Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple possible infections, google & other sites redirect or don't load


  • This topic is locked This topic is locked
2 replies to this topic

#1 danthro

danthro

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 01 March 2015 - 12:47 PM

I have some sort of virus infection, that may be more than one infection. I keep running malwarebytes, spybot search & destroy, and tried something called adwcleaner a couple times (including in safe mode), but they're not really finding anything.

 

The first symptom I noticed was that I was getting random pop up ads redirecting to adultcameras (dot) info -- a type of site I *never* visit. A google search suggested that this was from malware that might have been installed with other software.

 

So, after malwarebytes and spybot proved ineffective, as did refreshing and resetting the browsers on my computer (firefox, internet explorer, and chrome) I tried uninstalling the only possibly suspect program I could find, called Mind Maple Lite, a free mind mapping program that I'd installed a couple weeks ago. For about half a day afterwards, the problem seemed to be gone. So I tried downloading a different free mind mapping program called Freeplane, and it seemed to be fine, but then...

 

All of a sudden, I am not able to load gmail or google at all. Chrome and Internet Explorer redirect to a message trying to get me to download some fake "Flash Player Pro." But my internet does seem to be working. I am able to load most other sites directly in firefox, but some sites give me a flash pop up message saying that I need to update my flash player -- this message prevents me from accessing that page and the only options are to close the tab or click 'ok' which takes me to the fake flash player download page. It even tried to redirect me away from bleepingcomputer a few times, so writing this from another computer. Also, the adultcameras pop ups came back a couple times, which suggests maybe the original infection never actually went away at all.

 

I tried malwarebytes and spybot but they didn't find anything; I uninstalled the second mind mapping program and reset the browsers, but that also didn't do anything. I tried going to ping google, youtube, and facebook from the command window. Youtube and facebook pinged fine, but pinging google lost 50% of the packets. It's been like this for hours. Now, as of just a minute ago, I was able to load gmail. But I'm not convinced the problem is actually gone.

 

These symptoms sound like different viruses. One with the adultcameras pop ups and then the flash player message/google not loading sound a bit like something called the Moon worm I found mention of online, but that one is supposed to be a router infection of some sort and I couldn't find directions I could understand about how to remove it. Please help!

 

My logs from FRST64 are below (and the Addition text file is attached):

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015
Ran by Hoda (administrator) on HODA-THINK on 01-03-2015 22:19:40
Running from C:\Users\Hoda\Desktop
Loaded Profiles: Hoda (Available profiles: Hoda)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
() C:\ProgramData\Photon Plus\OnlineUpdate\ouc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-01-15] (Lenovo.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-03-14] (Conexant systems, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [40808 2011-05-31] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281960 2011-05-26] (Lenovo Group Limited)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-31] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-14] (Lenovo, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-27] (Microsoft Corporation)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2012-09-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe_ID0ENQBO] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3463125030-2743739409-2767138099-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3463125030-2743739409-2767138099-1000\...\Run: [Google Update] => C:\Users\Hoda\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-08-21] (Google Inc.)
HKU\S-1-5-21-3463125030-2743739409-2767138099-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-3463125030-2743739409-2767138099-1000\...\MountPoints2: D - D:\AutoRun.exe
HKU\S-1-5-21-3463125030-2743739409-2767138099-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-3463125030-2743739409-2767138099-1000\...\MountPoints2: {246fdef7-735d-11e2-b3b0-f0def1ee7d42} - D:\AutoRun.exe
HKU\S-1-5-21-3463125030-2743739409-2767138099-1000\...\MountPoints2: {744247f4-9f8e-11e3-9df3-f0def1ee7d42} - D:\AutoRun.exe
HKU\S-1-5-21-3463125030-2743739409-2767138099-1000\...\MountPoints2: {74425491-9f8e-11e3-9df3-f0def1ee7d42} - D:\AutoRun.exe
HKU\S-1-5-21-3463125030-2743739409-2767138099-1000\...\MountPoints2: {86bd0ec6-cca6-11e1-9207-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-3463125030-2743739409-2767138099-1000\...\MountPoints2: {be4c0370-78e6-11e2-9ba7-f0def1ee7d42} - D:\AutoRun.exe
HKU\S-1-5-21-3463125030-2743739409-2767138099-1000\...\MountPoints2: {f63e106a-180d-11e2-99f7-f0def1ee7d42} - D:\.\ShowModem.exe
HKU\S-1-5-21-3463125030-2743739409-2767138099-1000\...\MountPoints2: {ff3e0954-740e-11e2-af52-f0def1ee7d42} - D:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3463125030-2743739409-2767138099-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS504
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3463125030-2743739409-2767138099-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3463125030-2743739409-2767138099-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 195.238.181.164 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\Hoda\AppData\Roaming\Mozilla\Firefox\Profiles\zng4sq21.default-1425207433042
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3463125030-2743739409-2767138099-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Hoda\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-3463125030-2743739409-2767138099-1000: @talk.google.com/O1DPlugin -> C:\Users\Hoda\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-3463125030-2743739409-2767138099-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Hoda\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3463125030-2743739409-2767138099-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Hoda\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Hoda\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Hoda\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [VIP@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2012-07-13]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn [2015-02-13]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
CHR StartupUrls: Default -> "hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll ()
CHR Plugin: (Norton Confidential) - C:\Users\Hoda\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Profile: C:\Users\Hoda\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Hoda\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-07]
CHR Extension: (Google Wallet) - C:\Users\Hoda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2014.7.0.47\Exts\Chrome.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [288112 2012-09-09] (Adobe Systems Incorporated)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-08-31] (Lenovo.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S2 Photon Plus. RunOuc; C:\Program Files (x86)\Photon Plus\Huawei\UpdateDog\ouc.exe [655712 2014-02-27] ()
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [487960 2014-12-15] (Sony Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SROSVC; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [446800 2011-09-02] (Lenovo Group Limited)
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-26] (Lenovo Group Limited) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [82544 2011-07-13] (Symantec Corporation)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-02-12] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [302968 2015-02-12] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 NCO; "C:\Program Files (x86)\Norton Safe Web Lite\Engine\2014.7.0.47\NST.exe" /s "NCO" /m "C:\Program Files (x86)\Norton Safe Web Lite\Engine\2014.7.0.47\diMaster.dll" /prefetch:1

