Jump to content

Browsers hijacked by "Dosearches.com"


Recommended Posts

Hi, I have a problem which I hope you can help here.

 

1. I stupidly downloaded a file which advertently contained " "Dosearches.com" malware.

2. Result: Everytime I open my browser window (Chrome or IE), it automatically goes to this URL: http://www.dosearches.com/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=sc&from=smt&uid=CorsairXNeutronXGTXXSSD_13267904000097560098&ts=1381309315

3. I manually reset Chrome and IE to my default settings, removed the Dosearch extensions, removed the Dosearch search engine --> problem still persists.

4. Ran Malwarebytes Anti-Malware --> detected Dosearch and removed it --> problem still persists.

5. Ran Malwarebytes Anti-Rootkit --> no malware detected --> problem still persists.

6. Ran Avast Anti-Virus --> no virus detected --> problem still persists.

 

I'm at my wits end now on how to resolve this so hope you can help.

 

 

Here are the two reports to aid my case:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16720  BrowserJavaVersion: 10.40.2
Run by GaryLina at 20:20:35 on 2013-10-09
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16349.14149 [GMT 8:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.17\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Users\GaryLina\Documents\RealTemp_370\RealTemp.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Razer\Razer Game Booster\main.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
LSP: %SystemRoot%\system32\WTFastDrv.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{79DD31F4-0A96-4D43-A3A2-EEC2B97FB91E} : DHCPNameServer = 192.168.1.254
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-10-9 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-10-9 204880]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-10-9 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-10-9 378944]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-10-24 574272]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2012-12-13 918448]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.17\aaHMSvc.exe [2012-12-13 947328]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2012-12-13 586880]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-10-9 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-10-9 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-10-9 46808]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
R2 RzKLService;RzKLService;C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [2013-9-18 106472]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]
R3 danewFltr;NewDeathAdder Mouse;C:\Windows\System32\drivers\danew.sys [2012-3-11 12032]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 VKbms;Razer Gaming Device;C:\Windows\System32\drivers\VKbms.sys [2012-3-11 13312]
R3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Users\GaryLina\Documents\RealTemp_370\WinRing0x64.sys [2008-7-26 14544]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2013-7-9 17480]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2013-7-9 9800]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-24 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-24 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-12 1255736]
.
=============== Created Last 30 ================
.
2013-10-09 12:12:57 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-09 10:30:12 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9FE4CCDE-6B49-4F65-A1DB-873FD9AA1D70}\offreg.dll
2013-10-09 10:06:18 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-10-09 10:06:18 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-10-09 10:06:18 204880 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-10-09 10:06:18 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-10-09 10:06:17 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-10-09 10:06:05 41664 ----a-w- C:\Windows\avastSS.scr
2013-10-09 10:04:23 -------- d-----w- C:\ProgramData\AVAST Software
2013-10-09 09:59:14 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9FE4CCDE-6B49-4F65-A1DB-873FD9AA1D70}\mpengine.dll
2013-10-09 09:23:29 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-10-09 09:23:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-09 09:02:16 -------- d-----w- C:\Users\GaryLina\AppData\Local\Bundled software uninstaller
2013-10-09 09:01:57 -------- d-----w- C:\ProgramData\eSafe
2013-10-09 08:36:18 81920 ----a-w- C:\Windows\SysWow64\davclnt.dll
2013-10-09 08:36:18 259584 ----a-w- C:\Windows\System32\WebClnt.dll
2013-10-09 08:36:18 205824 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2013-10-09 08:36:18 140800 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2013-10-09 08:36:18 102400 ----a-w- C:\Windows\System32\davclnt.dll
2013-10-09 08:34:49 785624 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-10-09 08:34:31 633856 ----a-w- C:\Windows\System32\comctl32.dll
2013-10-09 08:34:31 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2013-10-09 08:34:14 76800 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2013-10-09 08:34:14 32896 ----a-w- C:\Windows\System32\drivers\hidparse.sys
2013-10-09 08:32:20 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 08:32:20 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 08:32:16 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-10-09 08:32:12 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-10-09 08:32:12 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-10-09 08:32:12 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-10-09 08:32:12 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-10-08 11:34:40 -------- d-----w- C:\ProgramData\Media Center Programs
2013-10-03 14:48:08 -------- d-----w- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-10-03 13:21:12 -------- d-----w- C:\Program Files (x86)\THQ
2013-10-03 02:17:29 -------- d-----w- C:\ProgramData\Oracle
2013-10-03 02:17:23 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-13 11:40:32 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-09-09 17:05:14 -------- d-----w- C:\BOSS
.
==================== Find3M  ====================
.
2013-10-09 08:33:59 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-10-03 02:17:21 868264 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-10-03 02:17:21 790440 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-09-13 11:46:31 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-13 11:46:31 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-12 08:58:10 9281032 ----a-w- C:\Windows\System32\nvcuda.dll
2013-09-12 07:25:43 6599968 ----a-w- C:\Windows\System32\nvcpl.dll
2013-09-12 07:25:43 3452192 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-09-12 07:25:40 920864 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-09-12 07:25:40 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-09-12 07:25:40 219424 ----a-w- C:\Windows\System32\nvmctray.dll
2013-09-11 22:06:31 3361114 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-08-18 08:23:40 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-08-18 08:23:40 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-08-18 08:22:55 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-08-18 08:22:55 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-08-18 08:22:47 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-08-18 08:22:40 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-08-18 08:22:40 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-08-18 08:22:40 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-08-18 08:22:40 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-08-18 08:22:40 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-08-18 08:22:40 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-08-18 08:22:40 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-08-18 08:22:40 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-08-09 06:25:05 386416 ----a-w- C:\Windows\SysWow64\networkdlllsp.dll
2013-08-06 20:22:02 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
.
============= FINISH: 20:20:44.45 ===============
 
