i use Firefox in Windows7 64bit. i found out about a week ago that my browser was extremely slow, was opening loads of new tabs, was turning text into links, and was continually trying to redirect me. i saw the name 'search.protectio.com' on a tab so i decided that it what i have, though of course that may not be all of it.
i followed these instructions here hxxp://blog.mitechmate.com/how-to-get-rid-of-search-protectedio-co/, but i didn't manage to find the thing, the closest i got was seeing it in the firefox settings as a listed search provider, which i 'removed' (though obviously not). as per the instructions, i changed my DNS, made files visible, disabled some stuff in task manager, went looking for the bad guys in my windows files (no findings) and searched in regedit (no findings) and i reset the browser itself after deleting it and re-installing a fresh copy. then i put the things that i changed back to normal and it's just the same. tried this twice now over a couple of days.
i read the 'NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help' instructions thread at your site, did my backup, removed all but one antivirus (AVG) and downloaded that DDS. i saw this: "Disable any script blocker, and then double click dds.scr to run the tool" but i don't understand the first part so i'm sorry but i didn't do that.
i am posting this from another computer, which is uninfected. i downloaded DDS to this computer, and used a USB stick to move it across, and to move the two text files back.
that's it. below this line i will paste the contents of dds.txt, and i hope i attached the attach.txt properly. i do not have access to a Windows Install disc, or a Boot CD, the laptop came with Windows preloaded when i bought it.
dan the noob
____________________________________________________
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17909
Run by Dan at 21:07:23 on 2015-08-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4087.1833 [GMT 1:00]
.
AV: AVG Internet Security 2015 *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2015 *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security 2015 *Enabled* {757AB44A-78C2-7D1A-E37F-CA42A037B368}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2015\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\Hpservice.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\AFC Secure Net\privoxy.exe
c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uProxyServer = 127.0.0.1:8118
mURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
mWinlogon: Userinit = C:\Windows\System32\userinit.exe
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: SecureWebBHO Class: {D3C24E2B-C820-4492-9B69-11BF7163F998} - C:\Program Files (x86)\AFC Secure Net\itie.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{3EB17ACE-113F-43B0-BEFF-21748F613B4F} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{4465BD2E-0C80-4343-AEA8-9676E1A8AFE2} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{4465BD2E-0C80-4343-AEA8-9676E1A8AFE2}\244564F4E4 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{4465BD2E-0C80-4343-AEA8-9676E1A8AFE2}\244575966496D277964786D264F4E4 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{4465BD2E-0C80-4343-AEA8-9676E1A8AFE2}\357796C6C616E64602D496C6C60275966496 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4465BD2E-0C80-4343-AEA8-9676E1A8AFE2}\35B4954433345333 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{4465BD2E-0C80-4343-AEA8-9676E1A8AFE2}\4516C6B64516C6B6532303 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4465BD2E-0C80-4343-AEA8-9676E1A8AFE2}\E4544574541425 : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll
x64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\y8pxjsa7.default-1438951276976\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/news
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Dan\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\Dan\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2015-5-12 253408]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2015-5-7 378336]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2015-7-28 245680]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2015-3-20 40928]
R0 RapportHades64;RapportHades64;C:\Windows\System32\drivers\RapportHades64.sys [2015-6-7 121432]
R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2015-6-7 376184]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2015-3-11 162784]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2015-7-9 77760]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2015-7-28 312752]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2015-6-16 259040]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2015-5-12 281568]
R1 RapportCerberus_1412112;RapportCerberus_1412112;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1412112.sys [2015-6-26 917112]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2015-6-2 485368]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2015-6-2 480440]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-2-8 35104]
R3 cbfs3;EldoS Callback File System driver v3;C:\Windows\System32\drivers\cbfs3.sys [2013-3-4 352144]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-6-29 70656]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-7-21 140712]
S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\androidusb.sys [2010-10-18 38424]
S3 Bootloader;Driver for WisAir Bootloader Device;C:\Windows\System32\drivers\Bootloader.sys [2009-7-21 45056]
S3 DLCopyFilter;DLCopyFilter;C:\Windows\System32\drivers\WSR_TBF.sys [2010-11-5 38912]
S3 DWA;Wireless USB Device Adapter;C:\Windows\System32\drivers\WSR_DWA.SYS [2009-12-22 531456]
S3 hwa;Wireless USB Host Adapter;C:\Windows\System32\drivers\WSR_HWA.SYS [2009-12-22 891904]
S3 HWARadio;Wireless USB Host Radio;C:\Windows\System32\drivers\WSR_RCI.SYS [2009-12-22 155648]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2013-8-6 23040]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
.
