I have been tying to find solutions to fix my problem, and always end up short. The virus is constantly changing my proxy ports again and agian. Can someone help me? I hope the information below helps. I have tried many of programs to detect the problem and delete the virus, but none of them seemed to work. Thank you.
Here's a list of services/processes/files running on my computer:
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\Online Armor\OAcat.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files\Norton AntiVirus\Engine\21.3.0.12\NAV.exe
C:\Program Files\Norton Identity Safe\Engine\2014.6.6.3\NST.exe
C:\Program Files\Norton AntiVirus\Engine\21.3.0.12\NAV.exe
C:\Program Files\pcreg\pcreg.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Norton Identity Safe\Engine\2014.6.6.3\NST.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\explorer.exe
C:\Users\Administrator.TylerJohnson-PC\Downloads\RogueKiller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
uProxyServer = hxxp=127.0.0.1:8118;https=127.0.0.1:8118 <- This is the port that its changing too.
BHO: Microsoft Web Test Recorder 12.0 Helper: {432dd630-7e03-4c97-9d62-b99f52df4fc2} - c:\program files\microsoft visual studio 12.0\common7\ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton antivirus\engine\21.3.0.12\ips\ipsbho.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - c:\program files\norton identity safe\engine\2014.6.6.3\CoIEPlg.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - c:\program files\norton identity safe\engine\2014.6.6.3\CoIEPlg.dll
EB: Web Test Recorder 12.0: {46857999-9b7c-4895-9d22-81a4a2478868} -
mRun: [pcreg] c:\program files\pcreg\service.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [@OnlineArmor GUI] "c:\program files\online armor\oaui.exe"
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [IObit Malware Fighter] "c:\program files\iobit\iobit malware fighter\IMF.exe" /autostart
mRunOnce: [SymInstallStub] c:\windows\system32\adobe\shockwave 12\SymInstallStub.exe /partnerid=adobe /productlist=nss /staging=false /delay=5 /launchedby=3
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{A33AA517-6179-4149-96EE-FE0AE24EE4C9} : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
SEH: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - c:\program files\online armor\oaevent.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\35.0.1916.114\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\administrator.tylerjohnson-pc\appdata\roaming\mozilla\firefox\profiles\0pf9vzaf.default\
FF - plugin: c:\program files\google\update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_214.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1503000.00çã‡Emds.sys [2014-6-3 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1503000.00c\symefa.sys [2014-6-3 936152]
R1 BHDrvx86;BHDrvx86;c:\program files\norton antivirus\nortondata\21.1.1.7\definitions\bashdefs\20140510.001\BHDrvx86.sys [2014-5-10 1101616]
R1 ccSet_NAV;NAV Settings Manager;c:\windows\system32\drivers\nav\1503000.00c\ccsetx86.sys [2014-6-3 127064]
R1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\nst\7de06060.003\ccSetx86.sys [2014-6-3 127064]
R1 IDSVix86;IDSVix86;c:\program files\norton antivirus\nortondata\21.1.1.7\definitions\ipsdefs\20140602.001\IDSvix86.sys [2014-6-2 395992]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2014-6-3 210360]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2014-6-3 34856]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1503000.00c\ironx86.sys [2014-6-3 206936]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nav\1503000.00c\symnets.sys [2014-6-3 447704]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-4-20 176128]
R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2014-6-3 342336]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein hamachi\LMIGuardianSvc.exe [2014-4-15 375056]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\21.3.0.12\nav.exe [2014-6-3 262968]
R2 NCO;Norton Identity Safe;c:\program files\norton identity safe\engine\2014.6.6.3\NST.exe [2014-6-3 130104]
R2 OAcat;Online Armor Helper Service;c:\program files\online armor\oacat.exe [2014-6-3 584864]
R2 pcregservice;pcregservice Service;c:\program files\pcreg\pcreg.exe [2014-3-13 33864]
R2 System Update kb70007;System Update kb70007;c:\windows\microsoft\system update kb70007\WindowsUpdater.exe [2014-5-15 16384]
