Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Had Malware, now getting, The specified Service does not exist as an installed


  • This topic is locked This topic is locked
10 replies to this topic

#1 BobReynolds

BobReynolds

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 13 January 2016 - 01:06 AM

Had Malware, used a variety of tools to remove it now getting, The specified Service does not exist as an installed Service.

 

think this is related to UAC or Security under the covers and i'm lost as to next steps..

 

attachments and data to follow

 

DDS Extract

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 11.0.9600.18163  BrowserJavaVersion: 11.45.2
Run by Heidi at 16:19:29 on 2016-01-13
Microsoft Windows 7 Professional   6.1.7601.1.1252.61.1033.18.2551.1296 [GMT 10.5:30]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: AVG AntiVirus Free Edition *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: AVG AntiVirus Free Edition *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft office\office15\OCHelper.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20131217192424.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - c:\program files\microsoft office\office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_45\bin\jp2ssv.dll
uRun: [SpybotPostWindows10UpgradeReInstall] "c:\program files\common files\av\spybot - search and destroy\Test.exe"
uRun: [fix2] "f:\yif0fsvl.exe"
uRun: [Fix1] "f:\kvrt.exe"
uRun: [fix3] "c:\program files\malwarebytes anti-malware\mbam.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HP ENVY 4500 series (NET)] "c:\program files\hp\hp envy 4500 series\bin\ScanToPCActivationApp.exe" -deviceID "CN42C140Z905X4:NW" -scfn "HP ENVY 4500 series (NET)" -AutoStart 1
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [AVG_UI] "c:\program files\avg\av\avuirunnerx.exe" c:\program files\avg\av\avgui.exe
mRun: [AvgUi] "c:\program files\avg\framework\common\avguix.exe" /fmw.trayonly
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] "c:\programdata\malwarebytes\malwarebytes anti-malware\mbamdor.exe" "c:\programdata\malwarebytes\Malwarebytes Anti-Malware"
mRunOnce: [{3C0E014E-9A86-4C77-A8C7-9B5E7F617CE2}] cmd.exe /C start /D "c:\users\heidi\appdata\local\temp\{C74CF0F1-F534-4A64-81C6-2A33B4B5100F}" /B {3C0E014E-9A86-4C77-A8C7-9B5E7F617CE2}.exe -accepteula -postboot
dRunOnce: [iCloud] "c:\program files\common files\apple\internet services\iCloud.exe"
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\foxpc.bat
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wuappe~1.lnk - c:\windows\system32\wuapp.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft office\office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office15\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{24DD7A9C-25D6-45A2-89DD-EBD8547D8944} : NameServer = 61.9.242.33 61.9.134.49
TCP: Interfaces\{4B1FD3D8-11B2-4BA3-9CFC-D472FF5062C1} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - c:\program files\microsoft office\office15\MSOSB.DLL
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - <orphaned>
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - <orphaned>
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\47.0.2526.106\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 7A2C1CAC;7A2C1CAC;c:\windows\system32\drivers\7A2C1CAC.sys [2016-1-9 153784]
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2015-8-20 231344]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2015-12-4 194992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2015-12-4 37296]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2013-12-17 477584]
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-12-17 180720]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2015-10-8 231856]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2014-7-23 142648]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2015-7-20 4675896]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-12-17 159640]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2010-5-15 325672]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2015-8-14 308656]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2015-11-6 149936]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2015-12-4 257456]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2015-11-20 31664]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2015-10-21 229296]
S1 epp32;epp32;c:\eek\bin\epp32.sys [2016-1-9 112408]
S1 RawDisk3;RawDisk3;c:\windows\system32\drivers\rawdsk3.sys [2016-1-13 28088]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\av\avgidsagent.exe [2015-12-16 3902984]
S2 avgsvc;AVG Service;c:\program files\avg\framework\common\avgsvcx.exe [2015-12-8 866216]
S2 avgwd;AVG WatchDog;c:\program files\avg\av\avgwdsvcx.exe [2015-12-16 583936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files\motorola media link\lite\NServiceEntry.exe [2012-9-7 87992]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\system32\svchost.exe -k utcsvc [2009-7-14 20992]
S2 DsiWMIService;Dritek WMI Service;c:\program files\launch manager\dsiwmis.exe [2010-9-24 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2010-10-9 735776]
S2 GREGService;GREGService;c:\program files\acer\registration\GREGsvc.exe [2010-1-8 23584]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\hitmanpro\hmpsched.exe [2016-1-8 106248]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-9-24 13336]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2015-8-30 1513784]
S2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2015-8-30 1135416]
S2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2012-9-5 132712]
S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2013-12-17 167344]
S2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2012-8-14 210056]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files\motorola mobility\motorola device manager\MotoHelperService.exe [2012-10-3 120728]
S2 MYOB AccountRight Library;MYOB AccountRight Library;c:\program files\myob\accountright\servers\Huxley.Library.WindowsService.exe [2012-12-4 11264]
S2 MYOB AccountRight Server 2012.10;MYOB AccountRight Server 2012.10;c:\program files\myob\accountright\2012.10\au\Huxley.Server.WindowsService.exe [2012-12-4 14752]
S2 MYOB AccountRight Server Locator;MYOB AccountRight Server Locator;c:\program files\myob\accountright\servers\Huxley.ServerLocator.WindowsService.exe [2012-12-4 9728]
S2 NOBU;Norton Online Backup;c:\program files\symantec\norton online backup\NOBuAgent.exe [2010-6-2 2057560]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\newtech infosystems\acer backup manager\IScheduleSvc.exe [2010-6-29 255744]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2010-4-17 144640]
S2 PDFsFilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [2015-7-20 69016]
S2 PST Service;PST Service;c:\program files\motorola\motforwarddaemon\ForwardDaemon.exe [2013-12-20 65657]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
S2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2010-9-24 260640]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2016-1-7 1738168]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2016-1-7 2088408]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2016-1-7 171928]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2014-12-11 315496]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-9-24 2320920]
S2 Updater Service;Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2010-9-24 243232]
S3 AvgAMPS;AvgAMPS;c:\program files\avg\av\avgamps.exe [2015-12-16 627544]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2009-1-29 6016]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-10-9 294952]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-10-9 33320]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2016-1-13 102912]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-9-24 132480]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-8-30 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-8-30 170200]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-8-30 51928]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2013-12-17 215024]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2013-12-17 59616]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-12-17 87816]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2012-6-11 20864]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2012-1-25 8448]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2012-6-8 23808]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2011-11-8 11008]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2010-4-17 50432]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-12-17 14848]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2015-8-30 27192]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-9-24 193640]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\drivers\swnc8ua3.sys [2010-12-3 222720]
S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\drivers\swumxa3.sys [2010-12-3 148992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-12-17 49664]
S3 TurboBoost;TurboBoost;c:\program files\intel\turboboost\TurboBoost.exe [2009-11-3 99728]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-4 1343400]
.
=============== Created Last 30 ================
.
2016-01-13 02:32:31 -------- d-----w- c:\users\heidi\appdata\roaming\iolo
2016-01-13 02:13:59 817664 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2016-01-13 02:13:56 4610560 ----a-w- c:\windows\system32\jscript9.dll
2016-01-13 02:13:55 10948096 ----a-w- c:\program files\internet explorer\F12Resources.dll
2016-01-13 02:13:51 496640 ----a-w- c:\windows\system32\vbscript.dll
2016-01-13 02:12:08 552960 ----a-w- c:\windows\system32\kerberos.dll
2016-01-13 02:12:06 251392 ----a-w- c:\windows\system32\schannel.dll
2016-01-13 02:12:05 3938240 ----a-w- c:\windows\system32\ntoskrnl.exe
2016-01-13 02:12:04 3993536 ----a-w- c:\windows\system32\ntkrnlpa.exe
2016-01-13 02:12:03 1060864 ----a-w- c:\windows\system32\lsasrv.dll
2016-01-13 02:12:02 223232 ----a-w- c:\windows\system32\ncrypt.dll
2016-01-13 02:12:02 138176 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2016-01-13 02:12:01 654336 ----a-w- c:\windows\system32\rpcrt4.dll
2016-01-13 02:12:01 171520 ----a-w- c:\windows\system32\wdigest.dll
2016-01-13 02:12:00 259584 ----a-w- c:\windows\system32\msv1_0.dll
2016-01-13 02:12:00 1308160 ----a-w- c:\windows\system32\ntdll.dll
2016-01-13 02:06:27 951808 ----a-w- c:\windows\system32\aeinv.dll
2016-01-13 02:06:20 176128 ----a-w- c:\windows\system32\aepic.dll
2016-01-13 01:50:08 -------- d-----w- c:\programdata\CanonIJPLM
2016-01-13 01:44:52 28088 ----a-w- c:\windows\system32\drivers\rawdsk3.sys
2016-01-12 19:33:23 -------- d-----w- c:\users\heidi\appdata\local\CrashDumps
2016-01-11 22:09:46 69120 ----a-w- c:\windows\system32\nlsbres.dll
2016-01-11 22:09:45 6144 ----a-w- c:\windows\system32\KBDAZEL.DLL
2016-01-11 22:09:42 6144 ----a-w- c:\windows\system32\kbdgeoqw.dll
2016-01-10 20:35:31 -------- d-----w- c:\windows\system32\catroot2
2016-01-10 11:38:27 -------- d-----w- c:\windows\system32\wbem\repository
2016-01-10 10:27:16 -------- d-----w- c:\users\heidi\appdata\roaming\SUPERAntiSpyware.com
2016-01-10 10:26:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2016-01-10 10:26:54 -------- d-----w- c:\program files\SUPERAntiSpyware
2016-01-09 23:53:59 -------- d-----w- c:\program files\Tweaking.com
2016-01-09 23:14:09 43 ----a-w- c:\programdata\microsoft\windows\start menu\programs\startup\foxpc.bat
2016-01-09 13:24:20 153784 ----a-w- c:\windows\system32\drivers\7A2C1CAC.sys
2016-01-09 13:24:18 -------- d-----w- C:\KVRT_Data
2016-01-09 12:21:12 -------- d-sh--w- C:\$RECYCLE.BIN
2016-01-09 12:21:11 -------- d-----w- c:\programdata\ioloGovernor
2016-01-09 12:19:01 24064 ----a-w- c:\windows\zoek-delete.exe
2016-01-09 12:19:01 -------- d-----w- c:\users\heidi\appdata\local\temp
2016-01-09 12:01:11 -------- d-----w- C:\zoek_backup
2016-01-09 10:53:57 -------- d-----w- C:\EEK
2016-01-09 10:38:12 -------- d-----w- c:\users\heidi\appdata\local\Deployment
2016-01-08 02:54:07 9216 ----a-w- c:\windows\system32\ffnd.exe
2016-01-07 21:36:08 -------- d-----w- c:\users\heidi\appdata\local\FreeFixer
2016-01-07 21:36:02 -------- d-----w- c:\program files\FreeFixer
2016-01-07 21:06:46 -------- d-----w- c:\program files\HitmanPro
2016-01-07 21:05:59 -------- d-----w- c:\programdata\HitmanPro
2016-01-07 14:00:12 -------- d-----w- c:\users\heidi\appdata\roaming\AVG
2016-01-07 14:00:01 -------- d-----w- c:\users\heidi\appdata\roaming\TuneUp Software
2016-01-07 13:59:45 -------- d-----w- C:\$AVG
2016-01-07 13:59:02 -------- d-----w- c:\users\heidi\appdata\local\MFAData
2016-01-07 13:59:02 -------- d-----w- c:\programdata\MFAData
2016-01-07 13:57:56 -------- d-----w- c:\programdata\Common Files
2016-01-07 13:57:56 -------- d-----w- c:\programdata\Avg
2016-01-07 13:57:56 -------- d-----w- c:\program files\AVG
2016-01-07 13:57:02 -------- d-----w- c:\users\heidi\appdata\local\AvgSetupLog
2016-01-07 13:57:02 -------- d-----w- c:\users\heidi\appdata\local\Avg
2016-01-07 13:13:53 30848 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-01-07 13:13:51 -------- d-----w- c:\programdata\RogueKiller
2016-01-07 11:44:36 -------- d-----w- c:\users\heidi\appdata\roaming\ZHP
2016-01-07 11:40:51 -------- d-----w- C:\FRST
2016-01-07 08:50:05 -------- d-----w- c:\program files\common files\AV
2016-01-07 08:19:17 18968 ----a-w- c:\windows\system32\sdnclean.exe
2016-01-07 08:19:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2016-01-07 08:19:10 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2016-01-05 08:23:28 2386944 ----a-w- c:\windows\system32\win32k.sys
2016-01-05 08:23:28 1251328 ----a-w- c:\windows\system32\DWrite.dll
2016-01-05 08:23:27 909824 ----a-w- c:\windows\system32\FntCache.dll
2016-01-05 08:23:27 811520 ----a-w- c:\windows\system32\user32.dll
2016-01-05 08:23:21 1242624 ----a-w- c:\windows\system32\comsvcs.dll
2016-01-05 08:23:20 487936 ----a-w- c:\windows\system32\catsrvut.dll
2016-01-05 08:17:54 2048 ----a-w- c:\windows\system32\tzres.dll
2016-01-05 08:12:28 2956800 ----a-w- c:\windows\system32\wucltux.dll
2016-01-05 08:12:27 93696 ----a-w- c:\windows\system32\wudriver.dll
2016-01-05 08:12:27 73728 ----a-w- c:\windows\system32\WinSetupUI.dll
2016-01-05 08:12:27 35328 ----a-w- c:\windows\system32\wuapp.exe
2016-01-05 08:12:27 174080 ----a-w- c:\windows\system32\wuwebv.dll
2016-01-05 08:12:27 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2016-01-05 08:11:52 179712 ----a-w- c:\windows\system32\els.dll
2016-01-05 08:11:50 627712 ----a-w- c:\windows\system32\usp10.dll
2016-01-05 08:06:46 14848 ----a-w- c:\windows\system32\wshrm.dll
2016-01-05 08:06:46 117760 ----a-w- c:\windows\system32\drivers\rmcast.sys
2016-01-05 08:00:48 -------- d-----w- c:\users\heidi\appdata\local\Citrix
2015-12-22 22:58:00 550072 ----a-w- c:\program files\common files\microsoft shared\office15\MSOSQM.EXE
2015-12-22 22:58:00 26875072 ----a-w- c:\program files\common files\microsoft shared\office15\MSO.DLL
2015-12-17 00:48:12 5806808 ----a-w- c:\program files\common files\microsoft shared\office15\CMigrate.exe
2015-12-17 00:48:12 5510848 ----a-w- c:\program files\common files\microsoft shared\office15\Csi.dll
.
==================== Find3M  ====================
.
2016-01-13 05:42:13 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-01-13 05:41:29 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2016-01-13 05:41:26 78032 ----a-w- c:\windows\system32\rpcnet.dll
2015-12-30 18:47:22 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-12-30 18:41:11 65536 ----a-w- c:\windows\system32\TSpkg.dll
2015-12-30 18:41:05 99840 ----a-w- c:\windows\system32\sspicli.dll
2015-12-30 18:41:03 43008 ----a-w- c:\windows\system32\srclient.dll
2015-12-30 18:41:03 400896 ----a-w- c:\windows\system32\srcore.dll
2015-12-30 18:40:29 22016 ----a-w- c:\windows\system32\secur32.dll
2015-12-30 18:39:32 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-12-30 18:39:17 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-12-30 18:38:12 38912 ----a-w- c:\windows\system32\csrsrv.dll
2015-12-30 18:38:11 17408 ----a-w- c:\windows\system32\credssp.dll
2015-12-30 18:37:35 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-12-30 18:37:30 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-12-30 17:44:49 50176 ----a-w- c:\windows\system32\auditpol.exe
2015-12-30 17:38:31 262656 ----a-w- c:\windows\system32\rstrui.exe
2015-12-30 17:32:38 225792 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2015-12-30 17:32:32 98304 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2015-12-30 17:32:28 124416 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2015-12-30 17:30:55 36352 ----a-w- c:\windows\system32\cryptbase.dll
2015-12-30 17:30:51 22016 ----a-w- c:\windows\system32\lsass.exe
2015-12-30 17:30:51 15872 ----a-w- c:\windows\system32\sspisrv.dll
2015-12-30 17:30:47 69632 ----a-w- c:\windows\system32\smss.exe
2015-12-12 17:49:57 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-12-12 17:49:46 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2015-12-12 17:37:41 62464 ----a-w- c:\windows\system32\iesetup.dll
2015-12-12 17:37:05 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2015-12-12 17:36:57 341504 ----a-w- c:\windows\system32\html.iec
2015-12-12 17:36:04 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-12-12 17:27:29 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2015-12-12 17:27:24 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2015-12-12 17:27:04 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2015-12-12 17:22:26 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2015-12-12 17:14:57 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2015-12-12 17:00:20 2050560 ----a-w- c:\windows\system32\inetcpl.cpl
2015-12-12 17:00:09 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2015-12-12 16:41:25 2011136 ----a-w- c:\windows\system32\wininet.dll
2015-12-07 17:27:32 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2015-12-04 04:05:40 257456 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2015-12-04 03:57:46 37296 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2015-11-19 21:35:14 31664 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2015-11-06 05:18:42 149936 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2015-10-29 17:50:21 5120 ----a-w- c:\windows\system32\shimeng.dll
2015-10-29 17:49:58 295936 ----a-w- c:\windows\system32\apphelp.dll
2015-10-29 17:49:57 62464 ----a-w- c:\windows\system32\aelupsvc.dll
2015-10-29 17:49:57 562176 ----a-w- c:\windows\apppatch\AcLayers.dll
2015-10-29 17:49:57 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-10-29 17:49:57 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-10-29 17:49:57 211968 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2015-10-29 17:49:35 20992 ----a-w- c:\windows\system32\sdbinst.exe
2015-10-29 17:39:57 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2015-10-21 05:54:24 229296 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
============= FINISH: 16:22:23.31 ===============
 
