Hi,
My family's computer is a mess. Nothing on Chrome and IE will load, Firefox loads one page then there is a ton of pop ups and won't load anymore. It's sluggish. I've uninstalled programs that were obvious malware like Fast Clean Pro and ran the antivirus they had installed, as well as spybot search and destroy but it didn't make a difference. The Security Center won't turn on, and a lot of security updates failed to install. Please help! Thank you!
-----------------------------
DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.9600.17937 BrowserJavaVersion: 10.67.2
Run by Home at 20:56:59 on 2015-09-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.3029 [GMT -4:00]
.
AV: Panda Free Antivirus *Enabled/Updated* {AAF74A68-8713-CDF1-004F-30003398BE9E}
SP: Panda Free Antivirus *Enabled/Updated* {1196AB8C-A129-C27F-3AFF-0B72481FF423}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Panda Firewall *Disabled* {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>;
mWinlogon: Userinit = C:\windows\SysWOW64\userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRunOnce: [BeginInteractiveOSUpgrade] C:\windows\System32\wuauclt.exe /BeginInteractiveOSUpgrade
mRun: [LenovoFSC] C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe
mRun: [jmekey] C:\Program Files (x86)\jmesoft\hotkey.exe
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [fst_us_112] <no file>
dRunOnce: [panda4_2dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_2dn" /f
dRunOnce: [panda] reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f
dRunOnce: [panda_XP] reg.exe delete "HKCU\Software\panda" /f
StartupFolder: C:\Users\Home\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: MaxGPOScriptWait = dword:600
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{05DDD59F-AFE1-4586-8FE2-20968752EA9F} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{20BD1366-DEB5-4A27-B5AA-29BA5B0684E0} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{60688BEE-3ED1-4DCC-88E5-05A8ABB6F224} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{8403AF2E-3BD8-49AB-9BAD-500FE5364A42} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{91E213B4-7FED-452F-AA6A-B48EDF65B269} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{91E213B4-7FED-452F-AA6A-B48EDF65B269}\25B445A5B4 : DHCPNameServer = 192.168.1.1
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://speedial.com/?f=1&a=spd_cmi_14_25_ch&cd=2XzuyEtN2Y1L1QzuyEyEtAyB0EyCtDzy0BtByCyE0EyC0E0CtN0D0Tzu0SzytDtAtN1L2XzutBtFtBtCtFyBtFtCtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StB0AzyzztDyDzy0AtGyBzyyCyBtG0F0F0CyBtG0EyBzy0EtGtDyBtA0C0C0B0BzzyEyCtDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtA0AzztDzzyEyDtG0FtCyByBtG0Dzz0A0BtGzzzy0C0BtGtCtBtBzytA0FtAtAyBtBtDzy2Q&cr=504169009&ir=
x64-mSearch Page = about:blank
x64-mDefault_Page_URL = about:blank
x64-mDefault_Search_URL = about:blank
x64-mWinlogon: Userinit = C:\windows\SysWOW64\userinit.exe,
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 Spyware Info | Spyware Info
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qfe06vtf.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Vosteran
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: extensions.nspdlsd.aflt - spd_cmi_14_25_ch
FF - user.js: extensions.nspdlsd.instlRef - 142905_c
FF - user.js: extensions.nspdlsd.cr - 504169009
FF - user.js: extensions.nspdlsd.cd - 2XzuyEtN2Y1L1QzuyEyEtAyB0EyCtDzy0BtByCyE0EyC0E0CtN0D0Tzu0SzytDtAtN1L2XzutBtFtBtCtFyBtFtCtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StB0AzyzztDyDzy0AtGyBzyyCyBtG0F0F0CyBtG0EyBzy0EtGtDyBtA0C0C0B0BzzyEyCtDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtA0AzztDzzyEyDtG0FtCyByBtG0Dzz0A0BtGzzzy0C0BtGtCtBtBzytA0FtAtAyBtBtDzy2Q
.
.
.
.
FF - user.js: extensions.srchvstrn.hmpg - true
FF - user.js: extensions.srchvstrn.hmpgUrl - hxxp://Vosteran.com/?f=1&a=vst_secureddownload_14_52_ch&cd=2XzuyEtN2Y1L1QzuyEyEtAyB0EyCtDzy0BtByCyE0EyC0E0CtN0D0Tzu0StCtDzzyCtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2SyB0D0FzytCyDtB0EtGtCyEzz0BtG0D0C0CyBtGtCtA0FyCtGyByEyBtD0F0DyEyEtA0D0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0D0EyD0C0DyE0DtG0Ezy0ByEtGyE0FyD0EtGzytBzyzytGyCyBtD0DtB0DyE0ByDyCtA0D2Q&cr=1408702106&ir=
FF - user.js: extensions.srchvstrn.dfltSrch - true
FF - user.js: extensions.srchvstrn.srchPrvdr - Vosteran
FF - user.js: extensions.srchvstrn.dnsErr - true
FF - user.js: extensions.srchvstrn_i.newTab - true
FF - user.js: extensions.srchvstrn.newTabUrl - hxxp://Vosteran.com/?f=2&a=vst_secureddownload_14_52_ch&cd=2XzuyEtN2Y1L1QzuyEyEtAyB0EyCtDzy0BtByCyE0EyC0E0CtN0D0Tzu0StCtDzzyCtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2SyB0D0FzytCyDtB0EtGtCyEzz0BtG0D0C0CyBtGtCtA0FyCtGyByEyBtD0F0DyEyEtA0D0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0D0EyD0C0DyE0DtG0Ezy0ByEtGyE0FyD0EtGzytBzyzytGyCyBtD0DtB0DyE0ByDyCtA0D2Q&cr=1408702106&ir=
