downloads\Addition.txt
2015-10-08 14:25 - 2015-10-10 19:15 - 00010268 _____ C:\Users\Alyssha\Downloads\FRST.txt
2015-10-08 14:24 - 2015-10-10 19:15 - 00000000 ____D C:\FRST
2015-10-08 14:23 - 2015-10-10 18:58 - 02195456 _____ (Farbar) C:\Users\Alyssha\Downloads\FRST64.exe
2015-10-02 16:13 - 2015-10-02 16:13 - 00000755 _____ C:\Users\Alyssha\Desktop\Start Emsisoft Emergency Kit.lnk
2015-10-02 16:13 - 2015-10-02 16:13 - 00000000 ____D C:\EEK
2015-10-02 16:12 - 2015-10-02 16:11 - 167769616 _____ C:\Users\Alyssha\Desktop\EmsisoftEmergencyKit.exe
2015-10-02 16:05 - 2015-10-02 16:11 - 167769616 _____ C:\Users\Alyssha\Downloads\EmsisoftEmergencyKit.exe
2015-10-01 16:04 - 2015-10-01 16:03 - 02870984 _____ (ESET) C:\Users\Alyssha\Desktop\esetsmartinstaller_enu.exe
2015-10-01 16:03 - 2015-10-01 16:03 - 02870984 _____ (ESET) C:\Users\Alyssha\Downloads\esetsmartinstaller_enu.exe
2015-10-01 15:16 - 2015-10-08 23:48 - 00000000 ____D C:\AdwCleaner
2015-10-01 15:10 - 2015-10-01 15:10 - 01801288 _____ (Malwarebytes) C:\Users\Alyssha\Downloads\JRT.exe
2015-10-01 15:10 - 2015-10-01 15:10 - 01801288 _____ (Malwarebytes) C:\Users\Alyssha\Desktop\JRT.exe
2015-10-01 15:09 - 2015-10-01 15:09 - 01670656 _____ C:\Users\Alyssha\Downloads\adwcleaner_5.009.exe
2015-10-01 15:09 - 2015-10-01 15:09 - 01670656 _____ C:\Users\Alyssha\Desktop\adwcleaner_5.009.exe
2015-10-01 15:07 - 2015-10-01 15:07 - 00448512 _____ (OldTimer Tools) C:\Users\Alyssha\Downloads\TFC.exe
2015-10-01 15:07 - 2015-10-01 15:07 - 00448512 _____ (OldTimer Tools) C:\Users\Alyssha\Desktop\TFC.exe
2015-10-01 15:04 - 2015-10-01 15:04 - 00001868 _____ C:\Users\Alyssha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
2015-10-01 14:54 - 2015-10-01 14:53 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Alyssha\Desktop\iExplore.exe
2015-10-01 14:53 - 2015-10-01 14:53 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Alyssha\Downloads\iExplore.exe
2015-10-01 14:34 - 2015-10-10 18:36 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-10-01 14:31 - 2015-10-01 14:30 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Alyssha\Desktop\mbar-1.09.3.1001.exe
2015-10-01 14:30 - 2015-10-01 14:30 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Alyssha\Downloads\mbar-1.09.3.1001.exe
2015-10-01 14:28 - 2015-10-01 14:27 - 00891392 _____ (Farbar) C:\Users\Alyssha\Desktop\MiniToolBox.exe
2015-10-01 14:28 - 2015-10-01 14:26 - 00899072 _____ (Farbar) C:\Users\Alyssha\Desktop\FSS.exe
2015-10-01 14:28 - 2015-10-01 14:24 - 00852720 _____ C:\Users\Alyssha\Desktop\SecurityCheck.exe
2015-10-01 14:27 - 2015-10-01 14:27 - 00891392 _____ (Farbar) C:\Users\Alyssha\Downloads\MiniToolBox.exe
2015-10-01 14:26 - 2015-10-01 14:26 - 00899072 _____ (Farbar) C:\Users\Alyssha\Downloads\FSS.exe
2015-10-01 14:26 - 2015-10-01 14:26 - 00003651 _____ C:\Users\Alyssha\Downloads\FSS.txt
2015-10-01 14:24 - 2015-10-01 14:24 - 00852720 _____ C:\Users\Alyssha\Downloads\SecurityCheck.exe
2015-10-01 14:11 - 2015-10-01 14:11 - 00000000 ____D C:\Windows\pss
2015-10-01 14:00 - 2015-10-01 14:00 - 00000000 ____D C:\Users\Alyssha\AppData\Roaming\AVAST Software
2015-10-01 13:59 - 2015-10-01 14:02 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-10-01 13:59 - 2015-10-01 13:59 - 00448968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-10-01 13:59 - 2015-10-01 13:59 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-10-01 13:59 - 2015-10-01 13:59 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-10-01 13:59 - 2015-10-01 13:59 - 00153744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-10-01 13:59 - 2015-10-01 13:59 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-10-01 13:59 - 2015-10-01 13:59 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-10-01 13:59 - 2015-10-01 13:59 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-10-01 13:59 - 2015-10-01 13:59 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-10-01 13:59 - 2015-10-01 13:59 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-10-01 13:59 - 2015-10-01 13:59 - 00001938 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-10-01 13:59 - 2015-10-01 13:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-10-01 13:59 - 2015-10-01 13:58 - 01049880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-10-01 13:56 - 2015-10-01 13:56 - 00000000 ____D C:\Program Files\AVAST Software
2015-09-30 18:45 - 2015-09-30 18:45 - 00000000 ____D C:\Users\Alyssha\AppData\Roaming\shortCutStore
2015-09-30 12:46 - 2015-09-30 18:33 - 00003436 _____ C:\Windows\System32\Tasks\Bluhladleiohh
2015-09-28 19:52 - 2015-09-30 18:59 - 00000000 ____D C:\Program Files (x86)\0a80516e-38bc-436f-b655-0e80d1a67ebe
2015-09-28 19:52 - 2015-09-28 19:53 - 00004030 _____ C:\Windows\System32\Tasks\qasZ5EBnxU7Ih1dh4P7
2015-09-28 19:51 - 2015-09-28 19:51 - 00004030 _____ C:\Windows\System32\Tasks\TW9GHd8xPh7K4ygjfdNg
2015-09-28 19:49 - 2015-09-30 18:45 - 00000000 ____D C:\Users\Alyssha\AppData\Roaming\RunDir
2015-09-28 15:43 - 2015-09-28 15:43 - 00000000 ____D C:\Users\Alyssha\AppData\Roaming\Andy
2015-09-28 15:43 - 2015-09-28 15:43 - 00000000 ____D C:\Program Files\Andy
2015-09-28 15:43 - 2015-09-16 15:42 - 00000000 ___RD C:\Users\Alyssha\AppData\Roaming\Andy_45_Online
2015-09-28 15:42 - 2015-09-28 15:42 - 00004044 _____ C:\Windows\System32\Tasks\8PBu16E7mOmwA0M1TnKiqRgOdl
2015-09-28 15:41 - 2015-09-30 18:34 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-09-28 15:41 - 2013-08-22 09:25 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-09-28 15:40 - 2015-10-01 16:53 - 00000000 ____D C:\Users\Alyssha\AppData\Local\{BF21897D-9B89-E5C5-F611-C02DD2793CB5}
2015-09-28 15:38 - 2015-09-28 15:38 - 00031232 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2015-09-28 15:37 - 2015-10-02 17:15 - 00000000 ____D C:\Program Files (x86)\AdVPN
2015-09-28 15:32 - 2015-09-30 19:02 - 00001315 _____ C:\Users\Alyssha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Help.lnk
2015-09-28 15:32 - 2015-09-30 19:02 - 00001295 _____ C:\Users\Alyssha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uninstall.lnk
2015-09-28 15:28 - 2015-10-10 19:00 - 00000452 _____ C:\Windows\Tasks\Adobe Flash box Files Update Ver 2015928.job
2015-09-28 15:28 - 2015-09-28 15:28 - 00003494 _____ C:\Windows\System32\Tasks\Adobe Flash box Files Update Ver 2015928
2015-09-28 15:28 - 2015-09-28 15:28 - 00000000 ____D C:\Users\Alyssha\AppData\LocalLow\Unity
2015-09-28 15:28 - 2015-09-28 15:28 - 00000000 ____D C:\Users\Alyssha\AppData\Local\Unity
2015-09-28 15:28 - 2015-09-28 15:28 - 00000000 ____D C:\ProgramData\adb
2015-09-28 15:28 - 2015-09-28 15:28 - 00000000 ____D C:\ProgramData\4997GameBox_Data
2015-09-28 14:39 - 2015-05-07 13:50 - 22292672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-09-28 14:39 - 2015-05-07 13:00 - 03109376 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-09-28 14:39 - 2015-05-07 12:53 - 19734960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-09-28 14:39 - 2015-05-07 12:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-09-28 14:39 - 2015-05-07 11:21 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2015-09-28 14:39 - 2015-05-07 11:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2015-09-28 14:39 - 2015-05-03 11:09 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-09-28 14:39 - 2015-05-03 10:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-09-28 14:39 - 2015-05-03 10:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-09-28 14:39 - 2015-05-03 10:49 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-09-28 14:39 - 2015-04-29 19:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2015-09-28 14:39 - 2015-04-24 22:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-09-28 14:38 - 2015-09-02 22:18 - 02531400 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-28 14:38 - 2015-09-02 22:17 - 01903848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-28 14:38 - 2015-09-02 14:48 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-28 14:38 - 2015-09-02 13:09 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-28 14:38 - 2015-07-22 10:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-28 14:38 - 2015-07-22 09:52 - 01633792 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-28 14:38 - 2015-07-17 10:15 - 00951296 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-28 14:38 - 2015-07-17 10:10 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-09-28 14:38 - 2015-07-03 17:51 - 01380056 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-09-28 14:38 - 2015-07-03 10:00 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-09-28 14:38 - 2015-06-27 07:47 - 00118616 