Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need a fixlist.txt file for Farbar recovery scan tool


  • This topic is locked This topic is locked
22 replies to this topic

#1 supernova6743

supernova6743

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 24 November 2013 - 11:11 PM

Hi, I would appreciate any help you could give me.  Here is my FRST.txt file

 

 

==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2473568 2010-11-11] (Synaptics Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [NeroFilterCheck] - C:\Windows\SysWOW64\NeroCheck.exe [155648 2001-07-08] (Ahead Software Gmbh)
HKLM-x32\...\Run: [S6000Mnt] - C:\Windows\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202096 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [VitaKeyTSR] - C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [383344 2010-12-13] (Egis Technology Inc. )
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKU\god\...\Run: [SDP] - C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe [200784 2012-05-31] (Somoto)
HKU\god\...\Run: [Facebook Update] - C:\Users\god\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-09-07] (Facebook Inc.)
HKU\god\...\Run: [Google Update] - C:\Users\god\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-11-11] (Google Inc.)
HKU\god\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20133824 2013-09-25] (Google)
HKU\god\...\Run: [SearchProtection] - C:\Users\god\AppData\Roaming\Search Protection\SearchProtection.exe [832360 2013-09-03] (Spigot, Inc.)
HKU\god\...\Winlogon: [Shell] C:\Users\god\AppData\Roaming\guard-rrdx.exe [968032 2013-11-24] () <==== ATTENTION 
HKU\Guest\...\Run: [ZVMOUNT] - C:\Program Files (x86)\Net Protector 2012\ZVMOUNT.EXE
HKU\Guest\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION 
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter
 
==================== Services (Whitelisted) =================
 
S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 N360; C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe [264360 2013-10-08] (Symantec Corporation)
S2 Web Assistant; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [188760 2013-06-30] ()
 