 
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 3/11/2012 7:34:50 PM
System Uptime: 10/9/2013 7:21:15 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | P8Z68-V LE
Processor: Intel® Core i5-2400 CPU @ 3.10GHz | LGA1155 | 3101/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 80.648 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP253: 10/9/2013 5:06:50 PM - Point
RP254: 10/9/2013 5:59:10 PM - Windows Update
RP255: 10/9/2013 6:05:49 PM - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Advanced SystemCare 6
Aion
Akamai NetSession Interface
Asmedia ASM104x USB 3.0 Host Controller Driver
ASUS nVidia Driver
Auslogics Disk Defrag
avast! Free Antivirus
BattlePing 1.3.2.3
BOSS
CCleaner
Command & Conquer™ Red Alert™ 3
Company of Heroes
Company of Heroes - FAKEMSI
EaseUS Partition Master 9.2.2
Google Chrome
Google Update Helper
Java 7 Update 40
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
NCSOFT Game Launcher
NVIDIA Control Panel 327.23
NVIDIA Graphics Driver 327.23
NVIDIA HD Audio Driver 1.3.26.4
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0725
Oblivion mod manager 1.1.12
Origin
Razer DeathAdder Mouse
Razer Game Booster
Realtek Ethernet Controller Driver
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft .NET Framework 4.5 (KB2804582)
Security Update for Microsoft .NET Framework 4.5 (KB2833957)
Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)
Security Update for Microsoft .NET Framework 4.5 (KB2861208)
Steam
The Elder Scrolls IV: Oblivion 
The Lord of the Rings Online™: Siege of Mirkwood™ v03.01.00.802
Unofficial Oblivion Patch v3.4.3
Unofficial Official Mods Patch v18
Unofficial Shivering Isles Patch v1.5.2
Update for Microsoft .NET Framework 4.5 (KB2750147)
Update for Microsoft .NET Framework 4.5 (KB2805221)
Update for Microsoft .NET Framework 4.5 (KB2805226)
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
Windows Media Player Firefox Plugin
WTFast 2.13
.
==== Event Viewer Messages From Past Week ========
.
10/9/2013 8:12:39 PM, Error: mbamchameleon [61440]  - 
10/9/2013 8:11:33 PM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/9/2013 8:11:26 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
10/9/2013 4:38:21 PM, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
.
==== End Of File ===========================
 

 

Please help, thank you.

 

Link to post
Share on other sites

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Hi MrC,

 

Thank you for the quick response!

 

This is the RogueKiller report:

 

 

 

RogueKiller V8.7.1 _x64_ [Oct  3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : GaryLina [Admin rights]
Mode : Scan -- Date : 10/09/2013 20:51:21
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 6 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - Corsair Neutron GTX SSD ATA Device +++++
--- User ---
[MBR] d9134e6de96f47074334ac98b653ab80
[bSP] 633b4ecd994eadb5c6f45bd8c0f4efc9 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16065 | Size: 101 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 224910 | Size: 228824 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_10092013_205121.txt >>
Link to post
Share on other sites

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

Please disable Windows Defender, you have avast installed and running as your anti-virus.

Having 2 anti-virus programs on causes conflicts and provides spotty protection.

Dangers of running 2 anti-virus programs

Disable Windows Defender

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Then...........

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

Link to post
Share on other sites

OK...Next:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

 

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Gotcha, will run ComboFix.

 

In the meantime, just wanna share something I found by doing regedit (see attached screenshot).

 

in the HKEY_LOCAL_MACHINE folder, there are two registry entries which seem to be the Dosearch trigger for Chrome and IE. Could these be the problem?

post-146590-0-18721100-1381334718_thumb.

Link to post
Share on other sites

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now.

If problem still occurs:

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system)

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
MrC
Link to post
Share on other sites

Hi MrC,

 

 

AdwCleaner report

# AdwCleaner v3.007 - Report created 10/10/2013 at 08:44:46
# Updated 09/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : GaryLina - GARYLINA-PC
# Running from : C:\Users\GaryLina\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\eSafe
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free window registry repair
Folder Deleted : C:\Users\GaryLina\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\Users\GaryLina\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\GaryLina\AppData\LocalLow\Toolbar4
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32D47EA5-9473-4CAD-805D-9999F15D5AE2}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}]
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16720
 
 
-\\ Google Chrome v30.0.1599.69
 
[ File : C:\Users\GaryLina\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [4303 octets] - [10/10/2013 08:40:34]
AdwCleaner[s0].txt - [4181 octets] - [10/10/2013 08:44:46]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4241 octets] ##########
 
 
The Malwarebytes report is also attached here.
 
 
FRST Report
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by GaryLina (administrator) on GARYLINA-PC on 10-10-2013 08:56:32
Running from C:\Users\GaryLina\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.17\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKCU\...\Run: [Advanced SystemCare 6] - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-04-18] (IObit)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
BootExecute: autocheck autochk * ?????
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {c1d89ae7-449d-4929-b24b-fded04adbe06} URL = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Winsock: Catalog9 01 %SystemRoot%\system32\WTFastDrv.dll [72296] (Initex)
Winsock: Catalog9 02 %SystemRoot%\system32\WTFastDrv.dll [72296] (Initex)
Winsock: Catalog9 03 %SystemRoot%\system32\WTFastDrv.dll [72296] (Initex)
Winsock: Catalog9 04 %SystemRoot%\system32\WTFastDrv.dll [72296] (Initex)
Winsock: Catalog9 15 %SystemRoot%\system32\WTFastDrv.dll [72296] (Initex)
Winsock: Catalog9-x64 01 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex)
Winsock: Catalog9-x64 02 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex)
Winsock: Catalog9-x64 03 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex)
Winsock: Catalog9-x64 04 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex)
Winsock: Catalog9-x64 15 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\GaryLina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\GaryLina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\GaryLina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\GaryLina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\GaryLina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\GaryLina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\GaryLina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [jekmiciaamoabjccmachncgdfpgfpbfg] - C:\ProgramData\SaveAs\jekmiciaamoabjccmachncgdfpgfpbfg.crx
CHR HKLM-x32\...\Chrome\Extension: [kdfbddbdpnahdahmamlolacimfdbeckk] - C:\Users\GaryLina\AppData\Local\CRE\kdfbddbdpnahdahmamlolacimfdbeckk.crx
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASC_GhromePlugin.crx
 
==================== Services (Whitelisted) =================
 
R2 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [574272 2013-04-18] (IObit)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [918448 2011-10-29] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.17\aaHMSvc.exe [947328 2011-12-09] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [106472 2013-09-18] (Razer Inc.)
 