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-28 14:38 - 2015-06-12 13:03 - 18823680 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2015-09-28 14:38 - 2015-06-12 12:36 - 15159296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2015-09-28 14:37 - 2015-07-07 05:40 - 00270168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-09-28 14:37 - 2015-07-07 05:40 - 00114520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-09-28 14:37 - 2015-07-07 05:40 - 00044560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-09-28 14:33 - 2015-07-28 19:24 - 00025776 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-09-28 14:33 - 2015-07-28 10:24 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-09-28 14:33 - 2015-07-28 10:24 - 01116160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-09-28 14:33 - 2015-07-28 10:24 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-09-28 14:33 - 2015-07-28 10:24 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-09-28 14:33 - 2015-07-28 10:24 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-09-28 14:33 - 2015-07-28 10:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-09-28 14:33 - 2015-07-14 17:59 - 01113944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-09-28 14:33 - 2015-07-14 17:59 - 00487256 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2015-09-28 14:33 - 2015-07-14 17:59 - 00393560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2015-09-28 14:33 - 2015-07-09 12:14 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-09-28 14:33 - 2015-06-26 19:21 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-09-28 14:33 - 2015-05-11 12:34 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll
2015-09-28 14:33 - 2015-04-28 09:13 - 00513480 _____ C:\Windows\SysWOW64\locale.nls
2015-09-28 14:33 - 2015-04-28 09:13 - 00513480 _____ C:\Windows\system32\locale.nls
2015-09-28 14:33 - 2015-04-23 11:47 - 03084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-09-28 14:33 - 2015-04-23 11:16 - 02471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-09-28 14:29 - 2015-07-13 15:10 - 00411455 _____ C:\Windows\system32\ApnDatabase.xml
2015-09-28 14:29 - 2015-06-11 16:12 - 02476376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-09-28 14:29 - 2015-06-11 16:12 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-09-28 14:29 - 2015-05-07 12:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-09-28 14:29 - 2015-05-03 11:07 - 07784448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2015-09-28 14:29 - 2015-05-03 10:57 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2015-09-25 12:47 - 2015-05-12 09:19 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2015-09-25 12:26 - 2015-06-19 13:07 - 02819072 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-09-25 12:21 - 2015-09-25 12:21 - 00000000 ____D C:\8176cd6f59956b31d5c9
2015-09-17 07:21 - 2015-09-17 07:21 - 00186880 _____ (TODO: <Company name>) C:\Windows\system32\rsrcs.dll
2015-09-16 16:48 - 2015-07-30 10:04 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-09-16 16:48 - 2015-07-30 09:48 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-09-16 16:39 - 2015-08-26 22:48 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-16 16:39 - 2015-08-26 14:00 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-16 16:39 - 2015-08-26 14:00 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-16 16:39 - 2015-08-26 14:00 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-16 16:39 - 2015-08-26 14:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-16 16:39 - 2015-08-26 10:46 - 03705344 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-16 16:39 - 2015-08-26 10:29 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-16 16:39 - 2015-08-26 10:27 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-16 16:39 - 2015-08-26 10:27 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-09-16 16:39 - 2015-08-26 10:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-16 16:39 - 2015-08-26 10:26 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-16 16:39 - 2015-08-26 10:26 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-16 16:39 - 2015-08-22 14:19 - 25188352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-16 16:39 - 2015-08-22 13:35 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-16 16:39 - 2015-08-22 13:34 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-16 16:39 - 2015-08-22 13:22 - 19856384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-16 16:39 - 2015-08-22 13:21 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-16 16:39 - 2015-08-22 13:20 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-16 16:39 - 2015-08-22 12:55 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-16 16:39 - 2015-08-22 12:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-16 16:39 - 2015-08-22 12:50 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-09-16 16:39 - 2015-08-22 12:45 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-16 16:39 - 2015-08-22 12:44 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-09-16 16:39 - 2015-08-22 12:41 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-16 16:39 - 2015-08-22 12:41 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-16 16:39 - 2015-08-22 12:41 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-16 16:39 - 2015-08-22 12:41 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-16 16:39 - 2015-08-22 12:39 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-16 16:39 - 2015-08-22 12:28 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-16 16:39 - 2015-08-22 12:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-16 16:39 - 2015-08-22 12:23 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-09-16 16:39 - 2015-08-22 12:22 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-16 16:39 - 2015-08-22 12:20 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-09-16 16:39 - 2015-08-22 12:18 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-16 16:39 - 2015-08-22 12:18 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-16 16:39 - 2015-08-22 12:18 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-16 16:39 - 2015-08-22 12:14 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-16 16:39 - 2015-08-22 12:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-16 16:39 - 2015-08-22 12:00 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-16 16:39 - 2015-08-22 11:56 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-16 16:39 - 2015-08-22 11:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-16 16:39 - 2015-07-30 13:18 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-16 16:39 - 2015-07-30 12:22 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-16 16:39 - 2015-07-16 16:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-16 16:39 - 2015-07-16 16:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-16 16:39 - 2015-07-16 15:53 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-09-16 16:39 - 2015-07-16 15:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-09-16 16:39 - 2015-07-16 15:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-09-16 16:39 - 2015-07-16 15:14 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-09-16 16:39 - 2015-07-16 14:52 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-09-16 16:39 - 2015-07-15 20:29 - 07458648 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-16 16:39 - 2015-07-15 20:29 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-16 16:39 - 2015-07-15 20:29 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-09-16 16:39 - 2015-07-15 20:28 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-09-16 16:39 - 2015-07-10 13:54 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-09-16 16:39 - 2015-07-09 14:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-16 16:39 - 2015-06-26 23:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-16 16:39 - 2015-06-26 23:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-16 16:39 - 2015-06-26 22:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-09-16 16:38 - 2015-09-01 22:56 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-16 16:38 - 2015-09-01 22:55 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-16 16:38 - 2015-09-01 22:50 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-16 16:38 - 2015-09-01 22:17 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-16 16:38 - 2015-09-01 22:13 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-16 16:38 - 2015-07-22 10:34 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-16 16:38 - 2015-07-22 10:33 - 01728000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2015-09-16 16:38 - 2015-07-22 10:25 - 02461184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-16 16:38 - 2015-07-22 10:25 - 01546752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2015-09-16 16:38 - 2015-07-18 14:31 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll
2015-09-16 16:38 - 2015-07-18 14:29 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2015-09-16 16:38 - 2015-07-18 14:29 - 00148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll
2015-09-16 16:38 - 2015-07-18 14:27 - 00520192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2015-09-16 16:38 - 2015-07-01 18:19 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-09-16 16:38 - 2015-07-01 18:16 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-09-16 16:38 - 2015-07-01 17:37 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-09-16 16:38 - 2015-07-01 17:35 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-09-16 16:36 - 2015-08-03 17:15 - 00074928 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-16 16:36 - 2015-08-03 17:15 - 00065600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-16 16:36 - 2015-08-01 10:22 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-16 16:36 - 2015-07-31 23:47 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe
2015-09-16 16:36 - 2015-07-31 23:45 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
2015-09-16 16:36 - 2015-07-31 23:38 - 01265152 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-16 16:36 - 2015-07-31 23:37 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2015-09-16 16:36 - 2015-07-31 23:37 - 00359936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2015-09-16 16:36 - 2015-07-29 10:37 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-09-16 16:36 - 2015-07-29 10:30 - 01381888 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-09-16 16:36 - 2015-07-29 10:23 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-09-16 16:36 - 2015-07-13 23:27 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tzsync.exe
2015-09-16 16:36 - 2015-07-13 15:46 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-16 16:36 - 2015-07-13 15:45 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-09-16 16:36 - 2015-07-10 14:19 - 01101824 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-09-16 16:36 - 2015-07-10 13:14 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-09-16 16:36 - 2015-07-10 13:13 - 07032320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-09-16 16:36 - 2015-07-10 12:31 - 06213120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-09-16 16:36 - 2015-07-09 13:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-09-16 16:36 - 2015-07-09 13:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-09-16 16:36 - 2015-07-09 12:30 - 00212992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-10 19:12 - 2015-05-17 02:03 - 01369078 _____ C:\Windows\WindowsUpdate.log
2015-10-10 19:11 - 2015-06-20 17:50 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-10 19:11 - 2013-08-22 10:46 - 00043393 _____ C:\Windows\setupact.log
2015-10-10 19:11 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-10 19:10 - 2014-03-18 05:54 - 00098576 _____ C:\Windows\PFRO.log
2015-10-10 19:09 - 2013-08-22 11:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-10-10 19:09 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-10-10 19:00 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sru
2015-10-10 18:56 - 2015-05-17 15:23 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-10-10 18:56 - 2015-05-17 15:23 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-10 18:56 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
2015-10-10 18:46 - 2015-05-16 23:39 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-10 18:14 - 2015-06-20 17:49 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-10 18:12 - 2015-06-15 19:37 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D49EC4E5-1935-4EA5-B98B-D9687E3CEF3C}
2015-10-10 18:12 - 2015-05-20 19:02 - 00003754 _____ C:\Windows\System32\Tasks\AutoKMS
2015-10-03 01:02 - 2015-06-15 19:37 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-476552886-1113993686-2888164755-1002
2015-10-03 00:44 - 2015-06-15 19:31 - 00002236 _____ C:\Users\Alyssha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet-Explorer.lnk
2015-10-02 17:19 - 2014-03-18 06:04 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-02 17:11 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-10-02 17:09 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\rescache
2015-10-01 17:01 - 2015-04-19 08:20 - 00000626 _____ C:\Users\Alyssha\AppData\Roaming\TW9GHd8xPh7K4ygjfdNg
2015-10-01 17:01 - 2015-04-19 08:20 - 00000626 _____ C:\Users\Alyssha\AppData\Roaming\qasZ5EBnxU7Ih1dh4P7
2015-10-01 17:01 - 2015-04-19 08:20 - 00000626 _____ C:\Users\Alyssha\AppData\Roaming\8PBu16E7mOmwA0M1TnKiqRgOdl
2015-10-01 13:54 - 2015-06-20 18:05 - 00000000 ____D C:\ProgramData\AVAST Software
2015-09-30 19:06 - 2015-06-20 17:50 - 00001114 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-30 19:06 - 2015-06-20 17:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-30 19:06 - 2015-06-20 17:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-30 19:02 - 2015-06-15 19:31 - 00000445 _____ C:\Users\Alyssha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-09-30 19:02 - 2015-06-15 19:31 - 00000443 _____ C:\Users\Alyssha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-09-30 19:02 - 2014-03-18 06:15 - 00002530 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileManager.lnk
2015-09-30 19:02 - 2013-08-22 02:57 - 00002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotosApp.lnk
2015-09-30 19:02 - 2013-08-22 02:57 - 00002201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camera.lnk
2015-09-30 19:02 - 2013-08-22 02:57 - 00000853 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop.lnk
2015-09-30 19:02 - 2013-08-22 02:54 - 00002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
2015-09-30 19:02 - 2013-08-22 02:48 - 00002269 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Store.lnk
2015-09-30 19:02 - 2013-08-22 02:45 - 00001578 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-09-30 19:01 - 2015-05-16 23:39 - 00001260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-30 19:00 - 2013-08-22 09:25 - 00000194 _____ C:\Windows\win.ini
2015-09-30 13:02 - 2013-08-22 10:44 - 00336504 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-30 13:01 - 2015-05-17 15:23 - 00000000 ____D C:\Windows\system32\appraiser
2015-09-30 13:01 - 2015-05-17 15:22 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-09-30 13:01 - 2013-08-22 11:36 - 00000000 ___RD C:\Windows\ToastData
2015-09-30 13:01 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-09-30 13:01 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-09-30 13:01 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\WinStore
2015-09-30 13:01 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-09-30 13:01 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-09-30 12:49 - 2015-06-15 19:31 - 00000000 ____D C:\Users\Alyssha
2015-09-28 14:50 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
2015-09-28 14:45 - 2015-06-15 19:31 - 00000000 ____D C:\Users\Alyssha\AppData\Local\Packages
2015-09-25 12:43 - 2015-05-17 13:01 - 00000000 ____D C:\Windows\system32\MRT
2015-09-25 12:21 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-16 16:48 - 2015-05-17 15:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-09-16 16:47 - 2015-05-17 15:39 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-09-16 16:47 - 2015-05-17 15:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-09-16 16:46 - 2014-03-18 05:46 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-16 16:45 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-16 16:45 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-16 16:41 - 2015-05-16 23:39 - 00003888 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-16 16:41 - 2015-05-16 23:39 - 00003652 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-16 16:41 - 2015-05-16 23:39 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-14 21:18 - 2015-05-17 15:32 - 00812008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-14 21:18 - 2015-05-17 15:32 - 00178152 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2015-04-19 08:20 - 2015-10-01 17:01 - 0000626 _____ () C:\Users\Alyssha\AppData\Roaming\8PBu16E7mOmwA0M1TnKiqRgOdl
2015-04-19 08:20 - 2015-10-01 17:01 - 0000626 _____ () C:\Users\Alyssha\AppData\Roaming\qasZ5EBnxU7Ih1dh4P7
2015-04-19 08:20 - 2015-10-01 17:01 - 0000626 _____ () C:\Users\Alyssha\AppData\Roaming\TW9GHd8xPh7K4ygjfdNg
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-02 15:10
 