FF - user.js: extensions.srchvstrn.tlbrSrchUrl - hxxp://Vosteran.com/?f=3&a=vst_secureddownload_14_52_ch&cd=2XzuyEtN2Y1L1QzuyEyEtAyB0EyCtDzy0BtByCyE0EyC0E0CtN0D0Tzu0StCtDzzyCtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2SyB0D0FzytCyDtB0EtGtCyEzz0BtG0D0C0CyBtGtCtA0FyCtGyByEyBtD0F0DyEyEtA0D0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0D0EyD0C0DyE0DtG0Ezy0ByEtGyE0FyD0EtGzytBzyzytGyCyBtD0DtB0DyE0ByDyCtA0D2Q&cr=1408702106&ir=&q=
FF - user.js: extensions.srchvstrn.id - 4437E609B264E6EC
FF - user.js: extensions.srchvstrn.instlDay - 16426
FF - user.js: extensions.srchvstrn.vrsn -
FF - user.js: extensions.srchvstrn.vrsni -
FF - user.js: extensions.srchvstrn_i.vrsnTs - 12:25:49
FF - user.js: extensions.srchvstrn.prtnrId - WSE_Vosteran
FF - user.js: extensions.srchvstrn.prdct - srchvstrn
FF - user.js: extensions.srchvstrn.aflt - vst_secureddownload_14_52_ch
FF - user.js: extensions.srchvstrn_i.smplGrp - none
FF - user.js: extensions.srchvstrn.tlbrId -
FF - user.js: extensions.srchvstrn.instlRef - 142905_c
FF - user.js: extensions.srchvstrn.dfltLng -
FF - user.js: extensions.srchvstrn.appId - {4CB3598A-82E8-4D1F-983F-061238AE696E}
FF - user.js: extensions.srchvstrn.excTlbr - false
FF - user.js: extensions.srchvstrn.cr - 1408702106
FF - user.js: extensions.srchvstrn.cd - 2XzuyEtN2Y1L1QzuyEyEtAyB0EyCtDzy0BtByCyE0EyC0E0CtN0D0Tzu0StCtDzzyCtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2SyB0D0FzytCyDtB0EtGtCyEzz0BtG0D0C0CyBtGtCtA0FyCtGyByEyBtD0F0DyEyEtA0D0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0D0EyD0C0DyE0DtG0Ezy0ByEtGyE0FyD0EtGzytBzyzytGyCyBtD0DtB0DyE0ByDyCtA0D2Q
FF - user.js: extensions.srchvstrn.AL - 4
.
user_pref(extensions.autoDisableScopes,14);
============= SERVICES / DRIVERS ===============
.
R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2013-8-21 49952]
R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;C:\windows\System32\drivers\NNSNAHSL.sys [2014-12-31 48400]
R2 NanoServiceMain;Panda Protection Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2015-2-26 142584]
R2 PSUAService;Panda Product Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2015-2-26 38136]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2010-9-15 215040]
S1 NNSALPC;NNSALPC;C:\windows\System32\drivers\NNSAlpc.sys [2015-2-9 93968]
S1 NNSHTTP;NNSHTTP;C:\windows\System32\drivers\NNSHttp.sys [2015-2-9 202000]
S1 NNSHTTPS;NNSHTTPS;C:\windows\System32\drivers\NNSHttps.sys [2015-2-9 110864]
S1 NNSIDS;NNSIDS;C:\windows\System32\drivers\NNSIds.sys [2015-2-9 116496]
S1 NNSPICC;NNSPICC;C:\windows\System32\drivers\NNSpicc.sys [2015-2-9 99600]
S1 NNSPIHSW;NNSPIHSW;C:\windows\System32\drivers\NNSPihsw.sys [2015-2-9 69904]
S1 NNSPOP3;NNSPOP3;C:\windows\System32\drivers\NNSPop3.sys [2015-2-9 124176]
S1 NNSPROT;NNSPROT;C:\windows\System32\drivers\NNSProt.sys [2015-2-9 299792]
S1 NNSPRV;NNSPRV;C:\windows\System32\drivers\NNSPrv.sys [2015-2-9 166160]
S1 NNSSMTP;NNSSMTP;C:\windows\System32\drivers\NNSSmtp.sys [2015-2-9 113424]
S1 NNSSTRM;NNSSTRM;C:\windows\System32\drivers\NNSStrm.sys [2015-2-9 257296]
S1 NNSTLSC;NNSTLSC;C:\windows\System32\drivers\NNStlsc.sys [2015-2-9 106256]
S1 PSINKNC;PSINKNC;C:\windows\System32\drivers\PSINKNC.sys [2015-2-25 197392]
S2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-1-20 77128]
S2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-5-1 1394816]
S2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-5-1 1772672]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
S2 panda_url_filteringService;panda_url_filtering Anti-Phishing Service;C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe -- --> C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe -- [?]
S2 PandaAgent;Panda Devices Agent;C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [2014-10-9 66808]
S2 PSINAflt;PSINAflt;C:\windows\System32\drivers\PSINAflt.sys [2015-2-25 163088]
S2 PSINFile;PSINFile;C:\windows\System32\drivers\PSINFile.sys [2015-2-25 121616]
S2 PSINProc;PSINProc;C:\windows\System32\drivers\PSINProc.sys [2015-2-25 124176]
S2 PSINProt;PSINProt;C:\windows\System32\drivers\PSINProt.sys [2015-2-25 133904]
S2 PSINReg;PSINReg;C:\windows\System32\drivers\PSINReg.sys [2015-2-25 107792]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-8-21 1817560]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-8-21 1033688]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-8-21 171928]
S2 ServiceUpdater;Network Support Service Updater;C:\windows\SysWOW64\netupdsrv.exe --> C:\windows\SysWOW64\netupdsrv.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S2 SurfShieldUpdateService;Update Service for SurfShield;"C:\Program Files (x86)\SurfShieldMain\UpdateService.exe" --> C:\Program Files (x86)\SurfShieldMain\UpdateService.exe [?]
