Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Explorer Crashing/Restarting Loop


  • This topic is locked This topic is locked
26 replies to this topic

#1 captain19

captain19

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 19 December 2012 - 09:08 PM

Hello, on startup, my windows explorer crashes. A dialog box appears saying that Windows Explorer crashed and its restarting. This keeps on looping for a long period of time with no result. I've tried CHKDSK and repaired whatever might be wrong but still doesn't help my problem. I've done sfc /scannow and it still doesn't fix the problem. It seems to work fine in Safe Mode. I am running Windows 7 on my Macbook Pro.

Thank you.

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:41 AM

Posted 24 December 2012 - 05:13 PM

Hello captain19,

Welcome to the forum.

Please refrain from doing any fix or making any changes to the system from now on until we are done unless you decide you can do the rest on your own. Thank you.

  • Please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Plug the flashdrive into the infected PC.
  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html


    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt


    Select Command Prompt

    Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
[/list]

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:41 AM

Posted 24 December 2012 - 05:25 PM

Hello, Just letting you know I moved this to the Virus, Trojan, Spyware, and Malware Removal Logs forum,where it will stay.
Thanks Farbar
:santa:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 captain19

captain19
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 24 December 2012 - 05:30 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-12-2012 01
Ran by SYSTEM at 24-12-2012 22:26:35
Running from F:\
Windows 7 Enterprise (X64) OS Language: English(US)
The current controlset is ControlSet004

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exe [741760 2011-08-15] (Apple Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe [479232 2005-07-15] (Google Inc.)
HKLM-x32\...\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe [802304 2012-09-24] (Yuna Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [MessengerPlusForSkypeService] "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [125952 2012-11-22] (Yuna Software)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [151952 2012-11-29] (Apple Inc.)
HKU\Daman Panesar\...\Run: [Google Update] "C:\Users\Daman Panesar\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-08-03] (Google Inc.)
HKU\Daman Panesar\...\Run: [MaxMySpeed Registry Cleaner] c:\program files (x86)\cyberdefender\registry scanner\Startcdrc.exe [x]
HKU\Daman Panesar\...\Run: [Akamai NetSession Interface] "C:\Users\Daman Panesar\AppData\Local\Akamai\netsession_win.exe" [4441920 2012-10-09] (Akamai Technologies, Inc.)
HKU\Daman Panesar\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [842680 2012-09-28] (Samsung)
HKU\Daman Panesar\...\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [580096 2012-09-26] (Samsung Electronics)
HKU\Daman Panesar\...\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [965560 2012-09-28] (Samsung)
HKU\Daman Panesar\...\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [842680 2012-09-28] (Samsung)
Tcpip\Parameters: [DhcpNameServer] 64.59.144.18 64.59.150.134
Startup: C:\Users\All Users\Start Menu\Programs\Startup\iFanAutoControl.lnk
ShortcutTarget: iFanAutoControl.lnk -> C:\Windows\Installer\{574A6EEE-BB78-4755-AD99-80D6A69EE261}\_9295067D5BD607004E3D4C.exe ()
Startup: C:\Users\Daman Panesar\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()

==================== Services (Whitelisted) ===================

2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll [4539712 2012-11-12] (Akamai Technologies, Inc.)
4 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [224640 2011-08-15] ()
4 Browser Manager; C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe [2403352 2012-12-05] ()
4 MsgPlusService; "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [125952 2012-11-22] (Yuna Software)
4 WDDMService; "C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe" [319384 2011-12-15] (WDC)
4 WDDriveService; "C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe" [246688 2011-12-16] (Western Digital)
4 WDFMEService; "C:\Program Files\Western Digital\WD SmartWare\WDFME.exe" [1977224 2011-12-15] (Western Digital )
4 WDRulesService; "C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe" [1338264 2011-12-15] (Western Digital )