==================== End of FRST.txt ============================


#8 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:32 AM

Posted 10 October 2015 - 06:26 PM

Hello Claytronic,

Run Malwarebytes Anti-Rootkit again: Right-click mbar.exe and select Run As Administrator
  • Scan your system for malware
  • If malware is found, click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

    ***



    Double click on AdwCleaner.exe to run the tool again.
    Vista / Windows 7/8 users right-click and select
Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Run the Farbar Recovery Scan Tool again.
  • Double-click to run FSRT / FSRT64. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 Claytronic

Claytronic
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:32 AM

Posted 10 October 2015 - 07:13 PM

MBAR LOG:
 
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2015.10.10.06
  rootkit: v2015.10.06.01
 
Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.18036
Alyssha :: MINE [administrator]
 
10/10/2015 7:31:44 PM
mbar-log-2015-10-10 (19-31-44).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 337091
Time elapsed: 18 minute(s), 13 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Adobe Flash box Files Update Ver 2015928 (Adware.ChinAd) -> Delete on reboot. [71dd253093f867cff63c8567d23234cc]
 
Registry Values Detected: 1
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED\{646BAAE7-7538-4866-8EEE-974C0AA910AB} (Adware.ChinAd) -> Data:  -> Delete on reboot. [b19d7adba2e95cda6e82629f768d8779]
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 1
C:\ProgramData\4997GameBox_Data (Adware.ChinAd) -> Delete on reboot. [a5a981d495f6181e1c21d96c7a8917e9]
 
Files Detected: 5
C:\Windows\System32\Tasks\Adobe Flash box Files Update Ver 2015928 (Adware.ChinAd) -> Delete on reboot. [bd91cf864942e2540d2102eac73dba46]
C:\Windows\Tasks\Adobe Flash box Files Update Ver 2015928.job (Adware.ChinAd) -> Delete on reboot. [5fef83d237541b1b8fa09e4e7f85f20e]
C:\ProgramData\4997GameBox_Data\filecache.ini (Adware.ChinAd) -> Delete on reboot. [a5a981d495f6181e1c21d96c7a8917e9]
C:\ProgramData\4997GameBox_Data\soft_download.ini (Adware.ChinAd) -> Delete on reboot. [a5a981d495f6181e1c21d96c7a8917e9]
C:\ProgramData\4997GameBox_Data\soft_installrun.ini (Adware.ChinAd) -> Delete on reboot. [a5a981d495f6181e1c21d96c7a8917e9]
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
______________________________________________
 
ADWCLEANER LOG:
 
# AdwCleaner v5.013 - Logfile created 10/10/2015 at 19:59:39
# Updated 09/10/2015 by Xplode
# Database : 2015-10-09.3 [Server]
# Operating system : Windows 8.1 Pro with Media Center  (x64)
# Username : Alyssha - MINE
# Running from : C:\Users\Alyssha\Desktop\adwcleaner_5.013.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_papbadoldddalgcjcicnikcfenodpghp_0
[-] File Deleted : C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\papbadoldddalgcjcicnikcfenodpghp
[-] File Deleted : C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lkadffjmnaiokkdncgdlecdegajoiemi_0
[-] File Deleted : C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkadffjmnaiokkdncgdlecdegajoiemi
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\Crossbrowse
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
 
***** [ Web browsers ] *****
 
 
*************************
 
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [1735 bytes] ##########
 
 
_______________________________________________
 
JRT LOG:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 8.1 Pro with Media Center x64
Ran by Alyssha on Sat 10/10/2015 at 20:03:11.44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
 
[C:\Users\Alyssha\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Alyssha\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Alyssha\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Alyssha\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 10/10/2015 at 20:08:06.05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
_______________________________________________
 
