Trojan.agent Svchost No Network Adapter Installed

[gomer]

OK... on the computer at my office someone downloaded something they shouldn't have. I've only worked here about a month and they have been dealing with this issue apparently for about 6 months or so. Only protection that was on the computer was Microsoft Security Essentials. The computer says that there is no network adapter installed. Following some others advice I installed malwarebytes. It found multiple threats after I checked also detect rootkits. After all that the scans showed clean but still had no network adapter. I then downloaded malwarebytes rootkit and ran the fixdamage tool. Boom I had internet. Then I rebooted. No internet. I would have to run fixdamage each time and restart to have internet. Now that doesn't even do it. I appreciate your help. 

[kevinf80]

Hello and

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

See if you run the two following scans and post the produced logs. If no internet d/l and save to flash drive, transfer to sick PC. Same with logs transfer back with flash drive..

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• 
  

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Next,

 

Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue.

Make sure the following options are checked:

 

• 
  

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender

 

• 
  

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

 

Kevin

[gomer]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2014

Ran by trico (administrator) on TRICO-PC on 22-04-2014 13:35:47

Running from C:\Users\trico\Desktop

Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe

(AMD) C:\Windows\system32\atiesrxx.exe

(AMD) C:\Windows\system32\atieclxx.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SMSSQL\MSSQL\Binn\sqlservr.exe

(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe

(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe

(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe

(Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2011\QBDBMgrN.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

() C:\Program Files (x86)\SMSSQL\ScaleCOM.exe

(Creative Information Systems, Inc.) C:\Program Files (x86)\SMSSQL\smssql.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(Creative Information Systems) C:\Program Files (x86)\SMSSQL\CRNTicket.exe

(Microsoft Corporation) C:\Windows\system32\wbem\WMIADAP.EXE

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)

HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\THXCfg64.dll [17920 2009-10-15] (Creative Technology Ltd.)

HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\EptMon64.dll [21504 2009-10-15] (Creative Technology Ltd.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)

HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-01-04] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)

HKLM-x32\...\Run: [updReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-01-13] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [brStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2678784 2011-10-18] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-03-25] (AVAST Software)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKU\.DEFAULT\...\RunOnce: [shockwave Updater] - C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1159615.exe [467224 2010-10-22] (Adobe Systems, Inc.)

HKU\S-1-5-21-2456743143-1518578837-1124280601-1000\...\MountPoints2: {4aefb290-b390-11e0-8412-782bcbb325f5} - K:\LaunchU3.exe -a

HKU\S-1-5-21-2456743143-1518578837-1124280601-1000\...\MountPoints2: {a2ff0faf-4d25-11e3-805b-934840636cee} - J:\Bolt.exe

HKU\S-1-5-21-2456743143-1518578837-1124280601-1000\...\MountPoints2: {bc632d99-3b89-11e1-8233-782bcbb325f5} - I:\LaunchU3.exe -a

HKU\S-1-5-21-2456743143-1518578837-1124280601-1000\...\MountPoints2: {df51a14f-d1c4-11e2-a7af-782bcbb325f5} - I:\MotoCastSetup.exe -a

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centurylink.net/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1

SearchScopes: HKCU - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = 

BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File

BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File

BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File

Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} -  No File

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File

Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)

Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)

Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

 

FireFox:

========

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File

FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File

FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

Chrome: 

=======

CHR Extension: (Google Docs) - C:\Users\trico\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-11]

CHR Extension: (Google Drive) - C:\Users\trico\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-11]

CHR Extension: (YouTube) - C:\Users\trico\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-11]

CHR Extension: (Google Search) - C:\Users\trico\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-11]

CHR Extension: (Google Wallet) - C:\Users\trico\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-11]

CHR Extension: (Gmail) - C:\Users\trico\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-11]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-03-25]

 

==================== Services (Whitelisted) =================

 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-25] (AVAST Software)

S4 HawkesUpdater; C:\Program Files (x86)\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe [8192 2003-04-18] ()

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)

R2 MSSQL$SMSSQL; C:\Program Files\Microsoft SQL Server\MSSQL10.SMSSQL\MSSQL\Binn\sqlservr.exe [57820696 2008-08-15] (Microsoft Corporation)

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)

R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)

R3 QuickBooksDB21; C:\Program Files (x86)\Intuit\QuickBooks 2011\QBDBMgrN.exe [679936 2010-04-27] (Intuit, Inc.)

S4 SQLAgent$SMSSQL; C:\Program Files\Microsoft SQL Server\MSSQL10.SMSSQL\MSSQL\Binn\SQLAGENT.EXE [430616 2008-08-15] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-03-25] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-03-25] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-03-25] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-03-25] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-03-25] (AVAST Software)

R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-03-25] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-03-25] ()

S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-28] (Atheros Communications, Inc.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-22] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)

S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)

S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

S1 advrvahn; \??\C:\Windows\system32\drivers\advrvahn.sys [X]

S1 armiuqou; \??\C:\Windows\system32\drivers\armiuqou.sys [X]

S1 arxowlnf; \??\C:\Windows\system32\drivers\arxowlnf.sys [X]

S1 asjcdjmz; \??\C:\Windows\system32\drivers\asjcdjmz.sys [X]

S1 avemnlps; \??\C:\Windows\system32\drivers\avemnlps.sys [X]

S1 bbozwcyl; \??\C:\Windows\system32\drivers\bbozwcyl.sys [X]

S1 bczhknue; \??\C:\Windows\system32\drivers\bczhknue.sys [X]

S1 boccnqre; \??\C:\Windows\system32\drivers\boccnqre.sys [X]

S1 bpviphta; \??\C:\Windows\system32\drivers\bpviphta.sys [X]

S1 bxctosuw; \??\C:\Windows\system32\drivers\bxctosuw.sys [X]

S1 cpcylwlz; \??\C:\Windows\system32\drivers\cpcylwlz.sys [X]

S1 crbhjfgq; \??\C:\Windows\system32\drivers\crbhjfgq.sys [X]

S1 croywasd; \??\C:\Windows\system32\drivers\croywasd.sys [X]

S1 cxsivxrn; \??\C:\Windows\system32\drivers\cxsivxrn.sys [X]

S1 czssvrda; \??\C:\Windows\system32\drivers\czssvrda.sys [X]

S1 dbiosjml; \??\C:\Windows\system32\drivers\dbiosjml.sys [X]

S1 dcdhftff; \??\C:\Windows\system32\drivers\dcdhftff.sys [X]

S1 dcppauld; \??\C:\Windows\system32\drivers\dcppauld.sys [X]

S1 debhhsis; \??\C:\Windows\system32\drivers\debhhsis.sys [X]

S1 dwehchwk; \??\C:\Windows\system32\drivers\dwehchwk.sys [X]

S1 ernalqer; \??\C:\Windows\system32\drivers\ernalqer.sys [X]

S1 etfsxlqs; \??\C:\Windows\system32\drivers\etfsxlqs.sys [X]

S1 evpzlcjb; \??\C:\Windows\system32\drivers\evpzlcjb.sys [X]

S1 exofvamp; \??\C:\Windows\system32\drivers\exofvamp.sys [X]

S1 ffhaxryw; \??\C:\Windows\system32\drivers\ffhaxryw.sys [X]

S1 fpevcenf; \??\C:\Windows\system32\drivers\fpevcenf.sys [X]

S1 fxmmdscd; \??\C:\Windows\system32\drivers\fxmmdscd.sys [X]

S1 ginoolks; \??\C:\Windows\system32\drivers\ginoolks.sys [X]

S1 gurmkgpw; \??\C:\Windows\system32\drivers\gurmkgpw.sys [X]

S1 hajyrizl; \??\C:\Windows\system32\drivers\hajyrizl.sys [X]

S1 hdltvqra; \??\C:\Windows\system32\drivers\hdltvqra.sys [X]

S1 hhdbvban; \??\C:\Windows\system32\drivers\hhdbvban.sys [X]