==================== Drivers (Whitelisted) =====================

3 applemtm; C:\Windows\System32\Drivers\applemtm.sys [12288 2011-01-31] (Apple Inc.)
3 applemtp; C:\Windows\System32\Drivers\applemtp.sys [38912 2011-01-31] (Apple Inc.)
2 inpoutx64; C:\Windows\System32\Drivers\inpoutx64.sys [15008 2012-05-08] (Highresolution Enterprises [www.highrez.co.uk])
3 SRS_SSCFilter; C:\Windows\System32\drivers\srs_sscfilter_amd64.sys [346992 2009-12-15] ()
3 WinRing0_1_2_0; \??\C:\Program Files (x86)\WJA\iFanAutoControl\WinRing0x64.sys [14544 2011-05-25] (OpenLibSys.org)
3 MsgPlusDriver; C:\Windows\System32\DRIVERS\MsgPlusDriver.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-12-19 18:20 - 2012-12-19 18:20 - 00000734 ____A C:\Users\Daman Panesar\Desktop\shexview.cfg
2012-12-19 18:14 - 2012-12-19 18:14 - 00001123 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-12-19 18:14 - 2012-12-19 18:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-19 18:14 - 2012-09-29 19:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-12-19 18:12 - 2012-12-19 18:13 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Daman Panesar\Desktop\mbam-setup-1.65.1.1000.exe
2012-12-19 17:15 - 2012-09-25 23:16 - 00164448 ____A (NirSoft) C:\Users\Daman Panesar\Desktop\shexview.exe
2012-12-19 11:36 - 2012-12-19 11:36 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{CB72ED91-7AB3-4F57-80DE-3DAD025EC3AF}
2012-12-19 10:17 - 2012-12-19 10:17 - 00000000 ____D C:\Program Files\iTunes
2012-12-19 10:17 - 2012-12-19 10:17 - 00000000 ____D C:\Program Files\iPod
2012-12-19 10:15 - 2012-12-19 10:17 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-15 06:35 - 2012-12-15 06:35 - 00000000 ___AD C:\.TemporaryItems
2012-12-12 21:52 - 2012-11-13 23:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-12-12 21:52 - 2012-11-13 22:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-12-12 21:52 - 2012-11-13 22:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-12-12 21:52 - 2012-11-13 22:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-12-12 21:52 - 2012-11-13 22:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-12-12 21:52 - 2012-11-13 22:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-12-12 21:52 - 2012-11-13 22:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-12-12 21:52 - 2012-11-13 21:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-12-12 21:52 - 2012-11-13 21:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-12-12 21:52 - 2012-11-13 21:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-12-12 21:52 - 2012-11-13 21:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-12-12 21:52 - 2012-11-13 21:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-12-12 21:52 - 2012-11-13 21:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-12-12 21:52 - 2012-11-13 21:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-12-12 21:52 - 2012-11-13 21:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-12-12 21:52 - 2012-11-13 21:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-12-12 21:52 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-12-12 21:52 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-12-12 21:52 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-12-12 21:52 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-12-12 21:52 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-12-12 21:52 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-12-12 21:52 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-12-12 21:52 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-12-12 21:52 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-12-12 21:52 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-12-12 21:52 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-12-12 21:52 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-12-12 21:52 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-12-12 21:52 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-12-12 21:52 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-12-12 21:52 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-12-12 21:43 - 2012-11-21 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-12-12 21:43 - 2012-11-08 21:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-12-12 21:43 - 2012-11-08 20:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-12-12 21:43 - 2012-11-05 13:35 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-12 21:43 - 2012-11-05 12:41 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-12 21:43 - 2012-11-05 12:32 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-12 21:43 - 2012-11-05 12:32 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-12-12 21:42 - 2012-11-01 21:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2012-12-12 21:42 - 2012-11-01 21:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2012-12-12 21:42 - 2012-10-04 09:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-12-12 21:42 - 2012-10-04 09:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-12-12 21:42 - 2012-10-04 09:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-12-12 21:42 - 2012-10-04 09:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-12-12 21:42 - 2012-10-04 09:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-12-12 21:42 - 2012-10-04 09:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-12-12 21:42 - 2012-10-04 09:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-12-12 21:42 - 2012-10-04 09:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 09:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 08:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-12-12 21:42 - 2012-10-04 08:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-12-12 21:42 - 2012-10-04 08:47 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-12-12 21:42 - 2012-10-04 08:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 08:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 07:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-12-12 21:42 - 2012-10-04 06:46 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-12-12 21:42 - 2012-10-04 06:46 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-12-12 21:42 - 2012-10-04 06:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-12-12 21:42 - 2012-10-04 06:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-12-12 21:42 - 2012-10-04 06:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 06:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 06:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-12-12 21:42 - 2012-10-04 06:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-12-11 06:35 - 2011-02-24 22:19 - 02871808 ____A (Microsoft Corporation) C:\Windows\System32\explorer.exe
2012-12-10 21:48 - 2012-12-10 21:48 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{62DBB03E-A881-4EA6-8B02-83038ECB80E5}
2012-12-10 09:43 - 2012-12-10 09:44 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{D2681B66-F500-422E-BE34-895CDCA28E40}
2012-12-09 18:11 - 2012-12-09 18:11 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{4605E8B9-4764-478B-B20E-ED7277BE8174}
2012-12-09 16:57 - 2012-12-09 16:57 - 00000000 ____D C:\Users\All Users\Messenger Plus! for Skype
2012-12-09 13:57 - 2012-12-09 13:58 - 00000000 ____D C:\Users\Daman Panesar\Desktop\dermatologyexam
2012-12-09 06:11 - 2012-12-09 06:11 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{D407F18D-FCF1-4752-B158-5F9C9CFC2FC8}
2012-12-08 03:26 - 2012-12-08 03:26 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{D5063C64-DE6B-452F-A71F-B88C208AEC5A}
2012-12-07 12:38 - 2012-12-07 12:38 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{9C07F158-B0CB-4179-938E-968202D30204}
2012-12-07 00:36 - 2012-12-07 00:38 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{34CE1521-FC29-4EF6-9965-FE338C3A5C1B}
2012-12-06 13:10 - 2012-12-06 21:32 - 00000000 ____D C:\Users\Daman Panesar\Desktop\Big Boi - Vicious Lies and Dangerous Rumors (iTunes)
2012-12-05 12:45 - 2012-12-05 13:20 - 00000000 ____D C:\Users\Daman Panesar\Desktop\D
2012-12-05 10:48 - 2012-12-05 10:48 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{C9035881-1449-4948-8230-0CCFCFB343B0}
2012-12-04 22:47 - 2012-12-04 22:47 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{8D711C7C-9565-41C3-AF35-7DC125582920}
2012-12-04 06:47 - 2012-12-04 06:48 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{1C870F0E-60B0-4EE7-BD7A-F053CF3BE6AB}
2012-12-03 15:03 - 2012-12-02 06:51 - 18313789 ____A C:\Users\Daman Panesar\Desktop\Zombie Highway v1.2 apkmania.com.apk
2012-12-03 11:08 - 2012-12-03 11:09 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{157D4BFC-0926-421D-8BE0-474F2E6F97F4}
2012-12-02 22:35 - 2012-12-02 22:35 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{33E98655-4F8B-4773-950A-80CEC47CEFC0}
2012-12-02 09:47 - 2012-12-02 09:48 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{E6C126BD-37E2-4A62-A092-10400ADD9F70}
2012-11-30 00:27 - 2012-11-30 00:27 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-11-29 23:12 - 2012-12-04 10:57 - 00000000 ____D C:\Users\Daman Panesar\Desktop\Wiz_Khalifa-O.N.I.F.C.-2012-CR
2012-11-29 12:29 - 2012-11-29 12:29 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{FDCDFA3C-7E12-4D6C-8D7B-1444CAEE2863}
2012-11-28 12:29 - 2012-11-28 12:29 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{958DB313-3D4A-4218-8F42-08DBB8D338A7}
2012-11-28 10:56 - 2012-11-28 10:56 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{38FE0B3A-1F9A-4689-8B12-389AA21B1A67}
2012-11-27 22:55 - 2012-11-27 22:56 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{2629644B-1409-4F6D-A0AC-DF2714CAFA75}
2012-11-27 10:27 - 2012-11-27 10:28 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{6B4FD481-601E-4292-9493-846EB1C0C599}
2012-11-26 22:27 - 2012-11-26 22:27 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{81CF6361-E9E3-42CE-B844-2F08201A1419}
2012-11-26 11:03 - 2012-11-26 11:10 - 00044222 ____A C:\Users\Daman Panesar\AppData\Local\RAContactHistory.xml
2012-11-26 11:02 - 2012-11-26 11:02 - 00000000 ____D C:\Users\Daman Panesar\AppData\Roaming\PeerNetworking
2012-11-26 10:26 - 2012-11-26 10:26 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{73013E67-1091-4D81-84CF-113CC6258657}
2012-11-26 07:45 - 2012-12-11 00:59 - 00000000 ____D C:\Users\Daman Panesar\Desktop\dermatologytest
2012-11-25 22:25 - 2012-11-25 22:26 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{2676EE2B-8DAE-4D4C-85E9-0B82807CB45E}
2012-11-25 06:06 - 2012-11-25 06:07 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{30766EF9-C3D2-42F0-A647-6A4AEA7F713A}
2012-11-24 08:13 - 2012-11-24 08:13 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{9E2C066A-2322-4165-9D2B-DDA570B8FA0C}