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07000.02F\ccSetx64.sys [162392 2014-02-21] (Symantec Corporation)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [126080 2010-05-14] (QUALCOMM Incorporated)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-09-09] (DT Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-14] (UPEK Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-01 22:19 - 2015-03-01 22:20 - 00024116 _____ () C:\Users\Hoda\Desktop\FRST.txt
2015-03-01 22:19 - 2015-03-01 22:19 - 00000000 ____D () C:\FRST
2015-03-01 22:13 - 2015-03-01 22:14 - 02092544 _____ (Farbar) C:\Users\Hoda\Desktop\FRST64.exe
2015-03-01 22:08 - 2015-03-01 22:08 - 00016198 _____ () C:\Users\Hoda\Desktop\hijackthis 03012015 2207.txt
2015-03-01 22:07 - 2015-03-01 22:07 - 00016198 _____ () C:\Users\Hoda\Downloads\hijackthis.log
2015-03-01 21:08 - 2015-03-01 21:08 - 00388608 _____ (Trend Micro Inc.) C:\Users\Hoda\Desktop\HijackThis.exe
2015-03-01 13:51 - 2015-03-01 13:51 - 00000000 ____D () C:\Users\Hoda\AppData\Roaming\Freeplane
2015-03-01 13:29 - 2015-03-01 13:42 - 00000000 ____D () C:\Users\Hoda\.freemind
2015-02-28 22:00 - 2015-02-28 22:00 - 00000000 __SHD () C:\Users\Hoda\AppData\Local\EmieBrowserModeList
2015-02-28 20:40 - 2015-02-28 22:49 - 00000000 ____D () C:\AdwCleaner
2015-02-28 20:39 - 2015-02-28 20:39 - 02126848 _____ () C:\Users\Hoda\Downloads\adwcleaner_4.111.exe
2015-02-28 20:30 - 2015-02-28 20:30 - 00000000 ____D () C:\Windows\pss
2015-02-28 20:17 - 2015-02-28 20:17 - 02931242 _____ () C:\Users\Hoda\Desktop\bookmarks-2015-02-28.json
2015-02-28 15:20 - 2015-02-28 15:21 - 00012300 _____ () C:\Windows\DPINST.LOG
2015-02-28 15:19 - 2015-02-28 15:19 - 00000000 ____D () C:\Program Files\Western Digital
2015-02-28 15:16 - 2015-02-28 15:16 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-28 15:16 - 2015-02-28 15:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-28 15:16 - 2015-02-28 15:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-28 15:12 - 2015-02-28 15:13 - 00243424 _____ () C:\Users\Hoda\Downloads\Firefox Setup Stub 36.0.exe
2015-02-28 12:56 - 2015-02-28 22:49 - 00066388 _____ () C:\Windows\PFRO.log
2015-02-28 11:36 - 2009-06-11 02:30 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150228-113644.backup
2015-02-28 01:15 - 2015-02-28 01:15 - 00001406 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-28 01:15 - 2015-02-28 01:15 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-02-28 01:15 - 2015-02-28 01:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-02-28 01:15 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-02-28 01:14 - 2015-02-28 21:25 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-28 01:14 - 2015-02-28 11:18 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-28 01:11 - 2015-02-28 01:12 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Hoda\Downloads\spybot-2.4.exe
2015-02-27 15:59 - 2015-03-01 22:08 - 00002453 _____ () C:\Windows\setupact.log
2015-02-27 15:59 - 2015-02-27 15:59 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-25 23:28 - 2015-01-09 05:14 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 23:28 - 2015-01-09 05:13 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-24 19:30 - 2015-02-24 19:30 - 05325696 _____ (Piriform Ltd) C:\Users\Hoda\Downloads\ccsetup503.exe
2015-02-21 22:14 - 2015-02-21 22:14 - 02219357 _____ () C:\Users\Hoda\Downloads\Evelyn Noor.mp4.mp4
2015-02-20 15:27 - 2015-03-01 19:44 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-20 15:27 - 2015-02-20 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-20 15:27 - 2015-02-20 15:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-20 15:27 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-20 15:27 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-17 16:09 - 2015-02-27 11:18 - 00000000 ____D () C:\Users\Hoda\Desktop\to process
2015-02-15 18:45 - 2015-02-15 18:57 - 77310573 _____ () C:\Users\Hoda\Downloads\C. G. Jung (Author), Sonu Shamdasani (Editor, Translator), Mark Kyburz (Translator), John Peck (Tran The Red Book (Liber Novus)  2009.pdf.part