==================== Drivers (Whitelisted) ====================
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] ()
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] ()
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 WinRing0_1_2_0; C:\Users\GaryLina\Documents\RealTemp_370\WinRing0x64.sys [14544 2012-03-12] (OpenLibSys.org)
S3 WinRing0_1_2_0; C:\Users\GaryLina\Documents\RealTemp_370\WinRing0x64.sys [14544 2012-03-12] (OpenLibSys.org)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [x]
S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-10-10 08:56 - 2013-10-10 08:56 - 00000000 ____D C:\FRST
2013-10-10 08:55 - 2013-10-10 08:55 - 01954124 _____ (Farbar) C:\Users\GaryLina\Downloads\FRST64.exe
2013-10-10 08:40 - 2013-10-10 08:44 - 00000000 ____D C:\AdwCleaner
2013-10-10 08:40 - 2013-10-10 08:40 - 01048960 _____ C:\Users\GaryLina\Downloads\AdwCleaner.exe
2013-10-10 00:11 - 2013-10-10 00:11 - 00019773 _____ C:\Users\GaryLina\Desktop\ComboFix.txt
2013-10-10 00:09 - 2013-10-10 00:09 - 00000546 _____ C:\Windows\PFRO.log
2013-10-10 00:06 - 2013-10-10 00:11 - 00000000 ____D C:\Qoobox
2013-10-10 00:06 - 2013-10-10 00:10 - 00000000 ____D C:\Windows\erdnt
2013-10-10 00:06 - 2011-06-26 14:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-10 00:06 - 2010-11-08 01:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-10 00:06 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-10 00:06 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-10 00:06 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-10 00:06 - 2000-08-31 08:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-10 00:06 - 2000-08-31 08:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-10 00:06 - 2000-08-31 08:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-10 00:04 - 2013-10-10 00:05 - 05131844 ____R (Swearware) C:\Users\GaryLina\Downloads\ComboFix.exe
2013-10-09 23:38 - 2013-10-09 23:38 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\GaryLina\Downloads\SpyHunter-Installer.exe
2013-10-09 22:52 - 2013-10-09 22:53 - 12907592 _____ (Malwarebytes Corp.) C:\Users\GaryLina\Downloads\mbar-1.07.0.1005 (1).exe
2013-10-09 20:51 - 2013-10-09 20:51 - 00001858 _____ C:\Users\GaryLina\Desktop\RKreport[0]_S_10092013_205121.txt
2013-10-09 20:50 - 2013-10-09 20:56 - 00000000 ____D C:\Users\GaryLina\Desktop\RK_Quarantine
2013-10-09 20:49 - 2013-10-09 20:49 - 03980800 _____ C:\Users\GaryLina\Downloads\RogueKillerX64.exe
2013-10-09 20:20 - 2013-10-09 20:20 - 00688992 ____R (Swearware) C:\Users\GaryLina\Downloads\dds.scr
2013-10-09 20:20 - 2013-10-09 20:20 - 00014109 _____ C:\Users\GaryLina\Desktop\dds.txt
2013-10-09 20:20 - 2013-10-09 20:20 - 00003994 _____ C:\Users\GaryLina\Desktop\attach.txt
2013-10-09 20:12 - 2013-10-09 23:27 - 00000000 ____D C:\Users\GaryLina\Desktop\mbar
2013-10-09 20:12 - 2013-10-09 23:27 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-09 20:12 - 2013-10-09 20:12 - 12907592 _____ (Malwarebytes Corp.) C:\Users\GaryLina\Downloads\mbar-1.07.0.1005.exe
2013-10-09 18:27 - 2013-10-10 08:45 - 00000280 _____ C:\Windows\setupact.log
2013-10-09 18:27 - 2013-10-09 18:27 - 00000000 _____ C:\Windows\setuperr.log
2013-10-09 18:06 - 2013-10-10 08:45 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-10-09 18:06 - 2013-10-10 00:02 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-10-09 18:06 - 2013-08-30 15:48 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-10-09 18:06 - 2013-08-30 15:48 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-10-09 18:06 - 2013-08-30 15:48 - 00204880 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-10-09 18:06 - 2013-08-30 15:48 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-10-09 18:06 - 2013-08-30 15:48 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-10-09 18:06 - 2013-08-30 15:48 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-10-09 18:06 - 2013-08-30 15:48 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-10-09 18:06 - 2013-08-30 15:48 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-10-09 18:06 - 2013-08-30 15:47 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-10-09 18:04 - 2013-10-09 18:05 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-09 18:03 - 2013-10-09 18:04 - 131918888 _____ C:\Users\GaryLina\Downloads\avast_free_antivirus_setup.exe
2013-10-09 17:43 - 2013-10-09 17:43 - 22205064 _____ (Microsoft Corporation) C:\Users\GaryLina\Downloads\Windows-KB890830-x64-V5.5.exe
2013-10-09 17:23 - 2013-10-09 17:23 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\GaryLina\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-09 17:23 - 2013-10-09 17:23 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-09 17:23 - 2013-10-09 17:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-09 17:23 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-09 16:36 - 2013-10-09 16:36 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 16:36 - 2013-10-09 16:36 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-09 16:36 - 2013-10-09 16:36 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 16:36 - 2013-10-09 16:36 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 16:36 - 2013-10-09 16:36 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-09 16:35 - 2013-10-09 16:35 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-09 16:35 - 2013-10-09 16:35 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-09 16:35 - 2013-10-09 16:35 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-09 16:35 - 2013-10-09 16:35 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-09 16:35 - 2013-10-09 16:35 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-09 16:35 - 2013-10-09 16:35 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-09 16:35 - 2013-10-09 16:35 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-09 16:35 - 2013-10-09 16:35 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-09 16:35 - 2013-10-09 16:35 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-09 16:35 - 2013-10-09 16:35 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-09 16:35 - 2013-10-09 16:35 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-09 16:35 - 2013-10-09 16:35 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-09 16:35 - 2013-10-09 16:35 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 16:35 - 2013-10-09 16:35 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-09 16:35 - 2013-10-09 16:35 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-09 16:35 - 2013-10-09 16:35 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-09 16:35 - 2013-10-09 16:35 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-09 16:35 - 2013-10-09 16:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-09 16:34 - 2013-10-09 16:34 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 16:34 - 2013-10-09 16:34 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 16:34 - 2013-10-09 16:34 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 16:34 - 2013-10-09 16:34 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 16:34 - 2013-10-09 16:34 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 16:33 - 2013-10-09 16:33 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-09 16:33 - 2013-10-09 16:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-09 16:33 - 2013-10-09 16:33 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 16:33 - 2013-10-09 16:33 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 16:33 - 2013-10-09 16:33 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 16:33 - 2013-10-09 16:33 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 16:33 - 2013-10-09 16:33 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-09 16:33 - 2013-10-09 16:33 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-09 16:33 - 2013-10-09 16:33 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 16:33 - 2013-10-09 16:33 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-09 16:33 - 2013-10-09 16:33 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 16:33 - 2013-10-09 16:33 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-09 16:33 - 2013-10-09 16:33 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 16:32 - 2013-10-09 16:32 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 16:32 - 2013-10-09 16:32 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-09 16:32 - 2013-10-09 16:32 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-09 16:32 - 2013-10-09 16:32 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-09 16:32 - 2013-10-09 16:32 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-09 16:32 - 2013-10-09 16:32 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 16:32 - 2013-10-09 16:32 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-08 17:07 - 2013-10-08 17:07 - 00001541 _____ C:\Users\GaryLina\Desktop\RelicCOH - Shortcut.lnk