==================== Drivers (Whitelisted) ====================
 
S1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20131114.001\BHDrvx64.sys [1524824 2013-10-22] (Symantec Corporation)
S1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-20] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-20] (Symantec Corporation)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [238080 2012-10-18] (Huawei Technologies Co., Ltd.)
S1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20131122.001\IDSvia64.sys [521816 2013-11-01] (Symantec Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20131123.001\ENG64.SYS [126040 2013-11-01] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20131123.001\EX64.SYS [2099288 2013-11-01] (Symantec Corporation)
S3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [3293272 2010-12-23] (Windows ® Win 7 DDK provider)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-07-18] (Duplex Secure Ltd.)
S3 SRTSP; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\N360x64\1501000.012\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\N360x64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-01] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
S1 SymNetS; C:\Windows\system32\drivers\N360x64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-24 22:29 - 2013-11-24 22:29 - 00000000 ____D C:\FRST
2013-11-24 18:42 - 2013-11-24 18:42 - 00002763 _____ C:\ProgramData\connector.swf
2013-11-24 18:42 - 2013-11-24 18:42 - 00002087 _____ C:\Users\god\AppData\Roaming\result1.db
2013-11-24 18:33 - 2013-11-24 18:33 - 00953818 _____ C:\Users\god\Downloads\devi-stotram-telugu.zip
2013-11-24 17:33 - 2013-11-24 18:34 - 00968032 ____R C:\Users\god\AppData\Roaming\guard-rrdx.exe
2013-11-24 14:38 - 2013-11-24 14:39 - 26303797 _____ C:\Users\god\Downloads\PdfToWordConverter_dldportals.EXE
2013-11-24 13:14 - 2013-11-24 13:14 - 00086869 _____ C:\Users\god\Downloads\Rudram (1).zip
2013-11-24 13:03 - 2013-11-24 13:04 - 00086869 _____ C:\Users\god\Downloads\Rudram.zip
2013-11-23 08:31 - 2013-11-23 12:13 - 00000000 ____D C:\Users\god\AppData\Roaming\Search Protection
2013-11-23 08:31 - 2013-11-23 08:31 - 00000847 _____ C:\Users\god\Desktop\µTorrent.lnk
2013-11-23 08:27 - 2013-11-23 08:45 - 00000000 ____D C:\Users\god\Downloads\Masala (2013) Telugu Movie HD DVDScr XviD - Exclusive
2013-11-23 08:26 - 2013-11-23 08:26 - 00062199 _____ C:\Users\god\Downloads\masala-2013-telugu-movie-hd-dvdscr-xvid-exclusive.torrent
2013-11-22 12:13 - 2013-11-22 12:13 - 00000182 _____ C:\Users\god\Desktop\job 1.txt
2013-11-19 12:43 - 2013-11-24 17:42 - 00000000 ___RD C:\Users\god\Google Drive
2013-11-19 12:43 - 2013-11-19 12:43 - 00001691 _____ C:\Users\god\Desktop\Google Drive.lnk
2013-11-19 12:28 - 2013-11-19 12:28 - 00002004 _____ C:\Users\Public\Desktop\Google Slides.lnk
2013-11-19 12:28 - 2013-11-19 12:28 - 00002000 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2013-11-19 12:28 - 2013-11-19 12:28 - 00001988 _____ C:\Users\Public\Desktop\Google Docs.lnk
2013-11-19 12:25 - 2013-11-19 12:25 - 00819136 _____ (Google Inc.) C:\Users\god\Downloads\googledrivesync.exe
2013-11-19 09:09 - 2013-11-19 09:09 - 01392489 _____ C:\Users\god\Desktop\Rahi.zip
2013-11-14 11:47 - 2013-11-14 11:54 - 00000000 ____D C:\Users\god\Downloads\Potugadu (2013) Telugu Movie Orginal DVD-9 1CD rip Audio,Subs & Chaptes--[Team Rt]-- First on net[www.RipsTracker.com]
2013-11-14 11:46 - 2013-11-14 11:46 - 00016115 _____ C:\Users\god\Downloads\[TorrentDownloads.me]_Potugadu (2013) Telugu Movie Orginal DVD-9 1CD rip Audio,Subs &amp; Chaptes--[Team Rt]-- First on net[.torrent
2013-11-13 11:04 - 2013-10-05 12:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-11-13 11:04 - 2013-10-05 11:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 11:03 - 2013-10-11 18:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\System32\nshwfp.dll
2013-11-13 11:03 - 2013-10-11 18:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2013-11-13 11:03 - 2013-10-11 18:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\System32\FWPUCLNT.DLL
2013-11-13 11:03 - 2013-10-11 18:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 11:03 - 2013-10-11 18:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 11:03 - 2013-10-03 18:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\System32\SmartcardCredentialProvider.dll
2013-11-13 11:03 - 2013-10-03 18:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\credui.dll
2013-11-13 11:03 - 2013-10-03 18:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-11-13 11:03 - 2013-10-03 17:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 11:03 - 2013-10-03 17:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 11:03 - 2013-10-03 17:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 11:03 - 2013-10-02 18:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2013-11-13 11:03 - 2013-10-02 18:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 11:03 - 2013-09-27 17:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2013-11-13 11:03 - 2013-09-24 18:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-11-13 11:03 - 2013-09-24 18:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2013-11-13 11:03 - 2013-09-24 18:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2013-11-13 11:03 - 2013-09-24 18:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2013-11-13 11:03 - 2013-09-24 18:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2013-11-13 11:03 - 2013-09-24 18:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-11-13 11:03 - 2013-09-24 18:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-11-13 11:03 - 2013-09-24 18:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-11-13 11:03 - 2013-09-24 17:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 11:03 - 2013-09-24 17:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 11:03 - 2013-09-24 17:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 11:03 - 2013-09-24 17:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 11:03 - 2013-09-24 17:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2013-11-13 11:03 - 2013-07-04 04:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-11-12 08:00 - 2013-10-14 15:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\System32\IEUDINIT.EXE
2013-11-12 07:57 - 2013-11-12 07:57 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-12 07:57 - 2013-11-12 07:57 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-12 07:57 - 2013-11-12 07:57 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-11-12 07:57 - 2013-11-12 07:57 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-12 07:57 - 2013-11-12 07:57 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-12 07:57 - 2013-11-12 07:57 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00235008 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-12 07:57 - 2013-11-12 07:57 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-12 07:57 - 2013-11-12 07:57 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-12 07:57 - 2013-11-12 07:57 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-12 07:57 - 2013-11-12 07:57 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-12 07:57 - 2013-11-12 07:57 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-12 07:57 - 2013-11-12 07:57 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-12 07:57 - 2013-11-12 07:57 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-12 07:56 - 2013-11-12 07:56 - 23212032 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 12995584 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 05765120 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 02764288 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-11-12 07:56 - 2013-11-12 07:56 - 02332160 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 01993728 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-11-12 07:56 - 2013-11-12 07:56 - 01394176 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 01228800 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00942592 _____ (Microsoft Corporation) C:\Windows\System32\jsIntl.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00774144 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00626176 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00616104 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-11-12 07:56 - 2013-11-12 07:56 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00453120 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00413696 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-11-12 07:56 - 2013-11-12 07:56 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00263376 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00247808 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00235520 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-11-12 07:56 - 2013-11-12 07:56 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-11-12 07:56 - 2013-11-12 07:56 - 00147968 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00143872 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-11-12 07:56 - 2013-11-12 07:56 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-11-12 07:56 - 2013-11-12 07:56 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00131072 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2013-11-12 07:56 - 2013-11-12 07:56 - 00105984 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00101376 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00090112 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-11-12 07:56 - 2013-11-12 07:56 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-11-12 07:56 - 2013-11-12 07:56 - 00084992 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-11-12 07:56 - 2013-11-12 07:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00048128 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00040448 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-11-12 07:56 - 2013-11-12 07:56 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-11-12 07:56 - 2013-11-12 07:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2013-11-12 07:54 - 2013-11-12 08:00 - 00007276 _____ C:\Windows\IE11_main.log
2013-11-11 12:40 - 2013-11-24 18:45 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1732697415-3453766218-494055121-1000UA.job
2013-11-11 12:40 - 2013-11-23 12:57 - 00000848 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1732697415-3453766218-494055121-1000Core.job
2013-11-11 12:40 - 2013-11-11 12:40 - 00003866 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1732697415-3453766218-494055121-1000UA
2013-11-11 12:40 - 2013-11-11 12:40 - 00003470 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1732697415-3453766218-494055121-1000Core
2013-11-11 12:37 - 2013-11-11 15:20 - 00000043 _____ C:\Users\god\Desktop\pss.txt
2013-11-11 12:37 - 2013-11-11 12:38 - 00819160 _____ (Google Inc.) C:\Users\god\Downloads\GoogleVoiceAndVideoSetup.exe
2013-11-06 14:27 - 2013-11-22 13:14 - 00000000 ____D C:\Users\god\AppData\Local\CrashDumps
2013-11-04 11:57 - 2013-11-23 20:12 - 00000069 _____ C:\Users\god\Desktop\suri ctc no.txt
2013-11-03 09:05 - 2013-11-03 09:05 - 03733780 _____ C:\Users\god\Downloads\part2.zip
2013-11-03 09:04 - 2013-11-03 09:05 - 05108848 _____ C:\Users\god\Downloads\part1.zip
2013-11-02 08:40 - 2013-11-02 08:40 - 00654424 _____ C:\Users\god\Downloads\phonecontacts.zip
2013-11-01 14:53 - 2013-11-14 06:52 - 00000000 ____D C:\Windows\System32\MRT
2013-11-01 14:53 - 2013-11-14 06:45 - 82896128 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-11-01 14:45 - 2013-11-01 14:45 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2013-11-01 14:43 - 2013-11-01 14:43 - 00003206 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-11-01 14:42 - 2013-11-01 14:42 - 00177752 _____ (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2013-11-01 14:42 - 2013-11-01 14:42 - 00008222 _____ C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2013-11-01 14:42 - 2013-11-01 14:42 - 00002351 _____ C:\Users\Public\Desktop\Norton 360.lnk
2013-11-01 14:42 - 2013-11-01 14:42 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-11-01 14:40 - 2013-11-01 14:40 - 00000000 ____D C:\Windows\System32\Drivers\N360x64
2013-11-01 14:39 - 2013-11-01 14:44 - 00000000 ____D C:\ProgramData\Norton
2013-11-01 14:39 - 2013-11-01 14:40 - 00000000 ____D C:\Program Files (x86)\Norton 360
2013-11-01 14:33 - 2013-11-01 14:38 - 231648632 ____N (Symantec Corporation) C:\Users\god\Downloads\N360_21.1.0.18_SYMTB_TMD_MRFTT_821_10132.exe