==================== One Month Modified Files and Folders =======

2012-12-24 14:24 - 2012-09-23 06:50 - 00000000 __AHD C:\.Trashes
2012-12-22 10:52 - 2012-09-23 06:56 - 00021508 ___AH C:\Users\Daman Panesar\Desktop\.DS_Store
2012-12-22 10:52 - 2012-09-23 06:54 - 00021508 ___AH C:\Users\Daman Panesar\.DS_Store
2012-12-22 10:52 - 2012-09-23 06:54 - 00015364 ___AH C:\users\.DS_Store
2012-12-22 10:52 - 2012-09-23 06:54 - 00015364 ___AH C:\.DS_Store
2012-12-21 14:29 - 2012-09-23 06:58 - 00012292 ___AH C:\Program Files (x86)\.DS_Store
2012-12-20 07:34 - 2012-06-14 23:53 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-12-20 07:34 - 2011-10-20 05:51 - 00000960 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2821615385-3785765011-1663670300-1000UA.job
2012-12-20 07:34 - 2011-10-20 05:51 - 00000938 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2821615385-3785765011-1663670300-1000Core.job
2012-12-20 07:34 - 2010-08-03 20:00 - 00000940 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2821615385-3785765011-1663670300-1000UA.job
2012-12-20 07:34 - 2010-08-03 17:48 - 01137651 ____A C:\Windows\WindowsUpdate.log
2012-12-19 20:12 - 2010-08-03 20:00 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2821615385-3785765011-1663670300-1000Core.job
2012-12-19 18:29 - 2009-07-13 20:45 - 00024112 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-19 18:29 - 2009-07-13 20:45 - 00024112 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-19 18:21 - 2010-08-03 19:55 - 00094116 ____A C:\Windows\PFRO.log
2012-12-19 18:21 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-19 18:21 - 2009-07-13 20:51 - 00171039 ____A C:\Windows\setupact.log
2012-12-19 18:20 - 2012-12-19 18:20 - 00000734 ____A C:\Users\Daman Panesar\Desktop\shexview.cfg
2012-12-19 18:14 - 2012-12-19 18:14 - 00001123 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-12-19 18:14 - 2012-12-19 18:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-19 18:13 - 2012-12-19 18:12 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Daman Panesar\Desktop\mbam-setup-1.65.1.1000.exe
2012-12-19 17:05 - 2010-08-03 21:26 - 00000000 ____D C:\Users\Daman Panesar\AppData\Roaming\Skype
2012-12-19 11:36 - 2012-12-19 11:36 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{CB72ED91-7AB3-4F57-80DE-3DAD025EC3AF}
2012-12-19 10:51 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-12-19 10:17 - 2012-12-19 10:17 - 00000000 ____D C:\Program Files\iTunes
2012-12-19 10:17 - 2012-12-19 10:17 - 00000000 ____D C:\Program Files\iPod
2012-12-19 10:17 - 2012-12-19 10:15 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-19 10:17 - 2010-08-03 22:52 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-12-19 01:27 - 2011-12-12 07:40 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-12-19 01:27 - 2011-12-12 07:40 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-12-16 20:51 - 2012-08-27 22:44 - 00000000 ____D C:\Users\Daman Panesar\Desktop\TV
2012-12-15 17:07 - 2012-09-23 07:24 - 00012292 ___AH C:\Users\Daman Panesar\Documents\.DS_Store
2012-12-15 07:29 - 2011-11-11 04:21 - 00000000 ____D C:\Program Files (x86)\Bonjour
2012-12-15 06:35 - 2012-12-15 06:35 - 00000000 ___AD C:\.TemporaryItems
2012-12-12 22:01 - 2009-07-13 20:45 - 04973696 ____A C:\Windows\System32\FNTCACHE.DAT
2012-12-12 21:56 - 2010-08-14 20:36 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-12-12 21:54 - 2010-08-03 20:09 - 67413224 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-12-12 21:16 - 2011-11-03 17:51 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\Akamai
2012-12-12 21:16 - 2010-08-03 19:55 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-12-12 21:16 - 2010-08-03 17:49 - 00000000 ____D C:\users\Daman Panesar
2012-12-11 00:59 - 2012-11-26 07:45 - 00000000 ____D C:\Users\Daman Panesar\Desktop\dermatologytest
2012-12-11 00:44 - 2012-11-21 04:55 - 00000000 ____D C:\Users\All Users\Browser Manager
2012-12-11 00:44 - 2012-05-13 03:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-12-10 21:48 - 2012-12-10 21:48 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{62DBB03E-A881-4EA6-8B02-83038ECB80E5}
2012-12-10 11:45 - 2010-08-04 20:30 - 00000000 ____D C:\Users\Daman Panesar\AppData\Roaming\DMCache
2012-12-10 09:44 - 2012-12-10 09:43 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{D2681B66-F500-422E-BE34-895CDCA28E40}
2012-12-10 02:15 - 2010-08-18 23:03 - 00000000 ____D C:\Users\Daman Panesar\AppData\Roaming\Azureus
