Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Poweliks Infestation


  • This topic is locked This topic is locked
17 replies to this topic

#1 compusr54

compusr54

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 31 October 2014 - 04:24 PM

I keep getting notifications about this from Norton (and MalWareBytes, but turned off notification).  Norton says that it removes the threat, but it just keeps coming back.  My keyboard seems a bit erratic at times too.  Any help you can provide would be greatly appreciated.  I am somewhat computer literate, but intimidated about doing system work.  Attached you will find the DDS and Attach files from the run of DDS.  I have downloaded Farbar Recovery Scan Tool so it is sitting there ready should I need it.

 

Thanks in advance for any assistance you can give me.

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:07 AM

Posted 05 November 2014 - 09:19 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.


Wait for further instructions.

#3 compusr54

compusr54
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 05 November 2014 - 11:04 AM

Thank you for your response.  I should also add since my initial posting, I am now getting notifications regarding Trojan.AdClicker. 

 

As per your request, here is the FRST.txt contents and the Addition.txt file is attached.  Will look forward to your response.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by User (administrator) on USER-PC on 05-11-2014 09:48:18
Running from C:\Users\User\Desktop\FarbarRecoveryTool_64bit
Loaded Profile: User (Available profiles: User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec System Recovery\Agent\VProTray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec System Recovery\Agent\VProSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Symantec) C:\Program Files\Symantec\Symantec System Recovery\Shared\Drivers\Service\SymTrackServicex64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8158240 2009-10-06] (Realtek Semiconductor)
HKLM\...\Run: [Symantec System Recovery 2013] => C:\Program Files\Symantec\Symantec System Recovery\Agent\VProTray.exe [4157024 2013-12-15] (Symantec Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2009-07-17] (Alcor Micro Corp.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKU\S-1-5-21-3261234485-370927254-394712997-1000\...\Run: [EPSON Stylus Photo R1800] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATI9LA.EXE [211968 2007-01-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3261234485-370927254-394712997-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3261234485-370927254-394712997-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-3261234485-370927254-394712997-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-08-04] (Apple Inc.)
HKU\S-1-5-21-3261234485-370927254-394712997-1000\...\Run: [ISUSPM] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-11] (Macrovision Corporation)
HKU\S-1-5-21-3261234485-370927254-394712997-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
HKU\S-1-5-21-3261234485-370927254-394712997-1000\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe [854344 2014-10-21] (Google Inc.)
HKU\S-1-5-21-3261234485-370927254-394712997-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-04-19] (Google Inc.)
HKU\S-1-5-21-3261234485-370927254-394712997-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-3261234485-370927254-394712997-1000\...\MountPoints2: {34228bc7-6698-11e0-9523-842b2b9d459e} - "J:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3261234485-370927254-394712997-1000\...\MountPoints2: {3e03844c-e869-11df-add0-842b2b9d459e} - "L:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3261234485-370927254-394712997-1000\...\MountPoints2: {3e03845b-e869-11df-add0-842b2b9d459e} - "I:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3261234485-370927254-394712997-1000\...\MountPoints2: {3e038471-e869-11df-add0-842b2b9d459e} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3261234485-370927254-394712997-1000\...\MountPoints2: {a6d0f7dc-2ef0-11e0-b751-842b2b9d459e} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3261234485-370927254-394712997-1000\...\MountPoints2: {e502729c-ebeb-11df-881d-842b2b9d459e} - "K:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3261234485-370927254-394712997-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED ()
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://beta.next.cnn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {2E4D6919-EE4C-4552-B0EB-21F668986AF3} URL =
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: No Name -> {D40C654D-7C51-4EB3-95B2-1E23905C2A2D} ->  No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {46A21652-3F93-437D-AAC0-CAA1F6713DA0} -  No File
DPF: HKLM {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} https://myvpn.adm.com/CACHE/stc/5/binaries/vpnweb.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.1.7\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.1.7\IPSFF [2014-03-21]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.1.7\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.1.7\coFFPlgn [2014-11-05]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://zyngagames.com/"
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (Pin It Button) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-09-09]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\User\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-09-07]
CHR StartMenuInternet: Google Chrome - C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
S3 GenericMount Helper Service; C:\Program Files\Symantec\Symantec System Recovery\Shared\Drivers\GenericMountHelperx64.exe [1921808 2013-11-15] (Symantec)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2009-12-11] (Symantec Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-07-31] (Hewlett-Packard) [File not signed]
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2010-11-23] (Nalpeiron Ltd.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-07-31] (Hewlett-Packard) [File not signed]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2014-01-09] (Enigma Software Group USA, LLC.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Symantec RemoteAssist; C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe [394704 2008-01-29] (Symantec, Inc.)