2013-10-04 15:16 - 2013-10-04 15:16 - 00000000 ____D C:\Users\GaryLina\AppData\Roaming\Oracle
2013-10-03 22:48 - 2013-10-03 22:48 - 00000000 ____D C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-10-03 21:21 - 2013-10-03 21:21 - 00000000 ____D C:\Program Files (x86)\THQ
2013-10-03 10:17 - 2013-10-03 10:17 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-03 10:17 - 2013-10-03 10:17 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-03 10:17 - 2013-10-03 10:17 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-03 10:17 - 2013-10-03 10:17 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-03 10:17 - 2013-10-03 10:17 - 00000000 ____D C:\ProgramData\Oracle
2013-10-03 10:17 - 2013-10-03 10:17 - 00000000 ____D C:\Program Files (x86)\Java
2013-09-27 16:28 - 2013-09-27 16:28 - 57606144 _____ C:\Windows\system32\config\software.iobit
2013-09-27 16:28 - 2013-09-27 16:28 - 00102400 _____ C:\Windows\system32\config\default.iobit
2013-09-27 16:28 - 2013-09-27 16:28 - 00061440 _____ C:\Windows\system32\config\sam.iobit
2013-09-27 16:28 - 2013-09-27 16:28 - 00032768 _____ C:\Windows\system32\config\security.iobit
2013-09-27 16:20 - 2013-09-12 16:58 - 29337376 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-09-27 16:20 - 2013-09-12 16:58 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-09-27 16:20 - 2013-09-12 16:58 - 22102304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-09-27 16:20 - 2013-09-12 16:58 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-09-27 16:20 - 2013-09-12 16:58 - 15703688 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-09-27 16:20 - 2013-09-12 16:58 - 13628208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-09-27 16:20 - 2013-09-12 16:58 - 11274528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-09-27 16:20 - 2013-09-12 16:58 - 09281032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-09-27 16:20 - 2013-09-12 16:58 - 07720576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-09-27 16:20 - 2013-09-12 16:58 - 07648000 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-09-27 16:20 - 2013-09-12 16:58 - 06329552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-09-27 16:20 - 2013-09-12 16:58 - 02970400 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-09-27 16:20 - 2013-09-12 16:58 - 02789152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-09-27 16:20 - 2013-09-12 16:58 - 02630304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-09-27 16:20 - 2013-09-12 16:58 - 02367264 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-09-27 16:20 - 2013-09-12 16:58 - 02007328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-09-27 16:20 - 2013-09-12 16:58 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432723.dll
2013-09-27 16:20 - 2013-09-12 16:58 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432723.dll
2013-09-27 16:20 - 2013-09-12 16:58 - 01222824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-09-27 16:20 - 2013-09-12 16:58 - 00681760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-09-27 16:20 - 2013-09-12 16:58 - 00603424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-09-27 16:20 - 2013-09-12 16:58 - 00586016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-09-27 16:20 - 2013-09-12 16:58 - 00515360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-09-27 16:20 - 2013-09-12 16:58 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-09-27 16:20 - 2013-09-12 16:58 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-09-27 16:20 - 2013-09-12 16:58 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-09-27 16:20 - 2013-09-12 16:58 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-09-27 16:20 - 2013-06-16 20:38 - 00196384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2013-09-27 16:20 - 2013-06-16 20:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2013-09-26 13:40 - 2013-09-26 13:40 - 00140429 _____ C:\Users\GaryLina\Documents\Gary Teo_Summary.pptx
2013-09-13 19:42 - 2013-09-13 19:42 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-13 19:42 - 2013-09-13 19:42 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-09-13 19:42 - 2013-09-13 19:42 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-09-13 19:42 - 2013-09-13 19:42 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-09-13 19:42 - 2013-09-13 19:42 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-09-13 19:42 - 2013-09-13 19:42 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-09-13 19:42 - 2013-09-13 19:42 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-09-13 19:42 - 2013-09-13 19:42 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-13 19:42 - 2013-09-13 19:42 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-09-13 19:42 - 2013-09-13 19:42 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-09-13 19:42 - 2013-09-13 19:42 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-09-13 19:42 - 2013-09-13 19:42 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-09-13 19:42 - 2013-09-13 19:42 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-09-13 19:42 - 2013-09-13 19:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-09-13 19:42 - 2013-09-13 19:42 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-09-13 19:42 - 2013-09-13 19:42 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-09-13 19:42 - 2013-09-13 19:42 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-09-13 19:42 - 2013-09-13 19:42 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-09-13 19:42 - 2013-09-13 19:42 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-09-13 19:42 - 2013-09-13 19:42 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-09-13 19:42 - 2013-09-13 19:42 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-09-13 19:40 - 2013-08-05 10:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-13 19:40 - 2013-08-02 10:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-13 19:40 - 2013-08-02 10:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-13 19:40 - 2013-08-02 10:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-13 19:40 - 2013-08-02 10:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-13 19:40 - 2013-08-02 10:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-13 19:40 - 2013-08-02 10:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 10:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 10:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 10:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 09:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-13 19:40 - 2013-08-02 09:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-13 19:40 - 2013-08-02 09:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-13 19:40 - 2013-08-02 09:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 09:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 09:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-13 19:40 - 2013-08-02 08:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-13 19:40 - 2013-08-02 08:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 08:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 08:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-13 19:40 - 2013-08-02 08:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-13 19:40 - 2013-07-26 10:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-13 19:40 - 2013-07-26 10:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-13 19:40 - 2013-07-26 09:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-13 19:40 - 2013-07-26 09:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-11 19:15 - 2013-09-11 19:25 - 00000000 ____D C:\Users\GaryLina\Desktop\TES4Edit_3_0_30_EXPERIMENTAL-11536-3-0-30EXP
2013-09-10 01:05 - 2013-09-10 01:05 - 00000000 ____D C:\BOSS
 
