Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

w64.viknok.b!inf cryptbase.dll infection


  • This topic is locked This topic is locked
9 replies to this topic

#1 srockwell1207

srockwell1207

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 07 September 2014 - 09:50 PM

Norton 360 reports w64.viknok.b!inf infection on the cryptbase.dll file

 

anti malware bytes and super anti spyware both come up clean

 

Please help. I have tried running DDS but the program runs and doesn't show report.

 

Running Windows 7 



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:22 AM

Posted 08 September 2014 - 12:09 AM

Hello,

 

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

 

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 srockwell1207

srockwell1207
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 08 September 2014 - 05:46 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by Aaron&Mandy (administrator) on TOUCHSMART610 on 08-09-2014 17:39:42
Running from C:\Users\Aaron&Mandy\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\n360.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\n360.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dxdiag.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2011-08-24] (Hewlett-Packard )
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-932161143-298844882-2835253841-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7762712 2014-08-14] (SUPERAntiSpyware)
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = 
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = 
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
SearchScopes: HKCU - {E6DF5372-E02E-41FF-820A-7680A6CBE8D2} URL = 
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {67DC7B05-C9B9-4213-9C37-E9C8AF65F23A} https://systemsontap.com/go/alxp1x.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 207.32.31.195 167.142.225.5
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-07-02]
FF HKLM-x32\...\Firefox\Extensions: [{203FB6B2-2E1E-4474-863B-4C483ECCE78E}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-09-08]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-11-22]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> F56F78ED4DCF3DEFBC9CE919604415F0A7C4B2446B93DC9FDFE484C2802D0A8C
CHR DefaultSearchURL: Default -> B779694BDE972564BCCEDDB6A581F1CE651E3D29B9040BBED0A9141C47A20262
CHR Profile: C:\Users\Aaron&Mandy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Aaron&Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Aaron&Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Google Wallet) - C:\Users\Aaron&Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-15]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\Exts\Chrome.crx [2014-08-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S4 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2010-08-05] (Hewlett-Packard) [File not signed]
S4 CLKMSVC10_38F51D56; c:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-01-25] (CyberLink)
S4 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [129648 2011-03-09] (Portrait Displays, Inc.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S4 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7391232 2013-07-23] (LeapFrog Enterprises, Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [120728 2012-10-23] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\N360.exe [265040 2014-07-31] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2013-11-14] (NETGEAR)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NSL; C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe [138760 2011-08-10] (Symantec Corporation)
S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 AVerAVF2; C:\Windows\System32\DRIVERS\AVerAVF2.sys [1212416 2010-11-10] (AVerMedia TECHNOLOGIES, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140821.007\BHDrvx64.sys [1588016 2014-08-16] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1505000.013\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys [167048 2011-08-08] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-11] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140905.001_533\IDSvia64.sys [633560 2014-09-05] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140907.003_4e5\ENG64.SYS [129752 2014-09-07] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140907.003_4e5\EX64.SYS [2137304 2014-09-07] (Symantec Corporation)