R2 Symantec System Recovery; C:\Program Files\Symantec\Symantec System Recovery\Agent\VProSvc.exe [6192736 2013-12-15] (Symantec Corporation)
R3 SymTrackService; C:\Program Files\Symantec\Symantec System Recovery\Shared\Drivers\Service\SymTrackServicex64.exe [2979576 2013-12-14] (Symantec)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [635160 2014-04-21] (Wacom Technology, Corp.)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S2 RoxLiveShare9; "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]
S4 SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.1.7\Definitions\BASHDefs\20141030.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [69208 2013-11-15] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.1.7\Definitions\IPSDefs\20141104.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.1.7\Definitions\VirusDefs\20141104.035\ENG64.SYS [129752 2014-10-27] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.1.7\Definitions\VirusDefs\20141104.035\EX64.SYS [2137304 2014-10-27] (Symantec Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74240 2011-02-16] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
R1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SSRFsF; C:\Windows\System32\DRIVERS\SSRFsF.sys [28432 2013-12-14] (Symantec)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-03-21] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [22104 2013-11-07] (Symantec Corporation)
R0 Vtrack; C:\Windows\System32\DRIVERS\VTrack.sys [350712 2013-12-14] (Symantec)
S3 WimFltr; system32\DRIVERS\wimfltr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-05 09:44 - 2014-11-05 09:44 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\33F94F7E.sys
2014-11-05 09:38 - 2014-11-05 09:48 - 00000000 ____D () C:\Users\User\Desktop\FarbarRecoveryTool_64bit
2014-11-05 06:50 - 2014-11-05 06:50 - 40034920 ____T () C:\Windows\SysWOW64\00030599.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 40034920 ____T () C:\Windows\SysWOW64\00003495.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00032423.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00032215.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00032168.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00032149.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00031845.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00031621.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00031506.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00031238.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00029366.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00029292.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00029196.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00029122.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00027408.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00027304.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00027019.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00026893.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00026505.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00026327.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00026143.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00026124.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00026105.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00025487.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00025065.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00024946.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00024802.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00024779.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00024664.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00024514.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00023687.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00023166.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00023135.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00021953.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00021703.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00021490.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00021369.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00020531.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00020085.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00019933.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00019325.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00019045.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00018480.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00018349.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00018293.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00018273.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00017823.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00017669.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00017663.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00017094.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00016827.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00016784.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00015806.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00015793.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00015489.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00015012.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00014907.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00014843.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00014062.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00013864.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00013355.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00012911.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00012294.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00012277.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00012271.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00012247.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00012108.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00011887.