S2 vToolbarUpdater18.0.5;vToolbarUpdater18.0.5;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [2014-3-20 1771032]
S3 athrusb;Atheros Wireless LAN USB device driver;C:\windows\System32\drivers\athrxusb.sys [2008-7-28 1075712]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2014-11-28 58056]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2014-3-31 1512640]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2015-9-8 114688]
S3 lvpopf64;Logitech POP Suppression Filter;C:\windows\System32\drivers\lvpopf64.sys [2007-5-11 1361952]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\windows\System32\drivers\LVUSBS64.sys [2007-5-11 50208]
S3 LVUVC64;Logitech QuickCam Fusion(UVC);C:\windows\System32\drivers\lvuvc64.sys [2007-5-11 3612704]
S3 panda_url_filteringd;panda_url_filteringd driver;C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringd.sys [2014-3-19 51288]
S3 PSKMAD;PSKMAD;C:\windows\System32\drivers\PSKMAD.sys [2015-6-6 61712]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\windows\System32\drivers\Rtnic64.sys [2009-6-10 51712]
S3 SuperIO;Lenovo ASD HWM Driver;C:\windows\System32\drivers\spio.sys [2009-6-5 11848]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-6-23 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S3 UsbFltr;WayTech USB Filter Driver;C:\windows\System32\drivers\UsbFltr.sys [2007-4-9 12288]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-4-2 1255736]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S3 ZDCNDIS6a64;ZDCNDIS Protocol Driver;C:\windows\System32\ZDCNDIS6a64.sys [2011-10-20 41280]
S4 rqpbhevlkc64;rqpbhevlkc64;C:\Program Files\004\rqpbhevlkc64.exe run options=01100010040000000000000000000000 sourceguid=7B0A8368-1A6F-48A5-B236-8BD61816B3F9 --> C:\Program Files\004\rqpbhevlkc64.exe run options=01100010040000000000000000000000 sourceguid=7B0A8368-1A6F-48A5-B236-8BD61816B3F9 [?]
.
=============== Created Last 30 ================
.
2015-09-08 11:42:01 -------- d--h--w- C:\$Windows.~BT
2015-09-08 06:43:30 774656 ----a-w- C:\windows\System32\invagent.dll
2015-09-08 06:43:30 743424 ----a-w- C:\windows\System32\generaltel.dll
2015-09-08 06:43:30 69120 ----a-w- C:\windows\System32\acmigration.dll
2015-09-08 06:43:30 437760 ----a-w- C:\windows\System32\devinv.dll
2015-09-08 06:43:30 1148416 ----a-w- C:\windows\System32\aeinv.dll
2015-09-08 06:43:30 1116672 ----a-w- C:\windows\System32\appraiser.dll
2015-09-08 06:43:29 227328 ----a-w- C:\windows\System32\aepdu.dll
2015-09-08 06:43:29 17344 ----a-w- C:\windows\System32\CompatTelRunner.exe
2015-09-08 06:41:59 815312 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2015-09-08 06:32:54 11745192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3C665416-5FAB-42FE-BA2F-A8A0DC018335}\mpengine.dll
2015-09-07 22:56:09 -------- d-----w- C:\Program Files\Common Files\AV
.
==================== Find3M ====================
.
2015-08-26 07:22:17 778440 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2015-08-26 07:22:16 142536 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-30 18:06:57 2565120 ----a-w- C:\windows\System32\d3d10warp.dll
2015-07-30 18:06:57 1648128 ----a-w- C:\windows\System32\DWrite.dll
2015-07-30 18:06:57 1180160 ----a-w- C:\windows\System32\FntCache.dll
2015-07-30 18:06:42 41984 ----a-w- C:\windows\System32\lpk.dll
2015-07-30 18:06:39 100864 ----a-w- C:\windows\System32\fontsub.dll
2015-07-30 18:06:35 14336 ----a-w- C:\windows\System32\dciman32.dll
2015-07-30 18:06:34 46080 ----a-w- C:\windows\System32\atmlib.dll
2015-07-30 17:57:30 1987584 ----a-w- C:\windows\SysWow64\d3d10warp.dll
2015-07-30 17:57:30 1251328 ----a-w- C:\windows\SysWow64\DWrite.dll
2015-07-30 17:57:08 70656 ----a-w- C:\windows\SysWow64\fontsub.dll
2015-07-30 17:57:05 10240 ----a-w- C:\windows\SysWow64\dciman32.dll
2015-07-30 17:57:02 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2015-07-30 17:55:56 25600 ----a-w- C:\windows\SysWow64\lpk.dll
2015-07-30 16:56:07 3208192 ----a-w- C:\windows\System32\win32k.sys
2015-07-30 16:52:53 372736 ----a-w- C:\windows\System32\atmfd.dll
2015-07-30 16:49:55 299520 ----a-w- C:\windows\SysWow64\atmfd.dll
2015-07-20 18:12:45 98304 ----a-w- C:\windows\System32\wudriver.dll
2015-07-20 18:12:45 3154944 ----a-w- C:\windows\System32\wucltux.dll
2015-07-20 18:12:45 192000 ----a-w- C:\windows\System32\wuwebv.dll
2015-07-20 18:12:16 91136 ----a-w- C:\windows\System32\WinSetupUI.dll
2015-07-20 18:12:05 12288 ----a-w- C:\windows\System32\wu.upgrade.ps.dll
2015-07-20 18:12:02 37376 ----a-w- C:\windows\System32\wuapp.exe
2015-07-20 17:56:49 93184 ----a-w- C:\windows\SysWow64\wudriver.dll
2015-07-20 17:56:49 173056 ----a-w- C:\windows\SysWow64\wuwebv.dll
2015-07-20 17:56:08 34816 ----a-w- C:\windows\SysWow64\wuapp.exe
2015-07-16 20:54:49 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2015-07-16 20:54:33 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2015-07-16 20:37:26 66560 ----a-w- C:\windows\System32\iesetup.dll