 
FRST Extract
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:06-01-2015
Ran by Heidi (administrator) on HEIDI-PC (13-01-2016 16:27:35)
Running from F:\
Loaded Profiles: Heidi (Available Profiles: Heidi & MYOB_SERVICE)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(iolo technologies, LLC) C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Swearware) F:\dds.com
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ShStatEXE] => C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [215656 2012-08-14] (McAfee, Inc.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9292392 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Common Framework\udaterui.exe [333416 2012-09-05] (McAfee, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-14] (Intel Corporation)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Av\avgui.exe [3874216 2015-12-16] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguix.exe [1139112 2015-12-08] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-10-05] (Malwarebytes)
HKLM\...\RunOnce: [{3C0E014E-9A86-4C77-A8C7-9B5E7F617CE2}] => cmd.exe /C start /D "C:\Users\Heidi\AppData\Local\Temp\{C74CF0F1-F534-4A64-81C6-2A33B4B5100F}" /B {3C0E014E-9A86-4C77-A8C7-9B5E7F617CE2}.exe -accepteula -postboot <===== ATTENTION
HKU\S-1-5-21-2389295840-1087922188-2448313287-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2389295840-1087922188-2448313287-1000\...\Run: [fix2] => f:\yif0fsvl.exe [380416 2016-01-10] ()
HKU\S-1-5-21-2389295840-1087922188-2448313287-1000\...\Run: [Fix1] => f:\kvrt.exe [95849800 2016-01-09] (Kaspersky Lab ZAO)
HKU\S-1-5-21-2389295840-1087922188-2448313287-1000\...\Run: [fix3] => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe [9832760 2015-10-05] (Malwarebytes)
HKU\S-1-5-21-2389295840-1087922188-2448313287-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6819232 2015-12-02] (SUPERAntiSpyware)
HKU\S-1-5-21-2389295840-1087922188-2448313287-1000\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [2382368 2013-08-13] (Hewlett-Packard Co.)
HKU\S-1-5-21-2389295840-1087922188-2448313287-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [456224 2010-07-29] ()
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files\Common Files\Apple\Internet Services\iCloud.exe [43816 2015-04-26] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\foxpc.bat [2016-01-10] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\wuapp.exe - Shortcut.lnk [2016-01-10]
ShortcutTarget: wuapp.exe - Shortcut.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File 
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File 
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{24DD7A9C-25D6-45A2-89DD-EBD8547D8944}: [NameServer] 61.9.242.33 61.9.134.49
Tcpip\..\Interfaces\{4B1FD3D8-11B2-4BA3-9CFC-D472FF5062C1}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2389295840-1087922188-2448313287-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2389295840-1087922188-2448313287-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2389295840-1087922188-2448313287-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2389295840-1087922188-2448313287-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20131217192424.dll [2013-12-17] (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-24] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -  No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -  No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
 