=============== Created Last 30 ================
.
2015-08-07 13:02:18 -------- d-----w- C:\Users\Dan\AppData\Local\Adobe
2015-08-06 19:01:57 -------- d-----w- C:\temp
2015-08-06 18:47:34 493504 ----a-w- C:\Windows\System32\mcupdate_GenuineIntel.dll
2015-08-03 17:20:42 -------- d-----w- C:\Intel
2015-08-02 17:09:17 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-02 07:24:06 -------- d-sh--w- C:\found.000
2015-08-01 16:28:40 -------- d-----w- C:\Users\Dan\AppData\Roaming\AVG2015
2015-08-01 16:25:24 -------- d--h--w- C:\$AVG
2015-08-01 16:25:24 -------- d-----w- C:\ProgramData\AVG2015
2015-08-01 16:16:41 -------- d-----w- C:\Users\Dan\AppData\Local\Avg2015
2015-07-31 14:19:22 -------- d-----w- C:\Program Files\Common Files\AV
2015-07-28 10:02:14 312752 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2015-07-28 10:01:38 245680 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2015-07-28 09:53:43 726528 ----a-w- C:\Windows\System32\generaltel.dll
2015-07-28 09:53:41 433664 ----a-w- C:\Windows\System32\devinv.dll
2015-07-28 09:53:41 1085440 ----a-w- C:\Windows\System32\appraiser.dll
2015-07-28 09:53:40 765440 ----a-w- C:\Windows\System32\invagent.dll
2015-07-28 09:53:40 67584 ----a-w- C:\Windows\System32\acmigration.dll
2015-07-28 09:53:39 1145856 ----a-w- C:\Windows\System32\aeinv.dll
2015-07-28 09:53:33 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-07-28 09:53:33 17856 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2015-07-23 09:21:01 372224 ----a-w- C:\Windows\System32\atmfd.dll
2015-07-23 09:21:00 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-07-23 09:21:00 299008 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-07-23 09:20:59 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-07-23 09:20:59 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-07-23 09:20:59 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-07-23 09:20:58 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-07-23 09:20:58 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-07-23 09:20:58 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-07-23 09:20:57 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-07-19 08:46:34 -------- d-----w- C:\Users\Dan\AppData\Local\CEF
2015-07-15 07:55:12 254976 ----a-w- C:\Windows\System32\cewmdm.dll
2015-07-15 07:55:11 210432 ----a-w- C:\Windows\SysWow64\cewmdm.dll
2015-07-15 07:54:21 3180544 ----a-w- C:\Windows\System32\rdpcorets.dll
2015-07-15 07:54:20 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2015-07-15 07:54:11 3207168 ----a-w- C:\Windows\System32\win32k.sys
2015-07-15 07:54:04 404992 ----a-w- C:\Windows\System32\gdi32.dll
2015-07-15 07:54:03 312320 ----a-w- C:\Windows\SysWow64\gdi32.dll
2015-07-15 07:51:25 -------- d-----w- C:\Program Files\iPod
2015-07-15 07:50:57 815312 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2015-07-15 07:47:05 429568 ----a-w- C:\Windows\System32\wksprt.exe
2015-07-15 07:47:03 7077376 ----a-w- C:\Windows\System32\mstscax.dll
2015-07-15 07:44:37 3242496 ----a-w- C:\Windows\System32\msi.dll
2015-07-15 07:44:34 1941504 ----a-w- C:\Windows\System32\authui.dll
2015-07-15 07:44:33 2364416 ----a-w- C:\Windows\SysWow64\msi.dll
2015-07-15 07:44:31 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2015-07-15 07:44:29 128000 ----a-w- C:\Windows\System32\msiexec.exe
2015-07-15 07:44:29 112064 ----a-w- C:\Windows\System32\consent.exe
2015-07-15 07:44:26 73216 ----a-w- C:\Windows\SysWow64\msiexec.exe
2015-07-15 07:44:26 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2015-07-15 07:44:25 504320 ----a-w- C:\Windows\System32\msihnd.dll
2015-07-15 07:44:24 70656 ----a-w- C:\Windows\System32\appinfo.dll
2015-07-15 07:44:24 25088 ----a-w- C:\Windows\System32\msimsg.dll
2015-07-15 07:44:23 25088 ----a-w- C:\Windows\SysWow64\msimsg.dll
2015-07-15 07:43:04 729088 ----a-w- C:\Windows\System32\kerberos.dll
2015-07-15 07:43:04 1216512 ----a-w- C:\Windows\System32\rpcrt4.dll
2015-07-15 07:43:03 315392 ----a-w- C:\Windows\System32\msv1_0.dll
2015-07-15 07:43:01 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2015-07-15 07:43:00 552960 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-07-10 13:39:22 -------- d--h--w- C:\$Windows.~BT