2015-07-16 20:36:31 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2015-07-16 20:36:22 417792 ----a-w- C:\windows\System32\html.iec
2015-07-16 20:36:21 584192 ----a-w- C:\windows\System32\vbscript.dll
2015-07-16 20:35:40 88064 ----a-w- C:\windows\System32\MshtmlDac.dll
2015-07-16 20:26:00 5923328 ----a-w- C:\windows\System32\jscript9.dll
2015-07-16 20:21:50 114688 ----a-w- C:\windows\System32\ieetwcollector.exe
2015-07-16 20:21:47 144384 ----a-w- C:\windows\System32\ieUnatt.exe
2015-07-16 20:21:25 814080 ----a-w- C:\windows\System32\jscript9diag.dll
2015-07-16 20:12:23 968704 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2015-07-16 20:06:43 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2015-07-16 20:00:07 77824 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2015-07-16 19:51:47 504320 ----a-w- C:\windows\SysWow64\vbscript.dll
2015-07-16 19:51:46 62464 ----a-w- C:\windows\SysWow64\iesetup.dll
2015-07-16 19:50:54 47616 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2015-07-16 19:50:38 341504 ----a-w- C:\windows\SysWow64\html.iec
2015-07-16 19:49:37 64000 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2015-07-16 19:39:20 115712 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2015-07-16 19:38:51 620032 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2015-07-16 19:33:23 1359360 ----a-w- C:\windows\System32\mshtmlmedia.dll
2015-07-16 19:32:53 2125824 ----a-w- C:\windows\System32\inetcpl.cpl
2015-07-16 19:24:03 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2015-07-16 19:12:42 2427904 ----a-w- C:\windows\System32\wininet.dll
2015-07-16 19:12:39 4520448 ----a-w- C:\windows\SysWow64\jscript9.dll
2015-07-16 19:06:06 2052608 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2015-07-16 19:05:15 1155072 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2015-07-16 18:42:02 1951232 ----a-w- C:\windows\SysWow64\wininet.dll
2015-07-15 03:19:57 2004992 ----a-w- C:\windows\System32\msxml6.dll
2015-07-15 03:19:57 1887232 ----a-w- C:\windows\System32\msxml3.dll
2015-07-15 03:14:09 2048 ----a-w- C:\windows\System32\msxml6r.dll
2015-07-15 03:13:59 2048 ----a-w- C:\windows\System32\msxml3r.dll
2015-07-15 02:55:45 1390592 ----a-w- C:\windows\SysWow64\msxml6.dll
2015-07-15 02:55:45 1241088 ----a-w- C:\windows\SysWow64\msxml3.dll
2015-07-15 02:51:14 2048 ----a-w- C:\windows\SysWow64\msxml6r.dll
2015-07-15 02:51:14 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll
2015-07-10 17:51:27 44032 ----a-w- C:\windows\System32\tsgqec.dll
2015-07-10 17:51:19 3722752 ----a-w- C:\windows\System32\mstscax.dll
2015-07-10 17:51:10 158720 ----a-w- C:\windows\System32\aaclient.dll
2015-07-10 17:34:09 36864 ----a-w- C:\windows\SysWow64\tsgqec.dll
2015-07-10 17:34:02 3221504 ----a-w- C:\windows\SysWow64\mstscax.dll
2015-07-10 17:33:50 131584 ----a-w- C:\windows\SysWow64\aaclient.dll
2015-07-09 17:57:57 193536 ----a-w- C:\windows\System32\notepad.exe
2015-07-09 17:57:57 193536 ----a-w- C:\windows\notepad.exe
2015-07-09 17:42:27 179712 ----a-w- C:\windows\SysWow64\notepad.exe
2015-07-04 18:07:11 2087424 ----a-w- C:\windows\System32\ole32.dll
2015-07-04 17:48:36 1414656 ----a-w- C:\windows\SysWow64\ole32.dll
2015-07-01 20:56:03 95680 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2015-07-01 20:56:03 155584 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2015-07-01 20:49:56 260096 ----a-w- C:\windows\System32\WebClnt.dll
2015-07-01 20:49:53 210944 ----a-w- C:\windows\System32\wdigest.dll
2015-07-01 20:49:47 86528 ----a-w- C:\windows\System32\TSpkg.dll
2015-07-01 20:49:45 29184 ----a-w- C:\windows\System32\sspisrv.dll
2015-07-01 20:49:45 136192 ----a-w- C:\windows\System32\sspicli.dll
2015-07-01 20:49:42 342016 ----a-w- C:\windows\System32\schannel.dll
2015-07-01 20:49:42 28160 ----a-w- C:\windows\System32\secur32.dll
2015-07-01 20:49:41 1216512 ----a-w- C:\windows\System32\rpcrt4.dll
2015-07-01 20:49:23 309760 ----a-w- C:\windows\System32\ncrypt.dll
2015-07-01 20:49:22 315392 ----a-w- C:\windows\System32\msv1_0.dll
2015-07-01 20:49:11 729088 ----a-w- C:\windows\System32\kerberos.dll
2015-07-01 20:49:11 1461760 ----a-w- C:\windows\System32\lsasrv.dll
2015-07-01 20:48:36 102912 ----a-w- C:\windows\System32\davclnt.dll
2015-07-01 20:48:34 44032 ----a-w- C:\windows\System32\cryptbase.dll
2015-07-01 20:48:34 22016 ----a-w- C:\windows\System32\credssp.dll
2015-07-01 20:47:38 31232 ----a-w- C:\windows\System32\lsass.exe
2015-07-01 20:47:18 64000 ----a-w- C:\windows\System32\auditpol.exe
2015-07-01 20:43:51 60416 ----a-w- C:\windows\System32\msobjs.dll
2015-07-01 20:43:37 146432 ----a-w- C:\windows\System32\msaudite.dll
2015-07-01 20:39:24 686080 ----a-w- C:\windows\System32\adtschema.dll
2015-07-01 20:30:43 206848 ----a-w- C:\windows\SysWow64\WebClnt.dll
2015-07-01 20:30:43 172032 ----a-w- C:\windows\SysWow64\wdigest.dll
2015-07-01 20:30:40 65536 ----a-w- C:\windows\SysWow64\TSpkg.dll
.