R2 TeamViewer9;TeamViewer 9;c:\program files\teamviewer\version9\TeamViewer_Service.exe [2014-4-4 5024576]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 OAnet;OnlineArmor Service;c:\windows\system32\drivers\OAnet.sys [2014-6-3 31760]
S1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2014-6-3 44984]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2014-5-13 1682768]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\hi-rez studios\HiPatchService.exe [2014-5-31 9216]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S2 SvcOnlineArmor;Online Armor;c:\program files\online armor\oasrv.exe [2014-6-3 4457688]
S3 AtiDCM;AtiDCM;d:\drivers\driver\8.98\win_vista_7\bin\atidcmxx.sys [2013-12-7 27560]
S3 c2wts;Claims to Windows Token Service;c:\program files\windows identity foundation\v3.5\c2wtshost.exe [2014-5-17 15768]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 MSICDSetup;MSICDSetup;d:\drivers\CDriver.sys [2013-12-7 14848]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\RegFilter.sys [2014-6-3 32288]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184]
S3 Te.Service;Te.Service;c:\program files\windows kits\8.1\testing\runtimes\taef\Wex.Services.exe [2013-8-21 91136]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
S3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\UrlFilter.sys [2014-6-3 20944]
S3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files\microsoft visual studio 12.0\common7\packages\debugger\services\VsEtwService.exe [2013-10-5 71344]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2014-4-1 1343400]
S4 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\FileMonitor.sys [2014-6-3 21480]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="c:\program files\opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-06-03 21:21:46 -------- d-----w- c:\users\administrator.tylerjohnson-pc\appdata\local\ElevatedDiagnostics
2014-06-03 21:08:52 26624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-06-03 21:08:50 -------- d-----w- c:\programdata\RogueKiller
2014-06-03 20:38:49 -------- d-----w- c:\windows\ERUNT
2014-06-03 20:27:33 -------- d-----w- c:\program files\MSR
2014-06-03 20:24:30 -------- d-----w- C:\AdwCleaner
2014-06-03 20:04:42 -------- d-----w- c:\users\administrator.tylerjohnson-pc\appdata\local\NPE
2014-06-03 19:59:45 -------- d-----w- c:\users\administrator.tylerjohnson-pc\appdata\roaming\IObit
2014-06-03 19:59:32 -------- d-----w- c:\users\administrator.tylerjohnson-pc\appdata\local\LogMeIn Hamachi
2014-06-03 19:59:29 -------- d-----w- c:\users\administrator.tylerjohnson-pc\appdata\roaming\OnlineArmor
2014-06-03 19:57:38 -------- d-----w- c:\program files\File Shredder
2014-06-03 19:43:45 -------- d-----w- c:\programdata\IObit
2014-06-03 19:43:18 -------- d-----w- c:\program files\IObit
2014-06-03 19:07:03 -------- d-----w- C:\NPE
2014-06-03 18:54:53 936152 ----a-w- c:\windows\system32\drivers\nav\1503000.00c\symefa.sys
2014-06-03 18:54:53 664280 ----a-r- c:\windows\system32\drivers\nav\1503000.00c\srtsp.sys
2014-06-03 18:54:53 447704 ----a-w- c:\windows\system32\drivers\nav\1503000.00c\symnets.sys
2014-06-03 18:54:53 367704 ----a-r- c:\windows\system32\drivers\nav\1503000.00c\symds.sys
2014-06-03 18:54:53 32344 ----a-r- c:\windows\system32\drivers\nav\1503000.00c\srtspx.sys
2014-06-03 18:54:53 21520 ----a-r- c:\windows\system32\drivers\nav\1503000.00c\symelam.sys
2014-06-03 18:54:53 206936 ----a-r- c:\windows\system32\drivers\nav\1503000.00c\ironx86.sys
2014-06-03 18:54:53 127064 ----a-r- c:\windows\system32\drivers\nav\1503000.00c\ccsetx86.sys
2014-06-03 18:54:34 -------- d-----w- c:\windows\system32\drivers\nav\1503000.00C
2014-06-03 18:44:19 127064 ----a-r- c:\windows\system32\drivers\nst\7de06060.003\ccSetx86.sys
2014-06-03 18:44:12 -------- d-----w- c:\windows\system32\drivers\nst\7DE06060.003
2014-06-03 18:44:12 -------- d-----w- c:\windows\system32\drivers\NST
2014-06-03 18:44:11 -------- d-----w- c:\program files\Norton Identity Safe
2014-06-03 18:43:49 142936 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2014-06-03 18:43:49 -------- d-----w- c:\program files\common files\Symantec Shared
2014-06-03 18:42:25 -------- d-----w- c:\windows\system32\drivers\NAV
2014-06-03 18:42:22 -------- d-----w- c:\program files\Norton AntiVirus
2014-06-03 18:41:48 -------- d-----w- c:\program files\NortonInstaller