2015-07-10 08:11:53 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2015-07-10 08:11:53 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2015-07-10 08:11:53 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2015-07-10 08:11:53 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2015-07-10 08:11:53 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2015-07-10 08:11:53 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2015-07-10 08:11:53 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2015-07-10 08:11:53 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2015-07-10 08:11:53 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2015-07-10 08:11:53 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2015-07-09 06:11:56 77760 ----a-w- C:\Windows\System32\drivers\avgfwd6a.sys
.
==================== Find3M ====================
.
2015-08-07 09:04:57 73728 ----a-w- C:\Windows\SysWow64\tasks.dll
2015-07-20 18:12:45 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-07-20 18:12:45 3154944 ----a-w- C:\Windows\System32\wucltux.dll
2015-07-20 18:12:45 192000 ----a-w- C:\Windows\System32\wuwebv.dll
2015-07-20 18:12:16 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-07-20 18:12:05 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-07-20 18:12:02 37376 ----a-w- C:\Windows\System32\wuapp.exe
2015-07-20 17:56:49 93184 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-07-20 17:56:49 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-07-20 17:56:08 34816 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-07-15 09:44:27 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-07-15 09:44:27 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-04 18:07:11 2087424 ----a-w- C:\Windows\System32\ole32.dll
2015-07-04 17:48:36 1414656 ----a-w- C:\Windows\SysWow64\ole32.dll
2015-07-02 21:08:53 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-07-02 20:40:34 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-07-01 20:56:03 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-07-01 20:56:03 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-07-01 20:49:53 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-07-01 20:49:47 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-07-01 20:49:45 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-07-01 20:49:45 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-07-01 20:49:42 342016 ----a-w- C:\Windows\System32\schannel.dll
2015-07-01 20:49:42 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-07-01 20:49:23 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2015-07-01 20:49:11 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2015-07-01 20:48:34 44032 ----a-w- C:\Windows\System32\cryptbase.dll
2015-07-01 20:48:34 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-07-01 20:47:38 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-07-01 20:47:18 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-07-01 20:43:51 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-07-01 20:43:37 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-07-01 20:39:24 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-07-01 20:30:43 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-07-01 20:30:40 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-07-01 20:30:37 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-07-01 20:30:37 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-07-01 20:30:33 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-07-01 20:30:32 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-07-01 20:30:21 36864 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2015-07-01 20:30:21 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-07-01 20:29:46 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-07-01 20:29:34 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-07-01 20:29:34 665088 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2015-07-01 20:27:04 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-07-01 20:26:52 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-07-01 20:24:59 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-07-01 19:27:34 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2015-07-01 19:26:37 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2015-06-27 02:47:11 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-06-27 02:43:26 5923840 ----a-w- C:\Windows\System32\jscript9.dll
2015-06-27 01:58:17 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-06-27 01:39:37 4520448 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-06-20 20:06:50 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-06-20 19:50:10 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-06-20 19:49:17 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-06-20 19:49:09 417792 ----a-w- C:\Windows\System32\html.iec
