Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Crime Watch Malware [Closed]


  • This topic is locked This topic is locked

#1
gerrybnz

gerrybnz

    New Member

  • Member
  • Pip
  • 3 posts

I became infected with crime watch

each time I scanned with Malware Bytes and removed it the same infection re-appeared

I tried the following:

Scanned for infection and quarantied the infection modules

restarted Windows (8.1) to complete removal

rescanned again

same infection re-appeared

cleaned out the infection

reboooted (noticed extra delay in start up and modem very busy)

rescanned

infection back again

deleted the modules

rebooted (WITH THE MODEM TURNED OFF)

 

Infection returned at start up !! (Noticed lengthy start up!)

 

Crime watch must be checking for presence of rogue, finding them cleaned out and re-infecting

 

Searching for method of detecting at startup by crime watch

PS Disabled 2 entries in windows startup list early in job - they were both described as "program"

suspect they were crime watch modules hiding

 

any ideas about monitoring the startup and tracking crime watch doing its re-infection?


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi I will need to look at the system first

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please post both logs generated.
THEN

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan

AswMBR%20scan.JPG


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#3
gerrybnz

gerrybnz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Well I did it at last !!
here are the files you asked for - now the magic begins?
Regards
Gerry
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015
Ran by Gerry (administrator) on GERRYSLAPTOP on 01-03-2015 12:59:06
Running from C:\Users\Gerry\Downloads
Loaded Profiles: mkathrv & Gerry (Available profiles: mkathrv & Gerry & Guest)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\Common Files\Appkeys\yytool64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Telstra Broadband Assistant\1.0.2.45\ma\bin\MAHostService.exe
(Joyent, Inc) C:\Program Files (x86)\Telstra Broadband Assistant\1.0.2.45\ma\bin\node.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Telstra Corporation Ltd.) C:\Program Files\Telstra Broadband Assistant\1.0.2.45\ma\bin\pcTrayApp.exe
(Google Inc.) C:\Users\mkathrv\AppData\Local\Google\Chrome\Application\chrome.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
(Google Inc.) C:\Users\mkathrv\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\mkathrv\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\mkathrv\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\mkathrv\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\mkathrv\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\mkathrv\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\mkathrv\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Users\mkathrv\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Telstra_McciTrayApp] => C:\Program Files\Telstra Broadband Assistant\1.0.2.45\ma\bin\pcTrayApp.exe [2835456 2014-09-11] (Telstra Corporation Ltd.)
HKLM\...\Run: [shopperz] => C:\Program Files\shopperz\wrex.exe
HKLM\...\Run: [shopperz64] => C:\Program Files\shopperz\wrex64.exe
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2015-01-27] (Apple Inc.)
HKLM\...\RunOnce: [*Restore] => C:\WINDOWS\System32\rstrui.exe [271872 2014-04-06] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4052331037-556818154-8592725-1001\...\Run: [Google Update] => C:\Users\mkathrv\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-11-22] (Google Inc.)
HKU\S-1-5-21-4052331037-556818154-8592725-1001\...\Run: [Google+ Auto Backup] => "C:\Users\mkathrv\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
HKU\S-1-5-21-4052331037-556818154-8592725-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)
HKU\S-1-5-21-4052331037-556818154-8592725-1001\...\Run: [GoogleChromeAutoLaunch_0061D0EE4670C4D15318C72B3512D6E4] => C:\Users\mkathrv\AppData\Local\Google\Chrome\Application\chrome.exe [843592 2015-02-18] (Google Inc.)
HKU\S-1-5-21-4052331037-556818154-8592725-1001\...\MountPoints2: {8e46287e-f917-11e2-be8f-10bf489d29c1} - "F:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-4052331037-556818154-8592725-1001\...\MountPoints2: {c2361e7c-bce2-11e4-bfa1-10bf489d29c1} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-4052331037-556818154-8592725-1004\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-02-12] (Glarysoft Ltd)
HKU\S-1-5-21-4052331037-556818154-8592725-1004\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[S1].txt [2754 2015-02-28] ()
HKU\S-1-5-21-4052331037-556818154-8592725-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [131072 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #2] => C:\Program Files\Internet Explorer\iexplore.exe [813712 2014-10-31] (Microsoft Corporation)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall LastPass RunOnce.lnk
ShortcutTarget: Uninstall LastPass RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
BootExecute: autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.omniboxes...EO2SXX621KFEO2S
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.omniboxes...EO2SXX621KFEO2S
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.omniboxes...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.omniboxes...EO2SXX621KFEO2S
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.omniboxes...EO2SXX621KFEO2S
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.omniboxes...q={searchTerms}
HKU\S-1-5-21-4052331037-556818154-8592725-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://bing.com/
HKU\S-1-5-21-4052331037-556818154-8592725-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
HKU\S-1-5-21-4052331037-556818154-8592725-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.omniboxes...q={searchTerms}
HKU\S-1-5-21-4052331037-556818154-8592725-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.omniboxes...EO2SXX621KFEO2S
HKU\S-1-5-21-4052331037-556818154-8592725-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.omniboxes...EO2SXX621KFEO2S
HKU\S-1-5-21-4052331037-556818154-8592725-1004\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.omniboxes...q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: shopperz -> {5081D2D4-1637-404c-B74F-50526718257D} -> C:\Program Files\shopperz\mseff64.dll No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: shopperz -> {5081D2D4-1637-404c-B74F-50526718257D} -> C:\Program Files\shopperz\mseff32.dll No File
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.omniboxes...EO2SXX621KFEO2S