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00011855.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00011770.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00011389.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00011148.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00010890.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00010832.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00010739.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00009823.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00009722.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00009311.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00008886.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00008496.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00008292.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00007554.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00007171.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00006827.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00005965.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00005838.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00005487.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00005462.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00004849.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00004373.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00004163.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00004132.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00003426.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00003351.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00003280.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00002277.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00002066.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00002040.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00001704.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00001030.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00000696.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00000473.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00000383.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00000358.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00000047.tmp
2014-11-05 06:49 - 2014-11-05 06:49 - 40034920 ____T () C:\Windows\SysWOW64\00003722.tmp
2014-11-02 06:58 - 2014-11-02 07:00 - 00275392 _____ () C:\Windows\Minidump\110214-136188-01.dmp
2014-11-02 06:56 - 2014-11-02 06:56 - 1115194339 _____ () C:\Windows\MEMORY.DMP
2014-10-31 14:58 - 2014-10-31 15:05 - 00000000 ____D () C:\Users\Kabra\DDS
2014-10-31 14:43 - 2014-11-05 09:48 - 00000000 ____D () C:\FRST
2014-10-31 08:45 - 2014-10-31 08:45 - 00000000 ____D () C:\Users\Kabra\RogueKiller
2014-10-31 08:44 - 2014-10-31 14:45 - 00000000 ____D () C:\Users\Kabra\FarbarRecoveryScanTool
2014-10-31 08:43 - 2014-10-31 08:43 - 00000000 ____D () C:\Users\Kabra\ComboFix
2014-10-30 14:47 - 2014-09-19 23:18 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-30 14:47 - 2014-09-19 23:17 - 02236928 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-30 14:47 - 2014-09-19 23:17 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-30 14:47 - 2014-09-19 23:16 - 19280896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-30 14:47 - 2014-09-19 23:16 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-30 14:47 - 2014-09-19 23:16 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-30 14:47 - 2014-09-19 23:16 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-30 14:47 - 2014-09-19 23:16 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-30 14:47 - 2014-09-19 23:16 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-30 14:47 - 2014-09-19 23:16 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-30 14:47 - 2014-09-19 23:16 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-30 14:47 - 2014-09-19 23:16 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-30 14:47 - 2014-09-19 23:16 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-10-30 14:47 - 2014-09-19 23:16 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-30 14:47 - 2014-09-19 23:16 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-30 14:47 - 2014-09-19 23:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-30 14:47 - 2014-09-19 23:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-30 14:47 - 2014-09-19 23:15 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-30 14:47 - 2014-09-19 23:15 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-30 14:47 - 2014-09-19 23:15 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-30 14:47 - 2014-09-19 21:57 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-30 14:47 - 2014-09-19 21:57 - 13757952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-30 14:47 - 2014-09-19 21:57 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-30 14:47 - 2014-09-19 21:57 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-30 14:47 - 2014-09-19 21:57 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-30 14:47 - 2014-09-19 21:57 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-30 14:47 - 2014-09-19 21:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-30 14:47 - 2014-09-19 21:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-30 14:47 - 2014-09-19 21:57 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-30 14:47 - 2014-09-19 21:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-30 14:47 - 2014-09-19 21:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-30 14:47 - 2014-09-19 21:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-10-30 14:47 - 2014-09-19 21:57 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-30 14:47 - 2014-09-19 21:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-30 14:47 - 2014-09-19 21:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-30 14:47 - 2014-09-19 21:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-30 14:47 - 2014-09-19 21:56 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-30 14:47 - 2014-09-19 21:56 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-30 14:47 - 2014-09-19 21:56 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-30 14:47 - 2014-09-19 21:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-30 14:47 - 2014-09-19 21:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-30 14:47 - 2014-09-19 20:43 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-10-30 14:47 - 2014-09-19 20:35 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-10-30 07:36 - 2014-10-30 07:36 - 00010394 _____ () C:\Users\User\Documents\2014_DSD_TDC_Challenge_UnscrambleIt.xlsx