FireFox:
========
FF ProfilePath: C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\hykrxtww.default
FF Homepage: about:home
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-12] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-07-31] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-24] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2016-01-09] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2016-01-09] (Google Inc.)
FF Plugin: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll [No File]
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2389295840-1087922188-2448313287-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Heidi\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-01-05] (Citrix Online)
FF Plugin HKU\S-1-5-21-2389295840-1087922188-2448313287-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Heidi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-05-02] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-11-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-11-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-11-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-11-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-11-25] (Apple Inc.)
FF Extension: foxfilterinspiredeffectnet - C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\hykrxtww.default\extensions\foxfilter@inspiredeffect.net [2015-07-03] [not signed]
FF Extension: johnvelvetcacheorg - C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\hykrxtww.default\extensions\john@velvetcache.org [2015-07-03] [not signed]
FF HKLM\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files\Common Files\McAfee\SystemCore
FF Extension: IDS_SS_NAME - C:\Program Files\Common Files\McAfee\SystemCore [2016-01-13] [not signed]
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll => No File
CHR Plugin: (Trend Micro Titanium) - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Heidi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll => No File
CHR Profile: C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-09]
StartMenuInternet: Google Chrome.6CFIJ2CA2566IXSEZGUHMQMZCA - C:\Users\Heidi\AppData\Local\Google\Chrome\Application\46.10.2479.2\chromer.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-23] (SUPERAntiSpyware.com)
S3 AvgAMPS; C:\Program Files\AVG\Av\avgamps.exe [627544 2015-12-16] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [3902984 2015-12-16] (AVG Technologies CZ, s.r.o.)
S2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [866216 2015-12-08] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [583936 2015-12-16] (AVG Technologies CZ, s.r.o.)
S2 DeviceMonitorService; C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe [87992 2012-09-07] (Nero AG)
S2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [735776 2010-06-12] (Acer Incorporated)
S2 GREGService; C:\Program Files\Acer\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2016-01-08] (SurfRight B.V.)
S2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 ioloSystemService; C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [4675896 2015-04-28] (iolo technologies, LLC)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [132712 2012-09-05] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [167344 2013-12-17] (McAfee, Inc.)
S2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [210056 2012-08-14] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [159640 2013-12-17] (McAfee, Inc.)
S2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [120728 2012-10-03] ()
S2 MYOB AccountRight Library; C:\Program Files\MYOB\AccountRight\Servers\Huxley.Library.WindowsService.exe [11264 2012-12-04] (MYOB Technology Pty Ltd) [File not signed]
S2 MYOB AccountRight Server 2012.10; C:\Program Files\MYOB\AccountRight\2012.10\AU\Huxley.Server.WindowsService.exe [14752 2012-12-04] (MYOB Technology Pty Ltd)
S2 MYOB AccountRight Server Locator; C:\Program Files\MYOB\AccountRight\Servers\Huxley.ServerLocator.WindowsService.exe [9728 2012-12-04] (MYOB Technology Pty Ltd) [File not signed]
S2 NOBU; C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe [2057560 2010-06-02] (Symantec Corporation)
S2 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [255744 2010-06-29] (NewTech Infosystems, Inc.)
S2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2010-04-17] (NTI, Inc.)
S2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S2 rpcnet; C:\Windows\system32\rpcnet.exe [78032 2015-05-12] (Absolute Software Corp.)
S2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 7A2C1CAC; C:\Windows\System32\drivers\7A2C1CAC.sys [153784 2016-01-09] (Kaspersky Lab ZAO)
S1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [149936 2015-11-06] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [257456 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [231344 2015-08-20] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [229296 2015-10-21] (AVG Technologies CZ, s.r.o.)
S0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [308656 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [194992 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [37296 2015-12-04] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [231856 2015-10-08] (AVG Technologies CZ, s.r.o.)
S3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [294952 2010-06-26] (Broadcom Corporation.)
S1 epp32; C:\EEK\bin\epp32.sys [112408 2016-01-09] (Emsisoft GmbH)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-01-13] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121544 2013-12-17] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [215024 2013-12-17] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [59616 2013-12-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [477584 2013-12-17] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [87816 2013-12-17] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [180720 2013-12-17] (McAfee, Inc.)
S3 NTIDrvr; C:\Windows\system32\drivers\NTIDrvr.sys [15360 2010-04-28] (NTI Corporation)
S2 PDFsFilter; C:\Windows\System32\DRIVERS\PDFsFilter.sys [69016 2015-04-28] (Raxco Software, Inc.)
S1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [28088 2015-04-28] (EldoS Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 swmsflt; C:\Windows\System32\DRIVERS\swmsflt.sys [28288 2009-11-26] ()
S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [222720 2009-10-14] (Sierra Wireless Inc.)
S3 SWUMXA3; C:\Windows\System32\DRIVERS\swumxa3.sys [148992 2009-10-14] (Sierra Wireless Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30848 2016-01-08] ()
S3 UBHelper; C:\Windows\system32\drivers\UBHelper.sys [15360 2010-04-28] (NTI Corporation)
S3 catchme; \??\C:\Users\Heidi\AppData\Local\Temp\catchme.sys [X]
S3 cpuz134; \??\C:\Users\Heidi\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
U2 TMAgent; no ImagePath
U3 mbr; \??\C:\Users\Heidi\AppData\Local\Temp\mbr.sys [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\7A2C1CAC.sys 10003EB659D2EA81AC5222009834CB0D
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 93B49FA857F7036A4EFF32371F6E7391
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
C:\Windows\system32\drivers\appid.sys FE4F2ADE5DBB3B888E9EB0A1FBA1F152
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\avgdiskx.sys E18E4D3EDCB2DF71B48F6ED72BC68654
C:\Windows\System32\DRIVERS\avgidsdriverx.sys 942A03CEA4CD4DF03B7EE643557ACE60
C:\Windows\System32\DRIVERS\avgidshx.sys 58D2DD279EF94567F3ADE0A183AA8E73
C:\Windows\System32\DRIVERS\avgidsshimx.sys B6226F1D3146C8CE136366CEB5DBD256
C:\Windows\System32\DRIVERS\avgldx86.sys 9458A6E6F281873F8F6D8CC4E39BF1A3
C:\Windows\System32\DRIVERS\avglogx.sys 671832356F02077F305F711FF8894BDA
C:\Windows\System32\DRIVERS\avgmfx86.sys 14CC71AD02F0FBA7F0A327F989769336
C:\Windows\System32\DRIVERS\avgrkx86.sys F68A68B42184297BBDAA9AAE7DBBBF16
C:\Windows\System32\DRIVERS\avgtdix.sys 11E801B053479E93C319C51ED4831861
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwl6.sys 11F7B0DF6BA607C904CAF159B999A170
C:\Windows\system32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 77361D72A04F18809D0EFB6CCEB74D4B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\motfilt.sys 4813DF77EDE536A52E3737971F910BAA
C:\Windows\system32\drivers\BthEnum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BTHport.sys 1153DE2E4F5941E10C399CB5592F78A1
C:\Windows\System32\Drivers\BTHUSB.sys C81E9413A25A439F436B1D4B6A0CF9E9
C:\Windows\System32\drivers\btwampfl.sys F8B15E764C1F6E3810BC809EAED97714
C:\Windows\System32\drivers\btwaudio.sys 772994C15198818FEE2314364CD12EE9
C:\Windows\System32\drivers\btwavdt.sys F6A04B6E929C4D57906C76E92025D31C
C:\Windows\System32\DRIVERS\btwl2cap.sys DE53089F0678CB5F0AFEB867ACB0FB05
C:\Windows\System32\DRIVERS\btwrchid.sys BCCBC07CD5CF37F53155C31C434B4A0E
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 33A60554882FDF59CDA3E1806370BBA1
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 780FFC005741C9316576086155E55F56
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 3583A5A8CC2E682BFFBD4630D0FEC08B
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\EEK\bin\epp32.sys 9D281B465EED4623185611F46BB6C83F
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\system32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\system32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBB
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HECI.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys 487569E5DA56A5A432FF8AF6D3599CF9
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys E11ED9B1EA60E747655E1090C7509D08