============= FINISH: 21:00:35.87 ===============
My family's computer is a mess. Nothing on Chrome and IE will load, Firefox loads one page then there is a ton of pop ups and won't load anymore. It's sluggish. I've uninstalled programs that were obvious malware like Fast Clean Pro and ran the antivirus they had installed, as well as spybot search and destroy but it didn't make a difference. The Security Center won't turn on, and a lot of security updates failed to install. Please help! Thank you!
-----------------------------
DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.9600.17937 BrowserJavaVersion: 10.67.2
Run by Home at 20:56:59 on 2015-09-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.3029 [GMT -4:00]
.
AV: Panda Free Antivirus *Enabled/Updated* {AAF74A68-8713-CDF1-004F-30003398BE9E}
SP: Panda Free Antivirus *Enabled/Updated* {1196AB8C-A129-C27F-3AFF-0B72481FF423}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Panda Firewall *Disabled* {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>;
mWinlogon: Userinit = C:\windows\SysWOW64\userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRunOnce: [BeginInteractiveOSUpgrade] C:\windows\System32\wuauclt.exe /BeginInteractiveOSUpgrade
mRun: [LenovoFSC] C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe
mRun: [jmekey] C:\Program Files (x86)\jmesoft\hotkey.exe
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [fst_us_112] <no file>
dRunOnce: [panda4_2dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_2dn" /f
dRunOnce: [panda] reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f
dRunOnce: [panda_XP] reg.exe delete "HKCU\Software\panda" /f
StartupFolder: C:\Users\Home\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: MaxGPOScriptWait = dword:600
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{05DDD59F-AFE1-4586-8FE2-20968752EA9F} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{20BD1366-DEB5-4A27-B5AA-29BA5B0684E0} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{60688BEE-3ED1-4DCC-88E5-05A8ABB6F224} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{8403AF2E-3BD8-49AB-9BAD-500FE5364A42} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{91E213B4-7FED-452F-AA6A-B48EDF65B269} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{91E213B4-7FED-452F-AA6A-B48EDF65B269}\25B445A5B4 : DHCPNameServer = 192.168.1.1
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://speedial.com/?f=1&a=spd_cmi_14_25_ch&cd=2XzuyEtN2Y1L1QzuyEyEtAyB0EyCtDzy0BtByCyE0EyC0E0CtN0D0Tzu0SzytDtAtN1L2XzutBtFtBtCtFyBtFtCtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StB0AzyzztDyDzy0AtGyBzyyCyBtG0F0F0CyBtG0EyBzy0EtGtDyBtA0C0C0B0BzzyEyCtDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtA0AzztDzzyEyDtG0FtCyByBtG0Dzz0A0BtGzzzy0C0BtGtCtBtBzytA0FtAtAyBtBtDzy2Q&cr=504169009&ir=
x64-mSearch Page = about:blank
x64-mDefault_Page_URL = about:blank
x64-mDefault_Search_URL = about:blank
x64-mWinlogon: Userinit = C:\windows\SysWOW64\userinit.exe,
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 Spyware Info | Spyware Info
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qfe06vtf.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Vosteran
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: extensions.nspdlsd.aflt - spd_cmi_14_25_ch
FF - user.js: extensions.nspdlsd.instlRef - 142905_c
FF - user.js: extensions.nspdlsd.cr - 504169009
FF - user.js: extensions.nspdlsd.cd - 2XzuyEtN2Y1L1QzuyEyEtAyB0EyCtDzy0BtByCyE0EyC0E0CtN0D0Tzu0SzytDtAtN1L2XzutBtFtBtCtFyBtFtCtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StB0AzyzztDyDzy0AtGyBzyyCyBtG0F0F0CyBtG0EyBzy0EtGtDyBtA0C0C0B0BzzyEyCtDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtA0AzztDzzyEyDtG0FtCyByBtG0Dzz0A0BtGzzzy0C0BtGtCtBtBzytA0FtAtAyBtBtDzy2Q
.
.
.
.
FF - user.js: extensions.srchvstrn.hmpg - true
FF - user.js: extensions.srchvstrn.hmpgUrl - hxxp://Vosteran.com/?f=1&a=vst_secureddownload_14_52_ch&cd=2XzuyEtN2Y1L1QzuyEyEtAyB0EyCtDzy0BtByCyE0EyC0E0CtN0D0Tzu0StCtDzzyCtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2SyB0D0FzytCyDtB0EtGtCyEzz0BtG0D0C0CyBtGtCtA0FyCtGyByEyBtD0F0DyEyEtA0D0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0D0EyD0C0DyE0DtG0Ezy0ByEtGyE0FyD0EtGzytBzyzytGyCyBtD0DtB0DyE0ByDyCtA0D2Q&cr=1408702106&ir=
FF - user.js: extensions.srchvstrn.dfltSrch - true
FF - user.js: extensions.srchvstrn.srchPrvdr - Vosteran
FF - user.js: extensions.srchvstrn.dnsErr - true
FF - user.js: extensions.srchvstrn_i.newTab - true
FF - user.js: extensions.srchvstrn.newTabUrl - hxxp://Vosteran.com/?f=2&a=vst_secureddownload_14_52_ch&cd=2XzuyEtN2Y1L1QzuyEyEtAyB0EyCtDzy0BtByCyE0EyC0E0CtN0D0Tzu0StCtDzzyCtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2SyB0D0FzytCyDtB0EtGtCyEzz0BtG0D0C0CyBtGtCtA0FyCtGyByEyBtD0F0DyEyEtA0D0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0D0EyD0C0DyE0DtG0Ezy0ByEtGyE0FyD0EtGzytBzyzytGyCyBtD0DtB0DyE0ByDyCtA0D2Q&cr=1408702106&ir=