==================== One Month Modified Files and Folders =======
 
2013-10-10 08:56 - 2013-10-10 08:56 - 00000000 ____D C:\FRST
2013-10-10 08:55 - 2013-10-10 08:55 - 01954124 _____ (Farbar) C:\Users\GaryLina\Downloads\FRST64.exe
2013-10-10 08:52 - 2009-07-14 12:45 - 00014816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-10 08:52 - 2009-07-14 12:45 - 00014816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-10 08:50 - 2009-07-14 13:13 - 00795858 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-10 08:48 - 2013-07-28 22:48 - 01027770 _____ C:\Windows\WindowsUpdate.log
2013-10-10 08:45 - 2013-10-09 18:27 - 00000280 _____ C:\Windows\setupact.log
2013-10-10 08:45 - 2013-10-09 18:06 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-10-10 08:45 - 2013-06-22 18:48 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-10 08:45 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-10 08:44 - 2013-10-10 08:40 - 00000000 ____D C:\AdwCleaner
2013-10-10 08:40 - 2013-10-10 08:40 - 01048960 _____ C:\Users\GaryLina\Downloads\AdwCleaner.exe
2013-10-10 00:11 - 2013-10-10 00:11 - 00019773 _____ C:\Users\GaryLina\Desktop\ComboFix.txt
2013-10-10 00:11 - 2013-10-10 00:06 - 00000000 ____D C:\Qoobox
2013-10-10 00:11 - 2009-07-14 11:20 - 00000000 __RHD C:\Users\Default
2013-10-10 00:10 - 2013-10-10 00:06 - 00000000 ____D C:\Windows\erdnt
2013-10-10 00:10 - 2009-07-14 10:34 - 00000215 _____ C:\Windows\system.ini
2013-10-10 00:09 - 2013-10-10 00:09 - 00000546 _____ C:\Windows\PFRO.log
2013-10-10 00:05 - 2013-10-10 00:04 - 05131844 ____R (Swearware) C:\Users\GaryLina\Downloads\ComboFix.exe
2013-10-10 00:02 - 2013-10-09 18:06 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-10-10 00:02 - 2012-06-02 16:41 - 00000866 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-10-09 23:59 - 2013-06-22 18:48 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-09 23:45 - 2012-03-16 03:31 - 00000000 ____D C:\Program Files (x86)\Steam
2013-10-09 23:38 - 2013-10-09 23:38 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\GaryLina\Downloads\SpyHunter-Installer.exe
2013-10-09 23:27 - 2013-10-09 20:12 - 00000000 ____D C:\Users\GaryLina\Desktop\mbar
2013-10-09 23:27 - 2013-10-09 20:12 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-09 22:53 - 2013-10-09 22:52 - 12907592 _____ (Malwarebytes Corp.) C:\Users\GaryLina\Downloads\mbar-1.07.0.1005 (1).exe
2013-10-09 22:33 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\rescache
2013-10-09 20:56 - 2013-10-09 20:50 - 00000000 ____D C:\Users\GaryLina\Desktop\RK_Quarantine
2013-10-09 20:51 - 2013-10-09 20:51 - 00001858 _____ C:\Users\GaryLina\Desktop\RKreport[0]_S_10092013_205121.txt
2013-10-09 20:49 - 2013-10-09 20:49 - 03980800 _____ C:\Users\GaryLina\Downloads\RogueKillerX64.exe
2013-10-09 20:20 - 2013-10-09 20:20 - 00688992 ____R (Swearware) C:\Users\GaryLina\Downloads\dds.scr
2013-10-09 20:20 - 2013-10-09 20:20 - 00014109 _____ C:\Users\GaryLina\Desktop\dds.txt
2013-10-09 20:20 - 2013-10-09 20:20 - 00003994 _____ C:\Users\GaryLina\Desktop\attach.txt
2013-10-09 20:12 - 2013-10-09 20:12 - 12907592 _____ (Malwarebytes Corp.) C:\Users\GaryLina\Downloads\mbar-1.07.0.1005.exe
2013-10-09 18:27 - 2013-10-09 18:27 - 00000000 _____ C:\Windows\setuperr.log
2013-10-09 18:26 - 2012-03-11 19:34 - 00000000 ____D C:\Users\GaryLina
2013-10-09 18:25 - 2012-03-12 11:17 - 00000000 ____D C:\Windows\Panther
2013-10-09 18:06 - 2012-05-20 10:47 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-10-09 18:05 - 2013-10-09 18:04 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-09 18:05 - 2012-05-20 10:47 - 00000000 ____D C:\Program Files\AVAST Software
2013-10-09 18:04 - 2013-10-09 18:03 - 131918888 _____ C:\Users\GaryLina\Downloads\avast_free_antivirus_setup.exe
2013-10-09 17:43 - 2013-10-09 17:43 - 22205064 _____ (Microsoft Corporation) C:\Users\GaryLina\Downloads\Windows-KB890830-x64-V5.5.exe
2013-10-09 17:41 - 2009-07-14 12:45 - 00275712 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-09 17:23 - 2013-10-09 17:23 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\GaryLina\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-09 17:23 - 2013-10-09 17:23 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-09 17:23 - 2013-10-09 17:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-09 17:01 - 2013-08-04 21:54 - 00002501 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-09 17:01 - 2012-03-11 19:35 - 00001743 _____ C:\Users\GaryLina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-09 16:36 - 2013-10-09 16:36 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 16:36 - 2013-10-09 16:36 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-09 16:36 - 2013-10-09 16:36 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 16:36 - 2013-10-09 16:36 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 16:36 - 2013-10-09 16:36 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-09 16:35 - 2013-10-09 16:35 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-09 16:35 - 2013-10-09 16:35 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-09 16:35 - 2013-10-09 16:35 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-09 16:35 - 2013-10-09 16:35 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-09 16:35 - 2013-10-09 16:35 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-09 16:35 - 2013-10-09 16:35 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-09 16:35 - 2013-10-09 16:35 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-09 16:35 - 2013-10-09 16:35 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-09 16:35 - 2013-10-09 16:35 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-09 16:35 - 2013-10-09 16:35 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-09 16:35 - 2013-10-09 16:35 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-09 16:35 - 2013-10-09 16:35 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-09 16:35 - 2013-10-09 16:35 