S1 hhsosbuo; \??\C:\Windows\system32\drivers\hhsosbuo.sys [X]

S1 huqkvasj; \??\C:\Windows\system32\drivers\huqkvasj.sys [X]

S1 hutecajo; \??\C:\Windows\system32\drivers\hutecajo.sys [X]

S1 ictgtqhw; \??\C:\Windows\system32\drivers\ictgtqhw.sys [X]

S1 ilgaicck; \??\C:\Windows\system32\drivers\ilgaicck.sys [X]

S1 jktkwcqn; \??\C:\Windows\system32\drivers\jktkwcqn.sys [X]

S1 keofigpd; \??\C:\Windows\system32\drivers\keofigpd.sys [X]

S1 kppvnued; \??\C:\Windows\system32\drivers\kppvnued.sys [X]

S1 ksnbuxoi; \??\C:\Windows\system32\drivers\ksnbuxoi.sys [X]

S1 lqszxbma; \??\C:\Windows\system32\drivers\lqszxbma.sys [X]

S1 lsqfosqs; \??\C:\Windows\system32\drivers\lsqfosqs.sys [X]

S1 lstxxdkl; \??\C:\Windows\system32\drivers\lstxxdkl.sys [X]

S1 nfcjmtof; \??\C:\Windows\system32\drivers\nfcjmtof.sys [X]

S1 njcgodkf; \??\C:\Windows\system32\drivers\njcgodkf.sys [X]

S1 nkzictbd; \??\C:\Windows\system32\drivers\nkzictbd.sys [X]

S1 ocnysfrr; \??\C:\Windows\system32\drivers\ocnysfrr.sys [X]

S1 ohytwscp; \??\C:\Windows\system32\drivers\ohytwscp.sys [X]

S1 opewhbby; \??\C:\Windows\system32\drivers\opewhbby.sys [X]

S1 ovhzodpa; \??\C:\Windows\system32\drivers\ovhzodpa.sys [X]

S1 palglxzf; \??\C:\Windows\system32\drivers\palglxzf.sys [X]

S1 pfpnafdt; \??\C:\Windows\system32\drivers\pfpnafdt.sys [X]

S1 qianwcgg; \??\C:\Windows\system32\drivers\qianwcgg.sys [X]

S1 qihgjyjc; \??\C:\Windows\system32\drivers\qihgjyjc.sys [X]

S1 rbhnfzrt; \??\C:\Windows\system32\drivers\rbhnfzrt.sys [X]

S1 rglnfcxs; \??\C:\Windows\system32\drivers\rglnfcxs.sys [X]

S1 spdcebkr; \??\C:\Windows\system32\drivers\spdcebkr.sys [X]

S1 ssospfvs; \??\C:\Windows\system32\drivers\ssospfvs.sys [X]

S1 tellxrgy; \??\C:\Windows\system32\drivers\tellxrgy.sys [X]

S1 tghesfoz; \??\C:\Windows\system32\drivers\tghesfoz.sys [X]

S1 uzlyyicb; \??\C:\Windows\system32\drivers\uzlyyicb.sys [X]

S1 vinwlzxy; \??\C:\Windows\system32\drivers\vinwlzxy.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-04-22 13:35 - 2014-04-22 13:35 - 00018543 _____ () C:\Users\trico\Desktop\FRST.txt

2014-04-22 13:35 - 2014-04-22 13:35 - 00000000 ____D () C:\FRST

2014-04-22 13:35 - 2014-04-22 13:27 - 02061312 _____ (Farbar) C:\Users\trico\Desktop\FRST64.exe

2014-04-22 13:35 - 2014-04-22 13:27 - 00409600 _____ (Farbar) C:\Users\trico\Desktop\FSS.exe

2014-04-22 10:27 - 2014-04-22 13:31 - 00000320 _____ () C:\Users\trico\cisrep.dat

2014-04-22 08:00 - 2014-04-22 08:00 - 04745728 _____ (AVAST Software) C:\Users\trico\Desktop\aswMBR.exe

2014-04-22 07:46 - 2014-04-22 07:46 - 00000000 ____D () C:\TDSSKiller_Quarantine

2014-04-22 07:26 - 2014-04-22 07:26 - 04162400 _____ (Kaspersky Lab ZAO) C:\Users\trico\Desktop\tdsskiller.exe

2014-04-18 14:12 - 2014-04-21 15:06 - 00000000 ____D () C:\Users\trico\Desktop\msha

2014-04-17 07:59 - 2014-04-17 07:59 - 00000017 _____ () C:\Users\trico\AppData\Local\resmon.resmoncfg

2014-04-17 07:36 - 2014-04-17 07:36 - 00030538 _____ () C:\Users\trico\cc_20140417_073608.reg

2014-04-15 07:34 - 2014-04-15 07:34 - 00000000 ____D () C:\ProgramData\Oracle

2014-04-15 07:33 - 2014-04-15 07:33 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-04-15 07:33 - 2014-04-15 07:33 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-04-15 07:29 - 2014-04-15 07:29 - 00921000 _____ (Oracle Corporation) C:\Users\trico\Downloads\chromeinstall-7u51.exe

2014-04-14 08:35 - 2014-04-14 08:35 - 00000000 ____D () C:\Users\trico\AppData\Roaming\gnupg

2014-04-14 08:27 - 2014-04-14 08:43 - 00000000 ____D () C:\ProgramData\PGPData

2014-04-11 18:13 - 2014-04-22 12:02 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask

2014-04-11 18:13 - 2014-04-17 07:38 - 00003986 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask

2014-04-11 18:13 - 2014-04-11 18:13 - 00003196 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest

2014-04-11 18:13 - 2014-04-11 18:13 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows

2014-04-11 18:13 - 2014-04-11 18:13 - 00000000 ____D () C:\Program Files\My Dell

2014-04-11 17:58 - 2013-05-10 00:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

2014-04-11 17:58 - 2013-05-10 00:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL

2014-04-11 17:58 - 2013-05-09 23:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL

2014-04-11 17:58 - 2013-05-09 23:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll

2014-04-11 17:36 - 2014-04-11 17:36 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_NuidFltr_01005.Wdf

2014-04-11 17:31 - 2013-12-21 04:39 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-04-11 17:31 - 2013-12-21 02:56 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-04-11 17:18 - 2014-04-11 17:20 - 00000000 ____D () C:\Windows\system32\MRT

2014-04-11 17:10 - 2014-04-11 17:10 - 00265756 _____ () C:\Windows\msxml4-KB2758694-enu.LOG

2014-04-11 17:08 - 2014-03-13 01:33 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-04-11 17:08 - 2014-03-13 01:33 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-04-11 17:08 - 2014-03-13 01:33 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-04-11 17:08 - 2014-03-13 01:32 - 19273728 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-04-11 17:08 - 2014-03-13 01:32 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-04-11 17:08 - 2014-03-13 01:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-04-11 17:08 - 2014-03-13 01:32 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-04-11 17:08 - 2014-03-13 01:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-04-11 17:08 - 2014-03-13 01:32 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-04-11 17:08 - 2014-03-13 01:31 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-04-11 17:08 - 2014-03-13 01:31 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-04-11 17:08 - 2014-03-13 01:31 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-04-11 17:08 - 2014-03-13 01:31 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2014-04-11 17:08 - 2014-03-13 01:31 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-04-11 17:08 - 2014-03-13 01:31 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-04-11 17:08 - 2014-03-13 00:10 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-04-11 17:08 - 2014-03-13 00:10 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-04-11 17:08 - 2014-03-13 00:09 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-04-11 17:08 - 2014-03-13 00:09 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-04-11 17:08 - 2014-03-13 00:09 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-04-11 17:08 - 2014-03-13 00:09 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-04-11 17:08 - 2014-03-13 00:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2014-04-11 17:08 - 2014-03-13 00:09 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-04-11 17:08 - 2014-03-13 00:09 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-04-11 17:08 - 2014-03-13 00:09 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-04-11 17:08 - 2014-03-13 00:09 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2014-04-11 17:08 - 2014-03-13 00:09 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-04-11 17:08 - 2014-03-13 00:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-04-11 17:08 - 2014-03-13 00:09 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-04-11 17:08 - 2014-03-12 23:57 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-04-11 17:08 - 2014-03-12 23:47 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-04-11 17:08 - 2014-03-12 22:59 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2014-04-11 17:08 - 2014-03-12 22:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2014-04-11 16:59 - 2013-12-03 21:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll

2014-04-11 16:59 - 2013-12-03 21:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll

2014-04-11 16:59 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll

2014-04-11 16:59 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll

2014-04-11 16:59 - 2013-12-03 21:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll

2014-04-11 16:59 - 2013-12-03 21:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe

2014-04-11 16:59 - 2013-12-03 21:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe

2014-04-11 16:59 - 2013-12-03 21:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe

2014-04-11 16:59 - 2013-12-03 21:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe

2014-04-11 16:59 - 2013-12-03 21:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll

2014-04-11 16:59 - 2013-12-03 21:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll

2014-04-11 16:59 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll

2014-04-11 16:59 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll

2014-04-11 16:59 - 2013-12-03 21:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll

2014-04-11 16:59 - 2013-12-03 20:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe

2014-04-11 16:59 - 2013-12-03 20:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe

2014-04-11 16:59 - 2013-12-03 20:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe

2014-04-11 16:59 - 2013-12-03 20:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe

2014-04-11 16:59 - 2013-07-09 00:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2014-04-11 16:59 - 2013-07-08 23:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2014-04-11 16:47 - 2013-11-23 13:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2014-04-11 16:47 - 2013-11-23 12:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

2014-04-11 11:23 - 2013-10-18 21:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll

2014-04-11 11:23 - 2013-10-18 20:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll

2014-04-11 11:23 - 2013-04-25 18:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll

2014-04-11 11:23 - 2013-03-31 17:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll

2014-04-11 11:22 - 2013-11-26 06:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys

2014-04-11 11:22 - 2013-09-07 21:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2014-04-11 11:22 - 2013-05-10 00:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll

2014-04-11 11:22 - 2013-05-09 22:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll

2014-04-11 11:22 - 2013-02-27 01:02 - 00111448 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2014-04-11 11:22 - 2013-02-27 00:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll

2014-04-11 11:21 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2014-04-11 11:21 - 2013-12-24 17:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2014-04-11 11:21 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll

2014-04-11 11:21 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

2014-04-11 11:21 - 2013-10-05 15:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2014-04-11 11:21 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2014-04-11 11:21 - 2013-10-03 21:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll

2014-04-11 11:21 - 2013-10-03 21:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll

2014-04-11 11:21 - 2013-10-03 21:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2014-04-11 11:21 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll

2014-04-11 11:21 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2014-04-11 11:21 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll

2014-04-11 11:21 - 2013-08-01 21:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2014-04-11 11:21 - 2013-08-01 21:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2014-04-11 11:21 - 2013-08-01 20:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2014-04-11 11:21 - 2013-08-01 19:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2014-04-11 11:21 - 2013-07-09 00:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2014-04-11 11:21 - 2013-07-09 00:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2014-04-11 11:21 - 2013-07-08 23:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2014-04-11 11:21 - 2013-07-08 23:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2014-04-11 11:21 - 2013-02-15 01:08 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll

2014-04-11 11:21 - 2013-02-15 01:06 - 03717632 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2014-04-11 11:21 - 2013-02-15 01:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll

2014-04-11 11:21 - 2013-02-14 23:37 - 03217408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2014-04-11 11:21 - 2013-02-14 23:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll

2014-04-11 11:21 - 2013-02-14 22:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll

2014-04-11 11:20 - 2014-01-28 21:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll

2014-04-11 11:20 - 2014-01-28 21:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll

2014-04-11 11:20 - 2014-01-23 21:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

2014-04-11 11:20 - 2013-11-11 21:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-04-11 11:20 - 2013-11-11 21:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-04-11 11:20 - 2013-09-24 21:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2014-04-11 11:20 - 2013-09-24 21:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2014-04-11 11:20 - 2013-09-24 21:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2014-04-11 11:20 - 2013-09-24 21:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2014-04-11 11:20 - 2013-09-24 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2014-04-11 11:20 - 2013-09-24 21:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2014-04-11 11:20 - 2013-09-24 21:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-04-11 11:20 - 2013-09-24 21:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2014-04-11 11:20 - 2013-09-24 20:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2014-04-11 11:20 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2014-04-11 11:20 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2014-04-11 11:20 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2014-04-11 11:20 - 2013-09-24 20:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2014-04-11 11:20 - 2013-07-04 07:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll

2014-04-11 11:20 - 2013-07-04 07:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2014-04-11 11:20 - 2013-07-04 06:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll

2014-04-11 11:20 - 2013-06-25 17:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys

2014-04-11 11:19 - 2013-12-31 18:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls

2014-04-11 11:19 - 2013-12-31 18:04 - 00420008 _____ () C:\Windows\system32\locale.nls

2014-04-11 11:19 - 2013-10-03 21:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys

2014-04-11 11:19 - 2013-10-03 20:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys

2014-04-11 11:19 - 2013-08-04 21:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys

2014-04-11 11:19 - 2013-07-12 05:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys

2014-04-11 11:19 - 2013-07-09 00:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2014-04-11 11:19 - 2013-07-08 23:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2014-04-11 11:19 - 2013-07-02 23:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys

2014-04-11 11:19 - 2013-07-02 23:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys

2014-04-11 11:19 - 2013-07-02 23:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys

2014-04-11 11:19 - 2013-04-09 18:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2014-04-11 11:19 - 2013-04-02 17:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

2014-04-11 11:18 - 2014-01-27 21:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll

2014-04-11 11:18 - 2013-09-27 20:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2014-04-11 11:18 - 2013-07-04 07:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll

2014-04-11 11:18 - 2013-07-04 07:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll

2014-04-11 11:18 - 2013-07-04 06:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll

2014-04-11 11:18 - 2013-07-04 06:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll

2014-04-11 11:18 - 2013-07-04 05:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2014-04-11 11:18 - 2013-06-06 00:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2014-04-11 11:18 - 2013-06-06 00:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2014-04-11 11:18 - 2013-06-06 00:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2014-04-11 11:18 - 2013-06-06 00:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2014-04-11 11:18 - 2013-06-05 23:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll

2014-04-11 11:18 - 2013-06-05 23:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll

2014-04-11 11:18 - 2013-06-05 23:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll

2014-04-11 11:18 - 2013-06-05 22:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2014-04-11 11:18 - 2013-06-05 22:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2014-04-11 11:18 - 2013-06-05 22:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2014-04-11 11:18 - 2013-03-19 00:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll

2014-04-11 11:17 - 2014-03-04 04:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2014-04-11 11:17 - 2014-03-04 04:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2014-04-11 11:17 - 2014-03-04 04:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2014-04-11 11:17 - 2014-03-04 04:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2014-04-11 11:17 - 2014-03-04 04:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2014-04-11 11:17 - 2014-03-04 04:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2014-04-11 11:17 - 2014-03-04 04:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2014-04-11 11:17 - 2014-03-04 04:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2014-04-11 11:17 - 2014-03-04 04:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2014-04-11 11:17 - 2014-03-04 03:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2014-04-11 11:17 - 2014-03-04 03:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2014-04-11 11:17 - 2014-02-06 20:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-04-11 11:17 - 2014-02-03 21:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-04-11 11:17 - 2014-02-03 21:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-04-11 11:17 - 2013-12-05 21:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-04-11 11:17 - 2013-12-05 21:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2014-04-11 11:17 - 2013-12-05 21:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2014-04-11 11:17 - 2013-12-05 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2014-04-11 11:17 - 2013-09-07 21:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll

2014-04-11 11:17 - 2013-09-07 21:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll

2014-04-11 11:17 - 2013-08-28 21:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2014-04-11 11:17 - 2013-08-28 21:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2014-04-11 11:17 - 2013-08-28 21:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll

2014-04-11 11:17 - 2013-08-28 21:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2014-04-11 11:17 - 2013-08-28 20:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2014-04-11 11:17 - 2013-08-28 20:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2014-04-11 11:17 - 2013-08-28 20:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2014-04-11 11:17 - 2013-08-28 20:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll

2014-04-11 11:17 - 2013-08-28 20:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2014-04-11 11:17 - 2013-08-01 21:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2014-04-11 11:17 - 2013-08-01 21:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2014-04-11 11:17 - 2013-08-01 21:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 21:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 20:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2014-04-11 11:17 - 2013-08-01 20:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 20:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 20:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2014-04-11 11:17 - 2013-08-01 19:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 19:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 19:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2014-04-11 11:17 - 2013-08-01 19:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2014-04-11 11:17 - 2013-07-25 21:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-04-11 11:17 - 2013-07-25 21:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll

2014-04-11 11:17 - 2013-07-25 20:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-04-11 11:17 - 2013-07-25 20:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll

2014-04-11 11:17 - 2013-07-25 04:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2014-04-11 11:17 - 2013-07-25 03:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

2014-04-11 11:16 - 2013-11-26 20:42 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys

2014-04-11 11:16 - 2013-11-26 20:42 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys

2014-04-11 11:16 - 2013-11-26 20:42 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys

2014-04-11 11:16 - 2013-11-26 20:42 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys

2014-04-11 11:16 - 2013-11-26 20:42 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys

2014-04-11 11:16 - 2013-11-26 20:42 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys

2014-04-11 11:16 - 2013-11-26 20:42 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys

2014-04-11 11:16 - 2013-10-29 21:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll

2014-04-11 11:16 - 2013-10-29 21:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll

2014-04-11 11:15 - 2013-05-13 00:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll

2014-04-11 11:15 - 2013-05-12 22:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe

2014-04-11 11:15 - 2013-05-12 22:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe

2014-04-11 11:15 - 2013-05-12 22:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll

2014-04-11 11:14 - 2014-02-03 21:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys

2014-04-11 11:14 - 2014-02-03 21:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys

2014-04-11 11:14 - 2014-02-03 21:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys

2014-04-11 11:14 - 2014-02-03 21:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll

2014-04-11 11:14 - 2014-02-03 21:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll

2014-04-11 11:14 - 2013-10-11 21:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll

2014-04-11 11:14 - 2013-10-11 21:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL

2014-04-11 11:14 - 2013-10-11 21:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL

2014-04-11 11:14 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll

2014-04-11 11:14 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL

2014-04-11 11:14 - 2013-08-27 20:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll

2014-04-11 11:14 - 2013-08-01 07:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2014-04-11 11:14 - 2013-04-26 00:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll

2014-04-11 11:14 - 2013-04-25 23:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll

2014-04-11 11:14 - 2013-04-10 01:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys

2014-04-11 11:14 - 2011-02-03 06:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll

2014-04-11 11:13 - 2014-02-03 21:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2014-04-11 11:13 - 2014-02-03 21:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

2014-04-11 11:13 - 2013-10-11 21:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx

2014-04-11 11:13 - 2013-10-11 21:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll

2014-04-11 11:13 - 2013-10-11 21:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx

2014-04-11 11:13 - 2013-10-11 21:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll

2014-04-11 11:13 - 2013-10-11 20:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe

2014-04-11 11:13 - 2013-10-11 20:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe

2014-04-11 11:13 - 2013-10-11 20:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe

2014-04-11 11:13 - 2013-10-11 20:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe

2014-04-11 11:13 - 2013-10-02 21:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-04-11 11:13 - 2013-10-02 21:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-04-11 11:13 - 2013-07-20 05:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll

2014-04-11 11:13 - 2013-07-20 05:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

2014-04-11 11:13 - 2013-06-14 23:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2014-04-11 10:44 - 2013-01-24 01:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys

2014-04-11 07:39 - 2014-04-22 12:49 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-04-11 07:39 - 2014-04-22 10:06 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-04-11 07:39 - 2014-04-11 08:44 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-04-11 07:39 - 2014-04-11 08:44 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-04-10 11:02 - 2014-04-10 11:03 - 00000000 ____D () C:\Users\trico\Desktop\Backup

2014-04-10 10:51 - 2014-04-22 09:19 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-04-10 10:36 - 2014-04-22 07:06 - 00000000 ____D () C:\Users\trico\Desktop\New folder

2014-04-10 09:13 - 2014-04-10 09:13 - 00048108 _____ () C:\Users\trico\cc_20140410_091320.reg

2014-04-10 09:13 - 2014-04-10 09:13 - 00001034 _____ () C:\Users\trico\cc_20140410_091344.reg

2014-04-10 08:37 - 2014-04-22 10:06 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-10 08:36 - 2014-04-22 09:02 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-10 08:36 - 2014-04-10 08:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-10 08:36 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-10 08:22 - 2014-04-10 08:22 - 00210392 _____ () C:\Users\trico\cc_20140410_082202.reg

2014-04-10 08:21 - 2014-04-10 08:21 - 00001184 _____ () C:\Users\trico\oldreg.reg

2014-04-10 08:08 - 2014-04-10 08:08 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

2014-04-10 08:08 - 2014-04-10 08:08 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-04-10 08:08 - 2014-04-10 08:08 - 00000000 ____D () C:\Program Files\CCleaner

2014-04-10 07:26 - 2014-04-10 07:26 - 00000000 ____D () C:\Windows\pss

2014-04-07 15:12 - 2014-04-18 14:12 - 00000000 ____D () C:\Users\trico\Documents\MSHA FORMS

2014-04-02 13:11 - 2014-04-02 13:12 - 00010240 ___SH () C:\Users\trico\Thumbs.db

2014-04-02 07:39 - 2014-04-02 07:39 - 00000000 ___RD () C:\Users\trico\AppData\Roaming\Brother

2014-04-01 14:11 - 2014-04-01 14:11 - 32120832 _____ () C:\Users\trico\Desktop\TRICO QUARRY (Backup Apr 01,2014  02 11 PM).QBB

2014-03-25 16:34 - 2014-04-16 06:54 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2014-03-25 16:34 - 2014-03-25 16:34 - 00000000 ____D () C:\Users\trico\AppData\Roaming\AVAST Software

2014-03-25 16:32 - 2014-03-25 16:32 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2014-03-25 16:32 - 2014-03-25 16:32 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys

2014-03-25 16:32 - 2014-03-25 16:32 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2014-03-25 16:32 - 2014-03-25 16:32 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys

2014-03-25 16:32 - 2014-03-25 16:32 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2014-03-25 16:32 - 2014-03-25 16:32 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys

2014-03-25 16:32 - 2014-03-25 16:32 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2014-03-25 16:32 - 2014-03-25 16:32 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

2014-03-25 16:32 - 2014-03-25 16:32 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2014-03-25 16:32 - 2014-03-25 16:32 - 00000000 ____D () C:\Program Files\AVAST Software

2014-03-25 16:31 - 2014-03-25 16:31 - 00000000 ____D () C:\ProgramData\AVAST Software

2014-03-25 15:17 - 2014-03-25 15:17 - 00000000 ____D () C:\Users\trico\AppData\Local\{85498614-6F22-45C8-BCAF-B6DE4FC3DD29}

2014-03-25 15:17 - 2014-03-25 15:17 - 00000000 ____D () C:\Users\trico\AppData\Local\{774870F7-9774-4AB2-808E-5F28F1F7FF19}

2014-03-25 13:20 - 2013-11-20 20:44 - 71252556 _____ () C:\Users\trico\100058376.mp4