2015-06-20 19:49:08 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-06-20 19:48:29 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-06-20 19:34:46 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-06-20 19:34:45 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-06-20 19:25:28 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-06-20 19:13:07 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-06-20 18:46:53 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-06-20 18:46:48 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-06-20 18:26:01 2427392 ----a-w- C:\Windows\System32\wininet.dll
2015-06-19 18:25:41 504320 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-06-19 18:25:35 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-06-19 18:24:43 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-06-19 18:24:27 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-06-19 18:23:26 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-06-19 18:13:10 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-06-19 17:57:45 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-06-19 17:40:04 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-06-19 17:39:13 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-06-19 17:15:43 1951232 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-06-17 00:01:52 1202856 ----a-w- C:\Windows\SysWow64\FM20.DLL
2015-06-16 23:23:50 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2015-06-16 23:23:50 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2015-06-16 14:55:04 259040 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2015-06-11 17:57:36 53248 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2015-06-11 17:57:35 856064 ----a-w- C:\Windows\SysWow64\rdvidcrl.dll
2015-06-11 17:57:35 6131200 ----a-w- C:\Windows\SysWow64\mstscax.dll
2015-06-11 17:56:55 62976 ----a-w- C:\Windows\System32\tsgqec.dll
2015-06-11 17:56:55 1057792 ----a-w- C:\Windows\System32\rdvidcrl.dll
2015-06-02 17:41:06 376184 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2015-06-02 17:41:06 121432 ----a-w- C:\Windows\System32\drivers\RapportHades64.sys
2015-05-25 18:24:00 5569984 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-05-25 18:21:21 1728960 ----a-w- C:\Windows\System32\ntdll.dll
2015-05-25 18:19:27 362496 ----a-w- C:\Windows\System32\wow64win.dll
2015-05-25 18:19:27 243712 ----a-w- C:\Windows\System32\wow64.dll
2015-05-25 18:19:27 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2015-05-25 18:19:26 215040 ----a-w- C:\Windows\System32\winsrv.dll
2015-05-25 18:19:13 1255424 ----a-w- C:\Windows\System32\diagtrack.dll
2015-05-25 18:19:10 879104 ----a-w- C:\Windows\System32\tdh.dll
2015-05-25 18:19:09 503808 ----a-w- C:\Windows\System32\srcore.dll
2015-05-25 18:19:09 50176 ----a-w- C:\Windows\System32\srclient.dll
2015-05-25 18:19:09 113664 ----a-w- C:\Windows\System32\sechost.dll
2015-05-25 18:19:04 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2015-05-25 18:19:02 424960 ----a-w- C:\Windows\System32\KernelBase.dll
.
============= FINISH: 21:14:50.72 ===============
i followed these instructions here hxxp://blog.mitechmate.com/how-to-get-rid-of-search-protectedio-co/, but i didn't manage to find the thing, the closest i got was seeing it in the firefox settings as a listed search provider, which i 'removed' (though obviously not). as per the instructions, i changed my DNS, made files visible, disabled some stuff in task manager, went looking for the bad guys in my windows files (no findings) and searched in regedit (no findings) and i reset the browser itself after deleting it and re-installing a fresh copy. then i put the things that i changed back to normal and it's just the same. tried this twice now over a couple of days.
i read the 'NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help' instructions thread at your site, did my backup, removed all but one antivirus (AVG) and downloaded that DDS. i saw this: "Disable any script blocker, and then double click dds.scr to run the tool" but i don't understand the first part so i'm sorry but i didn't do that.
i am posting this from another computer, which is uninfected. i downloaded DDS to this computer, and used a USB stick to move it across, and to move the two text files back.
that's it. below this line i will paste the contents of dds.txt, and i hope i attached the attach.txt properly. i do not have access to a Windows Install disc, or a Boot CD, the laptop came with Windows preloaded when i bought it.
dan the noob
____________________________________________________
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17909
Run by Dan at 21:07:23 on 2015-08-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4087.1833 [GMT 1:00]
.