2012-12-09 18:11 - 2012-12-09 18:11 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{4605E8B9-4764-478B-B20E-ED7277BE8174}
2012-12-09 16:57 - 2012-12-09 16:57 - 00000000 ____D C:\Users\All Users\Messenger Plus! for Skype
2012-12-09 16:57 - 2011-04-06 02:45 - 00000000 ____D C:\Program Files (x86)\Yuna Software
2012-12-09 16:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-12-09 13:58 - 2012-12-09 13:57 - 00000000 ____D C:\Users\Daman Panesar\Desktop\dermatologyexam
2012-12-09 06:11 - 2012-12-09 06:11 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{D407F18D-FCF1-4752-B158-5F9C9CFC2FC8}
2012-12-09 05:15 - 2012-11-12 11:24 - 00000000 ____D C:\Users\Daman Panesar\Desktop\New folder (3)
2012-12-08 03:26 - 2012-12-08 03:26 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{D5063C64-DE6B-452F-A71F-B88C208AEC5A}
2012-12-07 12:38 - 2012-12-07 12:38 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{9C07F158-B0CB-4179-938E-968202D30204}
2012-12-07 11:59 - 2011-05-30 13:01 - 00000000 ____D C:\Users\Daman Panesar\Desktop\Business
2012-12-07 00:38 - 2012-12-07 00:36 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{34CE1521-FC29-4EF6-9965-FE338C3A5C1B}
2012-12-06 21:32 - 2012-12-06 13:10 - 00000000 ____D C:\Users\Daman Panesar\Desktop\Big Boi - Vicious Lies and Dangerous Rumors (iTunes)
2012-12-05 13:20 - 2012-12-05 12:45 - 00000000 ____D C:\Users\Daman Panesar\Desktop\D
2012-12-05 10:48 - 2012-12-05 10:48 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{C9035881-1449-4948-8230-0CCFCFB343B0}
2012-12-05 10:00 - 2012-10-27 01:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-12-04 22:47 - 2012-12-04 22:47 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{8D711C7C-9565-41C3-AF35-7DC125582920}
2012-12-04 10:57 - 2012-11-29 23:12 - 00000000 ____D C:\Users\Daman Panesar\Desktop\Wiz_Khalifa-O.N.I.F.C.-2012-CR
2012-12-04 10:57 - 2012-08-28 21:17 - 00000000 ____D C:\Users\Daman Panesar\Desktop\Year VI
2012-12-04 07:08 - 2010-08-18 23:02 - 00000000 ____D C:\Program Files (x86)\Vuze
2012-12-04 06:48 - 2012-12-04 06:47 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{1C870F0E-60B0-4EE7-BD7A-F053CF3BE6AB}
2012-12-03 11:09 - 2012-12-03 11:08 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{157D4BFC-0926-421D-8BE0-474F2E6F97F4}
2012-12-02 22:35 - 2012-12-02 22:35 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{33E98655-4F8B-4773-950A-80CEC47CEFC0}
2012-12-02 09:48 - 2012-12-02 09:47 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{E6C126BD-37E2-4A62-A092-10400ADD9F70}
2012-12-02 06:51 - 2012-12-03 15:03 - 18313789 ____A C:\Users\Daman Panesar\Desktop\Zombie Highway v1.2 apkmania.com.apk
2012-11-30 00:27 - 2012-11-30 00:27 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-11-29 13:07 - 2009-07-13 21:13 - 00785608 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-29 12:29 - 2012-11-29 12:29 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{FDCDFA3C-7E12-4D6C-8D7B-1444CAEE2863}
2012-11-28 12:29 - 2012-11-28 12:29 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{958DB313-3D4A-4218-8F42-08DBB8D338A7}
2012-11-28 10:56 - 2012-11-28 10:56 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{38FE0B3A-1F9A-4689-8B12-389AA21B1A67}
2012-11-28 03:17 - 2009-07-13 21:08 - 00032578 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-11-27 22:56 - 2012-11-27 22:55 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{2629644B-1409-4F6D-A0AC-DF2714CAFA75}
2012-11-27 10:28 - 2012-11-27 10:27 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{6B4FD481-601E-4292-9493-846EB1C0C599}
2012-11-26 22:27 - 2012-11-26 22:27 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{81CF6361-E9E3-42CE-B844-2F08201A1419}
2012-11-26 11:10 - 2012-11-26 11:03 - 00044222 ____A C:\Users\Daman Panesar\AppData\Local\RAContactHistory.xml
2012-11-26 11:02 - 2012-11-26 11:02 - 00000000 ____D C:\Users\Daman Panesar\AppData\Roaming\PeerNetworking
2012-11-26 10:26 - 2012-11-26 10:26 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{73013E67-1091-4D81-84CF-113CC6258657}
2012-11-25 22:26 - 2012-11-25 22:25 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{2676EE2B-8DAE-4D4C-85E9-0B82807CB45E}
2012-11-25 06:07 - 2012-11-25 06:06 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{30766EF9-C3D2-42F0-A647-6A4AEA7F713A}
2012-11-24 08:13 - 2012-11-24 08:13 - 00000000 ____D C:\Users\Daman Panesar\AppData\Local\{9E2C066A-2322-4165-9D2B-DDA570B8FA0C}