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Telstra Broadband Assistant\1.0.2.45\ma\bin\npMotive.dll (Telstra Corporation Ltd.)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll (Telstra Corporation Ltd.)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4052331037-556818154-8592725-1001: @tools.google.com/Google Update;version=3 -> C:\Users\mkathrv\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4052331037-556818154-8592725-1001: @tools.google.com/Google Update;version=9 -> C:\Users\mkathrv\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Users\mkathrv\AppData\Local\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\mkathrv\AppData\Local\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\mkathrv\AppData\Local\Google\Chrome\Application\37.0.2062.120\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
CHR Profile: C:\Users\Gerry\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Gerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-01]
CHR Extension: (Google Drive) - C:\Users\Gerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Gerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-11]
CHR Extension: (YouTube) - C:\Users\Gerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-01]
CHR Extension: (Google Search) - C:\Users\Gerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-01]
CHR Extension: (Telstra Extension) - C:\Users\Gerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec [2014-07-13]
CHR Extension: (Google Wallet) - C:\Users\Gerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-19]
CHR Extension: (Gmail) - C:\Users\Gerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-01]
CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2015-01-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-14] (ASUS)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
S3 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-26] (Intel Corporation)
R2 Leawo_service; C:\Program Files (x86)\Common Files\Appkeys\yytool64.exe [1232880 2014-05-04] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [369152 2013-10-23] (Alcatel-Lucent) [File not signed]
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460800 2013-10-23] (Alcatel-Lucent) [File not signed]
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)
R2 Telstra MAHostService; C:\Program Files (x86)\Telstra Broadband Assistant\1.0.2.45\ma\bin\MAHostService.exe [321024 2014-09-11] (Alcatel-Lucent) [File not signed]
S3 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-14] (VIA Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 70F4EEDB-1367-4b4f-8247-3133551A7415; "C:\Program Files\shopperz\grunt.exe" [X]
S2 cae99edb; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\Super Optimizer\SupOptCrash.dll",ENT
S4 lxVHHY; "C:\ProgramData\EDwusour\lxVHHY.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\system32\DRIVERS\lgandnetndis64.sys [93696 2013-04-23] (LG Electronics Inc.)
S3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-04-16] (ASUS Corporation)
R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [20160 2014-10-14] (Glarysoft Ltd)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-03] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-03] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-03] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-03] (Printing Communications Assoc., Inc. (PCAUSA))
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-01 12:59 - 2015-03-01 12:59 - 00021362 _____ () C:\Users\Gerry\Downloads\FRST.txt
2015-03-01 12:58 - 2015-03-01 12:59 - 00000000 ____D () C:\FRST
2015-03-01 12:54 - 2015-03-01 12:54 - 02092544 _____ (Farbar) C:\Users\Gerry\Downloads\FRST64.exe
2015-02-28 12:53 - 2015-02-28 13:03 - 00016136 _____ () C:\Users\mkathrv\Desktop\offer on 28.odt
2015-02-28 12:44 - 2014-12-14 08:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-28 12:44 - 2014-12-14 08:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-28 12:44 - 2014-10-29 12:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-02-28 12:44 - 2014-10-29 12:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-02-28 12:44 - 2014-10-29 12:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-02-28 12:44 - 2014-10-29 12:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-02-28 09:58 - 2015-02-28 09:58 - 02126848 _____ () C:\Users\Gerry\Downloads\AdwCleaner (1).exe
2015-02-28 09:55 - 2015-02-28 09:55 - 02126848 _____ () C:\Users\Gerry\Downloads\AdwCleaner.exe
2015-02-28 09:51 - 2015-02-28 09:51 - 00001066 _____ () C:\Users\Gerry\Desktop\JRT.txt
2015-02-28 09:48 - 2015-02-28 09:48 - 01388274 _____ (Thisisu) C:\Users\Gerry\Downloads\JRT.exe
2015-02-27 17:01 - 2015-02-27 17:01 - 00001646 _____ () C:\Users\Gerry\Downloads\TDC - Superfoods for Superaging - Shortcut.lnk
2015-02-27 14:48 - 2015-02-27 14:48 - 00012754 _____ () C:\WINDOWS\system32\.crusader
2015-02-27 14:33 - 2015-02-28 15:23 - 00000000 ____D () C:\Program Files\HitmanPro
2015-02-27 14:33 - 2015-02-27 14:33 - 00001903 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-02-27 14:32 - 2015-02-27 14:48 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-02-27 14:31 - 2015-02-27 14:32 - 10995632 _____ (SurfRight B.V.) C:\Users\Gerry\Downloads\HitmanPro_x64.exe
2015-02-26 20:41 - 2015-02-26 20:41 - 00015365 _____ () C:\Users\mkathrv\Desktop\Ian Sales plan.odt
2015-02-26 16:43 - 2015-02-26 16:43 - 00000000 ____D () C:\Users\mkathrv\AppData\Local\CrimeWatch
2015-02-25 22:56 - 2015-02-25 22:56 - 00000000 ____D () C:\Users\Gerry\Documents\Reflect
2015-02-25 21:07 - 2015-03-01 12:29 - 00004486 _____ () C:\WINDOWS\setupact.log
2015-02-25 21:07 - 2015-02-25 21:07 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-25 21:06 - 2015-02-27 08:48 - 00005826 _____ () C:\WINDOWS\PFRO.log
2015-02-25 17:46 - 2015-02-25 17:46 - 00000045 _____ () C:\user.js