2013-11-01 14:29 - 2013-11-01 14:29 - 00003148 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-11-01 05:30 - 2013-09-04 04:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2013-11-01 05:30 - 2013-09-04 04:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2013-11-01 05:30 - 2013-09-04 04:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2013-11-01 05:30 - 2013-09-04 04:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2013-11-01 05:30 - 2013-09-04 04:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2013-11-01 05:30 - 2013-09-04 04:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2013-11-01 05:30 - 2013-09-04 04:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2013-10-31 09:54 - 2013-10-31 09:54 - 00000060 _____ C:\Users\god\Documents\radhi.txt
2013-10-30 14:18 - 2013-10-30 14:18 - 00001464 _____ C:\Users\god\Desktop\Illustrator - Shortcut.lnk
2013-10-30 14:15 - 2013-10-30 14:15 - 00001419 _____ C:\Users\god\Desktop\Portable Photoshop CS5 - Shortcut.lnk
2013-10-26 07:11 - 2013-04-16 23:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-10-26 07:11 - 2013-04-16 22:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 03928064 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 02776576 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 02565120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 01682432 _____ (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 01238528 _____ (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 01175552 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00648192 _____ (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00522752 _____ (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00363008 _____ (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00333312 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00245248 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00221184 _____ (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00194560 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00010752 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00009728 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00002560 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-10-25 19:39 - 2013-10-25 19:51 - 00008877 _____ C:\Windows\IE10_main.log
2013-10-25 13:19 - 2013-07-08 21:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-10-25 13:19 - 2013-07-08 21:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-10-25 13:19 - 2013-07-08 21:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-10-25 13:19 - 2013-07-08 20:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-10-25 13:19 - 2013-07-08 20:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-10-25 13:19 - 2013-07-08 20:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-10-25 13:19 - 2013-07-04 04:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\comctl32.dll
2013-10-25 13:19 - 2013-07-04 03:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-25 13:19 - 2012-10-09 10:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2013-10-25 13:19 - 2012-10-09 10:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2013-10-25 13:19 - 2012-10-09 09:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2013-10-25 13:19 - 2012-10-09 09:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2013-10-25 13:18 - 2013-07-18 17:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-10-25 13:18 - 2013-07-18 17:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-10-25 13:18 - 2013-03-18 21:53 - 00230400 _____ (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-10-25 13:18 - 2013-03-18 21:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-10-25 13:18 - 2013-02-26 22:02 - 00111448 _____ (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-10-25 13:18 - 2013-02-26 21:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-10-25 13:17 - 2013-08-04 18:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys
2013-10-25 13:17 - 2013-08-01 18:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-10-25 13:17 - 2013-08-01 18:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-10-25 13:17 - 2013-08-01 18:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-10-25 13:17 - 2013-08-01 18:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-10-25 13:17 - 2013-08-01 18:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2013-10-25 13:17 - 2013-08-01 18:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 18:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 18:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 18:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 17:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-10-25 13:17 - 2013-08-01 17:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-10-25 13:17 - 2013-08-01 17:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-10-25 13:17 - 2013-08-01 17:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 17:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 17:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-10-25 13:17 - 2013-08-01 16:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-10-25 13:17 - 2013-08-01 16:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 16:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 16:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-10-25 13:17 - 2013-08-01 16:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-10-25 13:17 - 2013-06-05 21:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll
2013-10-25 13:17 - 2013-06-05 21:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2013-10-25 13:17 - 2013-06-05 21:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2013-10-25 13:17 - 2013-06-05 21:47 - 00046080 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-10-25 13:17 - 2013-06-05 20:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-25 13:17 - 2013-06-05 20:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-25 13:17 - 2013-06-05 20:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-25 13:17 - 2013-06-05 19:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-10-25 13:17 - 2013-06-05 19:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-25 13:17 - 2013-06-05 19:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-25 13:17 - 2013-04-25 15:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-10-25 13:17 - 2013-03-31 14:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-10-25 13:17 - 2012-08-22 10:12 - 00950128 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2013-10-25 13:17 - 2012-07-04 12:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2013-10-25 13:16 - 2013-07-25 01:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-10-25 13:16 - 2013-07-25 00:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-10-25 13:16 - 2013-07-12 02:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbvideo.sys
2013-10-25 13:16 - 2013-07-12 02:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys
2013-10-25 13:16 - 2013-07-08 21:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-10-25 13:16 - 2013-07-08 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-10-25 13:16 - 2013-07-04 04:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2013-10-25 13:16 - 2013-07-04 04:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\System32\davclnt.dll
2013-10-25 13:16 - 2013-07-04 03:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-25 13:16 - 2013-07-04 03:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-25 13:16 - 2013-07-04 02:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2013-10-25 13:16 - 2013-07-02 20:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-10-25 13:16 - 2013-07-02 20:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2013-10-25 13:16 - 2013-06-25 14:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-10-25 13:16 - 2013-06-03 22:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-10-25 13:16 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-10-25 13:16 - 2012-10-03 09:44 - 00303104 _____ (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2013-10-25 13:16 - 2012-10-03 09:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2013-10-25 13:16 - 2012-10-03 09:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2013-10-25 13:16 - 2012-10-03 09:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2013-10-25 13:16 - 2012-10-03 09:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\System32\netevent.dll
2013-10-25 13:16 - 2012-10-03 09:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2013-10-25 13:16 - 2012-10-03 08:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2013-10-25 13:16 - 2012-10-03 08:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2013-10-25 13:16 - 2012-10-03 08:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2013-10-25 13:16 - 2012-10-03 08:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2013-10-25 13:16 - 2012-08-21 13:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2013-10-25 13:16 - 2012-01-12 23:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2013-10-25 13:15 - 2013-09-07 18:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-10-25 13:15 - 2013-09-07 18:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\System32\mswsock.dll
2013-10-25 13:15 - 2013-09-07 18:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-25 13:15 - 2013-08-27 17:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-10-25 13:15 - 2013-06-14 20:35 - 01111552 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2013-10-25 13:15 - 2013-06-14 20:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2013-10-25 13:13 - 2013-08-28 18:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-10-25 13:13 - 2013-08-28 18:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-10-25 13:13 - 2013-08-28 18:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\System32\tdh.dll
2013-10-25 13:13 - 2013-08-28 18:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-10-25 13:13 - 2013-08-28 18:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll
2013-10-25 13:13 - 2013-08-28 17:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-25 13:13 - 2013-08-28 17:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-25 13:13 - 2013-08-28 17:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-25 13:13 - 2013-08-28 17:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-25 13:13 - 2013-08-28 17:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-25 13:13 - 2013-08-28 17:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-25 13:13 - 2013-08-28 16:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-25 13:13 - 2013-08-28 16:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-25 13:13 - 2013-08-28 16:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-25 13:13 - 2013-08-28 16:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-25 13:12 - 2013-07-25 18:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-10-25 13:12 - 2013-07-25 18:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-10-25 13:12 - 2013-07-25 17:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-10-25 13:12 - 2013-07-25 17:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-10-25 13:12 - 2013-05-09 21:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-10-25 13:12 - 2013-05-09 19:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-10-25 13:12 - 2013-04-25 21:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-10-25 13:12 - 2013-04-25 20:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-10-25 13:12 - 2012-11-22 19:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\System32\taskhost.exe
2013-10-25 13:11 - 2013-07-20 02:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-25 13:11 - 2013-07-20 02:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-25 13:11 - 2013-05-12 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-10-25 13:11 - 2013-05-12 19:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-10-25 13:11 - 2013-05-12 19:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-10-25 13:11 - 2013-05-12 19:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-10-25 13:10 - 2013-08-01 04:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-10-25 13:10 - 2013-04-09 22:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-10-25 13:10 - 2011-02-03 03:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-10-25 13:09 - 2013-08-27 17:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\System32\scavengeui.dll
2013-10-25 07:23 - 2013-10-25 07:23 - 00000000 ____D C:\Windows\System32\SPReview
2013-10-25 07:21 - 2013-10-25 07:21 - 00000000 ____D C:\Windows\System32\EventProviders
2013-10-25 06:44 - 2013-10-25 06:44 - 00003110 _____ C:\Windows\System32\Tasks\{C7904F50-1594-4067-B0FC-230C64DB0BC4}
 