FF - user.js: extensions.srchvstrn.tlbrSrchUrl - hxxp://Vosteran.com/?f=3&a=vst_secureddownload_14_52_ch&cd=2XzuyEtN2Y1L1QzuyEyEtAyB0EyCtDzy0BtByCyE0EyC0E0CtN0D0Tzu0StCtDzzyCtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2SyB0D0FzytCyDtB0EtGtCyEzz0BtG0D0C0CyBtGtCtA0FyCtGyByEyBtD0F0DyEyEtA0D0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0D0EyD0C0DyE0DtG0Ezy0ByEtGyE0FyD0EtGzytBzyzytGyCyBtD0DtB0DyE0ByDyCtA0D2Q&cr=1408702106&ir=&q=
FF - user.js: extensions.srchvstrn.id - 4437E609B264E6EC
FF - user.js: extensions.srchvstrn.instlDay - 16426
FF - user.js: extensions.srchvstrn.vrsn -
FF - user.js: extensions.srchvstrn.vrsni -
FF - user.js: extensions.srchvstrn_i.vrsnTs - 12:25:49
FF - user.js: extensions.srchvstrn.prtnrId - WSE_Vosteran
FF - user.js: extensions.srchvstrn.prdct - srchvstrn
FF - user.js: extensions.srchvstrn.aflt - vst_secureddownload_14_52_ch
FF - user.js: extensions.srchvstrn_i.smplGrp - none
FF - user.js: extensions.srchvstrn.tlbrId -
FF - user.js: extensions.srchvstrn.instlRef - 142905_c
FF - user.js: extensions.srchvstrn.dfltLng -
FF - user.js: extensions.srchvstrn.appId - {4CB3598A-82E8-4D1F-983F-061238AE696E}
FF - user.js: extensions.srchvstrn.excTlbr - false
FF - user.js: extensions.srchvstrn.cr - 1408702106
FF - user.js: extensions.srchvstrn.cd - 2XzuyEtN2Y1L1QzuyEyEtAyB0EyCtDzy0BtByCyE0EyC0E0CtN0D0Tzu0StCtDzzyCtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2SyB0D0FzytCyDtB0EtGtCyEzz0BtG0D0C0CyBtGtCtA0FyCtGyByEyBtD0F0DyEyEtA0D0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0D0EyD0C0DyE0DtG0Ezy0ByEtGyE0FyD0EtGzytBzyzytGyCyBtD0DtB0DyE0ByDyCtA0D2Q
FF - user.js: extensions.srchvstrn.AL - 4
.
user_pref(extensions.autoDisableScopes,14);
============= SERVICES / DRIVERS ===============
.
R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2013-8-21 49952]
R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;C:\windows\System32\drivers\NNSNAHSL.sys [2014-12-31 48400]
R2 NanoServiceMain;Panda Protection Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2015-2-26 142584]
R2 PSUAService;Panda Product Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2015-2-26 38136]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2010-9-15 215040]
S1 NNSALPC;NNSALPC;C:\windows\System32\drivers\NNSAlpc.sys [2015-2-9 93968]
S1 NNSHTTP;NNSHTTP;C:\windows\System32\drivers\NNSHttp.sys [2015-2-9 202000]
S1 NNSHTTPS;NNSHTTPS;C:\windows\System32\drivers\NNSHttps.sys [2015-2-9 110864]
S1 NNSIDS;NNSIDS;C:\windows\System32\drivers\NNSIds.sys [2015-2-9 116496]
S1 NNSPICC;NNSPICC;C:\windows\System32\drivers\NNSpicc.sys [2015-2-9 99600]
S1 NNSPIHSW;NNSPIHSW;C:\windows\System32\drivers\NNSPihsw.sys [2015-2-9 69904]
S1 NNSPOP3;NNSPOP3;C:\windows\System32\drivers\NNSPop3.sys [2015-2-9 124176]
S1 NNSPROT;NNSPROT;C:\windows\System32\drivers\NNSProt.sys [2015-2-9 299792]
S1 NNSPRV;NNSPRV;C:\windows\System32\drivers\NNSPrv.sys [2015-2-9 166160]
S1 NNSSMTP;NNSSMTP;C:\windows\System32\drivers\NNSSmtp.sys [2015-2-9 113424]
S1 NNSSTRM;NNSSTRM;C:\windows\System32\drivers\NNSStrm.sys [2015-2-9 257296]
S1 NNSTLSC;NNSTLSC;C:\windows\System32\drivers\NNStlsc.sys [2015-2-9 106256]
S1 PSINKNC;PSINKNC;C:\windows\System32\drivers\PSINKNC.sys [2015-2-25 197392]
S2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-1-20 77128]
S2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-5-1 1394816]
S2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-5-1 1772672]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
S2 panda_url_filteringService;panda_url_filtering Anti-Phishing Service;C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe -- --> C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe -- [?]
S2 PandaAgent;Panda Devices Agent;C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [2014-10-9 66808]
S2 PSINAflt;PSINAflt;C:\windows\System32\drivers\PSINAflt.sys [2015-2-25 163088]
S2 PSINFile;PSINFile;C:\windows\System32\drivers\PSINFile.sys [2015-2-25 121616]
S2 PSINProc;PSINProc;C:\windows\System32\drivers\PSINProc.sys [2015-2-25 124176]
S2 PSINProt;PSINProt;C:\windows\System32\drivers\PSINProt.sys [2015-2-25 133904]
S2 PSINReg;PSINReg;C:\windows\System32\drivers\PSINReg.sys [2015-2-25 107792]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-8-21 1817560]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-8-21 1033688]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-8-21 171928]
S2 ServiceUpdater;Network Support Service Updater;C:\windows\SysWOW64\netupdsrv.exe --> C:\windows\SysWOW64\netupdsrv.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S2 SurfShieldUpdateService;Update Service for SurfShield;"C:\Program Files (x86)\SurfShieldMain\UpdateService.exe" --> C:\Program Files (x86)\SurfShieldMain\UpdateService.exe [?]