FARBAR LOG:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-10-2015
Ran by Alyssha (administrator) on MINE (10-10-2015 20:12:11)
Running from C:\Users\Alyssha\Downloads
Loaded Profiles: Alyssha (Available Profiles: Alyssha)
Platform: Windows 8.1 Pro with Media Center (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-10-01] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-10-01] (AVAST Software)
ShellIconOverlayIdentifiers: [Fatlfn] -> {646BAAE7-7538-4866-8EEE-974C0AA910AB} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6CE2003A-5C6F-4FC3-81A5-0484B6CE29CA}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{A966452A-CE27-426D-BDB9-399A46158426}: [DhcpNameServer] 192.168.2.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.aqovd.com?oem=sunadcav3&uid=6VESD49S_ST9500325AS&tm=1443653110
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.aqovd.com?oem=sunadcav3&uid=6VESD49S_ST9500325AS&tm=1443653110
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.aqovd.com?oem=sunadcav3&uid=6VESD49S_ST9500325AS&tm=1443653110
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.aqovd.com?oem=sunadcav3&uid=6VESD49S_ST9500325AS&tm=1443653110
HKU\S-1-5-21-476552886-1113993686-2888164755-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ca/?ocid=iehp
HKU\S-1-5-21-476552886-1113993686-2888164755-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.aqovd.com?oem=sunadcav3&uid=6VESD49S_ST9500325AS&tm=1443653110
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-10-01] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-10-01] (AVAST Software)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-476552886-1113993686-2888164755-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Alyssha\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-10-01]
 