AV: AVG Internet Security 2015 *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2015 *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security 2015 *Enabled* {757AB44A-78C2-7D1A-E37F-CA42A037B368}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2015\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\Hpservice.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\AFC Secure Net\privoxy.exe
c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uProxyServer = 127.0.0.1:8118
mURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
mWinlogon: Userinit = C:\Windows\System32\userinit.exe
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: SecureWebBHO Class: {D3C24E2B-C820-4492-9B69-11BF7163F998} - C:\Program Files (x86)\AFC Secure Net\itie.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{3EB17ACE-113F-43B0-BEFF-21748F613B4F} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{4465BD2E-0C80-4343-AEA8-9676E1A8AFE2} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{4465BD2E-0C80-4343-AEA8-9676E1A8AFE2}\244564F4E4 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{4465BD2E-0C80-4343-AEA8-9676E1A8AFE2}\244575966496D277964786D264F4E4 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{4465BD2E-0C80-4343-AEA8-9676E1A8AFE2}\357796C6C616E64602D496C6C60275966496 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4465BD2E-0C80-4343-AEA8-9676E1A8AFE2}\35B4954433345333 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{4465BD2E-0C80-4343-AEA8-9676E1A8AFE2}\4516C6B64516C6B6532303 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4465BD2E-0C80-4343-AEA8-9676E1A8AFE2}\E4544574541425 : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll
x64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\y8pxjsa7.default-1438951276976\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/news
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Dan\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\Dan\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2015-5-12 253408]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2015-5-7 378336]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2015-7-28 245680]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2015-3-20 40928]
R0 RapportHades64;RapportHades64;C:\Windows\System32\drivers\RapportHades64.sys [2015-6-7 121432]
R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2015-6-7 376184]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2015-3-11 162784]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2015-7-9 77760]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2015-7-28 312752]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2015-6-16 259040]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2015-5-12 281568]
R1 RapportCerberus_1412112;RapportCerberus_1412112;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1412112.sys [2015-6-26 917112]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2015-6-2 485368]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2015-6-2 480440]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-2-8 35104]
R3 cbfs3;EldoS Callback File System driver v3;C:\Windows\System32\drivers\cbfs3.sys [2013-3-4 352144]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-6-29 70656]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-7-21 140712]
S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\androidusb.sys [2010-10-18 38424]
S3 Bootloader;Driver for WisAir Bootloader Device;C:\Windows\System32\drivers\Bootloader.sys [2009-7-21 45056]
S3 DLCopyFilter;DLCopyFilter;C:\Windows\System32\drivers\WSR_TBF.sys [2010-11-5 38912]
S3 DWA;Wireless USB Device Adapter;C:\Windows\System32\drivers\WSR_DWA.SYS [2009-12-22 531456]
S3 hwa;Wireless USB Host Adapter;C:\Windows\System32\drivers\WSR_HWA.SYS [2009-12-22 891904]
S3 HWARadio;Wireless USB Host Radio;C:\Windows\System32\drivers\WSR_RCI.SYS [2009-12-22 155648]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2013-8-6 23040]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
.
=============== Created Last 30 ================
.
2015-08-07 13:02:18 -------- d-----w- C:\Users\Dan\AppData\Local\Adobe
2015-08-06 19:01:57 -------- d-----w- C:\temp
2015-08-06 18:47:34 493504 ----a-w- C:\Windows\System32\mcupdate_GenuineIntel.dll
2015-08-03 17:20:42 -------- d-----w- C:\Intel
2015-08-02 17:09:17 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-02 07:24:06 -------- d-sh--w- C:\found.000
2015-08-01 16:28:40 -------- d-----w- C:\Users\Dan\AppData\Roaming\AVG2015
2015-08-01 16:25:24 -------- d--h--w- C:\$AVG