S2 vToolbarUpdater18.0.5;vToolbarUpdater18.0.5;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [2014-3-20 1771032]
S3 athrusb;Atheros Wireless LAN USB device driver;C:\windows\System32\drivers\athrxusb.sys [2008-7-28 1075712]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2014-11-28 58056]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2014-3-31 1512640]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2015-9-8 114688]
S3 lvpopf64;Logitech POP Suppression Filter;C:\windows\System32\drivers\lvpopf64.sys [2007-5-11 1361952]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\windows\System32\drivers\LVUSBS64.sys [2007-5-11 50208]
S3 LVUVC64;Logitech QuickCam Fusion(UVC);C:\windows\System32\drivers\lvuvc64.sys [2007-5-11 3612704]
S3 panda_url_filteringd;panda_url_filteringd driver;C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringd.sys [2014-3-19 51288]
S3 PSKMAD;PSKMAD;C:\windows\System32\drivers\PSKMAD.sys [2015-6-6 61712]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\windows\System32\drivers\Rtnic64.sys [2009-6-10 51712]
S3 SuperIO;Lenovo ASD HWM Driver;C:\windows\System32\drivers\spio.sys [2009-6-5 11848]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-6-23 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S3 UsbFltr;WayTech USB Filter Driver;C:\windows\System32\drivers\UsbFltr.sys [2007-4-9 12288]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-4-2 1255736]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S3 ZDCNDIS6a64;ZDCNDIS Protocol Driver;C:\windows\System32\ZDCNDIS6a64.sys [2011-10-20 41280]
S4 rqpbhevlkc64;rqpbhevlkc64;C:\Program Files\004\rqpbhevlkc64.exe run options=01100010040000000000000000000000 sourceguid=7B0A8368-1A6F-48A5-B236-8BD61816B3F9 --> C:\Program Files\004\rqpbhevlkc64.exe run options=01100010040000000000000000000000 sourceguid=7B0A8368-1A6F-48A5-B236-8BD61816B3F9 [?]
.
=============== Created Last 30 ================
.
2015-09-08 11:42:01 -------- d--h--w- C:\$Windows.~BT
2015-09-08 06:43:30 774656 ----a-w- C:\windows\System32\invagent.dll
2015-09-08 06:43:30 743424 ----a-w- C:\windows\System32\generaltel.dll
2015-09-08 06:43:30 69120 ----a-w- C:\windows\System32\acmigration.dll
2015-09-08 06:43:30 437760 ----a-w- C:\windows\System32\devinv.dll
2015-09-08 06:43:30 1148416 ----a-w- C:\windows\System32\aeinv.dll
2015-09-08 06:43:30 1116672 ----a-w- C:\windows\System32\appraiser.dll
2015-09-08 06:43:29 227328 ----a-w- C:\windows\System32\aepdu.dll
2015-09-08 06:43:29 17344 ----a-w- C:\windows\System32\CompatTelRunner.exe
2015-09-08 06:41:59 815312 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2015-09-08 06:32:54 11745192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3C665416-5FAB-42FE-BA2F-A8A0DC018335}\mpengine.dll
2015-09-07 22:56:09 -------- d-----w- C:\Program Files\Common Files\AV
.
==================== Find3M ====================
.
2015-08-26 07:22:17 778440 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2015-08-26 07:22:16 142536 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-30 18:06:57 2565120 ----a-w- C:\windows\System32\d3d10warp.dll
2015-07-30 18:06:57 1648128 ----a-w- C:\windows\System32\DWrite.dll
2015-07-30 18:06:57 1180160 ----a-w- C:\windows\System32\FntCache.dll
2015-07-30 18:06:42 41984 ----a-w- C:\windows\System32\lpk.dll
2015-07-30 18:06:39 100864 ----a-w- C:\windows\System32\fontsub.dll
2015-07-30 18:06:35 14336 ----a-w- C:\windows\System32\dciman32.dll
2015-07-30 18:06:34 46080 ----a-w- C:\windows\System32\atmlib.dll
2015-07-30 17:57:30 1987584 ----a-w- C:\windows\SysWow64\d3d10warp.dll
2015-07-30 17:57:30 1251328 ----a-w- C:\windows\SysWow64\DWrite.dll
2015-07-30 17:57:08 70656 ----a-w- C:\windows\SysWow64\fontsub.dll
2015-07-30 17:57:05 10240 ----a-w- C:\windows\SysWow64\dciman32.dll
2015-07-30 17:57:02 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2015-07-30 17:55:56 25600 ----a-w- C:\windows\SysWow64\lpk.dll
2015-07-30 16:56:07 3208192 ----a-w- C:\windows\System32\win32k.sys
2015-07-30 16:52:53 372736 ----a-w- C:\windows\System32\atmfd.dll
2015-07-30 16:49:55 299520 ----a-w- C:\windows\SysWow64\atmfd.dll
2015-07-20 18:12:45 98304 ----a-w- C:\windows\System32\wudriver.dll
2015-07-20 18:12:45 3154944 ----a-w- C:\windows\System32\wucltux.dll
2015-07-20 18:12:45 192000 ----a-w- C:\windows\System32\wuwebv.dll
2015-07-20 18:12:16 91136 ----a-w- C:\windows\System32\WinSetupUI.dll
2015-07-20 18:12:05 12288 ----a-w- C:\windows\System32\wu.upgrade.ps.dll
2015-07-20 18:12:02 37376 ----a-w- C:\windows\System32\wuapp.exe
2015-07-20 17:56:49 93184 ----a-w- C:\windows\SysWow64\wudriver.dll
2015-07-20 17:56:49 173056 ----a-w- C:\windows\SysWow64\wuwebv.dll
2015-07-20 17:56:08 34816 ----a-w- C:\windows\SysWow64\wuapp.exe
2015-07-16 20:54:49 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2015-07-16 20:54:33 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2015-07-16 20:37:26 66560 ----a-w- C:\windows\System32\iesetup.dll