Chrome: 
=======
CHR Profile: C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-15]
CHR Extension: (Google Docs) - C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-15]
CHR Extension: (Google Drive) - C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-15]
CHR Extension: (YouTube) - C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-15]
CHR Extension: (Google Search) - C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-15]
CHR Extension: (Avast SafePrice) - C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-10-08]
CHR Extension: (Google Sheets) - C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-15]
CHR Extension: (Google Docs Offline) - C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-15]
CHR Extension: (Gmail) - C:\Users\Alyssha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-15]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-10-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-10-01]
StartMenuInternet: Google Chrome - chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-01] (AVAST Software)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-10-01] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-10-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-10-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-10-01] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1049880 2015-10-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [448968 2015-10-01] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-10-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-10-01] (AVAST Software)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-10-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-13] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-10 20:11 - 2015-10-10 20:12 - 00009636 _____ C:\Users\Alyssha\Downloads\FRST.txt
2015-10-10 20:08 - 2015-10-10 20:08 - 00001092 _____ C:\Users\Alyssha\Desktop\JRT.txt
2015-10-10 19:55 - 2015-10-10 19:55 - 01682432 _____ C:\Users\Alyssha\Desktop\adwcleaner_5.013.exe
2015-10-10 18:58 - 2015-10-10 18:58 - 00000000 ____D C:\Users\Alyssha\Downloads\FRST-OlderVersion
2015-10-10 18:14 - 2015-10-10 19:51 - 00000000 ____D C:\Users\Alyssha\Desktop\mbar
2015-10-08 23:50 - 2015-10-08 23:50 - 00001985 _____ C:\Users\Alyssha\Desktop\AdwCleaner[S4].txt
2015-10-08 23:46 - 2015-10-08 23:46 - 00000869 _____ C:\Users\Alyssha\Desktop\checkup.txt
2015-10-08 14:26 - 2015-10-08 14:26 - 00026428 _____ C:\Users\Alyssha\Downloads\Addition.txt
2015-10-08 14:24 - 2015-10-10 20:12 - 00000000 ____D C:\FRST
2015-10-08 14:23 - 2015-10-10 18:58 - 02195456 _____ (Farbar) C:\Users\Alyssha\Downloads\FRST64.exe
2015-10-02 16:13 - 2015-10-02 16:13 - 00000755 _____ C:\Users\Alyssha\Desktop\Start Emsisoft Emergency Kit.lnk
2015-10-02 16:13 - 2015-10-02 16:13 - 00000000 ____D C:\EEK
2015-10-02 16:12 - 2015-10-02 16:11 - 167769616 _____ C:\Users\Alyssha\Desktop\EmsisoftEmergencyKit.exe
2015-10-02 16:05 - 2015-10-02 16:11 - 167769616 _____ C:\Users\Alyssha\Downloads\EmsisoftEmergencyKit.exe
2015-10-01 16:04 - 2015-10-01 16:03 - 02870984 _____ (ESET) C:\Users\Alyssha\Desktop\esetsmartinstaller_enu.exe
2015-10-01 16:03 - 2015-10-01 16:03 - 02870984 _____ (ESET) C:\Users\Alyssha\Downloads\esetsmartinstaller_enu.exe
2015-10-01 15:16 - 2015-10-10 19:59 - 00000000 ____D C:\AdwCleaner
2015-10-01 15:10 - 2015-10-01 15:10 - 01801288 _____ (Malwarebytes) C:\Users\Alyssha\Downloads\JRT.exe
2015-10-01 15:10 - 2015-10-01 15:10 - 01801288 _____ (Malwarebytes) C:\Users\Alyssha\Desktop\JRT.exe
2015-10-01 15:09 - 2015-10-01 15:09 - 01670656 _____ C:\Users\Alyssha\Downloads\adwcleaner_5.009.exe
2015-10-01 15:07 - 2015-10-01 15:07 - 00448512 _____ (OldTimer Tools) C:\Users\Alyssha\Downloads\TFC.exe
2015-10-01 15:07 - 2015-10-01 15:07 - 00448512 _____ (OldTimer Tools) C:\Users\Alyssha\Desktop\TFC.exe
2015-10-01 15:04 - 2015-10-01 15:04 - 00001868 _____ C:\Users\Alyssha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
2015-10-01 14:54 - 2015-10-01 14:53 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Alyssha\Desktop\iExplore.exe
2015-10-01 14:53 - 2015-10-01 14:53 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Alyssha\Downloads\iExplore.exe
2015-10-01 14:34 - 2015-10-10 20:00 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-10-01 14:31 - 2015-10-01 14:30 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Alyssha\Desktop\mbar-1.09.3.1001.exe
2015-10-01 14:30 - 2015-10-01 14:30 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Alyssha\Downloads\mbar-1.09.3.1001.exe
2015-10-01 14:28 - 2015-10-01 14:27 - 00891392 _____ (Farbar) C:\Users\Alyssha\Desktop\MiniToolBox.exe
2015-10-01 14:28 - 2015-10-01 14:26 - 00899072 _____ (Farbar) C:\Users\Alyssha\Desktop\FSS.exe
2015-10-01 14:28 - 2015-10-01 14:24 - 00852720 _____ C:\Users\Alyssha\Desktop\SecurityCheck.exe
2015-10-01 14:27 - 2015-10-01 14:27 - 00891392 _____ (Farbar) C:\Users\Alyssha\Downloads\MiniToolBox.exe
2015-10-01 14:26 - 2015-10-01 14:26 - 00899072 _____ (Farbar) C:\Users\Alyssha\Downloads\FSS.exe
2015-10-01 14:26 - 2015-10-01 14:26 - 00003651 _____ C:\Users\Alyssha\Downloads\FSS.txt
2015-10-01 14:24 - 2015-10-01 14:24 - 00852720 _____ C:\Users\Alyssha\Downloads\SecurityCheck.exe
2015-10-01 14:11 - 2015-10-01 14:11 - 00000000 ____D C:\Windows\pss
2015-10-01 14:00 - 2015-10-01 14:00 - 00000000 ____D C:\Users\Alyssha\AppData\Roaming\AVAST Software
2015-10-01 13:59 - 2015-10-01 14:02 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-10-01 13:59 - 2015-10-01 13:59 - 00448968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-10-01 13:59 - 2015-10-01 13:59 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-10-01 13:59 - 2015-10-01 13:59 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-10-01 13:59 - 2015-10-01 13:59 - 00153744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-10-01 13:59 - 2015-10-01 13:59 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-10-01 13:59 - 2015-10-01 13:59 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-10-01 13:59 - 2015-10-01 13:59 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-10-01 13:59 - 2015-10-01 13:59 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-10-01 13:59 - 2015-10-01 13:59 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-10-01 13:59 - 2015-10-01 13:59 - 00001938 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-10-01 13:59 - 2015-10-01 13:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-10-01 13:59 - 2015-10-01 13:58 - 01049880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-10-01 13:56 - 2015-10-01 13:56 - 00000000 ____D C:\Program Files\AVAST Software
2015-09-30 18:45 - 2015-09-30 18:45 - 00000000 ____D C:\Users\Alyssha\AppData\Roaming\shortCutStore
2015-09-30 12:46 - 2015-09-30 18:33 - 00003436 _____ C:\Windows\System32\Tasks\Bluhladleiohh
2015-09-28 19:52 - 2015-09-30 18:59 - 00000000 ____D C:\Program Files (x86)\0a80516e-38bc-436f-b655-0e80d1a67ebe
2015-09-28 19:52 - 2015-09-28 19:53 - 00004030 _____ C:\Windows\System32\Tasks\qasZ5EBnxU7Ih1dh4P7
2015-09-28 19:51 - 2015-09-28 19:51 - 00004030 _____ C:\Windows\System32\Tasks\TW9GHd8xPh7K4ygjfdNg
2015-09-28 19:49 - 2015-09-30 18:45 - 00000000 ____D C:\Users\Alyssha\AppData\Roaming\RunDir
2015-09-28 15:43 - 2015-09-28 15:43 - 00000000 ____D C:\Users\Alyssha\AppData\Roaming\Andy
2015-09-28 15:43 - 2015-09-28 15:43 - 00000000 ____D C:\Program Files\Andy
2015-09-28 15:43 - 2015-09-16 15:42 - 00000000 ___RD C:\Users\Alyssha\AppData\Roaming\Andy_45_Online
2015-09-28 15:42 - 2015-09-28 15:42 - 00004044 _____ C:\Windows\System32\Tasks\8PBu16E7mOmwA0M1TnKiqRgOdl
2015-09-28 15:41 - 2015-09-30 18:34 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-09-28 15:41 - 2013-08-22 09:25 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-09-28 15:40 - 2015-10-01 16:53 - 00000000 ____D C:\Users\Alyssha\AppData\Local\{BF21897D-9B89-E5C5-F611-C02DD2793CB5}
2015-09-28 15:38 - 2015-09-28 15:38 - 00031232 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2015-09-28 15:37 - 2015-10-02 17:15 - 00000000 ____D C:\Program Files (x86)\AdVPN
2015-09-28 15:32 - 2015-09-30 19:02 - 00001315 _____ C:\Users\Alyssha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Help.lnk
2015-09-28 15:32 - 2015-09-30 19:02 - 00001295 _____ C:\Users\Alyssha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uninstall.lnk
2015-09-28 15:28 - 2015-09-28 15:28 - 00000000 ____D C:\Users\Alyssha\AppData\LocalLow\Unity
2015-09-28 15:28 - 2015-09-28 15:28 - 00000000 ____D C:\Users\Alyssha\AppData\Local\Unity
2015-09-28 15:28 - 2015-09-28 15:28 - 00000000 ____D C:\ProgramData\adb