S3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2014-04-01] (CACE Technologies, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1505000.013\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1505000.013\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1505000.013\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1505000.013\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-21] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1505000.013\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1505000.013\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-08 17:39 - 2014-09-08 17:40 - 00021507 _____ () C:\Users\Aaron&Mandy\Downloads\FRST.txt
2014-09-08 17:39 - 2014-09-08 17:39 - 00000000 ____D () C:\FRST
2014-09-08 17:38 - 2014-09-08 17:39 - 02105344 _____ (Farbar) C:\Users\Aaron&Mandy\Downloads\FRST64.exe
2014-09-07 21:44 - 2014-09-07 21:44 - 00688992 ____R (Swearware) C:\Users\Aaron&Mandy\Downloads\ddbs (1).com
2014-09-07 21:38 - 2014-09-07 21:38 - 00688992 ____R (Swearware) C:\Users\Aaron&Mandy\Desktop\dds.com
2014-09-07 21:22 - 2014-09-07 21:22 - 00000000 ____D () C:\NBRT
2014-09-07 20:49 - 2014-09-08 17:37 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-07 20:49 - 2014-09-07 20:49 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-09-07 20:49 - 2014-09-07 20:49 - 00000000 ____D () C:\Users\Aaron&Mandy\AppData\Roaming\SUPERAntiSpyware.com
2014-09-07 20:49 - 2014-09-07 20:49 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-09-07 20:49 - 2014-09-07 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-09-07 20:48 - 2014-09-07 20:49 - 19203296 _____ (SUPERAntiSpyware) C:\Users\Aaron&Mandy\Downloads\SUPERAntiSpyware.exe
2014-09-07 12:17 - 2014-09-08 00:27 - 00000000 ____D () C:\ProgramData\Recovery
2014-09-04 20:08 - 2014-09-04 20:08 - 03077584 _____ (Symantec Corporation) C:\Users\Aaron&Mandy\Downloads\NPE.exe
2014-09-04 19:40 - 2014-09-04 19:40 - 00000000 ____D () C:\Users\Aaron&Mandy\AppData\Local\{67CD211E-AB3F-4CC1-AC45-697D17166516}
2014-09-04 19:10 - 2014-09-08 17:37 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-04 19:10 - 2014-09-04 19:10 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-04 19:10 - 2014-09-04 19:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-04 19:10 - 2014-09-04 19:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-04 19:10 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-04 19:10 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-04 19:10 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-04 19:09 - 2014-09-04 19:09 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Aaron&Mandy\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-27 14:57 - 2014-08-22 21:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 14:57 - 2014-08-22 20:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 14:57 - 2014-08-22 19:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-25 18:46 - 2014-08-25 18:46 - 00000000 ____D () C:\Users\Aaron&Mandy\AppData\Local\{A7651026-A454-453D-8077-A07B904270B3}
2014-08-25 18:45 - 2014-08-25 18:45 - 00000000 ____D () C:\Users\Aaron&Mandy\AppData\Local\{BC9B55E5-410E-4E6D-9BD0-A9B59CF4AADC}
2014-08-24 20:05 - 2014-08-24 20:05 - 00007271 _____ () C:\Users\Aaron&Mandy\Downloads\CustomReport__20140824180505.xlsx
2014-08-23 21:14 - 2014-08-23 21:14 - 00008380 _____ () C:\Users\Aaron&Mandy\Downloads\CustomReport__20140819060820.xlsx
2014-08-22 15:00 - 2014-08-22 15:00 - 00007392 _____ () C:\Users\Aaron&Mandy\Downloads\CustomReport__20140822130030.xlsx
2014-08-22 14:59 - 2014-08-22 14:59 - 00007514 _____ () C:\Users\Aaron&Mandy\Downloads\CustomReport__20140822125933.xlsx
2014-08-21 20:30 - 2014-08-21 20:30 - 00000000 ____D () C:\Users\Aaron&Mandy\AppData\Local\{A82AD2A2-2C1B-44E9-8618-E34E045C1E71}
2014-08-21 20:30 - 2014-08-21 20:30 - 00000000 ____D () C:\Users\Aaron&Mandy\AppData\Local\{4026FD3A-444B-468B-98C3-811787CAACF8}
2014-08-21 11:48 - 2014-05-08 04:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-08-21 11:48 - 2014-05-08 04:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-08-21 11:48 - 2014-01-08 21:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-08-21 11:48 - 2014-01-03 17:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-08-21 11:20 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-08-21 11:20 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-08-21 11:20 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-08-21 11:20 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-08-21 11:20 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-08-21 11:20 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-08-21 11:20 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-08-21 11:20 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-08-21 11:20 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-08-21 11:20 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-08-21 11:20 - 2013-10-01 19:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-08-21 11:20 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-08-21 11:20 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-08-21 11:20 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-08-21 11:20 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-08-21 11:20 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-08-21 11:20 - 2012-08-03 02:04 - 00200320 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTAC64.dll