2014-10-29 15:14 - 2014-10-29 15:15 - 00000000 ____D () C:\Users\Kabra\FastPictureViewerCodec
2014-10-29 13:03 - 2014-10-29 13:03 - 00000000 ____D () C:\NPE
2014-10-29 12:50 - 2014-10-29 13:39 - 00000000 ____D () C:\Users\User\AppData\Local\NPE
2014-10-29 12:49 - 2014-10-29 12:49 - 00000000 ____D () C:\Users\Kabra\NortonPowerEraser
2014-10-29 10:36 - 2014-10-29 10:36 - 00001431 _____ () C:\Users\User\Desktop\AdwCleaner - Shortcut.lnk
2014-10-29 10:30 - 2014-10-29 11:34 - 00000000 ____D () C:\AdwCleaner
2014-10-29 10:25 - 2014-10-29 10:36 - 00000000 ____D () C:\Users\Kabra\AdwCleaner
2014-10-29 09:43 - 2014-11-05 09:42 - 00004480 _____ () C:\Windows\setupact.log
2014-10-29 09:43 - 2014-10-29 09:43 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-29 09:42 - 2014-11-04 22:36 - 00047946 _____ () C:\Windows\PFRO.log
2014-10-29 09:20 - 2014-10-29 09:20 - 00000000 ____D () C:\Users\Kabra\AdblockPlus
2014-10-29 08:58 - 2014-10-29 08:58 - 00000000 ____D () C:\SUPERDelete
2014-10-29 08:55 - 2014-10-29 08:55 - 00281112 _____ () C:\Users\User\Documents\registrybackup_2014-10-29.reg
2014-10-29 07:26 - 2014-11-05 09:44 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-29 07:19 - 2014-11-02 14:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-29 07:19 - 2014-10-29 07:19 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-29 07:19 - 2014-10-29 07:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-29 07:19 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-29 07:19 - 2014-10-01 10:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-29 07:12 - 2014-10-29 07:12 - 00000000 ____D () C:\Users\Kabra\MalwareBytesAntiMalware
2014-10-29 07:11 - 2014-10-29 07:15 - 00000000 ____D () C:\Users\Kabra\CCleaner
2014-10-29 07:10 - 2014-10-29 07:10 - 00000000 ____D () C:\Users\Kabra\SUPERAntiSpyware
2014-10-27 12:42 - 2014-10-27 12:42 - 00000028 _____ () C:\Windows\SysWOW64\u
2014-10-26 09:55 - 2014-10-26 09:55 - 00000000 _____ () C:\Windows\system32\zsdte.dll
2014-10-24 07:49 - 2014-10-24 07:49 - 00001847 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-10-24 07:49 - 2014-10-24 07:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-10-24 07:49 - 2014-10-24 07:49 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-10-24 07:47 - 2014-10-24 07:47 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-24 07:47 - 2014-10-24 07:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-24 07:46 - 2014-10-24 07:47 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-24 07:46 - 2014-10-24 07:47 - 00000000 ____D () C:\Program Files\iTunes
2014-10-24 07:46 - 2014-10-24 07:47 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-24 07:46 - 2014-10-24 07:46 - 00000000 ____D () C:\Program Files\iPod
2014-10-14 23:45 - 2014-09-28 18:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-14 23:45 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-14 23:45 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-14 23:45 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-14 23:45 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-14 23:45 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-14 23:45 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-14 23:44 - 2014-10-09 20:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-14 23:44 - 2014-10-09 20:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-14 23:44 - 2014-10-09 20:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-14 23:44 - 2014-09-17 20:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-14 23:44 - 2014-09-17 19:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-14 23:44 - 2014-08-18 21:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-14 23:44 - 2014-08-18 21:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-14 23:44 - 2014-08-18 21:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-14 23:44 - 2014-08-18 21:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-14 23:44 - 2014-08-18 21:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-14 23:44 - 2014-08-18 21:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-14 23:44 - 2014-08-18 21:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-14 23:44 - 2014-08-18 21:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-14 23:44 - 2014-08-18 21:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-14 23:44 - 2014-08-18 21:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-14 23:44 - 2014-08-18 20:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-14 23:44 - 2014-08-18 20:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-14 23:44 - 2014-08-18 20:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-14 23:44 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-14 23:44 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-14 23:44 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-14 23:44 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-14 23:44 - 2014-07-08 20:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-14 23:44 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-14 23:44 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-14 23:44 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-14 23:44 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-14 23:44 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-14 23:44 - 2014-07-08 16:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-14 23:44 - 2014-07-08 16:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-14 23:44 - 2014-07-06 20:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-14 23:44 - 2014-07-06 20:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-14 23:44 - 2014-07-06 20:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-14 23:44 - 2014-07-06 20:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-14 