==================== One Month Modified Files and Folders =======
 
2013-11-24 22:29 - 2013-11-24 22:29 - 00000000 ____D C:\FRST
2013-11-24 18:45 - 2013-11-11 12:40 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1732697415-3453766218-494055121-1000UA.job
2013-11-24 18:42 - 2013-11-24 18:42 - 00002763 _____ C:\ProgramData\connector.swf
2013-11-24 18:42 - 2013-11-24 18:42 - 00002087 _____ C:\Users\god\AppData\Roaming\result1.db
2013-11-24 18:42 - 2009-07-13 20:45 - 00014016 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-24 18:42 - 2009-07-13 20:45 - 00014016 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-24 18:40 - 2012-07-17 17:05 - 01634889 _____ C:\Windows\WindowsUpdate.log
2013-11-24 18:38 - 2012-11-21 08:51 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-24 18:36 - 2013-04-04 06:49 - 00018396 _____ C:\Windows\setupact.log
2013-11-24 18:36 - 2009-07-13 21:08 - 00032552 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-24 18:36 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-24 18:34 - 2013-11-24 17:33 - 00968032 ____R C:\Users\god\AppData\Roaming\guard-rrdx.exe
2013-11-24 18:33 - 2013-11-24 18:33 - 00953818 _____ C:\Users\god\Downloads\devi-stotram-telugu.zip
2013-11-24 18:09 - 2012-11-21 08:51 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-24 17:42 - 2013-11-19 12:43 - 00000000 ___RD C:\Users\god\Google Drive
2013-11-24 14:39 - 2013-11-24 14:38 - 26303797 _____ C:\Users\god\Downloads\PdfToWordConverter_dldportals.EXE
2013-11-24 14:05 - 2012-09-07 09:30 - 00000920 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1732697415-3453766218-494055121-1000UA.job
2013-11-24 13:14 - 2013-11-24 13:14 - 00086869 _____ C:\Users\god\Downloads\Rudram (1).zip
2013-11-24 13:04 - 2013-11-24 13:03 - 00086869 _____ C:\Users\god\Downloads\Rudram.zip
2013-11-24 06:51 - 2012-08-30 10:24 - 00000000 ____D C:\Users\god\AppData\Roaming\Skype
2013-11-23 20:12 - 2013-11-04 11:57 - 00000069 _____ C:\Users\god\Desktop\suri ctc no.txt
2013-11-23 20:05 - 2012-09-07 09:30 - 00000898 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1732697415-3453766218-494055121-1000Core.job
2013-11-23 13:15 - 2012-07-18 03:42 - 00000000 ____D C:\Users\god\AppData\Roaming\uTorrent
2013-11-23 12:57 - 2013-11-11 12:40 - 00000848 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1732697415-3453766218-494055121-1000Core.job
2013-11-23 12:36 - 2012-07-17 22:50 - 00000000 ____D C:\Program Files (x86)\EgisTec BioExcess
2013-11-23 12:13 - 2013-11-23 08:31 - 00000000 ____D C:\Users\god\AppData\Roaming\Search Protection
2013-11-23 11:01 - 2009-07-13 21:13 - 00730320 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-23 08:45 - 2013-11-23 08:27 - 00000000 ____D C:\Users\god\Downloads\Masala (2013) Telugu Movie HD DVDScr XviD - Exclusive
2013-11-23 08:31 - 2013-11-23 08:31 - 00000847 _____ C:\Users\god\Desktop\µTorrent.lnk
2013-11-23 08:31 - 2012-07-18 03:43 - 00000000 ____D C:\Program Files (x86)\uTorrent
2013-11-23 08:26 - 2013-11-23 08:26 - 00062199 _____ C:\Users\god\Downloads\masala-2013-telugu-movie-hd-dvdscr-xvid-exclusive.torrent
2013-11-22 13:14 - 2013-11-06 14:27 - 00000000 ____D C:\Users\god\AppData\Local\CrashDumps
2013-11-22 12:13 - 2013-11-22 12:13 - 00000182 _____ C:\Users\god\Desktop\job 1.txt
2013-11-19 12:43 - 2013-11-19 12:43 - 00001691 _____ C:\Users\god\Desktop\Google Drive.lnk
2013-11-19 12:43 - 2012-07-17 04:40 - 00000000 ____D C:\users\god
2013-11-19 12:28 - 2013-11-19 12:28 - 00002004 _____ C:\Users\Public\Desktop\Google Slides.lnk
2013-11-19 12:28 - 2013-11-19 12:28 - 00002000 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2013-11-19 12:28 - 2013-11-19 12:28 - 00001988 _____ C:\Users\Public\Desktop\Google Docs.lnk
2013-11-19 12:28 - 2012-07-17 23:08 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-19 12:28 - 2012-07-17 05:24 - 00000000 ____D C:\Users\god\AppData\Local\Google
2013-11-19 12:25 - 2013-11-19 12:25 - 00819136 _____ (Google Inc.) C:\Users\god\Downloads\googledrivesync.exe
2013-11-19 09:09 - 2013-11-19 09:09 - 01392489 _____ C:\Users\god\Desktop\Rahi.zip
2013-11-14 11:54 - 2013-11-14 11:47 - 00000000 ____D C:\Users\god\Downloads\Potugadu (2013) Telugu Movie Orginal DVD-9 1CD rip Audio,Subs & Chaptes--[Team Rt]-- First on net[www.RipsTracker.com]
2013-11-14 11:46 - 2013-11-14 11:46 - 00016115 _____ C:\Users\god\Downloads\[TorrentDownloads.me]_Potugadu (2013) Telugu Movie Orginal DVD-9 1CD rip Audio,Subs &amp; Chaptes--[Team Rt]-- First on net[.torrent
2013-11-14 06:52 - 2013-11-01 14:53 - 00000000 ____D C:\Windows\System32\MRT
2013-11-14 06:45 - 2013-11-01 14:53 - 82896128 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-11-12 10:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-12 08:00 - 2013-11-12 07:54 - 00007276 _____ C:\Windows\IE11_main.log
2013-11-12 07:57 - 2013-11-12 07:57 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-12 07:57 - 2013-11-12 07:57 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-12 07:57 - 2013-11-12 07:57 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-11-12 07:57 - 2013-11-12 07:57 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-12 07:57 - 2013-11-12 07:57 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-12 07:57 - 2013-11-12 07:57 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00235008 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-12 07:57 - 2013-11-12 07:57 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-12 07:57 - 2013-11-12 07:57 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-12 07:57 - 2013-11-12 07:57 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-12 07:57 - 2013-11-12 07:57 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-12 07:57 - 2013-11-12 07:57 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-12 07:57 - 2013-11-12 07:57 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-12 07:57 - 2013-11-12 07:57 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-12 07:57 - 2013-11-12 07:57 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-12 07:56 - 2013-11-12 07:56 - 23212032 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 12995584 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 05765120 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 02764288 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-11-12 07:56 - 2013-11-12 07:56 - 02332160 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 01993728 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-11-12 07:56 - 2013-11-12 07:56 - 01394176 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 01228800 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00942592 _____ (Microsoft Corporation) C:\Windows\System32\jsIntl.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00774144 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00626176 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00616104 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-11-12 07:56 - 2013-11-12 07:56 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00453120 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00413696 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-11-12 07:56 - 2013-11-12 07:56 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00263376 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00247808 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00235520 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-11-12 07:56 - 2013-11-12 07:56 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-11-12 07:56 - 2013-11-12 07:56 - 00147968 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00143872 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-11-12 07:56 - 2013-11-12 07:56 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-11-12 07:56 - 2013-11-12 07:56 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00131072 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2013-11-12 07:56 - 2013-11-12 07:56 - 00105984 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00101376 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00090112 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-11-12 07:56 - 2013-11-12 07:56 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-11-12 07:56 - 2013-11-12 07:56 - 00084992 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-11-12 07:56 - 2013-11-12 07:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00048128 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00040448 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-11-12 07:56 - 2013-11-12 07:56 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-11-12 07:56 - 2013-11-12 07:56 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-11-12 07:56 - 2013-11-12 07:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2013-11-11 15:20 - 2013-11-11 12:37 - 00000043 _____ C:\Users\god\Desktop\pss.txt
2013-11-11 12:41 - 2012-07-18 03:43 - 00000000 ____D C:\Users\god\AppData\Roaming\Mozilla
2013-11-11 12:40 - 2013-11-11 12:40 - 00003866 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1732697415-3453766218-494055121-1000UA
2013-11-11 12:40 - 2013-11-11 12:40 - 00003470 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1732697415-3453766218-494055121-1000Core
2013-11-11 12:38 - 2013-11-11 12:37 - 00819160 _____ (Google Inc.) C:\Users\god\Downloads\GoogleVoiceAndVideoSetup.exe
2013-11-10 19:06 - 2013-04-04 06:49 - 00153610 _____ C:\Windows\PFRO.log
2013-11-07 19:59 - 2012-07-17 21:57 - 00000000 ____D C:\Users\god\AppData\Roaming\vlc
2013-11-05 11:41 - 2012-07-17 04:44 - 00000000 ____D C:\Users\god\AppData\Local\Microsoft Help
2013-11-03 09:05 - 2013-11-03 09:05 - 03733780 _____ C:\Users\god\Downloads\part2.zip
2013-11-03 09:05 - 2013-11-03 09:04 - 05108848 _____ C:\Users\god\Downloads\part1.zip
2013-11-02 08:40 - 2013-11-02 08:40 - 00654424 _____ C:\Users\god\Downloads\phonecontacts.zip
2013-11-01 15:02 - 2013-09-01 07:15 - 00000000 ____D C:\ProgramData\AVAST Software
2013-11-01 14:45 - 2013-11-01 14:45 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2013-11-01 14:44 - 2013-11-01 14:39 - 00000000 ____D C:\ProgramData\Norton
2013-11-01 14:43 - 2013-11-01 14:43 - 00003206 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-11-01 14:42 - 2013-11-01 14:42 - 00177752 _____ (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2013-11-01 14:42 - 2013-11-01 14:42 - 00008222 _____ C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2013-11-01 14:42 - 2013-11-01 14:42 - 00002351 _____ C:\Users\Public\Desktop\Norton 360.lnk
2013-11-01 14:42 - 2013-11-01 14:42 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-11-01 14:40 - 2013-11-01 14:40 - 00000000 ____D C:\Windows\System32\Drivers\N360x64
2013-11-01 14:40 - 2013-11-01 14:39 - 00000000 ____D C:\Program Files (x86)\Norton 360
2013-11-01 14:38 - 2013-11-01 14:33 - 231648632 ____N (Symantec Corporation) C:\Users\god\Downloads\N360_21.1.0.18_SYMTB_TMD_MRFTT_821_10132.exe
2013-11-01 14:29 - 2013-11-01 14:29 - 00003148 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-10-31 09:54 - 2013-10-31 09:54 - 00000060 _____ C:\Users\god\Documents\radhi.txt
2013-10-30 14:18 - 2013-10-30 14:18 - 00001464 _____ C:\Users\god\Desktop\Illustrator - Shortcut.lnk
2013-10-30 14:15 - 2013-10-30 14:15 - 00001419 _____ C:\Users\god\Desktop\Portable Photoshop CS5 - Shortcut.lnk
2013-10-30 14:14 - 2012-07-17 04:40 - 00000000 ____D C:\Users\god\AppData\Local\VirtualStore
2013-10-26 05:45 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-10-26 05:42 - 2009-07-13 20:45 - 00416024 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-26 05:35 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-10-26 05:35 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-10-26 05:34 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-10-26 05:34 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-10-26 05:34 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-10-26 05:34 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-10-26 05:33 - 2009-07-13 23:46 - 00000000 ____D C:\Program Files\Windows Journal
2013-10-25 19:51 - 2013-10-25 19:39 - 00008877 _____ C:\Windows\IE10_main.log
2013-10-25 19:43 - 2013-10-25 19:43 - 03928064 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 02776576 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 02565120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 01682432 _____ (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 01238528 _____ (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 01175552 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00648192 _____ (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00522752 _____ (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00363008 _____ (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00333312 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00245248 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00221184 _____ (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00194560 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00010752 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00009728 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-10-25 19:43 - 2013-10-25 19:43 - 00002560 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-10-25 12:54 - 2012-07-17 21:56 - 00001026 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-10-25 09:31 - 2009-07-13 23:46 - 00000000 ____D C:\Windows\BitLockerDiscoveryVolumeContents
2013-10-25 09:31 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-10-25 09:31 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-10-25 09:31 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-10-25 09:31 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-10-25 09:31 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-10-25 09:31 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2013-10-25 09:31 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-10-25 09:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\sppui
2013-10-25 09:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2013-10-25 09:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2013-10-25 09:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-10-25 09:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore
2013-10-25 09:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2013-10-25 09:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2013-10-25 09:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2013-10-25 09:31 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-10-25 09:30 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sppui
2013-10-25 09:30 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Setup
2013-10-25 09:30 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\oobe
2013-10-25 09:30 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\migwiz
2013-10-25 09:30 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\manifeststore
2013-10-25 09:30 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Dism
2013-10-25 09:30 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\AdvancedInstallers
2013-10-25 08:05 - 2009-07-13 18:36 - 00175616 _____ (Microsoft Corporation) C:\Windows\System32\msclmd.dll
2013-10-25 08:05 - 2009-07-13 18:36 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2013-10-25 07:23 - 2013-10-25 07:23 - 00000000 ____D C:\Windows\System32\SPReview
2013-10-25 07:21 - 2013-10-25 07:21 - 00000000 ____D C:\Windows\System32\EventProviders
2013-10-25 06:44 - 2013-10-25 06:44 - 00003110 _____ C:\Windows\System32\Tasks\{C7904F50-1594-4067-B0FC-230C64DB0BC4}
 