2015-02-25 17:46 - 2015-02-25 17:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-02-25 17:46 - 2015-02-25 17:46 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2015-02-25 17:43 - 2015-02-25 17:43 - 00666912 _____ () C:\Users\Gerry\Downloads\7zip-setup.exe
2015-02-25 17:41 - 2015-02-25 17:41 - 00055002 _____ () C:\Users\Gerry\Downloads\2015-monthly-calendar-blue-landscape.zip
2015-02-25 17:39 - 2015-02-25 17:39 - 06028880 _____ () C:\Users\Gerry\Downloads\dict-en (1).oxt
2015-02-25 17:38 - 2015-03-01 12:50 - 01542946 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-25 17:29 - 2015-02-25 17:30 - 69509120 _____ () C:\Users\Gerry\Downloads\calibre-64bit-2.20.0.msi
2015-02-25 17:27 - 2015-02-25 17:27 - 69439488 _____ () C:\Users\Gerry\Downloads\calibre-64bit-2.19.0.msi
2015-02-25 15:25 - 2015-02-25 15:25 - 00018643 _____ () C:\Users\mkathrv\Desktop\5 items per session !!!!.odt
2015-02-24 09:55 - 2015-02-24 09:55 - 00668290 _____ () C:\Users\mkathrv\Downloads\malware log.odt
2015-02-24 07:34 - 2015-02-24 07:34 - 00000000 _____ () C:\Recovery.txt
2015-02-23 15:04 - 2015-02-23 15:04 - 00001797 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-23 15:04 - 2015-02-23 15:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-23 15:03 - 2015-02-23 15:04 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-23 15:03 - 2015-02-23 15:04 - 00000000 ____D () C:\Program Files\iTunes
2015-02-23 14:56 - 2015-02-23 14:57 - 121343792 _____ (Apple Inc.) C:\Users\Gerry\Downloads\itunes64setup (2).exe
2015-02-23 14:50 - 2015-02-23 14:52 - 14952744 _____ () C:\Users\Gerry\Downloads\Glary_Utilities_v5.19.0.32.exe
2015-02-23 14:27 - 2015-02-23 14:28 - 00002499 _____ () C:\Users\Public\Desktop\Reflect.lnk
2015-02-23 14:27 - 2015-02-23 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2015-02-23 14:27 - 2015-02-23 14:27 - 00000000 ____D () C:\Program Files\Macrium
2015-02-23 14:25 - 2015-02-23 14:28 - 00308890 _____ () C:\Reflect_Install.log
2015-02-23 14:01 - 2015-02-23 14:13 - 00000000 ____D () C:\Users\Gerry\Downloads\Macrium
2015-02-23 14:00 - 2015-02-23 14:00 - 03537360 _____ (Paramount Software UK Ltd) C:\Users\mkathrv\Downloads\ReflectDL.exe
2015-02-22 22:46 - 2015-02-23 13:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-02-18 14:51 - 2015-02-18 14:51 - 00000000 ____D () C:\ProgramData\Auslogics
2015-02-18 14:50 - 2015-02-18 14:50 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2015-02-18 14:23 - 2015-02-28 09:36 - 00000000 ___RD () C:\Users\mkathrv\Downloads\DeviceDoctor.Opener_mkdtfchztkfbm!App
2015-02-14 09:48 - 2015-01-23 15:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-14 09:48 - 2015-01-23 14:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-11 20:21 - 2015-02-04 10:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-11 20:21 - 2015-02-04 10:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-11 20:21 - 2015-02-04 10:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-11 20:21 - 2015-02-03 10:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-11 20:21 - 2015-02-03 10:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-11 20:21 - 2015-02-03 10:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-11 20:21 - 2015-01-20 05:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-11 20:21 - 2014-12-19 19:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 20:21 - 2014-12-19 19:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 20:21 - 2014-12-09 10:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-11 13:40 - 2015-02-11 13:40 - 00000418 _____ () C:\Users\mkathrv\Desktop\Ian Job advert
2015-02-11 13:18 - 2015-02-11 13:19 - 00011804 _____ () C:\Users\mkathrv\Desktop\Ian Job advert.odt
2015-02-11 13:13 - 2015-01-16 09:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 13:13 - 2015-01-16 09:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 13:13 - 2015-01-14 15:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 13:13 - 2015-01-14 14:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 13:13 - 2015-01-14 09:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 13:13 - 2015-01-14 09:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 13:13 - 2015-01-10 20:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 13:13 - 2015-01-10 20:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 13:13 - 2015-01-10 19:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-11 13:13 - 2015-01-10 18:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 13:13 - 2015-01-10 17:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-11 13:13 - 2014-12-09 14:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 13:13 - 2014-12-09 12:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 13:13 - 2014-10-29 13:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-11 13:13 - 2014-10-29 13:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-11 13:13 - 2014-10-29 13:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-11 13:13 - 2014-10-29 13:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-11 13:13 - 2014-10-29 13:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-11 13:13 - 2014-10-29 13:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-11 13:13 - 2014-10-29 12:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-11 13:13 - 2014-10-29 12:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-11 13:13 - 2014-10-29 12:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-11 13:13 - 2014-10-29 12:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-11 13:13 - 2014-10-29 12:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-11 13:13 - 2014-10-29 12:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-11 13:13 - 2014-10-29 12:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-11 13:12 - 2015-01-12 14:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 