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-11-27 00:14:58
Restore point made on: 2012-11-28 03:00:22
Restore point made on: 2012-12-04 04:29:24
Restore point made on: 2012-12-11 00:16:02
Restore point made on: 2012-12-12 21:51:08
Restore point made on: 2012-12-19 01:15:03

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 3957.99 MB
Available physical RAM: 3341.36 MB
Total Pagefile: 3956.14 MB
Available Pagefile: 3331.92 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Partitions =============================

1 Drive c: (Windows HD) (Fixed) (Total:391.44 GB) (Free:88.83 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
4 Drive f: (USB DISK) (Removable) (Total:1.86 GB) (Free:1.82 GB) NTFS
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 128 MB
Disk 1 No Media 0 B 0 B
Disk 2 Online 1906 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 200 MB 512 B
Partition 2 Primary 74 GB 200 MB
Partition 3 Primary 391 GB 74 GB

==================================================================================

Disk: 0
Partition 1
Type : EE
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Disk: 0
Partition 2
Type : AF
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C Windows HD NTFS Partition 391 GB Healthy

=========================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1905 MB 16 KB

==================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F USB DISK NTFS Removable 1905 MB Healthy

=========================================================

Last Boot: 2012-12-19 10:43

==================== End Of Log =============================

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:41 AM

Posted 24 December 2012 - 05:49 PM

Thank you boobme.:)

  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    start
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\iFanAutoControl.lnk
    4 Browser Manager; C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe [2403352 2012-12-05] ()
    C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe
    end
    

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options and select Command Prompt.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
  • Restart and boot to Safe Mode with networking while you boot into your usual account.
  • Open your Malwarebytes' Anti-Malware.
    • First update it, to do that under the Update tab press "Check for Updates".
    • Under Scanner tab select "Perform Quick Scan", then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

  • Please download AdwCleaner and save it to your desktop.
    • Close all open programs.
    • Double click on AdwCleaner.exe to run it.
    • Click on Delete and confirm the prompt.
    • After it is finished the computer will be restarted. A text file will open after the restart.
    • Please post the content of that log to your reply.
    • A copy of the log will be saved at C:\AdwCleaner[S1].txt.
  • Also restart and try to boot into normal mode and tell me how it went.