2014-03-24 16:03 - 2014-04-07 07:14 - 00009760 _____ () C:\Users\trico\Desktop\AG Lime customers.xlsx

 

==================== One Month Modified Files and Folders =======

 

2014-04-22 13:35 - 2014-04-22 13:35 - 00018543 _____ () C:\Users\trico\Desktop\FRST.txt

2014-04-22 13:35 - 2014-04-22 13:35 - 00000000 ____D () C:\FRST

2014-04-22 13:35 - 2009-07-14 00:13 - 00874918 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-04-22 13:31 - 2014-04-22 10:27 - 00000320 _____ () C:\Users\trico\cisrep.dat

2014-04-22 13:31 - 2011-10-03 10:22 - 00003858 _____ () C:\Users\trico\smssqlw.ini

2014-04-22 13:31 - 2011-07-15 15:59 - 00001563 _____ () C:\Users\trico\smssql.ini

2014-04-22 13:31 - 2011-07-13 15:22 - 00000000 ____D () C:\Users\trico

2014-04-22 13:29 - 2012-05-29 07:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-04-22 13:27 - 2014-04-22 13:35 - 02061312 _____ (Farbar) C:\Users\trico\Desktop\FRST64.exe

2014-04-22 13:27 - 2014-04-22 13:35 - 00409600 _____ (Farbar) C:\Users\trico\Desktop\FSS.exe

2014-04-22 12:49 - 2014-04-11 07:39 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-04-22 12:02 - 2014-04-11 18:13 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask

2014-04-22 10:15 - 2011-07-06 19:04 - 01959128 _____ () C:\Windows\WindowsUpdate.log

2014-04-22 10:12 - 2009-07-13 23:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-04-22 10:12 - 2009-07-13 23:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-04-22 10:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-04-22 10:06 - 2014-04-11 07:39 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-04-22 10:06 - 2014-04-10 08:37 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-22 10:04 - 2011-07-28 11:52 - 00000300 _____ () C:\Users\trico\ScaleCom.ini

2014-04-22 10:04 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-22 10:04 - 2009-07-13 23:51 - 00131296 _____ () C:\Windows\setupact.log

2014-04-22 09:19 - 2014-04-10 10:51 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-04-22 09:02 - 2014-04-10 08:36 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-22 08:38 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

2014-04-22 08:00 - 2014-04-22 08:00 - 04745728 _____ (AVAST Software) C:\Users\trico\Desktop\aswMBR.exe

2014-04-22 07:46 - 2014-04-22 07:46 - 00000000 ____D () C:\TDSSKiller_Quarantine

2014-04-22 07:46 - 2013-11-18 10:24 - 00000000 ____D () C:\Program Files (x86)\Browny02

2014-04-22 07:26 - 2014-04-22 07:26 - 04162400 _____ (Kaspersky Lab ZAO) C:\Users\trico\Desktop\tdsskiller.exe

2014-04-22 07:06 - 2014-04-10 10:36 - 00000000 ____D () C:\Users\trico\Desktop\New folder

2014-04-21 16:45 - 2011-07-18 07:42 - 00000474 _____ () C:\Users\trico\qnbsqlw.ini

2014-04-21 15:13 - 2011-07-14 09:49 - 00000000 ____D () C:\Users\Public\Documents\SMSSQL

2014-04-21 15:06 - 2014-04-18 14:12 - 00000000 ____D () C:\Users\trico\Desktop\msha

2014-04-21 13:22 - 2011-08-15 12:33 - 00000000 ____D () C:\quickbooks

2014-04-21 08:59 - 2011-12-15 11:28 - 00000000 ____D () C:\Users\trico\Desktop\EQUIPMENT MAINTENCE

2014-04-21 08:59 - 2011-07-29 16:50 - 00000000 ___RD () C:\Users\trico\Desktop\tickets

2014-04-18 14:12 - 2014-04-07 15:12 - 00000000 ____D () C:\Users\trico\Documents\MSHA FORMS

2014-04-18 12:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache

2014-04-17 07:59 - 2014-04-17 07:59 - 00000017 _____ () C:\Users\trico\AppData\Local\resmon.resmoncfg

2014-04-17 07:38 - 2014-04-11 18:13 - 00003986 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask

2014-04-17 07:36 - 2014-04-17 07:36 - 00030538 _____ () C:\Users\trico\cc_20140417_073608.reg

2014-04-16 06:54 - 2014-03-25 16:34 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2014-04-15 07:40 - 2011-07-06 19:03 - 00000000 ____D () C:\Program Files (x86)\Java

2014-04-15 07:34 - 2014-04-15 07:34 - 00000000 ____D () C:\ProgramData\Oracle

2014-04-15 07:33 - 2014-04-15 07:33 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-04-15 07:33 - 2014-04-15 07:33 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-04-15 07:33 - 2011-07-06 19:03 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-04-15 07:33 - 2011-07-06 19:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-04-15 07:29 - 2014-04-15 07:29 - 00921000 _____ (Oracle Corporation) C:\Users\trico\Downloads\chromeinstall-7u51.exe

2014-04-15 07:26 - 2012-05-29 07:15 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-04-15 07:26 - 2012-05-29 07:15 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-04-15 07:26 - 2012-05-29 07:15 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-04-14 08:43 - 2014-04-14 08:27 - 00000000 ____D () C:\ProgramData\PGPData

2014-04-14 08:42 - 2011-07-13 18:52 - 00000000 ____D () C:\Users\trico\AppData\Local\Deployment

2014-04-14 08:35 - 2014-04-14 08:35 - 00000000 ____D () C:\Users\trico\AppData\Roaming\gnupg

2014-04-14 06:56 - 2011-07-13 15:27 - 00000000 ___RD () C:\Users\trico\Virtual Machines

2014-04-14 06:56 - 2011-07-13 15:27 - 00000000 ___RD () C:\Users\trico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-04-14 06:56 - 2011-07-13 15:27 - 00000000 ___RD () C:\Users\trico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2014-04-12 03:18 - 2009-07-13 23:45 - 00434544 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-04-12 03:17 - 2013-03-13 16:45 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-04-12 03:17 - 2013-03-13 16:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-04-12 03:17 - 2010-11-20 22:47 - 00049978 _____ () C:\Windows\PFRO.log

2014-04-12 03:15 - 2010-11-21 02:17 - 00000000 ____D () C:\Program Files\Windows Journal

2014-04-12 03:15 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Defender

2014-04-12 03:15 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

2014-04-11 18:13 - 2014-04-11 18:13 - 00003196 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest

2014-04-11 18:13 - 2014-04-11 18:13 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows

2014-04-11 18:13 - 2014-04-11 18:13 - 00000000 ____D () C:\Program Files\My Dell

2014-04-11 18:13 - 2011-08-16 15:00 - 00000000 ____D () C:\ProgramData\PCDr

2014-04-11 18:13 - 2011-07-06 19:16 - 00000000 ____D () C:\Program Files\Dell Support Center

2014-04-11 18:05 - 2011-07-14 09:41 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-04-11 18:05 - 2011-02-10 09:33 - 00870896 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-04-11 17:42 - 2012-05-01 16:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client

2014-04-11 17:42 - 2011-07-13 17:02 - 00002155 _____ () C:\Windows\epplauncher.mif

2014-04-11 17:42 - 2011-07-13 17:02 - 00000000 ____D () C:\Program Files\Microsoft Security Client

2014-04-11 17:36 - 2014-04-11 17:36 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_NuidFltr_01005.Wdf

2014-04-11 17:20 - 2014-04-11 17:18 - 00000000 ____D () C:\Windows\system32\MRT

2014-04-11 17:10 - 2014-04-11 17:10 - 00265756 _____ () C:\Windows\msxml4-KB2758694-enu.LOG

2014-04-11 08:44 - 2014-04-11 07:39 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-04-11 08:44 - 2014-04-11 07:39 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-04-11 07:44 - 2012-02-28 12:36 - 00000000 ____D () C:\Program Files (x86)\Google