Some content of TEMP:
====================
C:\Users\god\AppData\Local\Temp\utt2C97.tmp.exe
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
5
Restore point made on: 2013-11-01 10:26:59
Restore point made on: 2013-11-01 14:27:22
Restore point made on: 2013-11-01 14:52:45
Restore point made on: 2013-11-12 07:53:34
Restore point made on: 2013-11-14 06:43:11
 
==================== Memory info =========================== 
 
Percentage of memory in use: 26%
Total physical RAM: 1962.14 MB
Available physical RAM: 1437.41 MB
Total Pagefile: 1962.14 MB
Available Pagefile: 1437.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:97.56 GB) (Free:58.71 GB) NTFS
Drive e: () (Fixed) (Total:146.48 GB) (Free:134.02 GB) NTFS
Drive f: () (Fixed) (Total:221.52 GB) (Free:138.3 GB) NTFS
Drive h: () (Removable) (Total:3.72 GB) (Free:1.95 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 2718A53A)
Partition 1: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=222 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)
 
 
LastRegBack: 2013-10-02 09:02
 
==================== End Of Log ============================


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:26 AM

Posted 26 November 2013 - 01:09 AM


Hello supernova6743

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

 
HKU\god\...\Run: [SearchProtection] - C:\Users\god\AppData\Roaming\Search Protection\SearchProtection.exe [832360 2013-09-03] (Spigot, Inc.)
HKU\god\...\Winlogon: [Shell] C:\Users\god\AppData\Roaming\guard-rrdx.exe [968032 2013-11-24] () <==== ATTENTION
HKU\Guest\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION
C:\Users\god\AppData\Roaming\guard-rrdx.exe
S2 Web Assistant; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [188760 2013-06-30] ()
2013-11-24 18:33 - 2013-11-24 18:33 - 00953818 _____ C:\Users\god\Downloads\devi-stotram-telugu.zip 
C:\Users\god\AppData\Local\Temp\utt2C97.tmp.exe 


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST again like we did before but this time press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Also boot the computer into normal mode and let me know how things are looking.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 supernova6743

supernova6743
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 26 November 2013 - 09:13 AM

Hi Gringo,

 

I rebooted and it started up fine.  If everything is okay in the fixlog I thank you for your help.  Here is my Fixlog.txt file:

 

 

==============================================
 
Content of fixlist:
*****************
HKU\god\...\Run: [SearchProtection] - C:\Users\god\AppData\Roaming\Search Protection\SearchProtection.exe [832360 2013-09-03] (Spigot, Inc.)
HKU\god\...\Winlogon: [Shell] C:\Users\god\AppData\Roaming\guard-rrdx.exe [968032 2013-11-24] () <==== ATTENTION
HKU\Guest\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION
C:\Users\god\AppData\Roaming\guard-rrdx.exe
S2 Web Assistant; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [188760 2013-06-30] ()
2013-11-24 18:33 - 2013-11-24 18:33 - 00953818 _____ C:\Users\god\Downloads\devi-stotram-telugu.zip 
C:\Users\god\AppData\Local\Temp\utt2C97.tmp.exe 
 
*****************
 
HKU\god\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtection => Value deleted successfully.
HKU\god\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\Guest\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\god\AppData\Roaming\guard-rrdx.exe => Moved successfully.
Web Assistant => Service deleted successfully.
C:\Users\god\Downloads\devi-stotram-telugu.zip  => Moved successfully.
C:\Users\god\AppData\Local\Temp\utt2C97.tmp.exe  => Moved successfully.
 
==== End of Fixlog ====


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:26 AM

Posted 26 November 2013 - 12:44 PM



Hello supernova6743

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 supernova6743

supernova6743
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 26 November 2013 - 03:09 PM

Hi,

 

Here is the text of the AdwCleaner File:

 

 

***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\FilesFrog Update Checker
Folder Deleted : C:\Program Files (x86)\uTorrentControl2
Folder Deleted : C:\Program Files\Web Assistant
Folder Deleted : C:\Users\god\AppData\Local\Conduit
Folder Deleted : C:\Users\god\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\god\AppData\LocalLow\incredibar.com
Folder Deleted : C:\Users\god\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\god\AppData\LocalLow\uTorrentControl2
Folder Deleted : C:\Users\god\AppData\Roaming\Search Protection
Folder Deleted : C:\Users\god\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
Folder Deleted : C:\Users\god\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Folder Deleted : C:\Users\god\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
File Deleted : C:\Program Files (x86)\Mozilla Firefox\user.js
File Deleted : C:\Users\god\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted : C:\Users\god\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Deleted : C:\Users\god\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage
File Deleted : C:\Users\god\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage-journal
File Deleted : C:\Users\god\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage
File Deleted : C:\Users\god\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage-journal
File Deleted : C:\Users\god\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage
File Deleted : C:\Users\god\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage-journal
File Deleted : C:\Users\god\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\god\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\Users\god\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage
File Deleted : C:\Users\god\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SDP]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E8A3FEEB-7815-410B-910B-7617038B757E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{08E10C8D-88B4-4EB2-AB97-221FACC5DCBF}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Somoto
Key Deleted : HKCU\Software\uTorrentControl2
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl2
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Web Assistant
Key Deleted : HKLM\Software\uTorrentControl2
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\Web Assistant
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Google Chrome v31.0.1650.57
 
[ File : C:\Users\god\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [11414 octets] - [26/11/2013 14:35:06]
AdwCleaner[S0].txt - [10881 octets] - [26/11/2013 14:39:48]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10942 octets] ##########
 
 
Here is the text of the JRT file:
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1732697415-3453766218-494055121-1000\Software\web assistant
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{97BB8FAA-10CF-479E-9697-6DEBBF27BBA4}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\god\appdata\local\cre"
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\god\appdata\local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 11/26/2013 at 15:01:51.32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:26 AM

Posted 26 November 2013 - 08:18 PM


Hello supernova6743

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 supernova6743

supernova6743
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 26 November 2013 - 09:10 PM

Hi,

 

I disabled norton 360 (antivirus auto-protect) as well as smart firewall in my notification area icons but it is still running in my processes tab on windows task manager and ComboFix pops up a warning window saying it detects norton 360 to be active.  I'm not able to end process in task manager either. Can I continue to run it?


Edited by supernova6743, 26 November 2013 - 09:25 PM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:26 AM

Posted 26 November 2013 - 09:45 PM

Yes go ahead and continue

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 supernova6743

supernova6743
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 26 November 2013 - 10:12 PM

ComboFix is stuck at completed stage 4 for the past 20 minutes.  Is this normal and how long should I wait?