#6 captain19

captain19
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 24 December 2012 - 06:34 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-12-2012 01
Ran by SYSTEM at 2012-12-24 23:31:40 Run:1
Running from F:\

==============================================

C:\Users\All Users\Start Menu\Programs\Startup\iFanAutoControl.lnk moved successfully.
Browser Manager service deleted successfully.
C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe moved successfully.

==== End of Fixlog ====

#7 captain19

captain19
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 24 December 2012 - 07:04 PM

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.24.10

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Daman Panesar :: DAMANPANESAR-PC [administrator]

24/12/2012 11:38:17 PM
mbam-log-2012-12-24 (23-38-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 236556
Time elapsed: 5 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

# AdwCleaner v2.102 - Logfile created 12/24/2012 at 23:52:11
# Updated 23/12/2012 by Xplode
# Operating system : Windows 7 Enterprise Service Pack 1 (64 bits)
# User : Daman Panesar - DAMANPANESAR-PC
# Boot Mode : Normal
# Running from : C:\Users\Daman Panesar\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Users\Daman Panesar\AppData\Roaming\Mozilla\Firefox\Profiles\t7k8k0o0.default\bprotector_extensions.sqlite
File Deleted : C:\Users\Daman Panesar\AppData\Roaming\Mozilla\Firefox\Profiles\t7k8k0o0.default\bprotector_prefs.js
File Deleted : C:\Users\Daman Panesar\AppData\Roaming\Mozilla\Firefox\Profiles\t7k8k0o0.default\searchplugins\Startsear.xml
Folder Deleted : C:\Program Files (x86)\BabylonToolbar
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\ConduitEngine
Folder Deleted : C:\Program Files (x86)\vShare.tv plugin
Folder Deleted : C:\Program Files (x86)\Vuze_Remote
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Browser Manager
Folder Deleted : C:\Users\Daman Panesar\AppData\Local\Linkury
Folder Deleted : C:\Users\Daman Panesar\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Daman Panesar\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Daman Panesar\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Daman Panesar\AppData\LocalLow\Vuze_Remote
Folder Deleted : C:\Users\Daman Panesar\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Daman Panesar\AppData\Roaming\BabylonToolbar
Folder Deleted : C:\Users\Daman Panesar\AppData\Roaming\BrowserCompanion
Folder Deleted : C:\Users\Daman Panesar\AppData\Roaming\Mozilla\Firefox\Profiles\t7k8k0o0.default\Conduit
Folder Deleted : C:\Users\Daman Panesar\AppData\Roaming\Mozilla\Firefox\Profiles\t7k8k0o0.default\ConduitEngine
Folder Deleted : C:\Users\Daman Panesar\AppData\Roaming\Mozilla\Firefox\Profiles\t7k8k0o0.default\extensions\bbrs_002@blabbers.com
Folder Deleted : C:\Users\Daman Panesar\AppData\Roaming\Mozilla\Firefox\Profiles\t7k8k0o0.default\extensions\engine@conduit.com

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\Vuze_Remote
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Microsoft\Babylon
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\Software\BrowserCompanion
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2535290
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{00579B8F-8A0A-4B35-A0F9-19CDEEEB0843}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKLM\Software\SweetIM
Key Deleted : HKLM\Software\Vuze_Remote
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00579B8F-8A0A-4B35-A0F9-19CDEEEB0843}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{06B3E631-5CF4-4944-A06B-31672996FFEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9BB37C2B-9ED8-479F-A21B-0F42BB08D48F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run []
Value Deleted : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=110824&tt=201112_ccp_cmd_4712_6&babsrc=HP_ss&mntrId=2a6de65c00000000000060334b068fac --> hxxp://www.google.com

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\Daman Panesar\AppData\Roaming\Mozilla\Firefox\Profiles\t7k8k0o0.default\prefs.js

C:\Users\Daman Panesar\AppData\Roaming\Mozilla\Firefox\Profiles\t7k8k0o0.default\user.js ... Deleted !

Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun May 08 2011 15:08:49 GMT-07[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Aug 15 2011 21:42:48 GMT-0700 (Pacif[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Aug 15 2011 20:00:52 GMT-0700 (Pacific D[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "de026fa7-4a01-43be-a049-36098bec0684");
Deleted : user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=110824&tt=201112_ccp_cmd_4[...]
Deleted : user_pref("avg.install.userSPSettings", "Search the web (Babylon)");
Deleted : user_pref("browser.search.defaultengine", "Web Search");
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "2a6de65c00000000000060334b068fac");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15665");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.84:55:12");
Deleted : user_pref("extensions.engine@conduit.com.install-event-fired", true);
Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://userscripts.org/users/atesh/XKit.xkit_installed[...]
Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://userscripts.org/users/atesh/XKit.xkit_installer[...]
Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://userscripts.org/users/atesh/XKit.xkit_log", "Na[...]
Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://userscripts.org/users/atesh/XKit.xkit_preferenc[...]
Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://userscripts.org/users/atesh/XKit.xm_xquickinbox[...]
Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://userscripts.org/users/atesh/XKit.xquickinbox", [...]
Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://userscripts.org/users/atesh/XKit.xquickinbox_ic[...]
Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://userscripts.org/users/atesh/XKit.xthemes", "//*[...]
Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=110824&tt=201112_ccp_cmd_4712_6&babsrc=KW[...]
Deleted : user_pref("xkit.xinbox", "//* VERSION 3.6 REV F **//\r\n//* INTERVAL 0 **//\r\n//* TITLE XInbox **//[...]
Deleted : user_pref("xkit.xinbox_icon", "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAA[...]
Deleted : user_pref("xkit.xkit_installed_extensions", "xkit_main,xkit_required,xkit_preferences,xkit_update_ma[...]
Deleted : user_pref("xkit.xkit_installer", "//* VERSION 6.1 REV A **//\r\n// XKit Installer\r\n// Installs XKi[...]
Deleted : user_pref("xkit.xkit_log", "NaNxkit_update_manager</b>:<p>Checking for updates...</p></li>NaNxkit_up[...]

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Daman Panesar\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v [Unable to get version]

File : C:\Users\Daman Panesar\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [20621 octets] - [24/12/2012 23:52:11]

########## EOF - C:\AdwCleaner[S1].txt - [20682 octets] ##########

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:41 AM

Posted 24 December 2012 - 07:18 PM

Very well with those steps. Did you try to boot normally?

#9 captain19

captain19
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 24 December 2012 - 07:20 PM

I still get the same problem when I boot it normally :s

and now theres a new error when I start it. It's attached to this reply.

Attached Files



#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:41 AM

Posted 24 December 2012 - 07:21 PM

To attach it you need to add the attachment to post.

#11 captain19

captain19
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 24 December 2012 - 07:30 PM

Here we go. Sorry about that.

http://i45.tinypic.com/168dj44.jpg

Edited by Farbar, 24 December 2012 - 07:45 PM.
Edited to post only the link.


#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:41 AM

Posted 24 December 2012 - 07:34 PM

Thank you for posting the error. Probably that is the issue.

  • Please download TDSSKiller.zip and and extract it.
    • Run TDSSKiller.exe.
    • Click Start scan.
    • When it is finished the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
    • Let reboot if needed and tell me if the tool needed a reboot.
    • Click on Report and post the contents of the text file that will open.

      Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.
  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List installed programs.
    • List Devices (only check the box and let the default radio button as it is).
    • List Restore Points.
    Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.


#13 captain19

captain19
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 24 December 2012 - 07:58 PM

Should I run these tools in Safe Mode with networking or regular boot?

#14 captain19

captain19
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 24 December 2012 - 07:59 PM

I will have to run these tools later tonight.

Christmas dinner to attend to :)

Thanks for all your help. Will get back to you as soon as possible. :)

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:41 AM

Posted 24 December 2012 - 08:03 PM

I assume you are not able to run tools in normal mode, do you?

You may run MiniToolBox in any mode. If you could could run TDSSKiller in normal mode it would be better otherwise run it in Safe Mode with networking.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users