2014-04-10 11:03 - 2014-04-10 11:02 - 00000000 ____D () C:\Users\trico\Desktop\Backup

2014-04-10 09:13 - 2014-04-10 09:13 - 00048108 _____ () C:\Users\trico\cc_20140410_091320.reg

2014-04-10 09:13 - 2014-04-10 09:13 - 00001034 _____ () C:\Users\trico\cc_20140410_091344.reg

2014-04-10 08:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration

2014-04-10 08:37 - 2014-04-10 08:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-10 08:37 - 2012-12-19 16:11 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-10 08:37 - 2012-12-19 16:11 - 00000000 ____D () C:\Users\trico\AppData\Roaming\Malwarebytes

2014-04-10 08:37 - 2012-12-19 16:11 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-10 08:22 - 2014-04-10 08:22 - 00210392 _____ () C:\Users\trico\cc_20140410_082202.reg

2014-04-10 08:21 - 2014-04-10 08:21 - 00001184 _____ () C:\Users\trico\oldreg.reg

2014-04-10 08:08 - 2014-04-10 08:08 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

2014-04-10 08:08 - 2014-04-10 08:08 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-04-10 08:08 - 2014-04-10 08:08 - 00000000 ____D () C:\Program Files\CCleaner

2014-04-10 07:26 - 2014-04-10 07:26 - 00000000 ____D () C:\Windows\pss

2014-04-07 07:14 - 2014-03-24 16:03 - 00009760 _____ () C:\Users\trico\Desktop\AG Lime customers.xlsx

2014-04-03 09:51 - 2014-04-10 08:36 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-03 09:50 - 2012-12-19 16:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-04-02 13:12 - 2014-04-02 13:11 - 00010240 ___SH () C:\Users\trico\Thumbs.db

2014-04-02 07:39 - 2014-04-02 07:39 - 00000000 ___RD () C:\Users\trico\AppData\Roaming\Brother

2014-04-01 14:11 - 2014-04-01 14:11 - 32120832 _____ () C:\Users\trico\Desktop\TRICO QUARRY (Backup Apr 01,2014  02 11 PM).QBB

2014-03-31 03:51 - 2012-02-14 08:20 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-03-26 11:20 - 2011-09-19 13:13 - 00000000 ____D () C:\Users\trico\Desktop\Saved Scans

2014-03-25 16:34 - 2014-03-25 16:34 - 00000000 ____D () C:\Users\trico\AppData\Roaming\AVAST Software

2014-03-25 16:32 - 2014-03-25 16:32 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2014-03-25 16:32 - 2014-03-25 16:32 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys

2014-03-25 16:32 - 2014-03-25 16:32 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2014-03-25 16:32 - 2014-03-25 16:32 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys

2014-03-25 16:32 - 2014-03-25 16:32 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2014-03-25 16:32 - 2014-03-25 16:32 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys

2014-03-25 16:32 - 2014-03-25 16:32 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2014-03-25 16:32 - 2014-03-25 16:32 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

2014-03-25 16:32 - 2014-03-25 16:32 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2014-03-25 16:32 - 2014-03-25 16:32 - 00000000 ____D () C:\Program Files\AVAST Software

2014-03-25 16:31 - 2014-03-25 16:31 - 00000000 ____D () C:\ProgramData\AVAST Software

2014-03-25 15:17 - 2014-03-25 15:17 - 00000000 ____D () C:\Users\trico\AppData\Local\{85498614-6F22-45C8-BCAF-B6DE4FC3DD29}

2014-03-25 15:17 - 2014-03-25 15:17 - 00000000 ____D () C:\Users\trico\AppData\Local\{774870F7-9774-4AB2-808E-5F28F1F7FF19}

2014-03-25 10:06 - 2013-02-06 10:46 - 00000000 ____D () C:\Users\trico\Documents\Re continuity for Trico (1)

 

Files to move or delete:

====================

C:\Users\Administrator\g2ax_customer_downloadhelper_win32_x86.exe

C:\Users\afloyd\cisrep.dat

C:\Users\sbookout\g2ax_customer_downloadhelper_win32_x86.exe

C:\Users\trico\cc_20140410_082202.reg

C:\Users\trico\cc_20140410_091320.reg

C:\Users\trico\cc_20140410_091344.reg

C:\Users\trico\cc_20140417_073608.reg

C:\Users\trico\cisrep.dat

C:\Users\trico\g2ax_customer_downloadhelper_win32_x86.exe

C:\Users\trico\oldreg.reg

 

 

Some content of TEMP:

====================

C:\Users\afloyd\AppData\Local\Temp\Bolt.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-04-21 11:05

 

==================== End Of Log ============================

[gomer]

Farbar Service Scanner Version: 25-02-2014

Ran by trico (administrator) on 22-04-2014 at 13:37:48

Running from "C:\Users\trico\Desktop"

Microsoft Windows 7 Professional  Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

There is no connection to network.

Attempt to access Google IP returned error. Google IP is unreachable

Attempt to access Google.com returned error: Other errors

Attempt to access Yahoo.com returned error: Other errors

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy: 

==================

 

 

System Restore:

============

 

System Restore Disabled Policy: 

========================

 

 

Action Center:

============

 

 

Windows Update:

============

 

Windows Autoupdate Disabled Policy: 

============================

 

 

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

 

 

Windows Defender Disabled Policy: 

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

 

 

Other Services:

==============

 

 

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

 

 

**** End of log ****

[gomer]

I do not see where I can attach the addition.txt??

[gomer]

Found it

Addition.txt

[kevinf80]

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into. (Transfer with Flash drive if needed)

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Please download http://www.rizonesoft.com/?ddownload=504 Complete Internet Repair and save it to your Desktop. <--- Do not save anywhere else

Double click the icon and select Run (accept UAC alert if applicable)

Click Extract

Double click the Complete Internet Repair folder on your desktop.

Run the version relevant to your system, 32 bit or 64 bit.

Double click the CIntRep.exe icon  <----32 bit version.

Double click the ClntRep_64.exe icon  <--- 64 bit version

 

Place a checkmark next to the following entries:

 

Reset Internet Protocol (TCP/IP)

Repair Winsock (Reset Catalog)

Renew Internet Connections

Flush DNS Resolver Cache

Repair Internet Explorer

Clear Windows Update History

Repair Windows / Automatic Updates

Repair SSL / HTTPS / Cryptography

Reset Windows Firewall Configuration

Restore the default hosts file

Repair Workgroup Computers view

 

Click Go!

Ignore any error messages for now

Click OK to reboot your computer...

 

Is the internet restored?

fixlist.txt

[gomer]

Yes the internet is working!! 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-04-2014

Ran by trico at 2014-04-22 14:42:01 Run:1

Running from C:\Users\trico\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Start

S1 advrvahn; \??\C:\Windows\system32\drivers\advrvahn.sys [X]

S1 armiuqou; \??\C:\Windows\system32\drivers\armiuqou.sys [X]

S1 arxowlnf; \??\C:\Windows\system32\drivers\arxowlnf.sys [X]

S1 asjcdjmz; \??\C:\Windows\system32\drivers\asjcdjmz.sys [X]

S1 avemnlps; \??\C:\Windows\system32\drivers\avemnlps.sys [X]

S1 bbozwcyl; \??\C:\Windows\system32\drivers\bbozwcyl.sys [X]

S1 bczhknue; \??\C:\Windows\system32\drivers\bczhknue.sys [X]

S1 boccnqre; \??\C:\Windows\system32\drivers\boccnqre.sys [X]

S1 bpviphta; \??\C:\Windows\system32\drivers\bpviphta.sys [X]

S1 bxctosuw; \??\C:\Windows\system32\drivers\bxctosuw.sys [X]

S1 cpcylwlz; \??\C:\Windows\system32\drivers\cpcylwlz.sys [X]

S1 crbhjfgq; \??\C:\Windows\system32\drivers\crbhjfgq.sys [X]