C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Impcd.sys E3C36AC5AE87EC970AE8EA2A93D59AE1
C:\Windows\System32\drivers\RTKVHDA.sys 2A1ACEC9DA72B39188F007437DA3B008
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys EB34CE31FABD4DC4343FD2AD16D2CAF9
C:\Windows\System32\DRIVERS\k57nd60x.sys 1F55A632DE2EBBD675529B57D5D3714B
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys E58CFE0F44B9775603BA70813D48D66A
C:\Windows\System32\Drivers\ksecpkg.sys 50D1D9B3C24E783B6A8451158215AA55
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys 40C7F4B63337414F967AC53E0520B06B
C:\Windows\system32\drivers\MBAMSwissArmy.sys 5023F594D5448E16F920157174C61358
C:\Windows\system32\drivers\mwac.sys 63254775FE0F974F5316B4EC3F163038
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\mfeapfk.sys D82D7A9E2AC5E8699CE6BB0C390C5C79
C:\Windows\System32\drivers\mfeavfk.sys D8252CDC2CE76F3D5AD51636457FF7B3
C:\Windows\System32\drivers\mfebopk.sys 011920070CACA9E9DB178A6475B51C19
C:\Windows\System32\drivers\mfehidk.sys 3B32918C8CD480FB590ED799EFADA162
C:\Windows\System32\drivers\mferkdet.sys FA0E1F4510CB65ED7E105C8640CC2B46
C:\Windows\System32\drivers\mfewfpk.sys 704DDB296BC40820B544716E0C5F2A99
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\motccgp.sys F55572B150DB90CDBD95038ED287EB50
C:\Windows\System32\DRIVERS\motccgpfl.sys 1B3720C4D16904756D49EF306706B978
C:\Windows\System32\DRIVERS\motswch.sys 140176B235722B6B92B56910ACDF3CC0
C:\Windows\System32\DRIVERS\Motousbnet.sys 28938D6403C55289B7670798C075EF02
C:\Windows\System32\DRIVERS\motusbdevice.sys F780C53D98A0AAD28F5B7403B184AEA1
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys BAD9C0366134BA181514E9263C8CE606
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 03F899F521D2AAED1C55008F734DF252
C:\Windows\System32\DRIVERS\mrxsmb.sys 1D5CC65FECC628397CB72F87DD6A78F3
C:\Windows\System32\DRIVERS\mrxsmb10.sys D405E63A7FEED75B40ACE03E57B44AB5
C:\Windows\System32\DRIVERS\mrxsmb20.sys E688B7D9B5422F23102E1920E19473E9
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\system32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 9804FB2E46077F2977552347DFCA7E05
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\system32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Ntfs.sys C8DFF8D07755A66C7A4A738930F0FEAC
C:\Windows\system32\drivers\NTIDrvr.sys 94E08DCC43F46471D96953E712B6D82B
C:\Windows\system32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\drivers\nvhda32v.sys B4F70FAC4EA61CF150823AA063A39FF9
C:\Windows\System32\DRIVERS\nvlddmkm.sys 38B6C1F4DAF3CD9E67ADCE598E442BD1
C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\Windows\system32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\PDFsFilter.sys 4BF1B60276BE359158F0E68681713872
C:\Windows\System32\drivers\peauth.sys AEBC369F7DC72AB3F5B9BDF34FA0D43F
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\system32\drivers\rawdsk3.sys 31E3692F4EB75BC0722104BAB8402771
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 65375DF758CA1872AB7EBBBA457FD5E6
C:\Windows\system32\Drivers\RDPWD.sys CD9214A6AE17D188D17C3CF8CB9CC693
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\drivers\regi.sys 001B4278407F4303EFC902A2B16F2453
C:\Windows\System32\DRIVERS\revoflt.sys B9BB8E2093C1615AD6EA55AD96214354
C:\Windows\System32\DRIVERS\rfcomm.sys CB928D9E6DAF51879DD6BA8D02F01321
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys F1ED9FFA59C369E72BC53A7631346F61
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 39763504067962108505BFF25F024345
C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 77B9FC20084B48408AD3E87570EB4A85
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\system32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB
C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serscan.sys EDB05BD63148796F23EA78506404A538
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swmsflt.sys 150AB4FA272130EC55B2A4FAEBDF47F9
C:\Windows\System32\DRIVERS\swnc8ua3.sys E67B60CF0482B5381CDBCA203E3AF9CA
C:\Windows\System32\DRIVERS\swumxa3.sys 8D4EE23F4F326D246FA988A9D891D9F1
C:\Windows\System32\DRIVERS\SynTP.sys D776EB85A20696D9D43129CCF6E703E2
C:\Windows\System32\drivers\tcpip.sys 5579DD18546999F5D0EC39D018726C6B
C:\Windows\System32\DRIVERS\tcpip.sys 5579DD18546999F5D0EC39D018726C6B
C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys BB8817D0508DD5EA69C770C8DEF5AB67
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\TrueSight.sys 5BD389925662396A52AEB64901D3C952
C:\Windows\System32\DRIVERS\tssecsrv.sys 6C5139E4283249518F7743D7043775B3
C:\Windows\System32\drivers\tsusbflt.sys 9CE253214ACAA5A7D323327D2055EFAA
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\system32\drivers\UBHelper.sys 91096BD971BF7C1C4CA58C1CE594BB24
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl.sys A176718F0DF45F60F545CF3E14F4D108
C:\Windows\System32\DRIVERS\usbccgp.sys 0803FBA9FE829D61AE26EC0BCC910C46
C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041
C:\Windows\system32\drivers\usbehci.sys D40855F89B69305140BBD7E9A3BA2DA6
C:\Windows\System32\DRIVERS\usbhub.sys EDF2DF71C4F1E13A6AC75F5224DE655A
C:\Windows\system32\drivers\usbohci.sys 9828C8D14CC2676421778F0DE638CF97
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys FC6B21DB4B5B398AB93DBE59CBF11036
C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A
C:\Windows\system32\drivers\usbuhci.sys 800AABFD625EEFF899F7E5496BDE37AB
C:\Windows\System32\Drivers\usbvideo.sys DE014425522610BEDCA3821BB8C0F1D5
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys 7090D3436EEB4E7DA3373090A23448F7
C:\Windows\System32\DRIVERS\vwifimp.sys A3F04CBEA6C2A10E6CB01F8B47611882
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-13 16:22 - 2016-01-13 16:22 - 00025443 _____ C:\Users\Heidi\Desktop\dds.txt
2016-01-13 16:22 - 2016-01-13 16:22 - 00017700 _____ C:\Users\Heidi\Desktop\attach.txt
2016-01-13 16:15 - 2016-01-13 16:15 - 00688992 _____ (Swearware) C:\Users\Heidi\Downloads\dds.com
2016-01-13 16:00 - 2016-01-13 16:01 - 04009167 _____ C:\Users\Heidi\Downloads\ServicesRepair (1).exe
2016-01-13 16:00 - 2016-01-13 16:00 - 04009167 _____ C:\Users\Heidi\Downloads\ServicesRepair.exe
2016-01-13 15:58 - 2016-01-13 16:07 - 00000218 _____ C:\Users\Heidi\Desktop\recovery-scratch-pad.txt
2016-01-13 13:53 - 2016-01-13 13:53 - 00000098 _____ C:\Users\Heidi\Documents\url to review.txt
2016-01-13 13:50 - 2016-01-13 13:50 - 00000711 _____ C:\Users\Heidi\Downloads\ReallyDisableUAC-Win7.zip
2016-01-13 13:02 - 2016-01-13 13:45 - 00000000 ____D C:\Users\Heidi\AppData\Roaming\iolo
2016-01-13 12:44 - 2015-12-24 09:22 - 00341192 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-01-13 12:44 - 2015-12-13 04:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-13 12:44 - 2015-12-13 04:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-01-13 12:44 - 2015-12-13 04:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-01-13 12:44 - 2015-12-13 04:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-01-13 12:44 - 2015-12-13 04:06 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-13 12:44 - 2015-12-13 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-01-13 12:44 - 2015-12-13 04:03 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-13 12:44 - 2015-12-13 04:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-13 12:44 - 2015-12-13 04:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-01-13 12:44 - 2015-12-13 03:58 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-13 12:44 - 2015-12-13 03:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-01-13 12:44 - 2015-12-13 03:57 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-13 12:44 - 2015-12-13 03:57 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-01-13 12:44 - 2015-12-13 03:52 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-01-13 12:44 - 2015-12-13 03:49 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-13 12:44 - 2015-12-13 03:44 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-01-13 12:44 - 2015-12-13 03:42 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-01-13 12:44 - 2015-12-13 03:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-13 12:44 - 2015-12-13 03:40 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-13 12:44 - 2015-12-13 03:38 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-01-13 12:44 - 2015-12-13 03:32 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-01-13 12:44 - 2015-12-13 03:30 - 12856320 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-13 12:44 - 2015-12-13 03:30 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-13 12:44 - 2015-12-13 03:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-01-13 12:44 - 2015-12-13 03:30 - 00687104 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-13 12:44 - 2015-12-13 03:30 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-01-13 12:44 - 2015-12-13 03:11 - 02011136 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-13 12:44 - 2015-12-13 03:08 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-13 12:44 - 2015-12-13 03:06 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-13 12:43 - 2015-12-13 04:32 - 20367360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-13 12:43 - 2015-12-13 04:07 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-13 12:43 - 2015-12-13 03:57 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-13 12:43 - 2015-12-13 03:39 - 04610560 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-13 12:42 - 2015-12-31 05:17 - 03993536 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-01-13 12:42 - 2015-12-31 05:17 - 03938240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-13 12:42 - 2015-12-31 05:17 - 