13:12 - 2015-01-12 13:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 13:12 - 2015-01-12 13:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 13:12 - 2015-01-12 13:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 13:12 - 2015-01-12 13:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 13:12 - 2015-01-12 13:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 13:12 - 2015-01-12 13:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 13:12 - 2015-01-12 13:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 13:12 - 2015-01-12 13:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-11 13:12 - 2015-01-12 13:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-11 13:12 - 2015-01-12 13:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 13:12 - 2015-01-12 12:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 13:12 - 2015-01-12 12:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-11 13:12 - 2015-01-12 12:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 13:12 - 2015-01-12 12:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 13:12 - 2015-01-12 12:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 13:12 - 2015-01-12 12:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 13:12 - 2015-01-12 12:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 13:12 - 2015-01-12 12:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 13:12 - 2015-01-12 12:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 13:12 - 2015-01-12 12:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-11 13:12 - 2015-01-12 12:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-11 13:12 - 2015-01-12 12:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-11 13:12 - 2015-01-12 12:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 13:12 - 2015-01-12 12:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-11 13:12 - 2015-01-12 12:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-11 13:12 - 2015-01-12 12:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 13:12 - 2015-01-12 12:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-11 13:12 - 2015-01-12 12:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 13:12 - 2015-01-12 12:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 13:12 - 2015-01-12 12:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 13:12 - 2015-01-12 12:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-11 13:12 - 2015-01-12 11:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 13:12 - 2015-01-12 11:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-11 13:12 - 2015-01-10 19:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-10 11:49 - 2015-02-10 11:49 - 00279240 _____ (Auslogics) C:\Users\mkathrv\Downloads\Express_PC_scanner.exe
2015-02-10 10:06 - 2015-02-10 10:07 - 00000061 _____ () C:\Users\mkathrv\Desktop\google voucher.txt
2015-02-09 21:56 - 2015-02-09 21:56 - 14920448 _____ () C:\Users\Gerry\Downloads\Glary_Utilities_v5.18.0.31.exe
2015-02-09 21:48 - 2015-02-23 13:42 - 00000000 ____D () C:\WINDOWS\System32\Tasks\NCH Software
2015-02-09 21:48 - 2015-02-09 21:48 - 00002220 _____ () C:\Users\mkathrv\Desktop\NCH Suite.lnk
2015-02-09 21:48 - 2015-02-09 21:48 - 00001232 _____ () C:\Users\mkathrv\Desktop\Switch Sound File Converter.lnk
2015-02-09 21:48 - 2015-02-09 21:48 - 00001228 _____ () C:\Users\mkathrv\Desktop\WavePad Sound Editor.lnk
2015-02-09 21:48 - 2015-02-09 21:48 - 00001218 _____ () C:\Users\mkathrv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Switch Sound File Converter.lnk
2015-02-09 21:48 - 2015-02-09 21:48 - 00001214 _____ () C:\Users\mkathrv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk
2015-02-09 21:48 - 2015-02-09 21:48 - 00000000 ____D () C:\ProgramData\NCH Software
2015-02-09 21:47 - 2015-02-23 12:59 - 00000000 ____D () C:\Users\mkathrv\AppData\Roaming\NCH Software
2015-02-09 21:47 - 2015-02-09 21:47 - 00627776 _____ (NCH Software) C:\Users\Gerry\Downloads\switchsetup.exe
2015-02-09 14:21 - 2015-02-09 14:21 - 00000000 ____D () C:\Users\mkathrv\AppData\Roaming\AVS4YOU
2015-02-09 14:21 - 2015-02-09 14:21 - 00000000 ____D () C:\ProgramData\AVS4YOU
2015-02-09 14:20 - 2015-02-09 21:53 - 00000000 ____D () C:\Program Files (x86)\AVS4YOU
2015-02-09 14:17 - 2015-02-09 14:17 - 42836192 _____ (Online Media Technologies Ltd. ) C:\Users\mkathrv\Downloads\AVSAudioConverter.exe
2015-02-04 20:14 - 2015-02-04 20:14 - 00001241 _____ () C:\Users\Public\Desktop\Leawo Blu-ray Creator.lnk
2015-02-04 20:14 - 2015-02-04 20:14 - 00000000 ____D () C:\Users\Gerry\AppData\Local\Leawo Blu-ray Creator
2015-02-04 20:12 - 2015-02-04 20:13 - 51202200 _____ (Leawo Software Co., Ltd. ) C:\Users\mkathrv\Downloads\bluraycreator_setup.exe
2015-02-03 19:23 - 2015-02-22 14:27 - 00000796 _____ () C:\Users\mkathrv\Desktop\Change of address List.txt
2015-02-02 14:49 - 2015-02-02 14:49 - 00170504 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\psmounterex.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-01 12:38 - 2013-07-02 17:53 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-01 12:30 - 2015-01-01 22:08 - 00000000 ____D () C:\Program Files (x86)\Telstra Broadband Assistant
2015-03-01 12:30 - 2014-05-14 22:51 - 00000358 _____ () C:\WINDOWS\Tasks\GlaryInitialize 5.job
2015-03-01 12:29 - 2013-08-23 01:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-01 12:28 - 2013-08-23 00:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-01 12:18 - 2012-07-26 18:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-01 12:17 - 2013-05-24 15:54 - 00003592 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4052331037-556818154-8592725-1001
2015-03-01 12:00 - 2013-08-23 02:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-01 11:29 - 2013-11-22 17:29 - 00000942 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4052331037-556818154-8592725-1001UA.job