2015-09-28 14:39 - 2015-05-07 13:50 - 22292672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-09-28 14:39 - 2015-05-07 13:00 - 03109376 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-09-28 14:39 - 2015-05-07 12:53 - 19734960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-09-28 14:39 - 2015-05-07 12:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-09-28 14:39 - 2015-05-07 11:21 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2015-09-28 14:39 - 2015-05-07 11:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2015-09-28 14:39 - 2015-05-03 11:09 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-09-28 14:39 - 2015-05-03 10:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-09-28 14:39 - 2015-05-03 10:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-09-28 14:39 - 2015-05-03 10:49 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-09-28 14:39 - 2015-04-29 19:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2015-09-28 14:39 - 2015-04-24 22:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-09-28 14:38 - 2015-09-02 22:18 - 02531400 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-28 14:38 - 2015-09-02 22:17 - 01903848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-28 14:38 - 2015-09-02 14:48 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-28 14:38 - 2015-09-02 13:09 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-28 14:38 - 2015-07-22 10:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-28 14:38 - 2015-07-22 09:52 - 01633792 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-28 14:38 - 2015-07-17 10:15 - 00951296 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-28 14:38 - 2015-07-17 10:10 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-09-28 14:38 - 2015-07-03 17:51 - 01380056 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-09-28 14:38 - 2015-07-03 10:00 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-09-28 14:38 - 2015-06-27 07:47 - 00118616 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-28 14:38 - 2015-06-12 13:03 - 18823680 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2015-09-28 14:38 - 2015-06-12 12:36 - 15159296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2015-09-28 14:37 - 2015-07-07 05:40 - 00270168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-09-28 14:37 - 2015-07-07 05:40 - 00114520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-09-28 14:37 - 2015-07-07 05:40 - 00044560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-09-28 14:33 - 2015-07-28 19:24 - 00025776 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-09-28 14:33 - 2015-07-28 10:24 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-09-28 14:33 - 2015-07-28 10:24 - 01116160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-09-28 14:33 - 2015-07-28 10:24 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-09-28 14:33 - 2015-07-28 10:24 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-09-28 14:33 - 2015-07-28 10:24 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-09-28 14:33 - 2015-07-28 10:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-09-28 14:33 - 2015-07-14 17:59 - 01113944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-09-28 14:33 - 2015-07-14 17:59 - 00487256 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2015-09-28 14:33 - 2015-07-14 17:59 - 00393560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2015-09-28 14:33 - 2015-07-09 12:14 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-09-28 14:33 - 2015-06-26 19:21 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-09-28 14:33 - 2015-05-11 12:34 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll
2015-09-28 14:33 - 2015-04-28 09:13 - 00513480 _____ C:\Windows\SysWOW64\locale.nls
2015-09-28 14:33 - 2015-04-28 09:13 - 00513480 _____ C:\Windows\system32\locale.nls
2015-09-28 14:33 - 2015-04-23 11:47 - 03084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-09-28 14:33 - 2015-04-23 11:16 - 02471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-09-28 14:29 - 2015-07-13 15:10 - 00411455 _____ C:\Windows\system32\ApnDatabase.xml
2015-09-28 14:29 - 2015-06-11 16:12 - 02476376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-09-28 14:29 - 2015-06-11 16:12 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-09-28 14:29 - 2015-05-07 12:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-09-28 14:29 - 2015-05-03 11:07 - 07784448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2015-09-28 14:29 - 2015-05-03 10:57 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2015-09-25 12:47 - 2015-05-12 09:19 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2015-09-25 12:26 - 2015-06-19 13:07 - 02819072 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-09-25 12:21 - 2015-09-25 12:21 - 00000000 ____D C:\8176cd6f59956b31d5c9
2015-09-17 07:21 - 2015-09-17 07:21 - 00186880 _____ (TODO: <Company name>) C:\Windows\system32\rsrcs.dll
2015-09-16 16:48 - 2015-07-30 10:04 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-09-16 16:48 - 2015-07-30 09:48 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-09-16 16:39 - 2015-08-26 22:48 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-16 16:39 - 2015-08-26 14:00 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-16 16:39 - 2015-08-26 14:00 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-16 16:39 - 2015-08-26 14:00 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-16 16:39 - 2015-08-26 14:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-16 16:39 - 2015-08-26 10:46 - 03705344 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-16 16:39 - 2015-08-26 10:29 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-16 16:39 - 2015-08-26 10:27 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-16 16:39 - 2015-08-26 10:27 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-09-16 16:39 - 2015-08-26 10:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-16 16:39 - 2015-08-26 10:26 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-16 16:39 - 2015-08-26 10:26 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-16 16:39 - 2015-08-22 14:19 - 25188352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-16 16:39 - 2015-08-22 13:35 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-16 16:39 - 2015-08-22 13:34 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-16 16:39 - 2015-08-22 13:22 - 19856384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-16 16:39 - 2015-08-22 13:21 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-16 16:39 - 2015-08-22 13:20 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-16 16:39 - 2015-08-22 12:55 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-16 16:39 - 2015-08-22 12:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-16 16:39 - 2015-08-22 12:50 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-09-16 16:39 - 2015-08-22 12:45 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-16 16:39 - 2015-08-22 12:44 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-09-16 16:39 - 2015-08-22 12:41 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-16 16:39 - 2015-08-22 12:41 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-16 16:39 - 2015-08-22 12:41 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-16 16:39 - 2015-08-22 12:41 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-16 16:39 - 2015-08-22 12:39 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-16 16:39 - 2015-08-22 12:28 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-16 16:39 - 2015-08-22 12:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-16 16:39 - 2015-08-22 12:23 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-09-16 16:39 - 2015-08-22 12:22 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-16 16:39 - 2015-08-22 12:20 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-09-16 16:39 - 2015-08-22 12:18 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-16 16:39 - 2015-08-22 12:18 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-16 16:39 - 2015-08-22 12:18 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-16 16:39 - 2015-08-22 12:14 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-16 16:39 - 2015-08-22 12:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-16 16:39 - 2015-08-22 12:00 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-16 16:39 - 2015-08-22 11:56 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-16 16:39 - 2015-08-22 11:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-16 16:39 - 2015-07-30 13:18 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-16 16:39 - 2015-07-30 12:22 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-16 16:39 - 2015-07-16 16:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-16 16:39 - 2015-07-16 16:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-16 16:39 - 2015-07-16 15:53 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-09-16 16:39 - 2015-07-16 15:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-09-16 16:39 - 2015-07-16 15:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-09-16 16:39 - 2015-07-16 15:14 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-09-16 16:39 - 2015-07-16 14:52 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-09-16 16:39 - 2015-07-15 20:29 - 07458648 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-16 16:39 - 2015-07-15 20:29 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-16 16:39 - 2015-07-15 20:29 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-09-16 16:39 - 2015-07-15 20:28 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-09-16 16:39 - 2015-07-10 13:54 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-09-16 16:39 - 2015-07-09 14:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-16 16:39 - 2015-06-26 23:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-16 16:39 - 2015-06-26 23:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-16 16:39 - 2015-06-26 22:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-09-16 16:38 - 2015-09-01 22:56 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-16 16:38 - 2015-09-01 22:55 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-16 16:38 - 2015-09-01 22:50 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-16 16:38 - 2015-09-01 22:17 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-16 16:38 - 2015-09-01 22:13 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-16 16:38 - 2015-07-22 10:34 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-16 16:38 - 2015-07-22 10:33 - 01728000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2015-09-16 16:38 - 2015-07-22 10:25 - 02461184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-16 16:38 - 2015-07-22 10:25 - 01546752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2015-09-16 16:38 - 2015-07-18 14:31 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll
2015-09-16 16:38 - 2015-07-18 14:29 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2015-09-16 16:38 - 2015-07-18 14:29 - 00148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll
2015-09-16 16:38 - 2015-07-18 14:27 - 00520192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2015-09-16 16:38 - 2015-07-01 18:19 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-09-16 16:38 - 2015-07-01 18:16 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-09-16 16:38 - 2015-07-01 17:37 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-09-16 16:38 - 2015-07-01 17:35 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-09-16 16:36 - 2015-08-03 17:15 - 00074928 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-16 16:36 - 2015-08-03 17:15 - 00065600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-16 16:36 - 2015-08-01 10:22 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-16 16:36 - 2015-07-31 23:47 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe
2015-09-16 16:36 - 2015-07-31 23:45 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
2015-09-16 16:36 - 2015-07-31 23:38 - 01265152 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-16 16:36 - 2015-07-31 23:37 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2015-09-16 16:36 - 2015-07-31 23:37 - 00359936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2015-09-16 16:36 - 2015-07-29 10:37 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-09-16 16:36 - 2015-07-29 10:30 - 01381888 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-09-16 16:36 - 2015-07-29 10:23 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-09-16 16:36 - 2015-07-13 23:27 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tzsync.exe
2015-09-16 16:36 - 2015-07-13 15:46 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-16 16:36 - 2015-07-13 15:45 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-09-16 16:36 - 2015-07-10 14:19 - 01101824 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-09-16 16:36 - 2015-07-10 13:14 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-09-16 16:36 - 2015-07-10 13:13 - 07032320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-09-16 16:36 - 2015-07-10 12:31 - 06213120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-09-16 16:36 - 2015-07-09 13:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-09-16 16:36 - 2015-07-09 13:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-09-16 16:36 - 2015-07-09 12:30 - 00212992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-10 20:02 - 2015-05-20 19:02 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2015-10-10 20:01 - 2015-06-20 17:50 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-10 20:01 - 2015-05-17 02:03 - 01421813 _____ C:\Windows\WindowsUpdate.log
2015-10-10 20:00 - 2014-03-18 05:54 - 00100492 _____ C:\Windows\PFRO.log
2015-10-10 20:00 - 2013-08-22 10:46 - 00043625 _____ C:\Windows\setupact.log
2015-10-10 20:00 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-10 19:57 - 2014-03-18 06:04 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-10 19:51 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-10-10 19:46 - 2015-05-16 23:39 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-10 19:31 - 2015-06-20 17:49 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-10 19:09 - 2013-08-22 11:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-10-10 19:09 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-10-10 19:00 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sru
2015-10-10 18:56 - 2015-05-17 15:23 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-10-10 18:56 - 2015-05-17 15:23 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-10 18:56 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
2015-10-10 18:12 - 2015-06-15 19:37 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D49EC4E5-1935-4EA5-B98B-D9687E3CEF3C}
2015-10-03 01:02 - 2015-06-15 19:37 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-476552886-1113993686-2888164755-1002
2015-10-03 00:44 - 2015-06-15 19:31 - 00002236 _____ C:\Users\Alyssha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet-Explorer.lnk
2015-10-02 17:09 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\rescache
2015-10-01 17:01 - 2015-04-19 08:20 - 00000626 _____ C:\Users\Alyssha\AppData\Roaming\TW9GHd8xPh7K4ygjfdNg
2015-10-01 17:01 - 2015-04-19 08:20 - 00000626 _____ C:\Users\Alyssha\AppData\Roaming\qasZ5EBnxU7Ih1dh4P7
2015-10-01 17:01 - 2015-04-19 08:20 - 00000626 _____ C:\Users\Alyssha\AppData\Roaming\8PBu16E7mOmwA0M1TnKiqRgOdl
2015-10-01 13:54 - 2015-06-20 18:05 - 00000000 ____D C:\ProgramData\AVAST Software
2015-09-30 19:06 - 2015-06-20 17:50 - 00001114 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-30 19:06 - 2015-06-20 17:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-30 19:06 - 2015-06-20 17:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-30 19:02 - 2015-06-15 19:31 - 00000445 _____ C:\Users\Alyssha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-09-30 19:02 - 2015-06-15 19:31 - 00000443 _____ C:\Users\Alyssha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-09-30 19:02 - 2014-03-18 06:15 - 00002530 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileManager.lnk
2015-09-30 19:02 - 2013-08-22 02:57 - 00002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotosApp.lnk
2015-09-30 19:02 - 2013-08-22 02:57 - 00002201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camera.lnk
2015-09-30 19:02 - 2013-08-22 02:57 - 00000853 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop.lnk
2015-09-30 19:02 - 2013-08-22 02:54 - 00002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
2015-09-30 19:02 - 2013-08-22 02:48 - 00002269 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Store.lnk
2015-09-30 19:02 - 2013-08-22 02:45 - 00001578 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-09-30 19:01 - 2015-05-16 23:39 - 00001260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-30 19:00 - 2013-08-22 09:25 - 00000194 _____ C:\Windows\win.ini
2015-09-30 13:02 - 2013-08-22 10:44 - 00336504 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-30 13:01 - 2015-05-17 15:23 - 00000000 ____D C:\Windows\system32\appraiser
2015-09-30 13:01 - 2015-05-17 15:22 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-09-30 13:01 - 2013-08-22 11:36 - 00000000 ___RD C:\Windows\ToastData
2015-09-30 13:01 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-09-30 13:01 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-09-30 13:01 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\WinStore
2015-09-30 13:01 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-09-30 13:01 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-09-30 12:49 - 2015-06-15 19:31 - 00000000 ____D C:\Users\Alyssha
2015-09-28 14:50 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
2015-09-28 14:45 - 2015-06-15 19:31 - 00000000 ____D C:\Users\Alyssha\AppData\Local\Packages
2015-09-25 12:43 - 2015-05-17 13:01 - 00000000 ____D C:\Windows\system32\MRT
2015-09-25 12:21 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-16 16:48 - 2015-05-17 15:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-09-16 16:47 - 2015-05-17 15:39 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-09-16 16:47 - 2015-05-17 15:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-09-16 16:46 - 2014-03-18 05:46 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-16 16:45 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-16 16:45 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-16 16:41 - 2015-05-16 23:39 - 00003888 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-16 16:41 - 2015-05-16 23:39 - 00003652 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-16 16:41 - 2015-05-16 23:39 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-14 21:18 - 2015-05-17 15:32 - 00812008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-14 21:18 - 2015-05-17 15:32 - 00178152 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2015-04-19 08:20 - 2015-10-01 17:01 - 0000626 _____ () C:\Users\Alyssha\AppData\Roaming\8PBu16E7mOmwA0M1TnKiqRgOdl
2015-04-19 08:20 - 2015-10-01 17:01 - 0000626 _____ () C:\Users\Alyssha\AppData\Roaming\qasZ5EBnxU7Ih1dh4P7
2015-04-19 08:20 - 2015-10-01 17:01 - 0000626 _____ () C:\Users\Alyssha\AppData\Roaming\TW9GHd8xPh7K4ygjfdNg
 
Some files in TEMP:
====================
C:\Users\Alyssha\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-02 15:10
 
==================== End of FRST.txt ============================
 
________________________________________________

Edited by Claytronic, 10 October 2015 - 07:13 PM.


#10 Claytronic

Claytronic
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:32 AM

Posted 10 October 2015 - 07:14 PM

The laptop appears to be working fine now, thank you :)

The Chrome add-on I mentioned earlier, "EasyCalendar" is now gone, which is a good thing because I was trying to get rid of it for the longest time.



#11 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:32 AM

Posted 11 October 2015 - 07:00 AM

Hello Claytronic,

Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs: (Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

---


ESET Online Scanner

Connect any existing external hard drives and / or other removable media.

Note:
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



If this program is already installed: Skip the installation and run only the scan!
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push esetFinish.png

---


How the computer is running now?


---


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#12 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:32 AM

Posted 14 October 2015 - 06:30 AM

Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Threads will be closed if no response after 3 days.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#13 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:32 AM

Posted 17 October 2015 - 02:34 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users