23:44 - 2014-07-06 20:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-14 23:44 - 2014-07-06 20:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-14 23:44 - 2014-07-06 20:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-14 23:44 - 2014-07-06 20:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-14 23:44 - 2014-07-06 20:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-14 23:44 - 2014-07-06 20:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-14 23:44 - 2014-07-06 20:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-14 23:44 - 2014-07-06 20:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-14 23:44 - 2014-07-06 20:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-14 23:44 - 2014-07-06 20:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-14 23:44 - 2014-07-06 20:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-14 23:44 - 2014-07-06 20:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-14 23:44 - 2014-07-06 20:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-14 23:44 - 2014-07-06 20:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-14 23:44 - 2014-07-06 20:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-14 23:44 - 2014-07-06 20:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-14 23:44 - 2014-07-06 20:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-14 23:44 - 2014-07-06 20:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-14 23:44 - 2014-07-06 20:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-14 23:44 - 2014-07-06 20:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-14 23:44 - 2014-07-06 20:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-14 23:44 - 2014-07-06 20:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-14 23:44 - 2014-07-06 20:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-14 23:44 - 2014-07-06 20:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-14 23:44 - 2014-07-06 20:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-14 23:44 - 2014-07-06 20:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-14 23:44 - 2014-07-06 20:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-14 23:44 - 2014-07-06 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-14 23:44 - 2014-07-06 19:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-14 23:44 - 2014-07-06 19:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-14 23:44 - 2014-07-06 19:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-14 23:44 - 2014-07-06 19:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-14 23:44 - 2014-07-06 19:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-14 23:44 - 2014-07-06 19:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-14 23:44 - 2014-07-06 19:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-14 23:44 - 2014-07-06 19:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-14 23:44 - 2014-07-06 19:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-14 23:44 - 2014-07-06 19:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-14 23:44 - 2014-07-06 19:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-14 23:44 - 2014-07-06 19:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-14 23:44 - 2014-07-06 19:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-14 23:44 - 2014-07-06 19:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-14 23:44 - 2014-07-06 19:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-14 23:44 - 2014-07-06 19:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-14 23:44 - 2014-07-06 19:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-14 23:44 - 2014-07-06 19:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-14 23:44 - 2014-07-06 19:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-14 23:44 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-14 23:44 - 2014-07-06 19:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-14 23:44 - 2014-07-06 19:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-14 23:44 - 2014-07-06 19:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-14 23:44 - 2014-07-06 19:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-14 23:44 - 2014-07-06 19:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-14 23:44 - 2014-07-06 19:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-14 23:44 - 2014-07-06 19:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-14 23:44 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-14 23:44 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-14 23:44 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-14 23:44 - 2014-06-27 18:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-14 23:44 - 2014-06-27 18:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-14 23:44 - 2014-06-27 18:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-14 23:43 - 2014-09-12 19:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-14 23:43 - 2014-09-12 19:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-14 23:43 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-14 23:43 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-14 23:43 - 2014-08-28 20:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-14 23:43 - 2014-08-28 20:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-14 23:43 - 2014-08-28 20:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-14 23:43 - 2014-08-28 20:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-14 23:43 - 2014-08-28 20:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-14 23:43 - 2014-08-28 19:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-14 23:43 - 2014-08-28 19:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-14 23:43 - 2014-08-28 19:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-14 23:43 - 2014-08-28 19:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-10-14 23:43 - 2014-07-16 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-14 23:43 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-14 23:43 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-14 23:43 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-14 23:43 - 2014-07-16 20:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-14 23:43 - 2014-07-16 20:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-14 23:43 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-14 23:43 - 2014-07-16 19:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-14 23:43 - 2014-07-16 19:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-14 23:43 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-14 23:43 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-05 09:49 - 2009-07-13 23:10 - 01207071 _____ () C:\Windows\WindowsUpdate.log