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 16:35 - 2013-10-09 16:35 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-09 16:35 - 2013-10-09 16:35 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-09 16:35 - 2013-10-09 16:35 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-09 16:35 - 2013-10-09 16:35 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-09 16:35 - 2013-10-09 16:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-09 16:34 - 2013-10-09 16:34 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 16:34 - 2013-10-09 16:34 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 16:34 - 2013-10-09 16:34 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 16:34 - 2013-10-09 16:34 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 16:34 - 2013-10-09 16:34 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 16:33 - 2013-10-09 16:33 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-09 16:33 - 2013-10-09 16:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-09 16:33 - 2013-10-09 16:33 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 16:33 - 2013-10-09 16:33 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 16:33 - 2013-10-09 16:33 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 16:33 - 2013-10-09 16:33 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 16:33 - 2013-10-09 16:33 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-09 16:33 - 2013-10-09 16:33 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-09 16:33 - 2013-10-09 16:33 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 16:33 - 2013-10-09 16:33 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-09 16:33 - 2013-10-09 16:33 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 16:33 - 2013-10-09 16:33 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-09 16:33 - 2013-10-09 16:33 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-09 16:33 - 2013-10-09 16:33 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 16:32 - 2013-10-09 16:32 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 16:32 - 2013-10-09 16:32 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-09 16:32 - 2013-10-09 16:32 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-09 16:32 - 2013-10-09 16:32 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-09 16:32 - 2013-10-09 16:32 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-09 16:32 - 2013-10-09 16:32 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 16:32 - 2013-10-09 16:32 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 16:32 - 2012-03-14 00:58 - 00787980 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-08 22:01 - 2012-03-11 19:38 - 00000000 ____D C:\Users\GaryLina\Documents\My Games
2013-10-08 17:07 - 2013-10-08 17:07 - 00001541 _____ C:\Users\GaryLina\Desktop\RelicCOH - Shortcut.lnk
2013-10-06 17:07 - 2012-03-12 02:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-10-06 03:20 - 2012-12-30 00:54 - 00000058 _____ C:\Users\GaryLina\Documents\aionmemo_bf56e92e.dat
2013-10-05 13:59 - 2012-03-12 02:09 - 00000000 __SHD C:\Users\GaryLina\wc
2013-10-04 15:16 - 2013-10-04 15:16 - 00000000 ____D C:\Users\GaryLina\AppData\Roaming\Oracle
2013-10-04 11:10 - 2012-05-12 20:51 - 00000000 ____D C:\Program Files (x86)\Origin
2013-10-04 09:51 - 2013-08-09 18:41 - 00000075 _____ C:\DiskDefrag.log
2013-10-04 09:51 - 2013-06-08 10:34 - 00000000 ____D C:\ProgramData\GlarySoft
2013-10-03 22:48 - 2013-10-03 22:48 - 00000000 ____D C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-10-03 21:21 - 2013-10-03 21:21 - 00000000 ____D C:\Program Files (x86)\THQ
2013-10-03 10:17 - 2013-10-03 10:17 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-03 10:17 - 2013-10-03 10:17 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-03 10:17 - 2013-10-03 10:17 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-03 10:17 - 2013-10-03 10:17 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-03 10:17 - 2013-10-03 10:17 - 00000000 ____D C:\ProgramData\Oracle
2013-10-03 10:17 - 2013-10-03 10:17 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-03 10:17 - 2012-07-09 05:35 - 00868264 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-10-03 10:17 - 2012-03-12 02:14 - 00790440 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-09-28 00:37 - 2012-06-02 16:41 - 00000000 ____D C:\Program Files\CCleaner
2013-09-27 16:28 - 2013-09-27 16:28 - 57606144 _____ C:\Windows\system32\config\software.iobit
2013-09-27 16:28 - 2013-09-27 16:28 - 00102400 _____ C:\Windows\system32\config\default.iobit
2013-09-27 16:28 - 2013-09-27 16:28 - 00061440 _____ C:\Windows\system32\config\sam.iobit
2013-09-27 16:28 - 2013-09-27 16:28 - 00032768 _____ C:\Windows\system32\config\security.iobit
2013-09-27 16:27 - 2012-03-12 02:05 - 00000000 ____D C:\Program Files (x86)\IObit
2013-09-27 16:21 - 2012-03-11 20:01 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-27 16:21 - 2012-03-11 20:01 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-09-26 13:40 - 2013-09-26 13:40 - 00140429 _____ C:\Users\GaryLina\Documents\Gary Teo_Summary.pptx
2013-09-26 01:46 - 2012-03-12 00:22 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-19 14:07 - 2013-01-03 22:22 - 00001331 _____ C:\Users\Public\Desktop\Razer Game Booster.lnk
2013-09-19 14:05 - 2013-05-16 20:31 - 00000000 ____D C:\Users\GaryLina\Documents\Razer
2013-09-19 14:05 - 2013-01-03 22:23 - 00000000 ____D C:\Users\GaryLina\AppData\Local\Razer
2013-09-18 23:08 - 2013-01-03 22:22 - 00000000 ____D C:\ProgramData\Razer
2013-09-18 23:08 - 2012-04-29 20:16 - 00000000 ____D C:\Program Files (x86)\Razer
2013-09-18 23:07 - 2013-06-21 15:28 - 00015753 _____ C:\autoupdate.log
2013-09-13 19:46 - 2012-04-17 04:46 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-13 19:46 - 2012-04-17 04:46 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-13 19:46 - 2012-03-11 19:35 - 00000000 ___RD C:\Users\GaryLina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-13 19:46 - 2012-03-11 19:35 - 00000000 ___RD C:\Users\GaryLina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-13 19:45 - 2013-07-13 01:38 - 00000000 ____D C:\Windows\system32\MRT