S1 croywasd; \??\C:\Windows\system32\drivers\croywasd.sys [X]

S1 cxsivxrn; \??\C:\Windows\system32\drivers\cxsivxrn.sys [X]

S1 czssvrda; \??\C:\Windows\system32\drivers\czssvrda.sys [X]

S1 dbiosjml; \??\C:\Windows\system32\drivers\dbiosjml.sys [X]

S1 dcdhftff; \??\C:\Windows\system32\drivers\dcdhftff.sys [X]

S1 dcppauld; \??\C:\Windows\system32\drivers\dcppauld.sys [X]

S1 debhhsis; \??\C:\Windows\system32\drivers\debhhsis.sys [X]

S1 dwehchwk; \??\C:\Windows\system32\drivers\dwehchwk.sys [X]

S1 ernalqer; \??\C:\Windows\system32\drivers\ernalqer.sys [X]

S1 etfsxlqs; \??\C:\Windows\system32\drivers\etfsxlqs.sys [X]

S1 evpzlcjb; \??\C:\Windows\system32\drivers\evpzlcjb.sys [X]

S1 exofvamp; \??\C:\Windows\system32\drivers\exofvamp.sys [X]

S1 ffhaxryw; \??\C:\Windows\system32\drivers\ffhaxryw.sys [X]

S1 fpevcenf; \??\C:\Windows\system32\drivers\fpevcenf.sys [X]

S1 fxmmdscd; \??\C:\Windows\system32\drivers\fxmmdscd.sys [X]

S1 ginoolks; \??\C:\Windows\system32\drivers\ginoolks.sys [X]

S1 gurmkgpw; \??\C:\Windows\system32\drivers\gurmkgpw.sys [X]

S1 hajyrizl; \??\C:\Windows\system32\drivers\hajyrizl.sys [X]

S1 hdltvqra; \??\C:\Windows\system32\drivers\hdltvqra.sys [X]

S1 hhdbvban; \??\C:\Windows\system32\drivers\hhdbvban.sys [X]

S1 hhsosbuo; \??\C:\Windows\system32\drivers\hhsosbuo.sys [X]

S1 huqkvasj; \??\C:\Windows\system32\drivers\huqkvasj.sys [X]

S1 hutecajo; \??\C:\Windows\system32\drivers\hutecajo.sys [X]

S1 ictgtqhw; \??\C:\Windows\system32\drivers\ictgtqhw.sys [X]

S1 ilgaicck; \??\C:\Windows\system32\drivers\ilgaicck.sys [X]

S1 jktkwcqn; \??\C:\Windows\system32\drivers\jktkwcqn.sys [X]

S1 keofigpd; \??\C:\Windows\system32\drivers\keofigpd.sys [X]

S1 kppvnued; \??\C:\Windows\system32\drivers\kppvnued.sys [X]

S1 ksnbuxoi; \??\C:\Windows\system32\drivers\ksnbuxoi.sys [X]

S1 lqszxbma; \??\C:\Windows\system32\drivers\lqszxbma.sys [X]

S1 lsqfosqs; \??\C:\Windows\system32\drivers\lsqfosqs.sys [X]

S1 lstxxdkl; \??\C:\Windows\system32\drivers\lstxxdkl.sys [X]

S1 nfcjmtof; \??\C:\Windows\system32\drivers\nfcjmtof.sys [X]

S1 njcgodkf; \??\C:\Windows\system32\drivers\njcgodkf.sys [X]

S1 nkzictbd; \??\C:\Windows\system32\drivers\nkzictbd.sys [X]

S1 ocnysfrr; \??\C:\Windows\system32\drivers\ocnysfrr.sys [X]

S1 ohytwscp; \??\C:\Windows\system32\drivers\ohytwscp.sys [X]

S1 opewhbby; \??\C:\Windows\system32\drivers\opewhbby.sys [X]

S1 ovhzodpa; \??\C:\Windows\system32\drivers\ovhzodpa.sys [X]

S1 palglxzf; \??\C:\Windows\system32\drivers\palglxzf.sys [X]

S1 pfpnafdt; \??\C:\Windows\system32\drivers\pfpnafdt.sys [X]

S1 qianwcgg; \??\C:\Windows\system32\drivers\qianwcgg.sys [X]

S1 qihgjyjc; \??\C:\Windows\system32\drivers\qihgjyjc.sys [X]

S1 rbhnfzrt; \??\C:\Windows\system32\drivers\rbhnfzrt.sys [X]

S1 rglnfcxs; \??\C:\Windows\system32\drivers\rglnfcxs.sys [X]

S1 spdcebkr; \??\C:\Windows\system32\drivers\spdcebkr.sys [X]

S1 ssospfvs; \??\C:\Windows\system32\drivers\ssospfvs.sys [X]

S1 tellxrgy; \??\C:\Windows\system32\drivers\tellxrgy.sys [X]

S1 tghesfoz; \??\C:\Windows\system32\drivers\tghesfoz.sys [X]

S1 uzlyyicb; \??\C:\Windows\system32\drivers\uzlyyicb.sys [X]

S1 vinwlzxy; \??\C:\Windows\system32\drivers\vinwlzxy.sys [X]

2014-04-22 13:31 - 2011-10-03 10:22 - 00003858 _____ () C:\Users\trico\smssqlw.ini

2014-04-22 13:31 - 2011-07-15 15:59 - 00001563 _____ () C:\Users\trico\smssql.ini

2014-04-21 16:45 - 2011-07-18 07:42 - 00000474 _____ () C:\Users\trico\qnbsqlw.ini

C:\Users\Administrator\g2ax_customer_downloadhelper_win32_x86.exe

C:\Users\afloyd\cisrep.dat

C:\Users\sbookout\g2ax_customer_downloadhelper_win32_x86.exe

C:\Users\trico\cc_20140410_082202.reg

C:\Users\trico\cc_20140410_091320.reg

C:\Users\trico\cc_20140410_091344.reg

C:\Users\trico\cc_20140417_073608.reg

C:\Users\trico\cisrep.dat

C:\Users\trico\g2ax_customer_downloadhelper_win32_x86.exe

C:\Users\trico\oldreg.reg

C:\Users\afloyd\AppData\Local\Temp\Bolt.exe

End

*****************

 

advrvahn => Service deleted successfully.

armiuqou => Service deleted successfully.

arxowlnf => Service deleted successfully.

asjcdjmz => Service deleted successfully.

avemnlps => Service deleted successfully.

bbozwcyl => Service deleted successfully.

bczhknue => Service deleted successfully.

boccnqre => Service deleted successfully.

bpviphta => Service deleted successfully.

bxctosuw => Service deleted successfully.

cpcylwlz => Service deleted successfully.

crbhjfgq => Service deleted successfully.

croywasd => Service deleted successfully.

cxsivxrn => Service deleted successfully.

czssvrda => Service deleted successfully.

dbiosjml => Service deleted successfully.

dcdhftff => Service deleted successfully.

dcppauld => Service deleted successfully.

debhhsis => Service deleted successfully.

dwehchwk => Service deleted successfully.

ernalqer => Service deleted successfully.

etfsxlqs => Service deleted successfully.

evpzlcjb => Service deleted successfully.

exofvamp => Service deleted successfully.

ffhaxryw => Service deleted successfully.

fpevcenf => Service deleted successfully.

fxmmdscd => Service deleted successfully.

ginoolks => Service deleted successfully.

gurmkgpw => Service deleted successfully.

hajyrizl => Service deleted successfully.

hdltvqra => Service deleted successfully.

hhdbvban => Service deleted successfully.

hhsosbuo => Service deleted successfully.

huqkvasj => Service deleted successfully.

hutecajo => Service deleted successfully.

ictgtqhw => Service deleted successfully.

ilgaicck => Service deleted successfully.

jktkwcqn => Service deleted successfully.

keofigpd => Service deleted successfully.

kppvnued => Service deleted successfully.

ksnbuxoi => Service deleted successfully.

lqszxbma => Service deleted successfully.

lsqfosqs => Service deleted successfully.

lstxxdkl => Service deleted successfully.

nfcjmtof => Service deleted successfully.

njcgodkf => Service deleted successfully.

nkzictbd => Service deleted successfully.

ocnysfrr => Service deleted successfully.

ohytwscp => Service deleted successfully.

opewhbby => Service deleted successfully.

ovhzodpa => Service deleted successfully.

palglxzf => Service deleted successfully.

pfpnafdt => Service deleted successfully.

qianwcgg => Service deleted successfully.

qihgjyjc => Service deleted successfully.

rbhnfzrt => Service deleted successfully.

rglnfcxs => Service deleted successfully.

spdcebkr => Service deleted successfully.

ssospfvs => Service deleted successfully.

tellxrgy => Service deleted successfully.

tghesfoz => Service deleted successfully.

uzlyyicb => Service deleted successfully.

vinwlzxy => Service deleted successfully.