2015-02-13 15:04 - 2015-03-01 20:17 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2015-02-12 23:45 - 2015-01-23 10:12 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 23:45 - 2015-01-23 10:11 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 23:45 - 2015-01-23 09:13 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 23:45 - 2015-01-23 08:47 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 12:36 - 2015-02-04 08:46 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 12:36 - 2015-02-04 08:46 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 12:36 - 2015-02-04 08:46 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 12:36 - 2015-02-04 08:46 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 12:36 - 2015-02-04 08:46 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 12:36 - 2015-02-04 08:46 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 12:36 - 2015-02-04 08:43 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 12:36 - 2015-01-28 05:06 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 12:36 - 2015-01-14 11:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 12:36 - 2015-01-14 10:39 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 12:36 - 2015-01-12 08:39 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 12:36 - 2015-01-12 08:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 12:36 - 2015-01-12 08:35 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 12:36 - 2015-01-12 08:19 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 12:36 - 2015-01-12 08:18 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 12:36 - 2015-01-12 08:18 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 12:36 - 2015-01-12 08:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 12:36 - 2015-01-12 08:17 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 12:36 - 2015-01-12 08:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 12:36 - 2015-01-12 08:09 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 12:36 - 2015-01-12 08:06 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 12:36 - 2015-01-12 08:04 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 12:36 - 2015-01-12 08:04 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 12:36 - 2015-01-12 07:55 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 12:36 - 2015-01-12 07:55 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 12:36 - 2015-01-12 07:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 12:36 - 2015-01-12 07:51 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 12:36 - 2015-01-12 07:43 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 12:36 - 2015-01-12 07:38 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 12:36 - 2015-01-12 07:38 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 12:36 - 2015-01-12 07:37 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 12:36 - 2015-01-12 07:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 12:36 - 2015-01-12 07:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 12:36 - 2015-01-12 07:35 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 12:36 - 2015-01-12 07:34 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 12:36 - 2015-01-12 07:32 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 12:36 - 2015-01-12 07:30 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 12:36 - 2015-01-12 07:29 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 12:36 - 2015-01-12 07:27 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 12:36 - 2015-01-12 07:25 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 12:36 - 2015-01-12 07:18 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 12:36 - 2015-01-12 07:18 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 12:36 - 2015-01-12 07:16 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 12:36 - 2015-01-12 07:16 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 12:36 - 2015-01-12 07:15 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 12:36 - 2015-01-12 07:13 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 12:36 - 2015-01-12 07:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 12:36 - 2015-01-12 07:06 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 12:36 - 2015-01-12 07:05 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 12:36 - 2015-01-12 07:03 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 12:36 - 2015-01-12 06:57 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 12:36 - 2015-01-12 06:53 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 12:36 - 2015-01-12 06:53 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 12:36 - 2015-01-12 06:52 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 12:36 - 2015-01-12 06:44 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 12:36 - 2015-01-12 06:44 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 12:36 - 2015-01-12 06:32 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 12:36 - 2015-01-12 06:30 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 12:36 - 2015-01-12 06:26 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 12:36 - 2015-01-12 06:25 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 