2015-08-01 16:25:24 -------- d-----w- C:\ProgramData\AVG2015
2015-08-01 16:16:41 -------- d-----w- C:\Users\Dan\AppData\Local\Avg2015
2015-07-31 14:19:22 -------- d-----w- C:\Program Files\Common Files\AV
2015-07-28 10:02:14 312752 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2015-07-28 10:01:38 245680 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2015-07-28 09:53:43 726528 ----a-w- C:\Windows\System32\generaltel.dll
2015-07-28 09:53:41 433664 ----a-w- C:\Windows\System32\devinv.dll
2015-07-28 09:53:41 1085440 ----a-w- C:\Windows\System32\appraiser.dll
2015-07-28 09:53:40 765440 ----a-w- C:\Windows\System32\invagent.dll
2015-07-28 09:53:40 67584 ----a-w- C:\Windows\System32\acmigration.dll
2015-07-28 09:53:39 1145856 ----a-w- C:\Windows\System32\aeinv.dll
2015-07-28 09:53:33 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-07-28 09:53:33 17856 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2015-07-23 09:21:01 372224 ----a-w- C:\Windows\System32\atmfd.dll
2015-07-23 09:21:00 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-07-23 09:21:00 299008 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-07-23 09:20:59 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-07-23 09:20:59 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-07-23 09:20:59 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-07-23 09:20:58 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-07-23 09:20:58 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-07-23 09:20:58 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-07-23 09:20:57 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-07-19 08:46:34 -------- d-----w- C:\Users\Dan\AppData\Local\CEF
2015-07-15 07:55:12 254976 ----a-w- C:\Windows\System32\cewmdm.dll
2015-07-15 07:55:11 210432 ----a-w- C:\Windows\SysWow64\cewmdm.dll
2015-07-15 07:54:21 3180544 ----a-w- C:\Windows\System32\rdpcorets.dll
2015-07-15 07:54:20 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2015-07-15 07:54:11 3207168 ----a-w- C:\Windows\System32\win32k.sys
2015-07-15 07:54:04 404992 ----a-w- C:\Windows\System32\gdi32.dll
2015-07-15 07:54:03 312320 ----a-w- C:\Windows\SysWow64\gdi32.dll
2015-07-15 07:51:25 -------- d-----w- C:\Program Files\iPod
2015-07-15 07:50:57 815312 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2015-07-15 07:47:05 429568 ----a-w- C:\Windows\System32\wksprt.exe
2015-07-15 07:47:03 7077376 ----a-w- C:\Windows\System32\mstscax.dll
2015-07-15 07:44:37 3242496 ----a-w- C:\Windows\System32\msi.dll
2015-07-15 07:44:34 1941504 ----a-w- C:\Windows\System32\authui.dll
2015-07-15 07:44:33 2364416 ----a-w- C:\Windows\SysWow64\msi.dll
2015-07-15 07:44:31 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2015-07-15 07:44:29 128000 ----a-w- C:\Windows\System32\msiexec.exe
2015-07-15 07:44:29 112064 ----a-w- C:\Windows\System32\consent.exe
2015-07-15 07:44:26 73216 ----a-w- C:\Windows\SysWow64\msiexec.exe
2015-07-15 07:44:26 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2015-07-15 07:44:25 504320 ----a-w- C:\Windows\System32\msihnd.dll
2015-07-15 07:44:24 70656 ----a-w- C:\Windows\System32\appinfo.dll
2015-07-15 07:44:24 25088 ----a-w- C:\Windows\System32\msimsg.dll
2015-07-15 07:44:23 25088 ----a-w- C:\Windows\SysWow64\msimsg.dll
2015-07-15 07:43:04 729088 ----a-w- C:\Windows\System32\kerberos.dll
2015-07-15 07:43:04 1216512 ----a-w- C:\Windows\System32\rpcrt4.dll
2015-07-15 07:43:03 315392 ----a-w- C:\Windows\System32\msv1_0.dll
2015-07-15 07:43:01 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2015-07-15 07:43:00 552960 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-07-10 13:39:22 -------- d--h--w- C:\$Windows.~BT
2015-07-10 08:11:53 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2015-07-10 08:11:53 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2015-07-10 08:11:53 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2015-07-10 08:11:53 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2015-07-10 08:11:53 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2015-07-10 08:11:53 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2015-07-10 08:11:53 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2015-07-10 08:11:53 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2015-07-10 08:11:53 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2015-07-10 08:11:53 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2015-07-09 06:11:56 77760 ----a-w- C:\Windows\System32\drivers\avgfwd6a.sys
.
==================== Find3M ====================
.