2014-06-03 18:19:13 -------- d-----w- c:\program files\APB
2014-06-03 17:16:20 -------- d-----w- c:\windows\system32\Adobe
2014-06-03 16:21:28 -------- d-----w- c:\program files\LogMeIn Hamachi
2014-06-03 16:18:16 -------- d-----w- c:\programdata\OnlineArmor
2014-06-03 16:17:36 44984 ----a-w- c:\windows\system32\drivers\oahlp32.sys
2014-06-03 16:17:36 34856 ----a-w- c:\windows\system32\drivers\OAmon.sys
2014-06-03 16:17:36 31760 ----a-w- c:\windows\system32\drivers\OAnet.sys
2014-06-03 16:17:35 210360 ----a-w- c:\windows\system32\drivers\OADriver.sys
2014-06-03 16:17:28 -------- d-----w- c:\program files\Online Armor
2014-06-03 14:47:00 -------- d-----w- c:\users\administrator.tylerjohnson-pc\appdata\roaming\wargaming.net
2014-06-03 03:07:48 -------- d-----w- c:\users\administrator.tylerjohnson-pc\appdata\local\Programs
2014-06-03 00:51:48 -------- d-----w- C:\CFLog
2014-06-03 00:40:10 -------- d-----w- c:\program files\Z8Games
2014-06-03 00:01:11 -------- d-----w- c:\program files\CrossFire
2014-06-02 23:36:06 -------- d-----w- c:\users\administrator.tylerjohnson-pc\appdata\local\LogMeIn
2014-06-01 17:23:40 -------- d-----w- c:\programdata\Oracle
2014-06-01 17:23:14 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-06-01 06:48:13 -------- d--h--w- c:\windows\msdownld.tmp
2014-06-01 06:48:12 -------- d-----w- c:\windows\system32\directx
2014-06-01 05:39:01 -------- d-----w- c:\program files\Combat Arms
2014-06-01 04:23:26 -------- d-----w- c:\programdata\Nexon
2014-06-01 04:14:50 -------- d-----w- c:\programdata\NexonUS
2014-06-01 00:06:29 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2014-06-01 00:06:29 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2014-06-01 00:06:28 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2014-06-01 00:06:28 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2014-05-31 19:41:33 -------- d-----w- c:\programdata\Hi-Rez Studios
2014-05-31 19:41:12 -------- d-----w- c:\program files\Hi-Rez Studios
2014-05-27 17:29:51 -------- d-----w- c:\program files\Acunetix
2014-05-27 17:29:29 -------- d-----w- c:\programdata\Acunetix WVS 9
2014-05-27 03:19:32 -------- d-----w- c:\program files\Charles
2014-05-26 20:22:34 212240 ----a-w- c:\windows\system32\RICHTX32.OCX
2014-05-26 20:21:54 108336 ----a-w- c:\windows\system32\MSWINSCK.OCX
2014-05-26 20:20:55 132880 ----a-w- c:\windows\system32\MSINET.OCX
2014-05-26 20:19:14 1081616 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2014-05-26 20:17:50 152848 ----a-w- c:\windows\system32\COMDLG32.OCX
2014-05-25 04:22:31 -------- d-----w- c:\programdata\notracks.com
2014-05-25 04:19:26 380240 ----a-w- c:\windows\system32\EasyRedirect.dll
2014-05-25 04:19:17 -------- d-----w- c:\program files\Easy-Hide-IP
2014-05-23 22:32:25 -------- d-----w- c:\program files\common files\SourceTec
2014-05-23 22:32:16 -------- d-----w- c:\program files\SourceTec
2014-05-22 05:57:28 -------- d-----w- C:\xampp
2014-05-21 19:40:13 -------- d-----w- c:\program files\Cheat Engine 6.2
2014-05-21 00:47:13 -------- d-----w- c:\programdata\NCOTEMP
2014-05-21 00:45:55 -------- d-----w- c:\programdata\Norton
2014-05-21 00:45:34 -------- d-----w- c:\programdata\NortonInstaller
2014-05-20 21:39:45 8050496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{872d97d9-53d2-4a52-b8ab-dccf0c7b2b60}\mpengine.dll
2014-05-18 20:11:13 -------- d-----w- c:\programdata\Microsoft Visual Studio
2014-05-18 18:27:48 -------- d-----w- c:\programdata\LogMeIn
2014-05-18 17:12:06 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-18 17:11:26 523776 ----a-w- c:\windows\system32\vbscript.dll
2014-05-18 04:21:29 -------- d-----w- c:\program files\Windows Identity Foundation
2014-05-18 03:45:37 2872096 ----a-w- c:\programdata\microsoft\visualstudio\12.0\1033\ResourceCache.dll
2014-05-18 03:27:14 -------- d-----w- c:\program files\Workflow Manager Tools
2014-05-18 03:26:59 -------- d-----w- c:\program files\SharePoint Client Components
2014-05-18 03:26:51 -------- d-----w- c:\program files\Open XML SDK
2014-05-18 03:26:46 -------- d-----w- c:\program files\Microsoft
2014-05-18 03:26:44 -------- d-----w- c:\program files\Microsoft Identity Extensions
2014-05-18 03:19:20 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2014-05-18 03:10:34 -------- d-----w- c:\program files\Application Verifier