12:36 - 2015-01-10 12:18 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 12:36 - 2015-01-10 12:18 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 12:36 - 2015-01-10 12:18 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 12:36 - 2015-01-10 12:18 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 12:36 - 2015-01-10 12:18 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 12:36 - 2015-01-10 12:18 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 12:36 - 2015-01-10 12:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 12:36 - 2015-01-10 11:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 12:36 - 2015-01-10 11:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 12:36 - 2015-01-10 11:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 12:36 - 2015-01-10 11:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 12:36 - 2015-01-10 11:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 12:36 - 2015-01-10 11:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 12:36 - 2015-01-10 11:57 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 12:34 - 2015-01-13 08:40 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 12:34 - 2015-01-13 08:19 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 12:33 - 2014-12-12 11:01 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 12:33 - 2014-12-12 10:37 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 12:33 - 2014-11-26 09:23 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 12:32 - 2015-01-15 13:44 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 12:32 - 2015-01-15 13:44 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 12:32 - 2015-01-15 13:39 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 12:32 - 2015-01-15 13:39 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 12:32 - 2015-01-15 13:39 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 12:32 - 2015-01-15 13:39 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 12:32 - 2015-01-15 13:39 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 12:32 - 2015-01-15 13:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 12:32 - 2015-01-15 13:36 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 12:32 - 2015-01-15 13:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 12:32 - 2015-01-15 13:34 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 12:32 - 2015-01-15 13:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 12:32 - 2015-01-15 13:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 12:32 - 2015-01-15 13:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 12:32 - 2015-01-15 13:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 12:32 - 2015-01-15 13:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 12:32 - 2015-01-15 13:07 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 12:32 - 2015-01-15 09:52 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 12:32 - 2015-01-14 11:39 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 12:32 - 2015-01-14 11:35 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 12:32 - 2015-01-14 11:35 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 12:32 - 2015-01-14 11:34 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 12:32 - 2015-01-14 11:14 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 12:32 - 2015-01-14 11:14 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 12:32 - 2015-01-14 11:11 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 12:32 - 2014-12-08 08:39 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 12:32 - 2014-12-08 08:16 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 12:32 - 2014-11-26 09:02 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 12:30 - 2015-01-09 07:33 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 12:15 - 2015-02-28 21:24 - 00000000 ____D () C:\Users\Hoda\AppData\Roaming\MindMaple
2015-02-11 12:15 - 2015-02-28 21:24 - 00000000 ____D () C:\ProgramData\MindMaple
2015-02-11 12:15 - 2015-02-28 21:24 - 00000000 ____D () C:\Program Files (x86)\MindMaple
2015-02-11 12:15 - 2015-02-11 12:15 - 00000000 ____D () C:\Users\Hoda\AppData\Local\MindMaple
2015-02-11 12:15 - 2015-02-11 12:15 - 00000000 ____D () C:\Users\Hoda\AppData\Local\ECRSC
2015-02-07 17:14 - 2015-02-07 17:17 - 00000000 ____D () C:\Users\Hoda\Desktop\Read for Research
2015-02-03 08:09 - 2015-02-03 08:09 - 00679061 _____ () C:\Users\Hoda\Downloads\Akbar S. Ahmed Toward Islamic Anthropology_ Definition, Dogma, and Directions (Islamization of Knowledge Series, No 2)  1989.djvu
2015-02-01 18:43 - 2015-02-01 18:43 - 00248773 _____ () C:\Users\Hoda\Downloads\pg38065-images.epub