00138176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-13 12:42 - 2015-12-31 05:14 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-13 12:42 - 2015-12-31 05:11 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-01-13 12:42 - 2015-12-31 05:10 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-01-13 12:42 - 2015-12-31 05:10 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-13 12:42 - 2015-12-31 05:09 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-13 12:42 - 2015-12-31 05:09 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-01-13 12:42 - 2015-12-31 05:09 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-13 12:42 - 2015-12-31 05:08 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-01-13 12:41 - 2015-12-31 05:17 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-01-13 12:41 - 2015-12-31 05:11 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-01-13 12:41 - 2015-12-31 05:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-01-13 12:41 - 2015-12-31 05:11 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-01-13 12:41 - 2015-12-31 05:11 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-01-13 12:41 - 2015-12-31 05:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-01-13 12:41 - 2015-12-31 05:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-01-13 12:41 - 2015-12-31 05:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-01-13 12:41 - 2015-12-31 05:08 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-01-13 12:41 - 2015-12-31 05:08 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-01-13 12:41 - 2015-12-31 05:07 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-01-13 12:41 - 2015-12-31 05:07 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-01-13 12:41 - 2015-12-31 04:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-01-13 12:41 - 2015-12-31 04:08 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-01-13 12:41 - 2015-12-31 04:02 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-01-13 12:41 - 2015-12-31 04:02 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-13 12:41 - 2015-12-31 04:02 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-13 12:41 - 2015-12-31 04:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-01-13 12:41 - 2015-12-31 04:00 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-01-13 12:41 - 2015-12-31 04:00 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-01-13 12:41 - 2015-12-31 04:00 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-01-13 12:36 - 2015-12-12 05:05 - 00951808 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-01-13 12:36 - 2015-11-17 06:42 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-13 12:20 - 2016-01-13 12:20 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-01-13 12:14 - 2015-04-28 12:56 - 00028088 _____ (EldoS Corporation) C:\Windows\system32\Drivers\rawdsk3.sys
2016-01-13 07:40 - 2016-01-13 07:40 - 00034839 _____ C:\ComboFix.txt
2016-01-13 07:27 - 2016-01-13 12:12 - 00000000 ____D C:\Users\Heidi\Desktop\malware cleanup
2016-01-13 06:03 - 2016-01-13 10:39 - 00000000 ____D C:\Users\Heidi\AppData\Local\CrashDumps
2016-01-12 10:06 - 2016-01-14 05:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp
2016-01-12 08:39 - 2015-10-09 09:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-01-12 08:39 - 2015-10-09 09:43 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2016-01-12 08:39 - 2015-10-09 09:43 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2016-01-12 08:39 - 2015-10-09 09:43 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2016-01-12 08:39 - 2015-10-09 05:43 - 00419928 _____ C:\Windows\system32\locale.nls
2016-01-11 07:24 - 2016-01-11 07:24 - 408380236 _____ C:\Windows\MEMORY.DMP
2016-01-11 07:24 - 2016-01-11 07:24 - 00140192 _____ C:\Windows\Minidump\011116-51870-01.dmp
2016-01-10 20:58 - 2016-01-10 20:58 - 00000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 294bb010-f68f-4b13-b7a5-5dd3cbb5df37.job
2016-01-10 20:58 - 2016-01-10 20:58 - 00000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 03741925-f22c-4d86-8278-ee5c781d0084.job
2016-01-10 20:57 - 2016-01-10 20:57 - 00000000 ____D C:\Users\Heidi\AppData\Roaming\SUPERAntiSpyware.com
2016-01-10 20:56 - 2016-01-13 12:10 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-01-10 20:56 - 2016-01-10 20:56 - 00380416 _____ C:\Users\Heidi\Downloads\yif0fsvl.exe
2016-01-10 20:56 - 2016-01-10 20:56 - 00001969 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2016-01-10 20:56 - 2016-01-10 20:56 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-01-10 20:56 - 2016-01-10 20:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-01-10 20:55 - 2016-01-10 20:55 - 01665552 _____ (NoVirusThanks Company Srl ) C:\Users\Heidi\Downloads\SmartObjectBlocker_Setup.exe
2016-01-10 20:53 - 2016-01-10 20:53 - 24384072 _____ (SUPERAntiSpyware) C:\Users\Heidi\Downloads\SUPERAntiSpyware.exe
2016-01-10 10:25 - 2016-01-10 10:25 - 00002125 _____ C:\Users\Heidi\Desktop\Tweaking.com - Windows Repair.lnk
2016-01-10 10:24 - 2016-01-10 10:24 - 00000550 _____ C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job
2016-01-10 10:24 - 2016-01-10 10:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-01-10 10:23 - 2016-01-10 10:25 - 00176606 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2016-01-10 10:23 - 2016-01-10 10:23 - 21102632 _____ (Tweaking.com) C:\Users\Heidi\Downloads\tweaking.com_windows_repair_aio_setup.exe
2016-01-10 10:23 - 2016-01-10 10:23 - 00000000 ____D C:\Program Files\Tweaking.com
2016-01-10 10:05 - 2016-01-10 10:06 - 239126136 _____ C:\Users\Heidi\Downloads\Windows6.1-KB947821-v34-x86.msu
2016-01-10 10:01 - 2016-01-10 10:01 - 00302011 _____ C:\Users\Heidi\Downloads\WindowsUpdateDiagnostic.diagcab
2016-01-10 09:42 - 2016-01-10 09:42 - 00001185 _____ C:\Windows\system32\wuapp.exe - Shortcut.lnk
2016-01-09 23:54 - 2016-01-10 09:31 - 00000000 ____D C:\KVRT_Data
2016-01-09 23:54 - 2016-01-09 23:54 - 00153784 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\7A2C1CAC.sys
2016-01-09 23:50 - 2016-01-09 23:50 - 01497400 _____ (Microsoft Corporation) C:\Users\Heidi\Downloads\NDP46-KB3045560-Web.exe
2016-01-09 23:29 - 2016-01-09 23:53 - 95849800 _____ (Kaspersky Lab ZAO) C:\Users\Heidi\Downloads\KVRT (1).exe
2016-01-09 23:15 - 2016-01-09 23:16 - 95849800 _____ (Kaspersky Lab ZAO) C:\Users\Heidi\Downloads\KVRT.exe
2016-01-09 23:13 - 2016-01-09 23:13 - 00080596 _____ C:\Users\Heidi\Downloads\OTL.Txt
2016-01-09 23:13 - 2016-01-09 23:13 - 00069340 _____ C:\Users\Heidi\Downloads\Extras.Txt
2016-01-09 23:04 - 2016-01-09 23:04 - 00602112 _____ (OldTimer Tools) C:\Users\Heidi\Downloads\OTL.exe
2016-01-09 22:51 - 2016-01-09 22:51 - 00000000 ____D C:\ProgramData\ioloGovernor
2016-01-09 22:49 - 2016-01-09 22:31 - 00024064 _____ C:\Windows\zoek-delete.exe
2016-01-09 22:31 - 2016-01-09 22:44 - 00000000 ____D C:\zoek_backup
2016-01-09 22:25 - 2016-01-11 07:27 - 00120256 _____ C:\Users\Heidi\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-09 22:23 - 2016-01-09 22:23 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-01-09 22:22 - 2016-01-13 11:06 - 00462520 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-09 21:50 - 2016-01-09 21:50 - 00652800 _____ C:\Users\Heidi\Downloads\MicrosoftFixit50362.msi
2016-01-09 21:24 - 2016-01-09 21:24 - 00000722 _____ C:\Users\Heidi\Desktop\Start Emsisoft Emergency Kit.lnk
2016-01-09 21:23 - 2016-01-09 21:24 - 00000000 ____D C:\EEK
2016-01-09 21:20 - 2016-01-09 21:21 - 173451024 _____ C:\Users\Heidi\Downloads\EmsisoftEmergencyKit.exe
2016-01-09 21:20 - 2016-01-09 21:20 - 00000722 _____ C:\Users\Heidi\Desktop\cc_20160109_212045 sat two.reg
2016-01-09 21:19 - 2016-01-09 21:19 - 00224968 _____ (ESET) C:\Users\Heidi\Downloads\ESETPoweliksCleaner.exe
2016-01-09 21:19 - 2016-01-09 21:19 - 00000022 _____ C:\Users\Heidi\Downloads\ESETPoweliksCleaner.exe_20160109.211912.3048.zip
2016-01-09 21:15 - 2016-01-09 21:15 - 00000973 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-01-09 21:10 - 2016-01-09 21:13 - 00009440 _____ C:\Users\Heidi\Desktop\c cleaner fix sat night cc_20160109_211030.reg
2016-01-09 21:09 - 2016-01-13 16:22 - 01120122 _____ C:\Windows\ntbtlog.txt
2016-01-09 21:09 - 2016-01-09 21:09 - 06805440 _____ (Piriform Ltd) C:\Users\Heidi\Downloads\ccsetup_513.exe
2016-01-09 21:09 - 2016-01-09 21:09 - 00002209 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-09 21:09 - 2016-01-09 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-01-09 21:08 - 2016-01-09 21:08 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d14ac9e0d41f4b.job
2016-01-09 21:08 - 2016-01-09 21:08 - 00000000 ____D C:\Users\Heidi\AppData\Local\Deployment
2016-01-08 13:24 - 2010-03-08 20:40 - 00009216 _____ (Kephyr) C:\Windows\system32\ffnd.exe
2016-01-08 08:06 - 2016-01-08 08:19 - 00000000 ____D C:\Users\Heidi\AppData\Local\FreeFixer
2016-01-08 08:06 - 2016-01-08 08:06 - 00000000 ____D C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
2016-01-08 08:06 - 2016-01-08 08:06 - 00000000 ____D C:\Program Files\FreeFixer
2016-01-08 08:00 - 2016-01-08 08:00 - 00003828 _____ C:\Windows\system32\.crusader
2016-01-08 07:36 - 2016-01-08 07:36 - 00001901 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-01-08 07:36 - 2016-01-08 07:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-01-08 07:36 - 2016-01-08 07:36 - 00000000 ____D C:\Program Files\HitmanPro
2016-01-08 07:35 - 2016-01-08 13:27 - 00000000 ____D C:\ProgramData\HitmanPro
2016-01-08 00:34 - 2016-01-08 00:34 - 00000172 _____ C:\avgrep.txt
2016-01-08 00:33 - 2016-01-08 00:33 - 00000172 _____ C:\Windows\system32\avgrep.txt