2014-08-21 11:20 - 2012-04-24 20:38 - 14060544 _____ (IDT, Inc.) C:\Windows\system32\idtcpl64.cpl
2014-08-21 11:20 - 2012-04-24 20:38 - 04762112 _____ (IDT, Inc.) C:\Windows\system32\stlang64.dll
2014-08-21 11:20 - 2012-04-24 20:38 - 01425408 _____ (IDT, Inc.) C:\Windows\sttray64.exe
2014-08-21 11:20 - 2012-04-24 20:38 - 00223744 _____ (IDT, Inc.) C:\Windows\system32\HPToneCtrls64.dll
2014-08-21 11:20 - 2012-03-29 14:48 - 00074336 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTAR64.dll
2014-08-21 11:20 - 2009-10-09 16:45 - 00442368 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTEC64.dll
2014-08-21 11:20 - 2009-03-02 17:47 - 00090624 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTCo64.dll
2014-08-21 11:19 - 2014-08-21 11:19 - 00000000 ____D () C:\Intel
2014-08-21 11:19 - 2012-08-23 09:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-08-21 11:19 - 2012-08-23 09:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-08-21 11:19 - 2012-08-23 09:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-08-21 11:19 - 2012-08-23 06:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-08-21 11:19 - 2012-08-23 05:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-08-21 11:17 - 2013-09-24 21:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-08-21 11:17 - 2013-09-24 20:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-08-21 11:17 - 2012-05-04 06:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-08-21 11:17 - 2012-05-04 04:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-08-21 11:08 - 2014-08-21 11:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-21 10:51 - 2014-09-08 17:36 - 00001993 _____ () C:\Windows\setupact.log
2014-08-21 10:51 - 2014-09-07 21:28 - 00008650 _____ () C:\Windows\PFRO.log
2014-08-21 10:51 - 2014-08-21 10:51 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-21 10:39 - 2014-08-21 10:39 - 00000000 ____D () C:\Windows\ERUNT
2014-08-21 10:38 - 2014-08-21 10:38 - 01016261 _____ (Thisisu) C:\Users\Aaron&Mandy\Downloads\JRT.exe
2014-08-21 09:47 - 2014-08-21 10:11 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-20 18:42 - 2014-08-20 18:42 - 00025695 _____ () C:\ComboFix.txt
2014-08-20 18:19 - 2014-08-20 18:42 - 00000000 ____D () C:\Qoobox
2014-08-20 18:19 - 2014-08-20 18:40 - 00000000 ____D () C:\Windows\erdnt
2014-08-20 18:19 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-20 18:19 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-20 18:19 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-20 18:19 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-20 18:19 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-20 18:19 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-20 18:19 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-20 18:19 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-20 09:22 - 2014-08-20 09:22 - 00000000 _____ () C:\Users\AARON
2014-08-18 21:52 - 2014-08-20 09:16 - 00000000 ____D () C:\Users\Aaron&Mandy\AppData\Local\LogMeIn Rescue Applet
2014-08-18 19:55 - 2014-08-18 19:55 - 01525056 _____ (LogMeIn, Inc.) C:\Users\Aaron&Mandy\Downloads\Support-LogMeInRescue (1).exe
2014-08-18 19:54 - 2014-08-18 19:55 - 01525056 _____ (LogMeIn, Inc.) C:\Users\Aaron&Mandy\Downloads\Support-LogMeInRescue.exe
2014-08-18 18:30 - 2014-08-18 21:56 - 00000000 ____D () C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2014-08-16 09:09 - 2014-08-16 09:09 - 00007760 _____ () C:\Users\Aaron&Mandy\Downloads\CustomReport__20140816070904.xlsx
2014-08-15 12:04 - 2014-08-15 12:04 - 00000000 ____D () C:\Users\Aaron&Mandy\AppData\Roaming\Oracle
2014-08-15 11:59 - 2014-08-15 11:59 - 00918440 _____ (Oracle Corporation) C:\Users\Aaron&Mandy\Downloads\chromeinstall-7u67.exe
2014-08-14 20:00 - 2014-08-14 20:00 - 00000000 ____D () C:\Users\Aaron&Mandy\AppData\Local\{B0396239-CEEC-4D09-9EB8-94E2749411E9}
2014-08-14 17:40 - 2014-08-14 17:40 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-08-13 21:06 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 21:06 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 21:06 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 21:06 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 21:06 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 21:06 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 21:05 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 21:05 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 16:25 - 2014-08-13 16:25 - 00000000 ____D () C:\Users\Aaron&Mandy\AppData\Local\{CDE7019E-BB5D-4E30-AA18-256316D28D60}
2014-08-13 15:35 - 2014-08-06 21:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 15:35 - 2014-08-06 21:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 15:35 - 2014-07-24 07:11 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 15:35 - 2014-07-24 07:10 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 15:35 - 2014-07-24 07:10 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 15:35 - 2014-07-24 07:09 - 19279872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 15:35 - 2014-07-24 07:09 - 15399936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 15:35 - 2014-07-24 07:09 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 15:35 - 2014-07-24 07:09 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 15:35 - 2014-07-24 07:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 15:35 - 2014-07-24 07:09 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-13 15:35 - 2014-07-24 07:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 15:35 - 2014-07-24 07:09 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 15:35 - 2014-07-24 07:09 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 15:35 - 2014-07-24 07:09 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 15:35 - 2014-07-24 07:09 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 15:35 - 2014-07-24 07:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 15:35 - 2014-07-24 07:09 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-13 15:35 - 2014-07-24 07:09 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 15:35 - 2014-07-24 07:09 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 15:35 - 2014-07-24 07:09 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 15:35 - 2014-07-24 07:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 15:35 - 2014-07-24 05:52 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 15:35 - 2014-07-24 05:52 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 15:35 - 2014-07-24 05:51 - 14371328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 15:35 - 2014-07-24 05:51 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 15:35 - 2014-07-24 05:51 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 15:35 - 2014-07-24 05:51 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 15:35 - 2014-07-24 05:51 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 15:35 - 2014-07-24 05:51 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-13 15:35 - 2014-07-24 05:51 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 15:35 - 2014-07-24 05:51 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 15:35 - 2014-07-24 05:51 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 15:35 - 2014-07-24 05:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 15:35 - 2014-07-24 05:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 15:35 - 2014-07-24 05:51 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 15:35 - 2014-07-24 05:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-13 15:35 - 2014-07-24 05:51 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 15:35 - 2014-07-24 05:51 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 15:35 - 2014-07-24 05:51 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 15:35 - 2014-07-24 05:51 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 15:35 - 2014-07-24 05:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 15:35 - 2014-07-24 05:29 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 15:35 - 2014-07-24 04:37 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-08-13 15:35 - 2014-07-24 04:32 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-08-13 15:35 - 2014-07-15 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 15:35 - 2014-07-15 21:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 15:35 - 2014-07-13 21:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 15:35 - 2014-07-13 20:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-13 15:35 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 15:35 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 15:35 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 15:35 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 15:35 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 15:35 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 15:35 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 15:35 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 15:35 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 15:35 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 15:35 - 2014-07-08 17:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 15:35 - 2014-07-08 17:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 15:35 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 15:35 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 15:35 - 2014-06-15 21:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 15:35 - 2014-06-03 05:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 15:35 - 2014-06-03 05:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 15:35 - 2014-06-03 05:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 15:35 - 2014-06-03 05:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 15:35 - 2014-06-03 04:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 15:35 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 15:35 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-12 15:45 - 2014-08-12 15:45 - 00740864 _____ () C:\Users\Aaron&Mandy\Downloads\CPM First Day Handouts-Fa14.xls
2014-08-12 15:40 - 2014-08-12 15:40 - 00010082 _____ () C:\Users\Aaron&Mandy\Downloads\Custom Report Initial Assessment Example (1).xlsx
2014-08-12 15:37 - 2014-08-12 15:37 - 00010082 _____ () C:\Users\Aaron&Mandy\Downloads\Custom Report Initial Assessment Example.xlsx
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-08 17:40 - 2014-09-08 17:39 - 00021507 _____ () C:\Users\Aaron&Mandy\Downloads\FRST.txt
2014-09-08 17:40 - 2011-07-02 17:57 - 01895927 _____ () C:\Windows\WindowsUpdate.log
2014-09-08 17:39 - 2014-09-08 17:39 - 00000000 ____D () C:\FRST
2014-09-08 17:39 - 2014-09-08 17:38 - 02105344 _____ (Farbar) C:\Users\Aaron&Mandy\Downloads\FRST64.exe
2014-09-08 17:37 - 2014-09-07 20:49 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-08 17:37 - 2014-09-04 19:10 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-08 17:36 - 2014-08-21 10:51 - 00001993 _____ () C:\Windows\setupact.log
2014-09-08 17:36 - 2014-02-02 09:39 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-08 17:36 - 2013-03-18 20:24 - 00000000 ____D () C:\Temp
2014-09-08 17:36 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-08 00:27 - 2014-09-07 12:17 - 00000000 ____D () C:\ProgramData\Recovery
2014-09-07 23:17 - 2011-09-01 16:52 - 00000000 ____D () C:\Users\Aaron&Mandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-09-07 23:17 - 2011-05-07 17:26 - 00000000 ____D () C:\ProgramData\Norton
2014-09-07 23:17 - 2011-05-07 17:02 - 00000000 ____D () C:\ProgramData\RoxioNow
2014-09-07 23:17 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-09-07 23:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-09-07 22:20 - 2011-07-10 20:49 - 00000000 ____D () C:\Users\Aaron&Mandy\AppData\Roaming\SoftGrid Client
2014-09-07 22:15 - 2011-05-07 17:14 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-07 21:50 - 2014-07-08 09:01 - 00003246 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForAaron&Mandy
2014-09-07 21:50 - 2014-07-08 09:01 - 00000356 _____ () C:\Windows\Tasks\HPCeeScheduleForAaron&Mandy.job
2014-09-07 21:48 - 2014-02-02 09:39 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-07 21:44 - 2014-09-07 21:44 - 00688992 ____R (Swearware) C:\Users\Aaron&Mandy\Downloads\ddbs (1).com
2014-09-07 21:38 - 2014-09-07 21:38 - 00688992 ____R (Swearware) C:\Users\Aaron&Mandy\Desktop\dds.com
2014-09-07 21:36 - 2011-12-08 17:20 - 00000000 ____D () C:\Users\Aaron&Mandy\AppData\Roaming\Skype
2014-09-07 21:35 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-07 21:35 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-07 21:28 - 2014-08-21 10:51 - 00008650 _____ () C:\Windows\PFRO.log
2014-09-07 21:22 - 2014-09-07 21:22 - 00000000 ____D () C:\NBRT
2014-09-07 20:49 - 2014-09-07 20:49 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-09-07 20:49 - 2014-09-07 20:49 - 00000000 ____D () C:\Users\Aaron&Mandy\AppData\Roaming\SUPERAntiSpyware.com
2014-09-07 20:49 - 2014-09-07 20:49 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-09-07 20:49 - 2014-09-07 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-09-07 20:49 - 2014-09-07 20:48 - 19203296 _____ (SUPERAntiSpyware) C:\Users\Aaron&Mandy\Downloads\SUPERAntiSpyware.exe
2014-09-07 20:26 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-07 20:22 - 2011-07-02 17:59 - 00000000 ____D () C:\Users\Aaron&Mandy
2014-09-07 16:51 - 2014-04-25 19:19 - 00000000 ____D () C:\Users\Aaron&Mandy\AppData\Local\NPE
2014-09-04 20:08 - 2014-09-04 20:08 - 03077584 _____ (Symantec Corporation) C:\Users\Aaron&Mandy\Downloads\NPE.exe
2014-09-04 19:41 - 2014-07-18 18:51 - 00000000 ____D () C:\Users\Aaron&Mandy\Desktop\The Farm
2014-09-04 19:40 - 2014-09-04 19:40 - 00000000 ____D () C:\Users\Aaron&Mandy\AppData\Local\{67CD211E-AB3F-4CC1-AC45-697D17166516}
2014-09-04 19:10 - 2014-09-04 19:10 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-04 19:10 - 2014-09-04 19:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-04 19:10 - 2014-09-04 19:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-04 19:09 - 2014-09-04 19:09 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Aaron&Mandy\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-04 17:36 - 2014-04-29 10:10 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-01 18:24 - 2014-07-08 21:05 - 00011548 _____ () C:\Users\Aaron&Mandy\Documents\house estimates.xlsx
2014-09-01 08:42 - 2009-07-14 00:13 - 00783360 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-31 15:03 - 2012-12-07 13:44 - 00003228 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForTOUCHSMART610$
2014-08-31 15:03 - 2012-12-07 13:44 - 00000352 _____ () C:\Windows\Tasks\HPCeeScheduleForTOUCHSMART610$.job
2014-08-28 14:28 - 2009-07-13 23:45 - 00408848 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-25 18:46 - 2014-08-25 18:46 - 00000000 ____D () C:\Users\Aaron&Mandy\AppData\Local\{A7651026-A454-453D-8077-A07B904270B3}
2014-08-25 18:45 - 2014-08-25 18:45 - 00000000 ____D () C:\Users\Aaron&Mandy\AppData\Local\{BC9B55E5-410E-4E6D-9BD0-A9B59CF4AADC}
2014-08-24 20:05 - 2014-08-24 20:05 - 00007271 _____ () C:\Users\Aaron&Mandy\Downloads\CustomReport__20140824180505.xlsx
2014-08-23 21:14 - 2014-08-23 21:14 - 00008380 _____ () C:\Users\Aaron&Mandy\Downloads\CustomReport__20140819060820.xlsx
2014-08-22 21:07 - 2014-08-27 14:57 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 20:45 - 2014-08-27 14:57 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 19:59 - 2014-08-27 14:57 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 16:23 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-08-22 15:00 - 2014-08-22 15:00 - 00007392 _____ () C:\Users\Aaron&Mandy\Downloads\CustomReport__20140822130030.xlsx
2014-08-22 14:59 - 2014-08-22 14:59 - 00007514 _____ () C:\Users\Aaron&Mandy\Downloads\CustomReport__20140822125933.xlsx
2014-08-21 20:30 - 2014-08-21 20:30 - 00000000 ____D () C:\Users\Aaron&Mandy\AppData\Local\{A82AD2A2-2C1B-44E9-8618-E34E045C1E71}
2014-08-21 20:30 - 2014-08-21 20:30 - 00000000 ____D () C:\Users\Aaron&Mandy\AppData\Local\{4026FD3A-444B-468B-98C3-811787CAACF8}
2014-08-21 20:30 - 2011-07-02 18:03 - 00109296 _____ () C:\Users\Aaron&Mandy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-21 19:17 - 2011-07-10 20:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2014-08-21 11:41 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-21 11:39 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-21 11:20 - 2011-05-07 16:52 - 00000000 ____D () C:\Program Files\IDT
2014-08-21 11:20 - 2011-05-07 16:46 - 00000000 ____D () C:\ProgramData\SonicFocus
2014-08-21 11:19 - 2014-08-21 11:19 - 00000000 ____D () C:\Intel
2014-08-21 11:18 - 2011-05-07 16:46 - 00005676 _____ () C:\Windows\system32\RaCoInst.log
2014-08-21 11:09 - 2014-08-21 11:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-21 10:52 - 2011-05-07 17:13 - 00000000 ____D () C:\ProgramData\PDFC
2014-08-21 10:51 - 2014-08-21 10:51 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-21 10:39 - 2014-08-21 10:39 - 00000000 ____D () C:\Windows\ERUNT
2014-08-21 10:38 - 2014-08-21 10:38 - 01016261 _____ (Thisisu) C:\Users\Aaron&Mandy\Downloads\JRT.exe
2014-08-21 10:11 - 2014-08-21 09:47 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-21 09:15 - 2012-01-07 17:29 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-08-20 18:42 - 2014-08-20 18:42 - 00025695 _____ () C:\ComboFix.txt
2014-08-20 18:42 - 2014-08-20 18:19 - 00000000 ____D () C:\Qoobox
2014-08-20 18:42 - 2014-04-22 14:58 - 00000000 ____D () C:\Users\dub_cm_auto
2014-08-20 18:42 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-08-20 18:40 - 2014-08-20 18:19 - 00000000 ____D () C:\Windows\erdnt
2014-08-20 18:37 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-20 18:30 - 2009-07-13 21:34 - 87293952 _____ () C:\Windows\system32\config\software.bak
2014-08-20 18:30 - 2009-07-13 21:34 - 15728640 _____ () C:\Windows\system32\config\system.bak
2014-08-20 18:30 - 2009-07-13 21:34 - 01048576 _____ () C:\Windows\system32\config\default.bak
2014-08-20 18:30 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-08-20 18:30 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-08-20 09:52 - 2012-08-20 21:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-20 09:41 - 2012-02-05 15:17 - 00000000 ____D () C:\Program Files\Google
2014-08-20 09:41 - 2012-02-05 15:17 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-20 09:40 - 2011-07-02 18:36 - 00006016 _____ () C:\ProgramData\hpzinstall.log
2014-08-20 09:38 - 2011-07-02 18:35 - 00000000 ____D () C:\ProgramData\HP
2014-08-20 09:38 - 2011-05-07 16:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-08-20 09:34 - 2011-05-07 16:51 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-08-20 09:34 - 2011-05-07 16:51 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-08-20 09:30 - 2011-05-07 16:52 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-20 09:23 - 2011-07-02 18:00 - 00000000 ____D () C:\Users\Aaron&Mandy\AppData\Roaming\Hewlett-Packard
2014-08-20 09:22 - 2014-08-20 09:22 - 00000000 _____ () C:\Users\AARON
2014-08-20 09:22 - 2012-12-29 15:47 - 00000000 ____D () C:\Users\Aaron&Mandy\AppData\Local\NETGEARGenie
2014-08-20 09:21 - 2012-02-05 15:17 - 00000000 ____D () C:\Users\Aaron&Mandy\AppData\Local\Google
2014-08-20 09:21 - 2012-02-05 15:17 - 00000000 ____D () C:\ProgramData\Google
2014-08-20 09:17 - 2011-05-07 16:52 - 00000000 ____D () C:\Windows\Driver Cache
2014-08-20 09:16 - 2014-08-18 21:52 - 00000000 ____D () C:\Users\Aaron&Mandy\AppData\Local\LogMeIn Rescue Applet
2014-08-18 21:56 - 2014-08-18 18:30 - 00000000 ____D () C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2014-08-18 21:56 - 2014-06-08 11:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-18 21:56 - 2014-02-02 09:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-18 21:56 - 2011-12-08 17:20 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-18 21:56 - 2011-12-08 17:20 - 00000000 ____D () C:\ProgramData\Skype
2014-08-18 21:56 - 2010-11-21 02:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-08-18 21:55 - 2011-10-24 16:21 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-18 20:21 - 2014-04-25 19:21 - 00000000 ____D () C:\NPE
2014-08-18 19:55 - 2014-08-18 19:55 - 01525056 _____ (LogMeIn, Inc.) C:\Users\Aaron&Mandy\Downloads\Support-LogMeInRescue (1).exe
2014-08-18 19:55 - 2014-08-18 19:54 - 01525056 _____ (LogMeIn, Inc.) C:\Users\Aaron&Mandy\Downloads\Support-LogMeInRescue.exe
2014-08-16 09:09 - 2014-08-16 09:09 - 00007760 _____ () C:\Users\Aaron&Mandy\Downloads\CustomReport__20140816070904.xlsx
2014-08-15 12:04 - 2014-08-15 12:04 - 00000000 ____D () C:\Users\Aaron&Mandy\AppData\Roaming\Oracle
2014-08-15 12:03 - 2014-06-08 11:45 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-15 11:59 - 2014-08-15 11:59 - 00918440 _____ (Oracle Corporation) C:\Users\Aaron&Mandy\Downloads\chromeinstall-7u67.exe
2014-08-14 20:00 - 2014-08-14 20:00 - 00000000 ____D () C:\Users\Aaron&Mandy\AppData\Local\{B0396239-CEEC-4D09-9EB8-94E2749411E9}
2014-08-14 17:40 - 2014-08-14 17:40 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-08-14 17:40 - 2013-11-22 16:59 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-08-14 17:40 - 2013-11-21 22:42 - 00002321 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-08-14 17:40 - 2013-02-12 21:13 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-08-14 17:40 - 2012-02-12 13:09 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-08-13 21:14 - 2012-08-24 16:13 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-13 21:05 - 2014-05-06 21:24 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-13 16:25 - 2014-08-13 16:25 - 00000000 ____D () C:\Users\Aaron&Mandy\AppData\Local\{CDE7019E-BB5D-4E30-AA18-256316D28D60}
2014-08-12 15:45 - 2014-08-12 15:45 - 00740864 _____ () C:\Users\Aaron&Mandy\Downloads\CPM First Day Handouts-Fa14.xls
2014-08-12 15:40 - 2014-08-12 15:40 - 00010082 _____ () C:\Users\Aaron&Mandy\Downloads\Custom Report Initial Assessment Example (1).xlsx
2014-08-12 15:37 - 2014-08-12 15:37 - 00010082 _____ () C:\Users\Aaron&Mandy\Downloads\Custom Report Initial Assessment Example.xlsx
2014-08-10 20:07 - 2011-10-30 19:06 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-08-10 20:07 - 2011-07-03 12:30 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-08-09 09:32 - 2011-07-27 20:19 - 00000000 ____D () C:\Users\Aaron&Mandy\AppData\Local\CrashDumps
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-27 15:08
 
==================== End Of Log ============================

Attached Files



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:22 AM

Posted 09 September 2014 - 04:09 AM

Hi,

 

Please update Norton and go into Norton's History, go into the Drop down list and choose the "Unresolved Threats" list and click the "Clear Entries" button  to remove the listings. A restart is probably required. Next run a complete system scan with it and let me know about the results (please post the log from Norton scan if possible so I can see what it's finding if any).

 

Thanks!

 

Regards,

Georgi


cXfZ4wS.png


#5 srockwell1207

srockwell1207
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 09 September 2014 - 06:54 AM

i tried this once before to find that norton returned the same result. Here is the log of the results:

 

Scan Information:
  Virus Defs Version: 2014.09.09.002
  Virus Defs Seq ID: 157273
 
Scan Statistics:
  Scan Start:
   Local: 9/9/2014 6:55 PM
   UTC: 9/9/2014 11:55 PM
  Scan Time: 3,404 seconds
  Scan Targets: Entire computer
  Counts:
   Total items scanned: 733,648
   - Files & Directories: 730,849
   - Registry Entries: 571
   - Processes & Start-up Items: 1,640
   - Network & Browser Items: 580
   - Other: 4
   - Trusted Files: 20,932
   - Skipped Files: 19,732
 
   Total security risks detected: 1
   Total items resolved: 0
   Total items that require attention: 1
 
Resolved Threats:
No risks have been resolved
 
Unresolved Threats:
W64.Viknok.B!inf
 Type: Anomaly
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)  
 Categories: Virus
 Status: Review
 -----------
 1 File
c:\windows\system32\sysprep\cryptbase.dll - Failed
1 Browser Cache
 
 
 

Attached Files


Edited by srockwell1207, 09 September 2014 - 07:55 PM.


#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:22 AM

Posted 10 September 2014 - 03:43 AM

Hi,

 

Ok, let's remove the baddies:

 

Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:22 AM

Posted 12 September 2014 - 03:11 AM

Hi,

 

Are you still around? :)

 

 

Regards,

Georgi


cXfZ4wS.png


#8 srockwell1207

srockwell1207
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 12 September 2014 - 08:00 AM

Georgi,

Sorry, I've run out of time to clean the computer in its current state. I decided to backup the disk using ultimate boot cd and reinstall windows. I really appreciate your effort I just ran out of time. I'm gonna buy you a pint once i get paid. Sorry for the trouble.



#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:22 AM

Posted 12 September 2014 - 10:09 AM

Hi,

 

Thank you for letting me know.

Take care! :)

 

 

Regards,

Georgi


cXfZ4wS.png


#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:22 AM

Posted 12 September 2014 - 10:09 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users