2013-09-13 19:45 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-09-13 19:42 - 2013-09-13 19:42 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-13 19:42 - 2013-09-13 19:42 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-09-13 19:42 - 2013-09-13 19:42 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-09-13 19:42 - 2013-09-13 19:42 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-09-13 19:42 - 2013-09-13 19:42 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-09-13 19:42 - 2013-09-13 19:42 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-09-13 19:42 - 2013-09-13 19:42 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-09-13 19:42 - 2013-09-13 19:42 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-13 19:42 - 2013-09-13 19:42 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-09-13 19:42 - 2013-09-13 19:42 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-09-13 19:42 - 2013-09-13 19:42 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-09-13 19:42 - 2013-09-13 19:42 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-09-13 19:42 - 2013-09-13 19:42 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-09-13 19:42 - 2013-09-13 19:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-09-13 19:42 - 2013-09-13 19:42 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-09-13 19:42 - 2013-09-13 19:42 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-09-13 19:42 - 2013-09-13 19:42 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-09-13 19:42 - 2013-09-13 19:42 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-09-13 19:42 - 2013-09-13 19:42 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-09-13 19:42 - 2013-09-13 19:42 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-09-13 19:42 - 2013-09-13 19:42 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-09-13 19:42 - 2013-09-13 19:42 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-09-12 16:58 - 2013-09-27 16:20 - 29337376 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-09-12 16:58 - 2013-09-27 16:20 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-09-12 16:58 - 2013-09-27 16:20 - 22102304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-09-12 16:58 - 2013-09-27 16:20 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-09-12 16:58 - 2013-09-27 16:20 - 15703688 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-09-12 16:58 - 2013-09-27 16:20 - 13628208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-09-12 16:58 - 2013-09-27 16:20 - 11274528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-09-12 16:58 - 2013-09-27 16:20 - 09281032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-09-12 16:58 - 2013-09-27 16:20 - 07720576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-09-12 16:58 - 2013-09-27 16:20 - 07648000 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-09-12 16:58 - 2013-09-27 16:20 - 06329552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-09-12 16:58 - 2013-09-27 16:20 - 02970400 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-09-12 16:58 - 2013-09-27 16:20 - 02789152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-09-12 16:58 - 2013-09-27 16:20 - 02630304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-09-12 16:58 - 2013-09-27 16:20 - 02367264 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-09-12 16:58 - 2013-09-27 16:20 - 02007328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-09-12 16:58 - 2013-09-27 16:20 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432723.dll
2013-09-12 16:58 - 2013-09-27 16:20 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432723.dll
2013-09-12 16:58 - 2013-09-27 16:20 - 01222824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-09-12 16:58 - 2013-09-27 16:20 - 00681760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-09-12 16:58 - 2013-09-27 16:20 - 00603424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-09-12 16:58 - 2013-09-27 16:20 - 00586016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-09-12 16:58 - 2013-09-27 16:20 - 00515360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-09-12 16:58 - 2013-09-27 16:20 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-09-12 16:58 - 2013-09-27 16:20 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-09-12 16:58 - 2013-09-27 16:20 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-09-12 16:58 - 2013-09-27 16:20 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-09-12 16:58 - 2013-08-14 17:19 - 12947360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-09-12 16:58 - 2012-03-11 23:51 - 15901448 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-09-12 16:58 - 2012-03-11 23:51 - 01412832 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2013-09-12 16:58 - 2011-05-21 06:01 - 02986672 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-09-12 16:58 - 2011-05-21 06:01 - 00022814 _____ C:\Windows\system32\nvinfo.pb
2013-09-12 15:25 - 2012-03-11 20:01 - 06599968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-09-12 15:25 - 2012-03-11 20:01 - 03452192 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-09-12 15:25 - 2012-03-11 20:01 - 00920864 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-09-12 15:25 - 2012-03-11 20:01 - 00219424 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-09-12 15:25 - 2012-03-11 20:01 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-09-12 06:06 - 2012-03-11 23:52 - 03361114 _____ C:\Windows\system32\nvcoproc.bin
2013-09-11 19:25 - 2013-09-11 19:15 - 00000000 ____D C:\Users\GaryLina\Desktop\TES4Edit_3_0_30_EXPERIMENTAL-11536-3-0-30EXP
2013-09-11 19:18 - 2013-06-18 18:37 - 00000000 ____D C:\Users\GaryLina\AppData\Local\Oblivion
2013-09-10 01:05 - 2013-09-10 01:05 - 00000000 ____D C:\BOSS
 