2014-11-05 09:46 - 2011-04-28 10:55 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-05 09:44 - 2011-11-16 16:14 - 00000000 ___RD () C:\Users\User\Dropbox
2014-11-05 09:44 - 2011-11-16 16:12 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
2014-11-05 09:43 - 2011-04-28 10:55 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-05 09:43 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-05 09:40 - 2009-07-13 22:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-05 09:40 - 2009-07-13 22:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-05 09:26 - 2013-09-24 12:46 - 00000000 ____D () C:\Users\User\AppData\Local\E4D9ED35-00C7-453A-AF80-0ADAB2730EB6.aplzod
2014-11-05 09:09 - 2012-04-06 07:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-05 08:54 - 2011-05-06 05:06 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3261234485-370927254-394712997-1000UA.job
2014-11-05 05:55 - 2009-07-13 23:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-11-04 17:35 - 2010-11-24 20:40 - 00001456 _____ () C:\Users\User\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-11-04 17:31 - 2012-12-27 05:23 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{582B0001-881D-45B6-AA8E-FEE71B9607F1}
2014-11-04 10:54 - 2011-05-06 05:06 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3261234485-370927254-394712997-1000Core.job
2014-11-03 18:01 - 2010-11-09 06:30 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-11-03 14:47 - 2013-09-07 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-11-03 14:06 - 2010-11-24 07:14 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-11-03 13:06 - 2010-09-22 13:23 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-03 13:06 - 2010-09-22 13:23 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-11-03 12:37 - 2010-11-01 14:52 - 00000000 ____D () C:\Users\User\AppData\Local\Deployment
2014-11-03 11:36 - 2013-05-22 10:28 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-11-03 06:12 - 2010-11-06 10:02 - 00000000 ____D () C:\Users\Kabra\PhotoshopThumbnailViewerDLL
2014-11-03 04:33 - 2009-07-13 23:13 - 00786578 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-02 10:58 - 2009-07-13 22:45 - 06464920 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-02 06:58 - 2014-01-16 12:39 - 00000000 ____D () C:\Windows\Minidump
2014-11-01 10:32 - 2014-01-31 06:01 - 00003318 _____ () C:\Windows\System32\Tasks\PinItAutoUpdate
2014-10-31 14:58 - 2010-11-05 04:02 - 00000000 ____D () C:\Users\Kabra
2014-10-31 04:19 - 2014-07-02 01:00 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-10-31 04:15 - 2014-07-15 17:22 - 00000000 ____D () C:\Users\Kabra\AdobeFlashPlayer32bit
2014-10-31 04:15 - 2012-04-06 07:59 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-31 04:15 - 2012-04-06 07:59 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-31 04:15 - 2011-05-14 20:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-30 08:51 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-10-30 07:21 - 2010-09-22 15:53 - 00000000 ____D () C:\Windows\Panther
2014-10-30 07:16 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-30 00:21 - 2014-04-24 20:18 - 00000000 __SHD () C:\.VTrack
2014-10-29 15:16 - 2009-07-13 21:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-29 15:16 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-10-29 15:10 - 2010-11-09 05:13 - 00000000 ____D () C:\Program Files (x86)\ArcSoft
2014-10-29 15:10 - 2010-09-22 13:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-29 12:50 - 2010-11-05 00:54 - 00000000 ____D () C:\ProgramData\Norton
2014-10-29 08:58 - 2013-04-28 13:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2014-10-29 08:45 - 2013-12-21 05:28 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-29 08:45 - 2013-12-21 05:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-29 08:45 - 2013-12-21 05:28 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-29 07:19 - 2013-12-21 05:26 - 00000000 ____D () C:\Users\User\AppData\Roaming\Malwarebytes
2014-10-29 07:19 - 2013-12-21 05:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-28 01:56 - 2011-05-06 05:07 - 00002362 _____ () C:\Users\User\Desktop\Google Chrome.lnk
2014-10-26 20:35 - 2011-03-14 10:12 - 00000132 _____ () C:\Users\User\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-10-24 07:46 - 2014-09-19 09:00 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-24 07:46 - 2010-11-15 22:55 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-21 05:57 - 2010-11-09 06:58 - 00000398 _____ () C:\Windows\Tasks\EasyShare Registration Task.job
2014-10-18 11:56 - 2013-05-22 10:28 - 00003980 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-10-18 09:49 - 2011-05-06 05:06 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3261234485-370927254-394712997-1000UA
2014-10-18 09:49 - 2011-05-06 05:06 - 00003480 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3261234485-370927254-394712997-1000Core
2014-10-16 04:41 - 2011-04-28 10:55 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-16 04:41 - 2011-04-28 10:55 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-15 02:44 - 2011-05-04 16:15 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-15 02:37 - 2009-07-13 21:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-15 02:29 - 2014-04-29 07:34 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-15 02:29 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-15 02:29 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 02:11 - 2010-11-04 14:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-15 02:07 - 2013-08-14 02:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 02:01 - 2010-11-01 16:39 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-12 12:15 - 2013-10-25 09:32 - 00000000 ____D () C:\Users\Public\Downloads\UofIBasketballSchedules