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:26 AM

Posted 26 November 2013 - 10:19 PM

wait about another ten minutes and if it has not moved then go ahead and stop it and let me know


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 supernova6743

supernova6743
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 26 November 2013 - 11:21 PM

I didn't have any other problems that I noticed.  Here the Log from ComboFix:

 

 

ComboFix 13-11-23.02 - god 11/26/2013  21:55:13.1.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.1962.480 [GMT -5:00]
Running from: c:\users\god\Downloads\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\basha.t
c:\users\god\AppData\Local\Temp\_MEI25923\_ctypes.pyd
c:\users\god\AppData\Local\Temp\_MEI25923\_elementtree.pyd
c:\users\god\AppData\Local\Temp\_MEI25923\_hashlib.pyd
c:\users\god\AppData\Local\Temp\_MEI25923\_multiprocessing.pyd
c:\users\god\AppData\Local\Temp\_MEI25923\_socket.pyd
c:\users\god\AppData\Local\Temp\_MEI25923\_ssl.pyd
c:\users\god\AppData\Local\Temp\_MEI25923\msvcp100.dll
c:\users\god\AppData\Local\Temp\_MEI25923\msvcr100.dll
c:\users\god\AppData\Local\Temp\_MEI25923\pyexpat.pyd
c:\users\god\AppData\Local\Temp\_MEI25923\pysqlite2._sqlite.pyd
c:\users\god\AppData\Local\Temp\_MEI25923\python27.dll
c:\users\god\AppData\Local\Temp\_MEI25923\pythoncom27.dll
c:\users\god\AppData\Local\Temp\_MEI25923\PyWinTypes27.dll
c:\users\god\AppData\Local\Temp\_MEI25923\select.pyd
c:\users\god\AppData\Local\Temp\_MEI25923\unicodedata.pyd
c:\users\god\AppData\Local\Temp\_MEI25923\win32api.pyd
c:\users\god\AppData\Local\Temp\_MEI25923\win32com.shell.shell.pyd
c:\users\god\AppData\Local\Temp\_MEI25923\win32crypt.pyd
c:\users\god\AppData\Local\Temp\_MEI25923\win32event.pyd
c:\users\god\AppData\Local\Temp\_MEI25923\win32file.pyd
c:\users\god\AppData\Local\Temp\_MEI25923\win32inet.pyd
c:\users\god\AppData\Local\Temp\_MEI25923\win32pdh.pyd
c:\users\god\AppData\Local\Temp\_MEI25923\win32process.pyd
c:\users\god\AppData\Local\Temp\_MEI25923\win32profile.pyd
c:\users\god\AppData\Local\Temp\_MEI25923\win32security.pyd
c:\users\god\AppData\Local\Temp\_MEI25923\win32ts.pyd
c:\users\god\AppData\Local\Temp\_MEI25923\windows._cacheinvalidation.pyd
c:\users\god\AppData\Local\Temp\_MEI25923\wx._controls_.pyd
c:\users\god\AppData\Local\Temp\_MEI25923\wx._core_.pyd
c:\users\god\AppData\Local\Temp\_MEI25923\wx._gdi_.pyd
c:\users\god\AppData\Local\Temp\_MEI25923\wx._html2.pyd
c:\users\god\AppData\Local\Temp\_MEI25923\wx._misc_.pyd
c:\users\god\AppData\Local\Temp\_MEI25923\wx._windows_.pyd
c:\users\god\AppData\Local\Temp\_MEI25923\wx._wizard.pyd
c:\users\god\AppData\Local\Temp\_MEI25923\wxbase294u_net_vc90.dll
c:\users\god\AppData\Local\Temp\_MEI25923\wxbase294u_vc90.dll
c:\users\god\AppData\Local\Temp\_MEI25923\wxmsw294u_adv_vc90.dll
c:\users\god\AppData\Local\Temp\_MEI25923\wxmsw294u_core_vc90.dll
c:\users\god\AppData\Local\Temp\_MEI25923\wxmsw294u_html_vc90.dll
c:\users\god\AppData\Local\Temp\_MEI25923\wxmsw294u_webview_vc90.dll
c:\windows\Downloaded Program Files\htmlmask
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\common\build.htc
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\common\cbo.htc
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\common\checkbox.htc
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\common\editablecbo.htc
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\common\labels.htc
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\common\radiobtn.htc
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\common\style.css
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\common\textbox.htc
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\currencyconversion\chsresource.ini
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\currencyconversion\chtresource.ini
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\currencyconversion\currencyconversion_mask.html
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\currencyconversion\currencyconversion_mask.js
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\currencyconversion\en1resource.ini
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\currencyconversion\rusresource.ini
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\fare\chsresource.ini
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\fare\chtresource.ini
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\fare\en1resource.ini
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\fare\fare_mask.html
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\fare\fare_mask.js
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\fare\fare_morecarrier_mask.html
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\fare\fare_morecarrier_mask.js
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\fare\rusresource.ini
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\help\help_easyprice.html
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\itinerarypricing\chsresource.ini
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\itinerarypricing\chtresource.ini
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\itinerarypricing\en1resource.ini
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\itinerarypricing\itinerarypricing_mask.html
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\itinerarypricing\itinerarypricing_mask.js
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\itinerarypricing\nextpricing_mask.html
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\itinerarypricing\nextpricing_mask.js
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\itinerarypricing\rusresource.ini
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\mileage\addcitypair_mask.html
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\mileage\addcitypair_mask.js
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\mileage\chsresource.ini
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\mileage\chtresource.ini
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\mileage\en1resource.ini
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\mileage\mileage_mask.html
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\mileage\mileage_mask.js
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\mileage\rusresource.ini
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\nopnrpricing\chsresource.ini
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\nopnrpricing\chtresource.ini
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\nopnrpricing\en1resource.ini
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\nopnrpricing\nopnr_addcitypair_mask.html
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\nopnrpricing\nopnr_addcitypair_mask.js
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\nopnrpricing\nopnrpricing_mask.html
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\nopnrpricing\nopnrpricing_mask.js
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\nopnrpricing\rusresource.ini
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\tax\chsresource.ini
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\tax\chtresource.ini
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\tax\en1resource.ini
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\tax\rusresource.ini
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\tax\tax_mask.html
c:\windows\Downloaded Program Files\htmlmask\abwhiz\easyprice\tax\tax_mask.js
c:\windows\Downloaded Program Files\MDR
c:\windows\Downloaded Program Files\MDR\AIRAALSADAVAIL.05
c:\windows\Downloaded Program Files\MDR\SDSAIRSELLRESP.01
C:\Zv
c:\zv\OUTBOX2\2FD4C7C1D0FF9AB5BCAE3ADA32455A2A.EXE.gz
c:\zv\OUTBOX2\AUTORUN.EXE.zzz.gz
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-27 to 2013-11-27  )))))))))))))))))))))))))))))))
.
.
2013-11-27 03:59 . 2013-11-27 03:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-26 19:51 . 2013-11-26 19:51 -------- d-----w- c:\windows\ERUNT
2013-11-26 19:34 . 2013-11-26 19:40 -------- d-----w- C:\AdwCleaner
2013-11-25 06:29 . 2013-11-25 06:29 -------- d-----w- C:\FRST
2013-11-19 20:43 . 2013-11-27 02:03 -------- d-----r- c:\users\god\Google Drive
2013-11-13 19:04 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-11-13 19:04 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-11-12 16:00 . 2013-10-14 23:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-11-12 15:56 . 2013-11-12 15:56 977408 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-11-06 22:27 . 2013-11-27 02:09 -------- d-----w- c:\users\god\AppData\Local\CrashDumps
2013-11-05 17:09 . 2013-11-05 17:09 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2013-11-01 22:53 . 2013-11-14 14:52 -------- d-----w- c:\windows\system32\MRT
2013-11-01 22:42 . 2013-11-01 22:42 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-11-01 22:42 . 2013-11-01 22:42 -------- d-----w- c:\program files\Common Files\Symantec Shared
2013-11-01 22:40 . 2013-11-01 22:40 -------- d-----w- c:\windows\system32\drivers\N360x64
2013-11-01 22:39 . 2013-11-01 22:40 -------- d-----w- c:\program files (x86)\Norton 360
2013-11-01 22:39 . 2013-11-01 22:44 -------- d-----w- c:\programdata\Norton
2013-11-01 22:39 . 2013-11-01 22:39 -------- d-----w- c:\program files (x86)\NortonInstaller
2013-11-01 22:28 . 2013-11-01 22:28 -------- d-s---w- c:\windows\SysWow64\Microsoft
2013-11-01 18:27 . 2013-10-16 05:20 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7D0734AD-AC98-4E39-A617-189ACED2F93E}\mpengine.dll