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-01 22:20 - 2012-07-13 10:41 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-01 22:20 - 2012-07-13 10:27 - 01411047 _____ () C:\Windows\WindowsUpdate.log
2015-03-01 22:19 - 2009-07-14 10:43 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-01 22:16 - 2009-07-14 10:15 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-01 22:16 - 2009-07-14 10:15 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-01 22:08 - 2009-07-14 10:38 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-01 21:25 - 2013-08-21 00:26 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3463125030-2743739409-2767138099-1000UA.job
2015-03-01 20:56 - 2012-09-09 06:27 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-01 17:52 - 2012-09-09 03:20 - 00000000 ____D () C:\Users\Hoda\AppData\Roaming\vlc
2015-03-01 16:09 - 2014-06-17 14:36 - 00000000 ____D () C:\Users\Hoda\AppData\Local\Adobe
2015-03-01 16:09 - 2012-09-09 06:27 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-01 16:09 - 2012-09-09 06:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-01 16:09 - 2012-09-09 06:27 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-01 13:29 - 2012-09-08 06:39 - 00000000 ____D () C:\Users\Hoda
2015-03-01 13:25 - 2013-08-21 00:26 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3463125030-2743739409-2767138099-1000Core.job
2015-02-28 23:35 - 2013-06-23 16:24 - 00000000 ____D () C:\Users\Hoda\Documents\Finances
2015-02-28 21:24 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\Resources
2015-02-28 15:21 - 2013-09-12 15:51 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-28 15:19 - 2014-10-09 19:01 - 00000000 ____D () C:\ProgramData\Western Digital
2015-02-28 15:19 - 2013-09-12 15:53 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2015-02-28 15:19 - 2013-06-02 02:16 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2015-02-28 12:56 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\Speech
2015-02-27 11:04 - 2013-01-12 20:53 - 00000000 ____D () C:\Users\Hoda\AppData\Local\CRE
2015-02-24 19:31 - 2013-01-28 22:38 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-20 21:29 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-20 15:27 - 2012-09-09 03:17 - 00000000 ____D () C:\Users\Hoda\AppData\Roaming\Malwarebytes
2015-02-20 15:27 - 2012-09-09 03:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-20 14:03 - 2013-01-12 20:50 - 00000000 ____D () C:\Users\Hoda\AppData\Roaming\uTorrent
2015-02-20 14:00 - 2013-07-12 16:31 - 00000000 ____D () C:\Users\Hoda\AppData\Local\CrashDumps
2015-02-19 22:16 - 2011-01-17 09:11 - 00000000 ____D () C:\Users\Hoda\Documents\LN
2015-02-17 19:32 - 2014-12-28 18:33 - 00000000 ____D () C:\Users\Hoda\Desktop\photos to sort
2015-02-17 16:00 - 2012-11-16 19:00 - 00000000 ____D () C:\Users\Hoda\AppData\Roaming\Spotify
2015-02-17 15:13 - 2012-09-08 07:05 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-02-17 09:44 - 2012-11-16 19:00 - 00000000 ____D () C:\Users\Hoda\AppData\Local\Spotify
2015-02-14 01:05 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\rescache
2015-02-12 03:30 - 2009-07-14 10:38 - 00032648 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-12 03:29 - 2009-07-14 10:15 - 03018328 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 03:26 - 2014-12-13 15:07 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 03:26 - 2014-05-08 05:41 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 12:41 - 2012-09-09 05:07 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 12:40 - 2013-07-15 00:29 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 12:40 - 2012-09-09 03:11 - 00002128 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-11 12:40 - 2012-09-09 03:11 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-02-11 12:40 - 2012-09-09 03:11 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-11 12:40 - 2012-09-09 03:11 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-11 12:34 - 2012-09-09 06:25 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-09 18:52 - 2013-03-11 19:41 - 00000000 ____D () C:\Users\Hoda\Documents\life hacks
2015-02-06 13:20 - 2013-08-21 00:26 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3463125030-2743739409-2767138099-1000UA
2015-02-06 13:20 - 2013-08-21 00:26 - 00003476 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3463125030-2743739409-2767138099-1000Core
2015-02-05 22:15 - 2012-07-13 10:41 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 22:15 - 2012-07-13 10:41 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 22:15 - 2012-07-13 10:41 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-05 18:44 - 2014-06-04 18:21 - 00000844 _____ () C:\Users\Hoda\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-02-04 09:44 - 2009-01-28 05:06 - 00000000 ____D () C:\Users\Hoda\Documents\Michigan
2015-01-31 01:21 - 2012-09-09 03:06 - 00000000 ____D () C:\Users\Hoda\AppData\Roaming\Mozilla

Some content of TEMP:
====================
C:\Users\Hoda\AppData\Local\Temp\Quarantine.exe
C:\Users\Hoda\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-27 12:42

==================== End Of Log ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:30 AM

Posted 06 March 2015 - 12:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/568730 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:30 AM

Posted 06 March 2015 - 01:05 PM

You have stated that you no longer need help with this issue, therefore I am closing this topic. If that is not the case and you need or wish to continue with this topic, please send any Moderator a Personal Message (PM) that you would like this topic re-opened.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users