Files to move or delete:
====================
C:\Users\Kabra\WinZip170.exe

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppiibsk.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-05 01:19

==================== End Of Log ============================

 

 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:07 AM

Posted 05 November 2014 - 11:52 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKU\S-1-5-21-3261234485-370927254-394712997-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3261234485-370927254-394712997-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869
BHO-x32: No Name -> {D40C654D-7C51-4EB3-95B2-1E23905C2A2D} ->  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {46A21652-3F93-437D-AAC0-CAA1F6713DA0} -  No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S2 RoxLiveShare9; "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]
S4 SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]
S3 WimFltr; system32\DRIVERS\wimfltr.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

http://screen317.spywareinfoforum.org/SecurityCheck.exe%5Dhere[/url].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

Clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.

  • ===

    How is the computer running now?


#5 compusr54

compusr54
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 05 November 2014 - 02:47 PM

Below is the contents of fixlog.txt  I do have one question as I prepare to download AdwCleaner.  Farther down in your response is a task to "Clean your Temporary files/Folders" - specifically how should I do that?

 

Thanks in advance for your response :-)

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-11-2014
Ran by User at 2014-11-05 13:35:18 Run:1
Running from C:\Users\User\Desktop\FarbarRecoveryTool_64bit
Loaded Profile: User (Available profiles: User)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKU\S-1-5-21-3261234485-370927254-394712997-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3261234485-370927254-394712997-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869
BHO-x32: No Name -> {D40C654D-7C51-4EB3-95B2-1E23905C2A2D} ->  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {46A21652-3F93-437D-AAC0-CAA1F6713DA0} -  No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S2 RoxLiveShare9; "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]
S4 SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]
S3 WimFltr; system32\DRIVERS\wimfltr.sys [X]

End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist" => Key deleted successfully.
HKU\S-1-5-21-3261234485-370927254-394712997-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
"HKU\S-1-5-21-3261234485-370927254-394712997-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-3261234485-370927254-394712997-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => Key deleted successfully.
"HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
"HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{46A21652-3F93-437D-AAC0-CAA1F6713DA0} => value deleted successfully.
"HKCR\CLSID\{46A21652-3F93-437D-AAC0-CAA1F6713DA0}" => Key not found.
"HKCR\Wow6432Node\PROTOCOLS\Handler\gopher" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{79eac9e4-baf9-11ce-8c82-00aa004ba90b}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
ACDaemon => Service deleted successfully.
RoxLiveShare9 => Service deleted successfully.
SessionLauncher => Service deleted successfully.
WimFltr => Service deleted successfully.

==== End of Fixlog ====



#6 compusr54

compusr54
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 05 November 2014 - 03:04 PM

And, here are the results of the AdwCleaner execution. . .it did NOT find any false positive items that I detected.  Here are the results of that log file

 

# AdwCleaner v3.311 - Report created 05/11/2014 at 13:54:41
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : User - USER-PC
# Running from : C:\Users\User\Desktop\adwcleaner_3.311.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17116

-\\ Google Chrome v

[ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [6602 octets] - [29/10/2014 10:31:05]
AdwCleaner[R1].txt - [6553 octets] - [29/10/2014 10:36:02]
AdwCleaner[R2].txt - [1182 octets] - [05/11/2014 13:49:26]
AdwCleaner[S0].txt - [6423 octets] - [29/10/2014 10:45:22]
AdwCleaner[S1].txt - [1254 octets] - [05/11/2014 13:54:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1314 octets] ##########



#7 compusr54

compusr54
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 05 November 2014 - 03:59 PM

Here are the results of SecurityCheck.  I think I have answered my own question about "Clean your Temporary files/Folders" . . . I think that is what TFC does, correct?  I'm going to run that next

 