2013-11-01 13:30 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-01 13:30 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-01 13:30 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-01 13:30 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-11-01 13:30 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-01 13:30 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-01 13:30 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-26 03:43 . 2013-10-26 03:43 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-26 03:43 . 2013-10-26 03:43 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-26 03:43 . 2013-10-26 03:43 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-10-26 03:43 . 2013-10-26 03:43 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-10-26 03:43 . 2013-10-26 03:43 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-10-26 03:43 . 2013-10-26 03:43 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-10-26 03:43 . 2013-10-26 03:43 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-10-26 03:43 . 2013-10-26 03:43 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-10-26 03:43 . 2013-10-26 03:43 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-10-26 03:43 . 2013-10-26 03:43 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-10-26 03:43 . 2013-10-26 03:43 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-10-26 03:43 . 2013-10-26 03:43 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-10-26 03:43 . 2013-10-26 03:43 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-10-26 03:43 . 2013-10-26 03:43 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-10-26 03:43 . 2013-10-26 03:43 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-10-26 03:43 . 2013-10-26 03:43 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-10-26 03:43 . 2013-10-26 03:43 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-10-26 03:43 . 2013-10-26 03:43 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-10-26 03:43 . 2013-10-26 03:43 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-10-26 03:43 . 2013-10-26 03:43 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-10-26 03:43 . 2013-10-26 03:43 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-10-26 03:43 . 2013-10-26 03:43 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-10-26 03:43 . 2013-10-26 03:43 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-10-26 03:43 . 2013-10-26 03:43 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-10-26 03:43 . 2013-10-26 03:43 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-10-26 03:43 . 2013-10-26 03:43 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-10-26 03:43 . 2013-10-26 03:43 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-10-26 03:43 . 2013-10-26 03:43 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-10-26 03:43 . 2013-10-26 03:43 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-10-26 03:43 . 2013-10-26 03:43 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-10-26 03:43 . 2013-10-26 03:43 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-10-26 03:43 . 2013-10-26 03:43 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-10-26 03:43 . 2013-10-26 03:43 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-10-26 03:43 . 2013-10-26 03:43 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-10-26 03:43 . 2013-10-26 03:43 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-10-26 03:43 . 2013-10-26 03:43 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-10-26 03:43 . 2013-10-26 03:43 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-10-26 03:43 . 2013-10-26 03:43 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-10-26 03:43 . 2013-10-26 03:43 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-10-26 03:43 . 2013-10-26 03:43 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-10-26 03:43 . 2013-10-26 03:43 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-10-26 03:43 . 2013-10-26 03:43 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-10-26 03:43 . 2013-10-26 03:43 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-10-26 03:43 . 2013-10-26 03:43 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-10-26 03:43 . 2013-10-26 03:43 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-10-26 03:43 . 2013-10-26 03:43 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-10-26 03:43 . 2013-10-26 03:43 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-10-26 03:43 . 2013-10-26 03:43 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-10-26 03:43 . 2013-10-26 03:43 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-10-25 16:05 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-10-25 16:05 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-09-08 02:30 . 2013-10-25 21:15 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-25 21:15 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-25 21:15 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-09-03 18:35 . 2012-07-18 11:27 278800 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\god\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-07 138096]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-09-25 20133824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroFilterCheck"="c:\windows\SysWOW64\NeroCheck.exe" [2001-07-09 155648]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-11-05 407920]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-11-05 202096]
"VitaKeyTSR"="c:\program files (x86)\EgisTec BioExcess\EgisTSR.exe" [2010-12-13 383344]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-7-18 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1501000.012\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1501000.012\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20131114.001\BHDrvx64.sys;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20131114.001\BHDrvx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20131125.001\IDSvia64.sys;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20131125.001\IDSvia64.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\1501000.012\SYMNETS.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\SYMNETS.SYS [x]
S2 EgisTec Service;EgisTec Service;c:\program files (x86)\EgisTec BioExcess\EgisService.exe;c:\program files (x86)\EgisTec BioExcess\EgisService.exe [x]
S2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys;c:\windows\SYSNATIVE\Drivers\FPSensor.sys [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\21.1.0.18\N360.exe;c:\program files (x86)\Norton 360\Engine\21.1.0.18\N360.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\Drivers\S6000KNT.sys;c:\windows\SYSNATIVE\Drivers\S6000KNT.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-15 15:10 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1732697415-3453766218-494055121-1000Core.job
- c:\users\god\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-07 17:30]
.
2013-11-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1732697415-3453766218-494055121-1000UA.job
- c:\users\god\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-07 17:30]
.
2013-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-21 16:51]
.
2013-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-21 16:51]
.
2013-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1732697415-3453766218-494055121-1000Core.job
- c:\users\god\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-11 20:39]
.
2013-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1732697415-3453766218-494055121-1000UA.job
- c:\users\god\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-11 20:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-09-25 22:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 22:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-09-25 22:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-09-25 22:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-09-25 22:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-20 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-20 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-20 418328]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.yahoo.com/?type=714647&fr=spigot-yhp-ie
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
DPF: {0DFE990E-4497-4F4D-84A9-6E831AF7EEAD} - hxxps://aaol.abacus.com.sg/v1/HtmlMask.cab
DPF: {2C39C191-7390-4ABF-AE00-294E61F39CF9} - hxxps://aaol.abacus.com.sg/v1/KPMain.3.cab
DPF: {CDE3CA69-293C-4B4C-AB3B-BAAED5197238} - hxxps://aaol.abacus.com.sg/v1/KPOrion.cab
DPF: {DB3DAEA1-61A8-4D32-A957-095DB3C3363D} - hxxps://aaol.abacus.com.sg/v1/KPMain.1.cab
DPF: {EB350776-AF8A-45DB-89B6-286FA22B25A7} - hxxps://aaol.abacus.com.sg/v1/DIX.cab
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-S6000Mnt - S6000Rmv.dll
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Search Protection - c:\users\god\AppData\Roaming\Search Protection\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\21.1.0.18\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\21.1.0.18\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\system32\drivers\N360x64\1501000.012\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton 360\Engine\21.1.0.18;c:\program files (x86)\Norton 360\Engine64\21.1.0.18"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
.
**************************************************************************
.
Completion time: 2013-11-26  23:07:50 - machine was rebooted
ComboFix-quarantined-files.txt  2013-11-27 04:07
.
Pre-Run: 69,594,796,032 bytes free
Post-Run: 69,397,405,696 bytes free
.
- - End Of File - - 266F2027F257C64F918A32C54599369C
A36C5E4F47E84449FF07ED3517B43A31