2016-01-08 00:30 - 2016-01-14 05:22 - 00000000 ____D C:\Users\Heidi\AppData\Roaming\AVG
2016-01-08 00:30 - 2016-01-08 00:30 - 00000000 ____D C:\Users\Heidi\AppData\Roaming\TuneUp Software
2016-01-08 00:30 - 2016-01-08 00:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-01-08 00:29 - 2016-01-13 15:46 - 00000000 ____D C:\ProgramData\MFAData
2016-01-08 00:29 - 2016-01-08 00:29 - 00000000 ____D C:\Users\Heidi\AppData\Local\MFAData
2016-01-08 00:29 - 2016-01-08 00:29 - 00000000 ____D C:\$AVG
2016-01-08 00:28 - 2016-01-08 00:28 - 00000832 _____ C:\Users\Public\Desktop\AVG.lnk
2016-01-08 00:28 - 2016-01-08 00:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-01-08 00:27 - 2016-01-14 05:22 - 00000000 ____D C:\ProgramData\Avg
2016-01-08 00:27 - 2016-01-14 05:22 - 00000000 ____D C:\Program Files\AVG
2016-01-08 00:27 - 2016-01-12 10:06 - 00000000 ____D C:\Users\Heidi\AppData\Local\Avg
2016-01-08 00:27 - 2016-01-12 10:05 - 00000000 ____D C:\Users\Heidi\AppData\Local\AvgSetupLog
2016-01-07 23:45 - 2016-01-07 23:56 - 00226598 _____ C:\TDSSKiller.3.1.0.9_07.01.2016_23.45.14_log.txt
2016-01-07 23:43 - 2016-01-08 07:38 - 00030848 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-01-07 23:43 - 2016-01-07 23:55 - 00000000 ____D C:\ProgramData\RogueKiller
2016-01-07 22:53 - 2016-01-07 22:54 - 00000306 _____ C:\Windows\Tasks\Chrome Cleanup Tool logs upload retry.job
2016-01-07 22:51 - 2016-01-07 22:52 - 04476744 _____ (Google) C:\Users\Heidi\Downloads\chrome_cleanup_tool.exe
2016-01-07 22:51 - 2016-01-07 22:51 - 22908888 _____ (Malwarebytes ) C:\Users\Heidi\Downloads\mbam-setup-2.2.0.1024.exe
2016-01-07 22:14 - 2016-01-09 21:51 - 00000000 ____D C:\Users\Heidi\AppData\Roaming\ZHP
2016-01-07 22:10 - 2016-01-13 16:27 - 00000000 ____D C:\FRST
2016-01-07 21:41 - 2016-01-07 21:41 - 01749504 _____ C:\Users\Heidi\Downloads\AdwCleaner.exe
2016-01-07 19:59 - 2016-01-07 19:59 - 00000000 ____D C:\Users\Heidi\Documents\ProcAlyzer Dumps
2016-01-07 19:46 - 2009-06-11 08:09 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20160107-194615.backup
2016-01-07 19:20 - 2016-01-08 00:46 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-07 19:20 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-01-07 18:49 - 2016-01-07 20:27 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-01-07 18:49 - 2016-01-07 19:50 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2016-01-07 18:49 - 2016-01-07 18:49 - 00002139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-01-07 18:49 - 2016-01-07 18:49 - 00002127 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-01-07 18:49 - 2016-01-07 18:49 - 00000644 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2016-01-07 18:49 - 2016-01-07 18:49 - 00000616 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2016-01-07 18:49 - 2016-01-07 18:49 - 00000446 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2016-01-07 18:49 - 2016-01-07 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-01-07 18:49 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2016-01-06 14:32 - 2016-01-06 14:33 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Heidi\Downloads\spybot-2.4.exe
2016-01-05 19:28 - 2016-01-05 19:28 - 00001439 _____ C:\Users\Heidi\Documents\tech support.txt
2016-01-05 18:53 - 2015-11-12 05:09 - 01242624 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2016-01-05 18:53 - 2015-11-12 05:09 - 00487936 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2016-01-05 18:53 - 2015-11-11 05:09 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-01-05 18:53 - 2015-11-11 05:09 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-01-05 18:53 - 2015-11-11 05:09 - 00811520 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-01-05 18:53 - 2015-11-11 04:10 - 02386944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-05 18:47 - 2015-11-06 05:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-01-05 18:42 - 2015-11-21 05:04 - 02956800 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-01-05 18:42 - 2015-11-21 05:04 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-01-05 18:42 - 2015-11-21 05:04 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-01-05 18:42 - 2015-11-21 05:04 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-01-05 18:42 - 2015-11-21 05:04 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-01-05 18:42 - 2015-11-21 05:04 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-01-05 18:42 - 2015-11-21 05:04 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-01-05 18:42 - 2015-11-21 05:04 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-01-05 18:42 - 2015-11-21 05:03 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-01-05 18:42 - 2015-11-21 05:03 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-01-05 18:42 - 2015-11-21 05:03 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-01-05 18:41 - 2015-11-04 05:26 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2016-01-05 18:41 - 2015-11-04 05:25 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2016-01-05 18:36 - 2015-11-06 05:32 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2016-01-05 18:36 - 2015-11-05 20:18 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2016-01-05 18:30 - 2016-01-05 18:31 - 00000000 ____D C:\Users\Heidi\AppData\Local\Citrix
2015-12-15 16:25 - 2015-12-15 16:25 - 00024711 _____ C:\Users\Heidi\Documents\Pay Advice WK 201622 4117242 (002).pdf
2015-12-15 16:25 - 2015-12-15 16:25 - 00024393 _____ C:\Users\Heidi\Documents\Pay Advice WK 201623 4117242.pdf
2015-12-15 16:24 - 2015-12-15 16:24 - 00024968 _____ C:\Users\Heidi\Documents\Pay Advice WK 201621 4117242.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-14 05:23 - 2015-06-22 20:03 - 00000000 ____D C:\Windows\erdnt
2016-01-14 05:23 - 2013-11-25 11:59 - 00000000 ____D C:\Users\MYOB_SERVICE
2016-01-14 05:23 - 2009-07-14 13:07 - 00000000 ____D C:\Windows\registration
2016-01-14 05:23 - 2009-07-14 13:07 - 00000000 ____D C:\Windows\inf
2016-01-14 05:23 - 2007-07-12 12:18 - 00000000 ____D C:\Windows
2016-01-14 05:22 - 2015-06-22 20:04 - 00000000 ____D C:\Qoobox
2016-01-13 16:17 - 2009-07-14 15:04 - 00021680 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-13 16:17 - 2009-07-14 15:04 - 00021680 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-13 16:14 - 2011-12-30 17:02 - 00000000 ____D C:\temp
2016-01-13 16:12 - 2015-08-30 19:57 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-13 16:11 - 2010-12-03 11:39 - 00078032 _____ (Absolute Software Corp.) C:\Windows\system32\rpcnet.dll
2016-01-13 16:11 - 2010-09-24 21:24 - 00017920 _____ C:\Windows\system32\rpcnetp.exe
2016-01-13 16:10 - 2009-07-14 15:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-13 14:34 - 2013-12-17 18:40 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-01-13 14:34 - 2013-11-24 19:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-01-13 14:31 - 2010-09-24 21:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-13 14:31 - 2010-09-24 21:46 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-13 14:15 - 2009-07-14 12:34 - 00000478 _____ C:\Windows\win.ini
2016-01-13 12:09 - 2012-06-18 14:16 - 00000000 ____D C:\Windows\pss
2016-01-13 11:05 - 2010-12-01 22:19 - 00000000 ____D C:\Users\Heidi
2016-01-12 01:24 - 2010-09-24 21:41 - 00776356 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-11 22:56 - 2009-07-14 13:07 - 00000000 ____D C:\Windows\rescache
2016-01-11 19:43 - 2015-03-30 18:04 - 00000000 ____D C:\QUARANTINE
2016-01-11 07:24 - 2011-02-06 12:51 - 00000000 ____D C:\Windows\Minidump
2016-01-11 07:24 - 2010-10-09 09:42 - 00000000 ____D C:\Windows\CSC
2016-01-09 22:20 - 2015-07-20 20:50 - 00000000 ____D C:\AdwCleaner
2016-01-09 21:08 - 2013-07-19 14:07 - 00000000 ____D C:\Program Files\Google
2016-01-09 21:08 - 2012-10-27 12:24 - 00000000 ____D C:\Users\Heidi\AppData\Local\Apps\2.0
2016-01-08 07:40 - 2015-09-15 13:08 - 00001068 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-08 07:40 - 2015-08-30 19:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-08 07:40 - 2015-08-30 19:57 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-01-07 23:35 - 2015-09-15 13:19 - 00000000 ____D C:\ProgramData\chrome
2016-01-07 23:13 - 2009-07-14 13:07 - 00000000 ____D C:\Windows\Branding
2016-01-07 22:41 - 2015-07-20 21:17 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts_bak_668
2016-01-07 22:41 - 2009-07-14 12:34 - 00000215 _____ C:\Windows\system.ini
2016-01-07 20:47 - 2011-04-17 10:46 - 00270336 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2016-01-07 19:34 - 2015-08-30 20:47 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e30d1de9296c.job.bak
2016-01-07 19:34 - 2013-07-19 14:07 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job.bak
2016-01-07 18:54 - 2011-12-30 16:42 - 00000000 ____D C:\ProgramData\Trend Micro
2016-01-07 18:53 - 2012-09-12 10:48 - 00000000 ____D C:\Users\Heidi\AppData\Local\Trend Micro
2016-01-06 18:45 - 2015-07-20 23:09 - 00000000 ____D C:\Windows\system32\config\SM Registry Backup
2016-01-06 14:32 - 2015-05-12 13:51 - 00000000 ___SD C:\Windows\system32\GWX
2016-01-06 14:32 - 2013-01-24 14:27 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2389295840-1087922188-2448313287-1000UA.job.bak
2016-01-06 14:32 - 2013-01-24 14:27 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2389295840-1087922188-2448313287-1000Core.job.bak
2016-01-05 19:26 - 2015-07-20 21:27 - 00000000 ____D C:\Users\Heidi\AppData\LocalLow\Adblock Plus for IE
2016-01-05 19:11 - 2013-07-19 14:07 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job.bak
2016-01-03 21:24 - 2013-08-14 21:42 - 00000000 ____D C:\Windows\system32\MRT
 