 Results of screen317's Security Check version 0.99.89 
 Windows 7 Service Pack 1 x64 (UAC is disabled!) 
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Norton 360   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 65 
 Java version out of Date!
 Adobe Flash Player 15.0.0.152 
 Google Chrome 38.0.2125.104 
 Google Chrome 38.0.2125.111 
 Google Chrome plugins... 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 8%
````````````````````End of Log``````````````````````
 



#8 compusr54

compusr54
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 05 November 2014 - 04:31 PM

I have completed all of the supplied steps. . .the TFC didn't detect anything that needed to be cleared so I did a manual reboot.  Will continue to monitor system activity to see if and rogue processes appear and I will be on the look out for any notifications from Norton's.

 

Thanks again for all your help. . .I have printed out the various logs and want to spend some time analyzing what they show.  As an old mainframe computer programmer, I am curious how you detected the things that needed to be fixed. . .

 

Thanks!!!



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:07 AM

Posted 06 November 2014 - 08:38 AM

Look at your Addition.txt log.

2014-11-05 06:50 - 2014-11-05 06:50 - 40034920 ____T () C:\Windows\SysWOW64\00030599.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 40034920 ____T () C:\Windows\SysWOW64\00003495.tmp
2014-11-05 06:50 - 2014-11-05 06:50 - 01176168 ____T () C:\Windows\SysWOW64\00032423.tmp
etc...

Make sure these .tmp files were removed by the TFC tool.

If not you should delete them.
===


Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u67.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 65

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#10 compusr54

compusr54
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 06 November 2014 - 10:12 AM

The good news is I didn't have any of the 3 files listed on my system.

 

The bad news is, try as I might I cannot verify the Java installation.  The update that installed was version 8 update 25. . .got there after unsuccessful attempts to install the version that you indicated.  I tried to uninstall previous versions via JAVA, but those didn't appear successful.  So, I used the Microsoft Control Panel to manually uninstall all versions of Java.  Then I attempted to reinstall the Version 8 update 25.  Here is the message I received

 

We are unable to verify if Java is currently installed and enabled in your browser.

If you have installed Java and there is an error with the verification, there could be a configuration issue (eg. browser, Java control panel, security settings). Try restarting your browser before trying to verify the installation again.

 

BTW, I have restarted my browser, restarted my computer, verified the Java is enabled on the Java Control Panel.

 

The other odd thing this morning. . .I had uninstalled Adobe Reader for PDF files before contacting you initially. . .I cannot successfully install that either.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:07 AM

Posted 06 November 2014 - 11:07 AM


Download and run their un-installer tool.

https://www.java.com/en/download/faq/uninstaller_toolinfo.xml

Restart the computer normally.

Re-install the application.

#12 compusr54

compusr54
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 06 November 2014 - 12:37 PM

I can no longer download the Java un-installer tool. . .I am presented with the page to Verify Java and Uninstall Out-of-Date Versions.  It cannot verify the version so it is a catch-22 situation.

 

Here's what I found in their faq section

 

How do I access the Java Uninstall tool?

The tool is available:

  • by loading the Java Uninstall tool web page
    • after Windows Java 7 installation. The uninstall tool features are integrated with the Java verification (Windows only).

    This tool cannot be downloaded and it can run only within the browser.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:07 AM

Posted 06 November 2014 - 01:59 PM

.I had uninstalled Adobe Reader for PDF files before contacting you initially


If there was a new restore point created when you remove the Reader you may be able to restore it.

Run the Screen317 Security tool after the restore and will take it from there.

#14 compusr54

compusr54
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 06 November 2014 - 04:20 PM

Thanks for your response.  This afternoon I was able to install the Adobe PDF Reader. . .I did so without going to a previous restore point.  I think I may have been trying to install an old version of the reader. . .this afternoon when I googled it, I found what looks like a more recent version . . .so that issue is resolved.

 

The only remaining issue is Java. . .IE appears to be working properly as I have not received any notifications regarding issues with Java, so at this point I'm unsure if the install worked or not.



#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:07 AM

Posted 07 November 2014 - 07:57 AM

Check the Add/Remove program list and see if you have a version installed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users