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:26 AM

Posted 27 November 2013 - 01:16 AM

+
Hello supernova6743

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

DDS::
uStart Page = hxxp://search.yahoo.com/?type=714647&fr=spigot-yhp-ie

 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 supernova6743

supernova6743
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 27 November 2013 - 09:42 AM

Hi,

 

There were no problems with running ComboFix (just a ComboFix Update).  The computer is running well.  No noticeable problems.  Here is the report from ComboFix:

 

 

ComboFix 13-11-27.01 - god 11/27/2013   9:20.2.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.1962.890 [GMT -5:00]
Running from: c:\users\god\Downloads\ComboFix.exe
Command switches used :: c:\users\god\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-27 to 2013-11-27  )))))))))))))))))))))))))))))))
.
.
2013-11-27 14:31 . 2013-11-27 14:31 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-11-27 14:31 . 2013-11-27 14:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-26 19:51 . 2013-11-26 19:51 -------- d-----w- c:\windows\ERUNT
2013-11-26 19:34 . 2013-11-26 19:40 -------- d-----w- C:\AdwCleaner
2013-11-25 06:29 . 2013-11-25 06:29 -------- d-----w- C:\FRST
2013-11-19 20:43 . 2013-11-27 02:03 -------- d-----r- c:\users\god\Google Drive
2013-11-13 19:04 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-11-13 19:04 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-11-12 16:00 . 2013-10-14 23:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-11-12 15:56 . 2013-11-12 15:56 977408 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-11-06 22:27 . 2013-11-27 02:09 -------- d-----w- c:\users\god\AppData\Local\CrashDumps
2013-11-05 17:09 . 2013-11-05 17:09 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2013-11-01 22:53 . 2013-11-14 14:52 -------- d-----w- c:\windows\system32\MRT
2013-11-01 22:42 . 2013-11-01 22:42 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-11-01 22:42 . 2013-11-01 22:42 -------- d-----w- c:\program files\Common Files\Symantec Shared
2013-11-01 22:40 . 2013-11-01 22:40 -------- d-----w- c:\windows\system32\drivers\N360x64
2013-11-01 22:39 . 2013-11-01 22:40 -------- d-----w- c:\program files (x86)\Norton 360
2013-11-01 22:39 . 2013-11-01 22:44 -------- d-----w- c:\programdata\Norton
2013-11-01 22:39 . 2013-11-01 22:39 -------- d-----w- c:\program files (x86)\NortonInstaller
2013-11-01 22:28 . 2013-11-01 22:28 -------- d-s---w- c:\windows\SysWow64\Microsoft
2013-11-01 18:27 . 2013-10-16 05:20 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7D0734AD-AC98-4E39-A617-189ACED2F93E}\mpengine.dll
2013-11-01 13:30 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-01 13:30 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-01 13:30 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-01 13:30 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-11-01 13:30 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-01 13:30 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-01 13:30 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-26 03:43 . 2013-10-26 03:43 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-26 03:43 . 2013-10-26 03:43 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-26 03:43 . 2013-10-26 03:43 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-10-26 03:43 . 2013-10-26 03:43 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-10-26 03:43 . 2013-10-26 03:43 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-10-26 03:43 . 2013-10-26 03:43 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-10-26 03:43 . 2013-10-26 03:43 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-10-26 03:43 . 2013-10-26 03:43 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-10-26 03:43 . 2013-10-26 03:43 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-10-26 03:43 . 2013-10-26 03:43 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-10-26 03:43 . 2013-10-26 03:43 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-10-26 03:43 . 2013-10-26 03:43 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-10-26 03:43 . 2013-10-26 03:43 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-10-26 03:43 . 2013-10-26 03:43 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-10-26 03:43 . 2013-10-26 03:43 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-10-26 03:43 . 2013-10-26 03:43 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-10-26 03:43 . 2013-10-26 03:43 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-10-26 03:43 . 2013-10-26 03:43 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-10-26 03:43 . 2013-10-26 03:43 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-10-26 03:43 . 2013-10-26 03:43 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-10-26 03:43 . 2013-10-26 03:43 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-10-26 03:43 . 2013-10-26 03:43 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-10-26 03:43 . 2013-10-26 03:43 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-10-26 03:43 . 2013-10-26 03:43 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-10-26 03:43 . 2013-10-26 03:43 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-10-26 03:43 . 2013-10-26 03:43 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-10-26 03:43 . 2013-10-26 03:43 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-10-26 03:43 . 2013-10-26 03:43 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-10-26 03:43 . 2013-10-26 03:43 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-10-26 03:43 . 2013-10-26 03:43 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-10-26 03:43 . 2013-10-26 03:43 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-10-26 03:43 . 2013-10-26 03:43 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-10-26 03:43 . 2013-10-26 03:43 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-10-26 03:43 . 2013-10-26 03:43 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-10-26 03:43 . 2013-10-26 03:43 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-10-26 03:43 . 2013-10-26 03:43 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-10-26 03:43 . 2013-10-26 03:43 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-10-26 03:43 . 2013-10-26 03:43 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-10-26 03:43 . 2013-10-26 03:43 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-10-26 03:43 . 2013-10-26 03:43 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-10-26 03:43 . 2013-10-26 03:43 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-10-26 03:43 . 2013-10-26 03:43 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-10-26 03:43 . 2013-10-26 03:43 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-10-26 03:43 . 2013-10-26 03:43 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-10-26 03:43 . 2013-10-26 03:43 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-10-26 03:43 . 2013-10-26 03:43 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-10-26 03:43 . 2013-10-26 03:43 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-10-26 03:43 . 2013-10-26 03:43 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-10-26 03:43 . 2013-10-26 03:43 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-10-25 16:05 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-10-25 16:05 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-09-08 02:30 . 2013-10-25 21:15 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-25 21:15 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-25 21:15 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-09-03 18:35 . 2012-07-18 11:27 278800 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\god\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-07 138096]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-09-25 20133824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroFilterCheck"="c:\windows\SysWOW64\NeroCheck.exe" [2001-07-09 155648]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-11-05 407920]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-11-05 202096]
"VitaKeyTSR"="c:\program files (x86)\EgisTec BioExcess\EgisTSR.exe" [2010-12-13 383344]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-7-18 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1501000.012\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1501000.012\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20131114.001\BHDrvx64.sys;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20131114.001\BHDrvx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20131125.001\IDSvia64.sys;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20131125.001\IDSvia64.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\1501000.012\SYMNETS.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\SYMNETS.SYS [x]
S2 EgisTec Service;EgisTec Service;c:\program files (x86)\EgisTec BioExcess\EgisService.exe;c:\program files (x86)\EgisTec BioExcess\EgisService.exe [x]
S2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys;c:\windows\SYSNATIVE\Drivers\FPSensor.sys [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\21.1.0.18\N360.exe;c:\program files (x86)\Norton 360\Engine\21.1.0.18\N360.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\Drivers\S6000KNT.sys;c:\windows\SYSNATIVE\Drivers\S6000KNT.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-15 15:10 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1732697415-3453766218-494055121-1000Core.job
- c:\users\god\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-07 17:30]
.
2013-11-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1732697415-3453766218-494055121-1000UA.job
- c:\users\god\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-07 17:30]
.
2013-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-21 16:51]
.
2013-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-21 16:51]
.
2013-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1732697415-3453766218-494055121-1000Core.job
- c:\users\god\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-11 20:39]
.
2013-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1732697415-3453766218-494055121-1000UA.job
- c:\users\god\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-11 20:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-09-25 22:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 22:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-09-25 22:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-09-25 22:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-09-25 22:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-20 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-20 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-20 418328]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
DPF: {0DFE990E-4497-4F4D-84A9-6E831AF7EEAD} - hxxps://aaol.abacus.com.sg/v1/HtmlMask.cab
DPF: {2C39C191-7390-4ABF-AE00-294E61F39CF9} - hxxps://aaol.abacus.com.sg/v1/KPMain.3.cab
DPF: {CDE3CA69-293C-4B4C-AB3B-BAAED5197238} - hxxps://aaol.abacus.com.sg/v1/KPOrion.cab
DPF: {DB3DAEA1-61A8-4D32-A957-095DB3C3363D} - hxxps://aaol.abacus.com.sg/v1/KPMain.1.cab
DPF: {EB350776-AF8A-45DB-89B6-286FA22B25A7} - hxxps://aaol.abacus.com.sg/v1/DIX.cab
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\21.1.0.18\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\21.1.0.18\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\system32\drivers\N360x64\1501000.012\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton 360\Engine\21.1.0.18;c:\program files (x86)\Norton 360\Engine64\21.1.0.18"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-27  09:36:25
ComboFix-quarantined-files.txt  2013-11-27 14:36
ComboFix2.txt  2013-11-27 04:07
.
Pre-Run: 69,458,264,064 bytes free
Post-Run: 69,145,575,424 bytes free
.
- - End Of File - - 9E68378809667DD0CDF65242518C8ED9
A36C5E4F47E84449FF07ED3517B43A31


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:26 AM

Posted 27 November 2013 - 09:04 PM


Hello supernova6743

I would like to see a report that combofix makes.

extra combofix report
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok
copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 supernova6743

supernova6743
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 27 November 2013 - 10:13 PM

Report

 

µTorrent
Adobe Flash Player 11 ActiveX
Adobe Photoshop 7.0
Adobe Reader XI (11.0.05)
airtel
Atheros Client Installation Program
BioExcess
EgisTec ES603 WDM Driver
ES603 WDM Driver
Facebook Video Calling 1.2.0.287
Google Chrome
Google Drive
Google Talk Plugin
Google Update Helper
Intel® Processor Graphics
Lenovo EasyCamera
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MP3 Cutter Plus 1.0
Nero 7 Demo
Norton 360
Picasa 3
Realtek PC Camera
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Skype™ 6.5
The KMPlayer (remove only)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
VLC media player 2.0.8

Edited by supernova6743, 27 November 2013 - 10:13 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users