2015-07-16 20:36:31 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2015-07-16 20:36:22 417792 ----a-w- C:\windows\System32\html.iec
2015-07-16 20:36:21 584192 ----a-w- C:\windows\System32\vbscript.dll
2015-07-16 20:35:40 88064 ----a-w- C:\windows\System32\MshtmlDac.dll
2015-07-16 20:26:00 5923328 ----a-w- C:\windows\System32\jscript9.dll
2015-07-16 20:21:50 114688 ----a-w- C:\windows\System32\ieetwcollector.exe
2015-07-16 20:21:47 144384 ----a-w- C:\windows\System32\ieUnatt.exe
2015-07-16 20:21:25 814080 ----a-w- C:\windows\System32\jscript9diag.dll
2015-07-16 20:12:23 968704 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2015-07-16 20:06:43 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2015-07-16 20:00:07 77824 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2015-07-16 19:51:47 504320 ----a-w- C:\windows\SysWow64\vbscript.dll
2015-07-16 19:51:46 62464 ----a-w- C:\windows\SysWow64\iesetup.dll
2015-07-16 19:50:54 47616 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2015-07-16 19:50:38 341504 ----a-w- C:\windows\SysWow64\html.iec
2015-07-16 19:49:37 64000 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2015-07-16 19:39:20 115712 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2015-07-16 19:38:51 620032 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2015-07-16 19:33:23 1359360 ----a-w- C:\windows\System32\mshtmlmedia.dll
2015-07-16 19:32:53 2125824 ----a-w- C:\windows\System32\inetcpl.cpl
2015-07-16 19:24:03 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2015-07-16 19:12:42 2427904 ----a-w- C:\windows\System32\wininet.dll
2015-07-16 19:12:39 4520448 ----a-w- C:\windows\SysWow64\jscript9.dll
2015-07-16 19:06:06 2052608 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2015-07-16 19:05:15 1155072 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2015-07-16 18:42:02 1951232 ----a-w- C:\windows\SysWow64\wininet.dll
2015-07-15 03:19:57 2004992 ----a-w- C:\windows\System32\msxml6.dll
2015-07-15 03:19:57 1887232 ----a-w- C:\windows\System32\msxml3.dll
2015-07-15 03:14:09 2048 ----a-w- C:\windows\System32\msxml6r.dll
2015-07-15 03:13:59 2048 ----a-w- C:\windows\System32\msxml3r.dll
2015-07-15 02:55:45 1390592 ----a-w- C:\windows\SysWow64\msxml6.dll
2015-07-15 02:55:45 1241088 ----a-w- C:\windows\SysWow64\msxml3.dll
2015-07-15 02:51:14 2048 ----a-w- C:\windows\SysWow64\msxml6r.dll
2015-07-15 02:51:14 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll
2015-07-10 17:51:27 44032 ----a-w- C:\windows\System32\tsgqec.dll
2015-07-10 17:51:19 3722752 ----a-w- C:\windows\System32\mstscax.dll
2015-07-10 17:51:10 158720 ----a-w- C:\windows\System32\aaclient.dll
2015-07-10 17:34:09 36864 ----a-w- C:\windows\SysWow64\tsgqec.dll
2015-07-10 17:34:02 3221504 ----a-w- C:\windows\SysWow64\mstscax.dll
2015-07-10 17:33:50 131584 ----a-w- C:\windows\SysWow64\aaclient.dll
2015-07-09 17:57:57 193536 ----a-w- C:\windows\System32\notepad.exe
2015-07-09 17:57:57 193536 ----a-w- C:\windows\notepad.exe
2015-07-09 17:42:27 179712 ----a-w- C:\windows\SysWow64\notepad.exe
2015-07-04 18:07:11 2087424 ----a-w- C:\windows\System32\ole32.dll
2015-07-04 17:48:36 1414656 ----a-w- C:\windows\SysWow64\ole32.dll
2015-07-01 20:56:03 95680 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2015-07-01 20:56:03 155584 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2015-07-01 20:49:56 260096 ----a-w- C:\windows\System32\WebClnt.dll
2015-07-01 20:49:53 210944 ----a-w- C:\windows\System32\wdigest.dll
2015-07-01 20:49:47 86528 ----a-w- C:\windows\System32\TSpkg.dll
2015-07-01 20:49:45 29184 ----a-w- C:\windows\System32\sspisrv.dll
2015-07-01 20:49:45 136192 ----a-w- C:\windows\System32\sspicli.dll
2015-07-01 20:49:42 342016 ----a-w- C:\windows\System32\schannel.dll
2015-07-01 20:49:42 28160 ----a-w- C:\windows\System32\secur32.dll
2015-07-01 20:49:41 1216512 ----a-w- C:\windows\System32\rpcrt4.dll
2015-07-01 20:49:23 309760 ----a-w- C:\windows\System32\ncrypt.dll
2015-07-01 20:49:22 315392 ----a-w- C:\windows\System32\msv1_0.dll
2015-07-01 20:49:11 729088 ----a-w- C:\windows\System32\kerberos.dll
2015-07-01 20:49:11 1461760 ----a-w- C:\windows\System32\lsasrv.dll
2015-07-01 20:48:36 102912 ----a-w- C:\windows\System32\davclnt.dll
2015-07-01 20:48:34 44032 ----a-w- C:\windows\System32\cryptbase.dll
2015-07-01 20:48:34 22016 ----a-w- C:\windows\System32\credssp.dll
2015-07-01 20:47:38 31232 ----a-w- C:\windows\System32\lsass.exe
2015-07-01 20:47:18 64000 ----a-w- C:\windows\System32\auditpol.exe
2015-07-01 20:43:51 60416 ----a-w- C:\windows\System32\msobjs.dll
2015-07-01 20:43:37 146432 ----a-w- C:\windows\System32\msaudite.dll
2015-07-01 20:39:24 686080 ----a-w- C:\windows\System32\adtschema.dll
2015-07-01 20:30:43 206848 ----a-w- C:\windows\SysWow64\WebClnt.dll
2015-07-01 20:30:43 172032 ----a-w- C:\windows\SysWow64\wdigest.dll
2015-07-01 20:30:40 65536 ----a-w- C:\windows\SysWow64\TSpkg.dll
.
============= FINISH: 21:00:35.87 ===============