2015-02-28 20:39 - 2013-08-23 02:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-28 20:34 - 2013-05-24 15:45 - 00000000 ____D () C:\Users\mkathrv\AppData\Local\Packages
2015-02-28 19:29 - 2013-11-22 17:29 - 00000890 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4052331037-556818154-8592725-1001Core.job
2015-02-28 13:03 - 2014-03-17 21:57 - 00158208 ___SH () C:\Users\mkathrv\Desktop\Thumbs.db
2015-02-28 10:00 - 2015-01-22 17:02 - 00000000 ____D () C:\AdwCleaner
2015-02-26 19:15 - 2014-03-28 19:41 - 00001112 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-26 19:15 - 2014-03-28 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-26 19:15 - 2014-03-28 19:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-26 19:14 - 2014-03-28 19:41 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-26 16:16 - 2014-06-01 16:16 - 00151040 ___SH () C:\Users\mkathrv\Downloads\Thumbs.db
2015-02-26 14:34 - 2013-08-23 02:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-02-25 22:12 - 2013-10-25 16:54 - 00000226 _____ () C:\Users\mkathrv\Desktop\Bing.url
2015-02-25 17:50 - 2013-06-23 21:57 - 00000000 ____D () C:\Users\Gerry\Documents\Calibre Library
2015-02-25 17:44 - 2014-02-03 17:20 - 00001312 _____ () C:\Users\Gerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-02-25 17:44 - 2013-10-21 17:22 - 00001219 _____ () C:\Users\Gerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-25 17:31 - 2014-02-20 20:51 - 00000944 _____ () C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
2015-02-25 17:31 - 2014-02-20 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2015-02-25 17:31 - 2014-02-20 20:51 - 00000000 ____D () C:\Program Files\Calibre2
2015-02-25 17:13 - 2014-05-14 22:50 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2015-02-23 16:20 - 2013-08-23 02:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-23 15:15 - 2014-02-05 19:37 - 00000000 ____D () C:\ProgramData\Macrium
2015-02-23 15:04 - 2013-10-24 15:27 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-23 15:03 - 2013-10-24 15:27 - 00000000 ____D () C:\Program Files\iPod
2015-02-23 15:03 - 2013-10-24 15:25 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-23 14:54 - 2014-05-14 22:51 - 00002980 _____ () C:\WINDOWS\System32\Tasks\GU5SkipUAC
2015-02-23 14:54 - 2014-05-14 22:51 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2015-02-23 14:54 - 2014-05-14 22:51 - 00001090 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2015-02-23 14:54 - 2014-05-14 22:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2015-02-23 13:48 - 2013-10-21 16:56 - 00000000 ____D () C:\Users\mkathrv
2015-02-23 13:43 - 2014-07-02 11:20 - 00000000 ____D () C:\Users\Guest
2015-02-23 13:43 - 2013-10-21 16:55 - 00000000 ____D () C:\Users\Gerry
2015-02-23 13:42 - 2013-10-04 22:16 - 00000000 ____D () C:\Users\mkathrv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-23 13:42 - 2013-08-23 02:36 - 00000000 __RSD () C:\WINDOWS\Media
2015-02-23 13:42 - 2013-08-23 00:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-02-23 13:37 - 2014-05-10 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2015-02-23 13:01 - 2013-08-23 02:36 - 00000000 ____D () C:\WINDOWS\registration
2015-02-23 12:48 - 2014-05-10 22:00 - 00000000 ____D () C:\Program Files (x86)\Evernote
2015-02-18 14:09 - 2014-05-31 19:40 - 00823808 ___SH () C:\Users\Gerry\Downloads\Thumbs.db
2015-02-15 21:20 - 2014-05-10 22:01 - 00002523 _____ () C:\Users\Public\Desktop\Evernote.lnk
2015-02-14 21:59 - 2013-07-27 00:14 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-14 21:40 - 2013-05-24 17:22 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-14 18:25 - 2015-01-13 15:17 - 00000000 ____D () C:\Program Files (x86)\Wireless Wizard
2015-02-14 18:24 - 2013-05-30 00:44 - 00003590 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4052331037-556818154-8592725-1004
2015-02-14 18:09 - 2013-10-21 17:26 - 00000000 ___DO () C:\Users\Gerry\SkyDrive
2015-02-14 15:32 - 2013-09-30 15:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-13 15:44 - 2014-02-23 11:46 - 00000000 ____D () C:\Users\mkathrv\Documents\Gerry checklist
2015-02-12 22:36 - 2012-10-29 00:05 - 00002042 _____ () C:\Users\Public\Desktop\ASUS Vibe Fun Center.lnk
2015-02-12 22:36 - 2012-10-29 00:05 - 00000000 ____D () C:\AsusVibeData
2015-02-12 22:36 - 2012-08-05 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-02-12 21:27 - 2013-08-23 01:44 - 00362544 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-12 17:08 - 2014-12-11 17:30 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-12 17:08 - 2014-07-11 12:47 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-05 19:24 - 2013-11-22 17:29 - 00003892 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4052331037-556818154-8592725-1001UA
2015-02-05 19:24 - 2013-11-22 17:29 - 00003512 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4052331037-556818154-8592725-1001Core
2015-02-05 09:38 - 2013-07-02 17:53 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-04 20:14 - 2014-06-14 19:49 - 00000000 ____D () C:\ProgramData\Leawo
2015-02-04 20:14 - 2014-06-14 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leawo
2015-02-04 06:31 - 2014-11-12 20:21 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-04 06:31 - 2014-11-12 20:21 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-08-11 15:57 - 2014-08-11 15:57 - 15000576 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-05-30 00:27 - 2014-03-21 08:02 - 0000380 _____ () C:\Users\Gerry\AppData\Roaming\sp_data.sys
2013-11-26 12:29 - 2015-01-01 23:30 - 0007656 _____ () C:\Users\Gerry\AppData\Local\Resmon.ResmonCfg
2012-08-05 12:42 - 2012-07-30 17:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-05 12:42 - 2009-07-22 21:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe


Some content of TEMP:
====================
C:\Users\Gerry\AppData\Local\Temp\Quarantine.exe
C:\Users\Gerry\AppData\Local\Temp\sqlite3.dll
C:\Users\mkathrv\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpaoubs5.dll
C:\Users\mkathrv\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpi_tawv.dll
C:\Users\mkathrv\AppData\Local\Temp\ICReinstall_SoftwareUpdateSetup.exe
C:\Users\mkathrv\AppData\Local\Temp\jre-8u11-windows-au.exe
C:\Users\mkathrv\AppData\Local\Temp\jre-8u20-windows-au.exe
C:\Users\mkathrv\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\mkathrv\AppData\Local\Temp\lpuninstall.exe
C:\Users\mkathrv\AppData\Local\Temp\nitro_reader3_64.exe
C:\Users\mkathrv\AppData\Local\Temp\PicasaCD.exe
C:\Users\mkathrv\AppData\Local\Temp\Procmon64.exe
C:\Users\mkathrv\AppData\Local\Temp\SkypeSetup.exe
C:\Users\mkathrv\AppData\Local\Temp\SoftwareUpdateSetup.exe
C:\Users\mkathrv\AppData\Local\Temp\sprz.exe
C:\Users\mkathrv\AppData\Local\Temp\wpsetup.exe


Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\igfxpers.exe
C:\Windows\SysWOW64\wpcmon.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-01 12:17

==================== End Of Log ============================

Attached Files


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I can see the problem, two weeks ago this was very hard to remove. But, unless it has recently changed this should kill it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM\...\Run: [shopperz] => C:\Program Files\shopperz\wrex.exe
HKLM\...\Run: [shopperz64] => C:\Program Files\shopperz\wrex64.exe
BHO: shopperz -> {5081D2D4-1637-404c-B74F-50526718257D} -> C:\Program Files\shopperz\mseff64.dll No File
BHO-x32: shopperz -> {5081D2D4-1637-404c-B74F-50526718257D} -> C:\Program Files\shopperz\mseff32.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox
S2 70F4EEDB-1367-4b4f-8247-3133551A7415; "C:\Program Files\shopperz\grunt.exe" [X]
S2 cae99edb; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\Super Optimizer\SupOptCrash.dll",ENT
S4 lxVHHY; "C:\ProgramData\EDwusour\lxVHHY.exe" [X]
2015-02-26 16:43 - 2015-02-26 16:43 - 00000000 ____D () C:\Users\mkathrv\AppData\Local\CrimeWatch
Task: {741AB57A-B79B-467C-A562-CFB6D185B8D8} - \gtaUpt No Task File <==== ATTENTION
C:\ProgramData\SetStretch.exe
C:\Program Files\shopperz
c:\Program Files (x86)\Super Optimizer
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Iconic_normal.png Please download Malwarebytes Anti-Malware to your desktop
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP