Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE keeps redirecting to http://www.google.com/ig?brand=TSNA&bmod=TSNA


  • This topic is locked This topic is locked
3 replies to this topic

#1 chakotay2

chakotay2

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 25 October 2014 - 10:57 AM

Here are logs. I know combofix and other tools were run, my friend tried to cleanup his pc on his own. My apologies. When opening IE it redirects to:  http://www.google.com/ig?brand=TSNA&bmod=TSNA

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 10.67.2
Run by John at 9:51:10 on 2014-10-25
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3933.2283 [GMT -6:00]
.
AV: ThreatTrack Security VIPRE *Enabled/Updated* {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ThreatTrack Security VIPRE *Enabled/Updated* {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
FW: ThreatTrack Security VIPRE *Enabled* {C7D2BC33-B766-03DA-EC8C-2222CF65E72A}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MITCHELL\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Mitchell\eClaim\Mitchell.Platform.Messaging.Queue.OfflineMessageQueueService.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
C:\Windows\System32\igfxtray.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\hkcmd.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Estimate Review\Estimate Review.exe
C:\Program Files (x86)\Mitchell\Director\Mitchell.Platform.DesktopDirector.exe
C:\Program Files (x86)\Mitchell\Communications\McDm.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mitchell\Communications\Mitchell.Platform.Appraisal.AlertChecker.WinApp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\VIPRE\SBAMTray.exe
C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\VIPRE\SBAMSvc.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskmgr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Mitchell\EndPoint\Mitchell.Platform.Communications.Endpoint.BackgroundService.exe
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
mSearch Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: VIPRE Search Guard Helper: {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} - C:\Program Files (x86)\VIPRE\VSGN.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} -
TB: VIPRE Search Guard Toolbar: {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSGN.dll
TB: VIPRE Search Guard Toolbar: {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSGN.dll
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [EstimateReview] C:\Program Files (x86)\Estimate Review\Estimate Review.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Mitchell Desktop Director] "C:\Program Files (x86)\Mitchell\Director\Mitchell.Platform.DesktopDirector.exe"
mRun: [McDm] C:\Program Files (x86)\Mitchell\Communications\McDm.exe -StartUp
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [UltraMate DefineMapDriveForMDM] "C:\Mitchell\aces\DefineMapDriveForMDM.bat"
mRun: [SBAMTray] "C:\Program Files (x86)\VIPRE\SBAMTray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MITCHE~1.LNK - C:\Program Files (x86)\Mitchell\Communications\Mitchell.Platform.Appraisal.AlertChecker.WinApp.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QRPSCH~1.LNK - C:\Mitchell\Qrp\MSchedul.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: utah.gov
Trusted Zone: utcourts.gov
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - hxxps://care.utcourts.gov/InsightInstaller/setup.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
TCP: NameServer = 10.0.0.10 10.0.0.12
TCP: Interfaces\{4AAC1865-70C9-4D56-A74C-C1609AA0102E} : DHCPNameServer = 10.0.0.10 10.0.0.12
TCP: Interfaces\{75BFFB4F-4D2B-410D-BECB-26B7BE00450C}\054414 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{75BFFB4F-4D2B-410D-BECB-26B7BE00450C}\34F677C65697 : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
x64-mDefault_Page_URL = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: VIPRE Search Guard Helper: {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} - C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: VIPRE Search Guard Toolbar: {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\917\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\6p47pe43.default\
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\John\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\6p47pe43.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2010-4-24 55280]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2010-4-24 482384]
R1 sbwfw;sbwfw;C:\windows\System32\drivers\sbwfw.sys [2014-10-2 345392]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-7-9 219480]
R2 gfi_lanss11_attservice;GFI LanGuard 11 Attendant Service;C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe [2012-11-23 133496]
R2 MSSQL$MITCHELL;SQL Server (MITCHELL);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MITCHELL\MSSQL\Binn\sqlservr.exe [2011-6-17 43040096]
R2 OfflineMessageQueueService;OfflineMessageQueueService;C:\Program Files (x86)\Mitchell\eClaim\Mitchell.Platform.Messaging.Queue.OfflineMessageQueueService.exe [2009-12-16 12800]
R2 SBAMSvc;VIPRE Internet Security;C:\Program Files (x86)\VIPRE\SBAMSvc.exe [2014-10-2 3962216]
R2 sbapifs;sbapifs;C:\windows\System32\drivers\sbapifs.sys [2014-10-2 88928]
R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [2014-10-2 177040]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2010-4-24 215040]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\windows\System32\drivers\RTL8187B.sys [2010-3-31 450048]
R3 sbwtis;sbwtis;C:\windows\System32\drivers\sbwtis.sys [2014-10-2 95608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 gfiark;gfiark;C:\windows\System32\drivers\gfiark.sys [2014-10-24 41032]
S3 gfiutil;gfiutil;C:\windows\System32\drivers\gfiutil.sys [2014-10-24 31264]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\windows\System32\drivers\hitmanpro37.sys [2014-10-24 32512]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-10-24 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2014-10-24 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-4-24 222208]
S3 sbhips;sbhips;C:\windows\System32\drivers\sbhips.sys [2014-10-24 63696]
S3 SQLAgent$MITCHELL;SQL Server Agent (MITCHELL);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MITCHELL\MSSQL\Binn\SQLAGENT.EXE [2011-6-17 370016]
S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2010-4-24 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-10-24 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-6-22 1255736]
S4 lxdx_device;lxdx_device;C:\windows\System32\lxdxcoms.exe -service --> C:\windows\System32\lxdxcoms.exe -service [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 44896]
S4 Update Klip Pal;Update Klip Pal;"C:\Program Files (x86)\Klip Pal\updateKlipPal.exe" --> C:\Program Files (x86)\Klip Pal\updateKlipPal.exe [?]
S4 Util Klip Pal;Util Klip Pal;"C:\Program Files (x86)\Klip Pal\bin\utilKlipPal.exe" --> C:\Program Files (x86)\Klip Pal\bin\utilKlipPal.exe [?]
.
=============== Created Last 30 ================
.
2014-10-25 15:32:20    388096    ----a-r-    C:\Users\John\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-10-25 15:32:20    --------    d-----w-    C:\Program Files (x86)\Trend Micro
2014-10-25 05:41:30    89952    ----a-w-    C:\windows\SysWow64\SQSRVRES.DLL
2014-10-25 05:23:56    15360    ----a-w-    C:\windows\System32\RdpGroupPolicyExtension.dll
2014-10-25 05:23:49    19456    ----a-w-    C:\windows\System32\drivers\rdpvideominiport.sys
2014-10-25 05:23:40    192000    ----a-w-    C:\windows\SysWow64\rdpendp_winip.dll
2014-10-25 05:23:39    243200    ----a-w-    C:\windows\System32\rdpudd.dll
2014-10-25 05:23:39    228864    ----a-w-    C:\windows\System32\rdpendp_winip.dll
2014-10-25 05:23:37    3174912    ----a-w-    C:\windows\System32\rdpcorets.dll
2014-10-25 05:05:44    31264    ----a-w-    C:\windows\System32\drivers\gfiutil.sys
2014-10-25 05:05:43    41032    ----a-w-    C:\windows\System32\drivers\gfiark.sys
2014-10-25 04:34:06    63696    ----a-w-    C:\windows\System32\drivers\sbhips.sys
2014-10-25 04:33:54    48016    ----a-w-    C:\windows\System32\sbbd.exe
2014-10-25 04:33:30    --------    d-----w-    C:\windows\SysWow64\System32
2014-10-25 04:33:30    --------    d-----w-    C:\ProgramData\GFI
2014-10-25 04:33:30    --------    d-----w-    C:\Program Files (x86)\GFI
2014-10-25 04:26:38    32512    ----a-w-    C:\windows\System32\drivers\hitmanpro37.sys
2014-10-25 03:49:36    --------    d-----w-    C:\ProgramData\HitmanPro
2014-10-25 03:06:40    129752    ----a-w-    C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-10-25 03:06:21    93400    ----a-w-    C:\windows\System32\drivers\mbamchameleon.sys
2014-10-25 03:06:21    63704    ----a-w-    C:\windows\System32\drivers\mwac.sys
2014-10-25 03:06:21    25816    ----a-w-    C:\windows\System32\drivers\mbam.sys
2014-10-25 03:06:21    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-10-25 03:06:21    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-25 02:21:50    --------    d-----w-    C:\New folder
2014-10-25 02:07:35    --------    d-----w-    C:\windows\ERUNT
2014-10-25 01:59:57    --------    d-----w-    C:\AdwCleaner
2014-10-25 01:29:54    6982480    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-10-25 01:29:47    11627712    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2793AF7A-A678-4EDA-A102-8C965B0EAFF0}\mpengine.dll
2014-10-25 01:29:39    77312    ----a-w-    C:\windows\System32\packager.dll
2014-10-25 01:29:39    67072    ----a-w-    C:\windows\SysWow64\packager.dll
2014-10-25 01:02:01    --------    d-----w-    C:\$RECYCLE.BIN
2014-10-25 00:45:25    98816    ----a-w-    C:\windows\sed.exe
2014-10-25 00:45:25    256000    ----a-w-    C:\windows\PEV.exe
2014-10-25 00:45:25    208896    ----a-w-    C:\windows\MBR.exe
2014-10-24 15:55:31    --------    d-----w-    C:\ProgramData\Geek Squad
2014-10-20 21:43:28    --------    d-----w-    C:\Users\John\AppData\Local\{0D6F831F-CA53-4B29-964B-12B5889FD1CC}
2014-10-09 18:01:34    98216    ----a-w-    C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-02 17:21:08    634560    ----a-w-    C:\windows\SysWow64\XceedZip.dll
2014-10-02 17:16:58    95608    ----a-w-    C:\windows\System32\drivers\sbwtis.sys
2014-10-02 17:16:54    345392    ----a-w-    C:\windows\System32\drivers\sbwfw.sys
2014-10-02 17:15:38    88928    ----a-w-    C:\windows\System32\drivers\sbapifs.sys
2014-10-02 17:15:36    48016    ----a-w-    C:\windows\SysWow64\sbbd.exe
2014-10-01 13:34:54    371712    ----a-w-    C:\windows\System32\qdvd.dll
2014-10-01 13:34:53    519680    ----a-w-    C:\windows\SysWow64\qdvd.dll
.
==================== Find3M  ====================
.
2014-10-10 02:05:59    276480    ----a-w-    C:\windows\System32\generaltel.dll
2014-10-10 02:05:42    507392    ----a-w-    C:\windows\System32\aepdu.dll
2014-10-10 02:00:38    424448    ----a-w-    C:\windows\System32\aeinv.dll
2014-10-02 21:53:02    278152    ------w-    C:\windows\System32\MpSigStub.exe
2014-09-29 00:58:48    3198976    ----a-w-    C:\windows\System32\win32k.sys
2014-09-25 22:32:04    2017280    ----a-w-    C:\windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02    2108416    ----a-w-    C:\windows\System32\inetcpl.cpl
2014-09-19 01:56:02    2724864    ----a-w-    C:\windows\System32\mshtml.tlb
2014-09-19 01:55:49    4096    ----a-w-    C:\windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43    66048    ----a-w-    C:\windows\System32\iesetup.dll
2014-09-19 01:40:03    547328    ----a-w-    C:\windows\System32\vbscript.dll
2014-09-19 01:39:58    48640    ----a-w-    C:\windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27    83968    ----a-w-    C:\windows\System32\MshtmlDac.dll
2014-09-19 01:36:57    5829632    ----a-w-    C:\windows\System32\jscript9.dll
2014-09-19 01:26:00    139264    ----a-w-    C:\windows\System32\ieUnatt.exe
2014-09-19 01:25:49    111616    ----a-w-    C:\windows\System32\ieetwcollector.exe
2014-09-19 01:25:12    4201472    ----a-w-    C:\windows\SysWow64\jscript9.dll
2014-09-19 01:25:09    758272    ----a-w-    C:\windows\System32\jscript9diag.dll
2014-09-19 01:18:02    940032    ----a-w-    C:\windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57    2724864    ----a-w-    C:\windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47    72704    ----a-w-    C:\windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07    454656    ----a-w-    C:\windows\SysWow64\vbscript.dll
2014-09-19 01:01:47    61952    ----a-w-    C:\windows\SysWow64\iesetup.dll
2014-09-19 01:01:03    51200    ----a-w-    C:\windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40    61952    ----a-w-    C:\windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16    112128    ----a-w-    C:\windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31    597504    ----a-w-    C:\windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12    1249280    ----a-w-    C:\windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23    60416    ----a-w-    C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18    2309632    ----a-w-    C:\windows\System32\wininet.dll
2014-09-19 00:18:55    1068032    ----a-w-    C:\windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11    1810944    ----a-w-    C:\windows\SysWow64\wininet.dll
2014-09-18 02:00:42    3241472    ----a-w-    C:\windows\System32\msi.dll
2014-09-18 01:32:52    2363904    ----a-w-    C:\windows\SysWow64\msi.dll
2014-09-09 22:11:04    2048    ----a-w-    C:\windows\System32\tzres.dll
2014-09-09 21:47:10    2048    ----a-w-    C:\windows\SysWow64\tzres.dll
2014-09-04 05:23:20    424448    ----a-w-    C:\windows\System32\rastls.dll
2014-09-04 05:04:15    372736    ----a-w-    C:\windows\SysWow64\rastls.dll
2014-08-23 02:07:00    404480    ----a-w-    C:\windows\System32\gdi32.dll
2014-08-23 01:45:55    311808    ----a-w-    C:\windows\SysWow64\gdi32.dll
2014-08-01 11:53:22    1031168    ----a-w-    C:\windows\System32\TSWorkspace.dll
2014-08-01 11:35:06    793600    ----a-w-    C:\windows\SysWow64\TSWorkspace.dll
.
============= FINISH:  9:53:09.85 ===============
 



BC AdBot (Login to Remove)

 


#2 chakotay2

chakotay2
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 30 October 2014 - 07:20 AM

Please close topic. I have resolved the issue.



#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:11 AM

Posted 30 October 2014 - 08:26 AM

Thank you for letting us know. Sorry for the delay.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:11 AM

Posted 30 October 2014 - 08:26 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users