==================== Files in the root of some directories =======
 
2013-11-24 12:41 - 2013-11-24 12:41 - 0000036 _____ () C:\Users\Heidi\AppData\Local\housecall.guid.cache
2014-10-15 15:19 - 2014-10-15 15:19 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-08-24 13:25 - 2015-08-24 13:25 - 0000064 _____ () C:\ProgramData\ifcvluml.log
2015-08-24 13:26 - 2015-08-24 13:26 - 0000064 _____ () C:\ProgramData\jvfrddhe.log
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume2
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {da0b1887-d338-11df-b368-f5020a344575}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {da0b1889-d338-11df-b368-f5020a344575}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {da0b1887-d338-11df-b368-f5020a344575}
nx                      OptIn
 
Windows Boot Loader
-------------------
identifier              {da0b1889-d338-11df-b368-f5020a344575}
device                  ramdisk=[C:]\Recovery\da0b1889-d338-11df-b368-f5020a344575\Winre.wim,{da0b188a-d338-11df-b368-f5020a344575}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\da0b1889-d338-11df-b368-f5020a344575\Winre.wim,{da0b188a-d338-11df-b368-f5020a344575}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {da0b1887-d338-11df-b368-f5020a344575}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume2
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {da0b188a-d338-11df-b368-f5020a344575}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\da0b1889-d338-11df-b368-f5020a344575\boot.sdi
 
 
 
LastRegBack: 2016-01-11 22:48
 
==================== End of FRST.txt ============================

Attached Files


Edited by BobReynolds, 13 January 2016 - 01:07 AM.


BC AdBot (Login to Remove)

 


#2 BobReynolds

BobReynolds
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 13 January 2016 - 01:11 AM

Can only interact with the environment via Safe Mode..

 

have tried the registry hacks to play with UAC - but to no avail..

 

http://www.vistax64.com/system-security/279435-cannot-disable-uac-button-does-not-do-anything.html - but went hunting for the registry settings on microsoft.com for Win7...
 
SOME applications will run outside of safemode (not many) - was wondering if this was tied to .NET dependenices - tried to re-install .NET - but the installer wont run with this issue, and .NET wont install in Safe mode!
 
tried un-installing and installing apps - but that doesnt work in either Safe mode or normal mode
 
 
have tried using MSCONFIG  - and going for minimal boot - that made no impact
have tried trawling the registry to manually remove startup items and to inject my own... that didnt work
 
so now i'm lost for next steps.....