C:\Users\trico\smssqlw.ini => Moved successfully.

C:\Users\trico\smssql.ini => Moved successfully.

C:\Users\trico\qnbsqlw.ini => Moved successfully.

C:\Users\Administrator\g2ax_customer_downloadhelper_win32_x86.exe => Moved successfully.

C:\Users\afloyd\cisrep.dat => Moved successfully.

C:\Users\sbookout\g2ax_customer_downloadhelper_win32_x86.exe => Moved successfully.

C:\Users\trico\cc_20140410_082202.reg => Moved successfully.

C:\Users\trico\cc_20140410_091320.reg => Moved successfully.

C:\Users\trico\cc_20140410_091344.reg => Moved successfully.

C:\Users\trico\cc_20140417_073608.reg => Moved successfully.

C:\Users\trico\cisrep.dat => Moved successfully.

C:\Users\trico\g2ax_customer_downloadhelper_win32_x86.exe => Moved successfully.

C:\Users\trico\oldreg.reg => Moved successfully.

C:\Users\afloyd\AppData\Local\Temp\Bolt.exe => Moved successfully.

 

==== End of Fixlog ====

[kevinf80]

Thee are two Security Systems; MSE and Avast, I guess you prefer Avast as MSE is disabled, use the following to remove MSE:

 

Download GeekUninstaller from here: http://www.geekuninstaller.com/download (Choose free version) Save Geek.zip to your Desktop. (Visit the Home page at that link for necessary information)

 

Extract Geek Uninstaller and save to your Desktop. There is no need to install, the executable is portable and can also be run from a USB if required.

 

Run the tool, the main GUI will populate with installed programs list,

 

Left click on Program name to highlight that entry.

 

Select Action from the Menu bar, then Uninstall from there follow the prompts.

 

If Uninstall fails open the "Action" menu one more time and use "Force Removal" option.

 

Next,

 

Run Malwarebytes...

 

• 
  

On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

 

How to get logs:

(Export log to save as txt)

 

• 
  

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.

• 
  

Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt.

 

Next,

 

Please download Junkware Removal Tool to your desktop.

• 
  

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Let me see those logs, also give an update on any remaining issues or concerns...

 

Kevin

[gomer]

Well my next question is do I have to uninstall MSE? Can I just leave it disabled? 

[gomer]

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 4/22/2014

Scan Time: 3:31:39 PM

Logfile: mwb.txt

Administrator: Yes

 

Version: 2.00.1.1004

Malware Database: v2014.04.22.06

Rootkit Database: v2014.03.27.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Chameleon: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: trico

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 381837

Time Elapsed: 8 min, 35 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Shuriken: Enabled

PUP: Warn

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

[kevinf80]

Always UNinstall one if both security programs have AV components, disabled is no good. Anti-virus programs patch into the system kernel, even when disabled this can cause issues for your system

[gomer]

# AdwCleaner v3.201 - Report created 22/04/2014 at 15:40:47

# Updated 22/04/2014 by Xplode

# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

# Username : trico - TRICO-PC

# Running from : C:\Users\trico\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com

Folder Deleted : C:\Users\trico\AppData\Local\PackageAware

Folder Deleted : C:\Users\sbookout\AppData\LocalLow\AskToolbar

Folder Deleted : C:\Users\Administrator\AppData\LocalLow\AskToolbar

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}

Key Deleted : HKLM\Software\Freeze.com

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16866

 

 

-\\ Google Chrome v34.0.1847.116

 

[ File : C:\Users\trico\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [3684 octets] - [22/04/2014 15:36:26]

AdwCleaner[s0].txt - [3556 octets] - [22/04/2014 15:40:47]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3616 octets] ##########

[gomer]

Which one would you recommend keeping??

[kevinf80]

That is your own choice, I personally prefer MSE. This is my own set up for Windows 7:

 

Windows own Firewall, Microsoft Security Essentials and Malwarebytes Pro. Windows FW and MSE are free, MB does also have a free version, however I prefer the pro version as it provides auto updates and realtime protection.

 

As an extra layer I also use WinPatrol, the free version is adeqaute for general home use. Available here: http://www.winpatrol.com/download.html

 

For my browser I use Firefox with these addons: Web of Trust, Adblock Plus, Flash Block, NoScipt, Ghostery. When Firefox is open select these keys together :- Ctrl - Shift - A that will access Addons manger, this gives access to find addons, use, start, stop or disable those features etc....

Before using NoScript read from this link http://noscript.net/ makes it easy to understand....

 

Understanding Windows 7 Firewall - http://windows.microsoft.com/en-GB/windows7/Understanding-Windows-Firewall-settings

 

Understanding Microsoft Security Essentials - http://www.microsoft.com/en-gb/security/pc-security/mse.aspx

 

Understanding Malwarebytes, how to create an exclusion in MSE - http://forums.malwarebytes.org/index.php?showtopic=10138&st=0&p=162100entry162100

 

Understanding WinPatrol - http://www.winpatrol.com/features.html

 

I also use the Professional version of Sandboxie, I believe there is also free version available. Visit this link http://www.sandboxie.com/ for access to d/l, also make sure to use the "Help and FAQ" option to understand its uses, specifically how to run your browser sandboxed!.

 

I have also just started using CryptoGuard by Hitman Pro, once installed it will protect all Browsers against crypto ransomware infections, is also free. Go to following link for instructions, it will work with the set up I describe above..

 

http://www.surfright.nl/en/alert/cryptoguard'>http://www.surfright.nl/en/alert/cryptoguard

[gomer]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Professional x64

Ran by trico on Tue 04/22/2014 at 15:50:20.11

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Empty Folder] C:\Users\trico\appdata\local\{774870F7-9774-4AB2-808E-5F28F1F7FF19}

Successfully deleted: [Empty Folder] C:\Users\trico\appdata\local\{85498614-6F22-45C8-BCAF-B6DE4FC3DD29}

Successfully deleted: [Empty Folder] C:\Users\trico\appdata\local\{F7DA45C5-5F3D-478B-8818-AEBE365F4F1A}

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Tue 04/22/2014 at 15:55:43.73

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[gomer]

Ok the securtiy check popped up and said unsupported operating system.

[kevinf80]

Yes that can happen, re-boot and run again...

[gomer]

Woah....something we ran jacked up my work program. sql server info is still there but it like reset the interface program to default settings.....

[gomer]

Its a basic database program that runs an sql server. The form i print out has changed drastically. would a system restore fix it??

[kevinf80]

I do not see anything related sql server in the logs, can you also check logs

[gomer]

Ok....I found the file that was modified. I fixed it....whew....lol. I have to go ill post the results of the last scan in the morning

[kevinf80]

What was modified, can you tell or show me?

[gomer]

It was the configuration file for our scale program. Also when I turned on the computer this morning the connection is down again and the network adapter is missing again.

[gomer]

I ran the JRT tool again and restarted and have internet again. However when I ran FSS it informed me that win defender is not working. It said the service was set to manual and not started. I changed it to automatic and hit start service. It said service started and then stopped again. Still have something lurking somewhere.