2015-08-07 09:04:57 73728 ----a-w- C:\Windows\SysWow64\tasks.dll
2015-07-20 18:12:45 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-07-20 18:12:45 3154944 ----a-w- C:\Windows\System32\wucltux.dll
2015-07-20 18:12:45 192000 ----a-w- C:\Windows\System32\wuwebv.dll
2015-07-20 18:12:16 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-07-20 18:12:05 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-07-20 18:12:02 37376 ----a-w- C:\Windows\System32\wuapp.exe
2015-07-20 17:56:49 93184 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-07-20 17:56:49 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-07-20 17:56:08 34816 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-07-15 09:44:27 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-07-15 09:44:27 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-04 18:07:11 2087424 ----a-w- C:\Windows\System32\ole32.dll
2015-07-04 17:48:36 1414656 ----a-w- C:\Windows\SysWow64\ole32.dll
2015-07-02 21:08:53 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-07-02 20:40:34 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-07-01 20:56:03 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-07-01 20:56:03 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-07-01 20:49:53 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-07-01 20:49:47 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-07-01 20:49:45 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-07-01 20:49:45 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-07-01 20:49:42 342016 ----a-w- C:\Windows\System32\schannel.dll
2015-07-01 20:49:42 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-07-01 20:49:23 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2015-07-01 20:49:11 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2015-07-01 20:48:34 44032 ----a-w- C:\Windows\System32\cryptbase.dll
2015-07-01 20:48:34 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-07-01 20:47:38 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-07-01 20:47:18 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-07-01 20:43:51 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-07-01 20:43:37 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-07-01 20:39:24 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-07-01 20:30:43 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-07-01 20:30:40 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-07-01 20:30:37 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-07-01 20:30:37 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-07-01 20:30:33 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-07-01 20:30:32 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-07-01 20:30:21 36864 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2015-07-01 20:30:21 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-07-01 20:29:46 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-07-01 20:29:34 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-07-01 20:29:34 665088 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2015-07-01 20:27:04 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-07-01 20:26:52 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-07-01 20:24:59 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-07-01 19:27:34 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2015-07-01 19:26:37 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2015-06-27 02:47:11 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-06-27 02:43:26 5923840 ----a-w- C:\Windows\System32\jscript9.dll
2015-06-27 01:58:17 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-06-27 01:39:37 4520448 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-06-20 20:06:50 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-06-20 19:50:10 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-06-20 19:49:17 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-06-20 19:49:09 417792 ----a-w- C:\Windows\System32\html.iec
2015-06-20 19:49:08 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-06-20 19:48:29 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-06-20 19:34:46 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-06-20 19:34:45 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-06-20 19:25:28 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-06-20 19:13:07 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-06-20 18:46:53 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-06-20 18:46:48 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-06-20 18:26:01 2427392 ----a-w- C:\Windows\System32\wininet.dll
2015-06-19 18:25:41 504320 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-06-19 18:25:35 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-06-19 18:24:43 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-06-19 18:24:27 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-06-19 18:23:26 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-06-19 18:13:10 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-06-19 17:57:45 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-06-19 17:40:04 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-06-19 17:39:13 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-06-19 17:15:43 1951232 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-06-17 00:01:52 1202856 ----a-w- C:\Windows\SysWow64\FM20.DLL
2015-06-16 23:23:50 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2015-06-16 23:23:50 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2015-06-16 14:55:04 259040 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2015-06-11 17:57:36 53248 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2015-06-11 17:57:35 856064 ----a-w- C:\Windows\SysWow64\rdvidcrl.dll
2015-06-11 17:57:35 6131200 ----a-w- C:\Windows\SysWow64\mstscax.dll
2015-06-11 17:56:55 62976 ----a-w- C:\Windows\System32\tsgqec.dll
2015-06-11 17:56:55 1057792 ----a-w- C:\Windows\System32\rdvidcrl.dll
2015-06-02 17:41:06 376184 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2015-06-02 17:41:06 121432 ----a-w- C:\Windows\System32\drivers\RapportHades64.sys
2015-05-25 18:24:00 5569984 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-05-25 18:21:21 1728960 ----a-w- C:\Windows\System32\ntdll.dll
2015-05-25 18:19:27 362496 ----a-w- C:\Windows\System32\wow64win.dll
2015-05-25 18:19:27 243712 ----a-w- C:\Windows\System32\wow64.dll
2015-05-25 18:19:27 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2015-05-25 18:19:26 215040 ----a-w- C:\Windows\System32\winsrv.dll
2015-05-25 18:19:13 1255424 ----a-w- C:\Windows\System32\diagtrack.dll
2015-05-25 18:19:10 879104 ----a-w- C:\Windows\System32\tdh.dll
2015-05-25 18:19:09 503808 ----a-w- C:\Windows\System32\srcore.dll
2015-05-25 18:19:09 50176 ----a-w- C:\Windows\System32\srclient.dll
2015-05-25 18:19:09 113664 ----a-w- C:\Windows\System32\sechost.dll
2015-05-25 18:19:04 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2015-05-25 18:19:02 424960 ----a-w- C:\Windows\System32\KernelBase.dll
.
============= FINISH: 21:14:50.72 ===============