#3 BobReynolds

BobReynolds
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 14 January 2016 - 06:48 AM

Also tried

Servicesrepair.exe
Aswmbr.exe
Freefixer.exe
Hitmanpro.exe
Rkill.exe
Roguekiller.exe
Jrt.exe
Gmer

Last ditch, tried for windows 10 upgrade , if hangs on dowloading, no network activity according to task mgr. Triedto start and stop bits and wuauserv.....'system error 5 has occured. Access is denied'

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:43 AM

Posted 14 January 2016 - 11:34 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:
cmd: netsh winsock reset

HKLM\...\RunOnce: [{3C0E014E-9A86-4C77-A8C7-9B5E7F617CE2}] => cmd.exe /C start /D "C:\Users\Heidi\AppData\Local\Temp\{C74CF0F1-F534-4A64-81C6-2A33B4B5100F}" /B {3C0E014E-9A86-4C77-A8C7-9B5E7F617CE2}.exe -accepteula -postboot <===== ATTENTION
HKU\S-1-5-21-2389295840-1087922188-2448313287-1000\...\Run: [fix2] => f:\yif0fsvl.exe [380416 2016-01-10] ()
HKU\S-1-5-21-2389295840-1087922188-2448313287-1000\...\Run: [Fix1] => f:\kvrt.exe [95849800 2016-01-09] (Kaspersky Lab ZAO)
HKU\S-1-5-21-2389295840-1087922188-2448313287-1000\...\Run: [fix3] => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe [9832760 2015-10-05] (Malwarebytes)
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2389295840-1087922188-2448313287-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -  No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -  No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll [No File]
FF Plugin HKU\S-1-5-21-2389295840-1087922188-2448313287-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Heidi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [No File]
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll => No File
CHR Plugin: (Trend Micro Titanium) - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll => No File
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Heidi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll => No File
S3 catchme; \??\C:\Users\Heidi\AppData\Local\Temp\catchme.sys [X]
S3 cpuz134; \??\C:\Users\Heidi\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
U2 TMAgent; no ImagePath
U3 mbr; \??\C:\Users\Heidi\AppData\Local\Temp\mbr.sys [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please post the fixlog for my review.
===

Post also the Addition.txt file that was created by the Farbar tool.

Let me know what problem persists.

p.s.
Do not install and remove any programs before we have a chance to clean this computer.

Edited by nasdaq, 14 January 2016 - 11:35 AM.


#5 BobReynolds

BobReynolds
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 14 January 2016 - 05:12 PM

Fix result of Farbar Recovery Scan Tool (x86) Version:06-01-2015
Ran by Heidi (2016-01-15 08:33:06) Run:1
Running from F:\
Loaded Profiles: Heidi (Available Profiles: Heidi & MYOB_SERVICE)
Boot Mode: Safe Mode (with Networking)
 
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
cmd: netsh winsock reset
 
HKLM\...\RunOnce: [{3C0E014E-9A86-4C77-A8C7-9B5E7F617CE2}] => cmd.exe /C start /D "C:\Users\Heidi\AppData\Local\Temp\{C74CF0F1-F534-4A64-81C6-2A33B4B5100F}" /B {3C0E014E-9A86-4C77-A8C7-9B5E7F617CE2}.exe -accepteula -postboot <===== ATTENTION
HKU\S-1-5-21-2389295840-1087922188-2448313287-1000\...\Run: [fix2] => f:\yif0fsvl.exe [380416 2016-01-10] ()
HKU\S-1-5-21-2389295840-1087922188-2448313287-1000\...\Run: [Fix1] => f:\kvrt.exe [95849800 2016-01-09] (Kaspersky Lab ZAO)
HKU\S-1-5-21-2389295840-1087922188-2448313287-1000\...\Run: [fix3] => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe [9832760 2015-10-05] (Malwarebytes)
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2389295840-1087922188-2448313287-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -  No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -  No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll [No File]
FF Plugin HKU\S-1-5-21-2389295840-1087922188-2448313287-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Heidi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [No File]
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll => No File
CHR Plugin: (Trend Micro Titanium) - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll => No File
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Heidi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll => No File
S3 catchme; \??\C:\Users\Heidi\AppData\Local\Temp\catchme.sys [X]
S3 cpuz134; \??\C:\Users\Heidi\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
U2 TMAgent; no ImagePath
U3 mbr; \??\C:\Users\Heidi\AppData\Local\Temp\mbr.sys [X]
 
End
*****************
 
Error: Restore point can only be created in normal mode.
Processes closed successfully.
 
=========  netsh winsock reset =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\{3C0E014E-9A86-4C77-A8C7-9B5E7F617CE2} => value removed successfully.
HKU\S-1-5-21-2389295840-1087922188-2448313287-1000\Software\Microsoft\Windows\CurrentVersion\Run\\fix2 => value not found.
HKU\S-1-5-21-2389295840-1087922188-2448313287-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Fix1 => value removed successfully.
HKU\S-1-5-21-2389295840-1087922188-2448313287-1000\Software\Microsoft\Windows\CurrentVersion\Run\\fix3 => value removed successfully.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008" => key removed successfully.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000009" => key removed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-2389295840-1087922188-2448313287-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKCR\PROTOCOLS\Handler\tmbp" => key removed successfully.
HKCR\CLSID\{1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} => key not found. 
"HKCR\PROTOCOLS\Handler\tmpx" => key removed successfully.
HKCR\CLSID\{0E526CB5-7446-41D1-A403-19BFE95E8C23} => key not found. 
"HKCR\PROTOCOLS\Handler\tmtbim" => key removed successfully.
HKCR\CLSID\{0B37915C-8B98-4B9E-80D4-464D2C830D10} => key not found. 
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully.
"HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension" => key removed successfully.
"HKU\S-1-5-21-2389295840-1087922188-2448313287-1000\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin" => key removed successfully.
C:\Users\Heidi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll => not found.
C:\Program Files\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files\Google\Chrome\Application\47.0.2526.106\pdf.dll => not found.
C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => not found.
C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll => not found.
C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll => not found.
C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll => not found.
C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll => not found.
C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll => not found.
C:\Users\Heidi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll => not found.
C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll => not found.
catchme => service removed successfully.
cpuz134 => service removed successfully.
TMAgent => service removed successfully.
mbr => service not found.
EmptyTemp: => 138.8 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 08:33:14 ====
 
 
 
note this didnt produce an addition.log - i had one in the same directory from 7/jan... wondering if one wasnt created, or it doesnt over-write by default?


#6 BobReynolds

BobReynolds
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 14 January 2016 - 05:13 PM

HKU\S-1-5-21-2389295840-1087922188-2448313287-1000\...\Run: [fix2] => f:\yif0fsvl.exe [380416 2016-01-10] ()
HKU\S-1-5-21-2389295840-1087922188-2448313287-1000\...\Run: [Fix1] => f:\kvrt.exe [95849800 2016-01-09] (Kaspersky Lab ZAO)
HKU\S-1-5-21-2389295840-1087922188-2448313287-1000\...\Run: [fix3] => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe [9832760 2015-10-05] (Malwarebytes)
 
also note these were all me...
 
the first one was me trying to get GMER to run early on startup incase something executing prior was blocking it


#7 BobReynolds

BobReynolds
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 14 January 2016 - 06:13 PM

I cleaned up the old addition.txt and re-ran your FRST script, it didn't create an addition.txt file



#8 BobReynolds

BobReynolds
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 15 January 2016 - 12:45 AM

i'm going to be kicking off a 20 hour road-trip and be 2000km away from this laptop tomorrow -so needed to try something..

 

although i'd tried some Registry hacks to test the UAC corruption theory , I tried a few more things..

 

I think the UAC settings tool at http://www.itknowledge24.com/ - (off a link from - http://answers.microsoft.com/en-us/windows/forum/windows_7-security/cant-access-change-user-account-control-settings/da8c63a9-f995-4e8b-88d8-34c4d813084e?auth=1 ) ....did the trick, i can now..

 

  • run applications without "The specified Service does not exist as an installed Service"
  • I can access my UAC settings
  • I can create new user accounts..

 

I think i have control of the environment again...



#9 BobReynolds

BobReynolds
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 15 January 2016 - 12:55 AM

successfully installed Trend Titanium, the only thing it found (After all the other malware/spyware/adware the other tools had swept for while the install was corruupted) was 

neededware.com

https://forums.techguy.org/threads/neededware-com.370442/

http://www.techsupportforum.com/forums/f284/neededware-com-causing-several-problems-63739.html

http://www.geekstogo.com/forum/topic/38779-neededwarecom-removal-closed/



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:43 AM

Posted 15 January 2016 - 10:53 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:43 AM

Posted 21 January 2016 - 10:31 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users