2014-05-18 03:10:09 -------- d-----w- c:\programdata\Windows App Certification Kit
2014-05-18 03:07:14 -------- d-----w- c:\program files\common files\Microsoft
2014-05-18 03:03:45 -------- d-----w- c:\programdata\PreEmptive Solutions
2014-05-18 02:51:23 -------- d-----w- c:\program files\Microsoft ASP.NET
2014-05-18 02:48:02 -------- d-----w- c:\program files\Microsoft Web Tools
2014-05-18 02:46:35 -------- d-----w- c:\program files\IIS Express
2014-05-18 02:45:51 -------- d-----w- c:\programdata\NuGet
2014-05-18 02:45:51 -------- d-----w- c:\program files\NuGet
2014-05-18 02:45:38 -------- d-----w- c:\program files\Microsoft WCF Data Services
2014-05-18 02:45:06 -------- d-----w- c:\program files\IIS
2014-05-18 02:38:30 -------- d-----w- c:\program files\Windows Kits
2014-05-18 02:29:38 -------- d-----w- c:\program files\Microsoft Help Viewer
2014-05-18 01:53:59 -------- d-----w- c:\programdata\MFAData
2014-05-17 21:11:08 -------- d-----w- c:\users\administrator.tylerjohnson-pc\appdata\local\Opera Software
2014-05-17 21:11:06 -------- d-----w- c:\users\administrator.tylerjohnson-pc\appdata\roaming\Opera Software
2014-05-17 17:14:07 -------- d-----w- c:\users\administrator.tylerjohnson-pc\appdata\local\Skype
2014-05-17 16:53:35 -------- d-----w- c:\users\administrator.tylerjohnson-pc\appdata\local\Macromedia
2014-05-17 16:53:19 -------- d-----w- c:\users\administrator.tylerjohnson-pc\appdata\local\Mozilla
2014-05-17 16:08:18 -------- d-----w- c:\users\administrator.tylerjohnson-pc\appdata\roaming\LolClient
2014-05-17 16:06:34 -------- d-----w- c:\users\administrator.tylerjohnson-pc\appdata\local\Google
2014-05-16 00:52:22 -------- d-----w- c:\windows\Microsoft
2014-05-16 00:51:50 -------- d-----w- c:\programdata\pastaleads
2014-05-16 00:46:28 -------- d-----w- c:\programdata\f7512b04c3f70ef5
2014-05-11 06:58:45 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2014-05-11 06:58:45 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2014-05-11 06:58:45 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2014-05-11 06:58:45 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2014-05-11 06:58:44 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2014-05-11 06:57:29 -------- d-----w- c:\programdata\PMB Files
2014-05-11 06:57:25 -------- d-----w- c:\program files\Pando Networks
.
==================== Find3M ====================
.
2014-05-14 15:28:17 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 15:28:17 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-12 02:15:13 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:15:13 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:12:09 15872 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:12:09 100352 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:12:06 22016 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:11:58 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:11:22 22528 ----a-w- c:\windows\system32\lsass.exe
2014-04-09 16:37:24 65552 --sh--w- c:\programdata\GB.bin
2014-04-02 00:44:10 0 ----a-w- c:\windows\ativpsrm.bin
2014-04-01 14:03:47 69632 ----a-w- c:\windows\system32\smss.exe
2014-04-01 14:03:47 640512 ----a-w- c:\windows\system32\advapi32.dll
2014-04-01 14:03:47 619520 ----a-w- c:\windows\system32\tdh.dll
2014-04-01 14:03:47 38912 ----a-w- c:\windows\system32\csrsrv.dll
2014-04-01 14:03:47 1289096 ----a-w- c:\windows\system32\ntdll.dll
2014-04-01 14:03:31 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-04-01 14:03:31 231424 ----a-w- c:\windows\system32\mswsock.dll
2014-04-01 14:03:31 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2014-04-01 14:03:31 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-04-01 02:28:06 49152 ----a-w- c:\windows\system32\taskhost.exe
2014-04-01 02:10:12 1505280 ----a-w- c:\windows\system32\d3d11.dll
2014-03-31 16:35:10 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-03-13 05:10:47 1766400 ----a-w- c:\windows\system32\wininet.dll
2014-03-13 05:09:43 2877952 ----a-w- c:\windows\system32\jscript9.dll
2014-03-13 05:09:39 61440 ----a-w- c:\windows\system32\iesetup.dll
2014-03-13 05:09:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2014-03-13 03:51:45 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
.
If you need a Text Document file to see better, I have uploaded it on attachment.
dds.txt 21.61KB 254 downloads
Edited by tyler1118, 03 June 2014 - 03:39 PM.