Some content of TEMP:
====================
C:\Users\GaryLina\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-10-01 22:49
 
==================== End Of Log ============================
 
 
 
Browser Status:
- The blasted "DoSearch.com" is still the default site whenever I launch a browser.
Noticed web pages are not loading as fast as before.
PC Status:
- Performance seems to be overall.
 

mbam-log-2013-10-10 (08-50-57).txt

Addition.txt

Link to post
Share on other sites

In Chrome, please disable these two extensions: (SaveAs and CRE)

CHR HKLM-x32\...\Chrome\Extension: [jekmiciaamoabjccmachncgdfpgfpbfg] - C:\ProgramData\SaveAs\jekmiciaamoabjccmachncgdfpgfpbfg.crx

CHR HKLM-x32\...\Chrome\Extension: [kdfbddbdpnahdahmamlolacimfdbeckk] - C:\Users\GaryLina\AppData\Local\CRE\kdfbddbdpnahdahmamlolacimfdbeckk.crx

 

----------------------------------------


Lets fix this now:

CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.dosearche...8&ts=1381309315


First make sure you have the latest version of Chrome:
Open up Chrome > Click on the 3 bars in the upper right hand corner
Click on About Google Chrome
If there's an update available it will automatically update


Next:
Go to Tools > Clear Browser Data
Put a check next to all of these:

  • Clear browsing history
  • Clear download history
  • Delete cookies and other site and plug-in data
  • Empty the cache

Click "Clear Browsing Data"

-------------------------------

Next:
Click the Chrome menu on the browser toolbar.
Select Settings.
In the "Search" section, click Manage search engines.
Check if (Default) is displayed next to your preferred search engine. If not, mouse over it and click Make default.
Mouse over any other suspicious search engine entries that are not familiar and click X to remove them.

-------------------------------------

Click the Chrome menu .
Select Settings.
In the "On startup" section, select Open a specific page or set of pages.
Click Set pages. (in blue to the right)
Remove any unfamiliar pages.

-----------------------

Click the Chrome menu .
Select Settings.
In the "Appearance" section, if the "Show Home button" checkbox is selected, see if the page listed below is the home page you’d like to use.
If the page isn't the home page you'd like to use, click Change and select your preferred page.

-------------------------

Let me know.....MrC

Link to post
Share on other sites

Hi MrC,

 

Did everything you said except:

 

1. Can't find the below to delete (please see screenshot):

CHR HKLM-x32\...\Chrome\Extension: [jekmiciaamoabjccmachncgdfpgfpbfg] - C:\ProgramData\SaveAs\jekmiciaamoabjccmachncgdfpgfpbfg.crx

CHR HKLM-x32\...\Chrome\Extension: [kdfbddbdpnahdahmamlolacimfdbeckk] - C:\Users\GaryLina\AppData\Local\CRE\kdfbddbdpnahdahmamlolacimfdbeckk.crx

 

1. Problem still persists despite all the steps taken in Chrome (please see screenshots)

 

Gary

post-146590-0-98862500-1381374497_thumb.

post-146590-0-11004600-1381374500_thumb.

post-146590-0-42223800-1381374502_thumb.

post-146590-0-55209700-1381374504_thumb.

Link to post
Share on other sites

Hi MrC,

 

Thanks for all your help thus far, here's the fixlog.txt.

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by GaryLina at 2013-10-10 13:03:44 Run:1
Running from C:\
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CHR HKLM-x32\...\Chrome\Extension: [jekmiciaamoabjccmachncgdfpgfpbfg] - C:\ProgramData\SaveAs\jekmiciaamoabjccmachncgdfpgfpbfg.crx
CHR HKLM-x32\...\Chrome\Extension: [kdfbddbdpnahdahmamlolacimfdbeckk] - C:\Users\GaryLina\AppData\Local\CRE\kdfbddbdpnahdahmamlolacimfdbeckk.crx
*****************
 
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jekmiciaamoabjccmachncgdfpgfpbfg => Key deleted successfully.
"C:\ProgramData\SaveAs\jekmiciaamoabjccmachncgdfpgfpbfg.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kdfbddbdpnahdahmamlolacimfdbeckk => Key deleted successfully.
C:\Users\GaryLina\AppData\Local\CRE\kdfbddbdpnahdahmamlolacimfdbeckk.crx => Moved successfully.
 
==== End of Fixlog ====
Link to post
Share on other sites

Run through these settings again:

Click the Chrome menu on the browser toolbar.
Select Settings.
In the "Search" section, click Manage search engines.
Check if (Default) is displayed next to your preferred search engine. If not, mouse over it and click Make default.
Mouse over any other suspicious search engine entries that are not familiar and click X to remove them.

-------------------------------------

Click the Chrome menu .
Select Settings.
In the "On startup" section, select Open a specific page or set of pages.
Click Set pages. (in blue to the right)
Remove any unfamiliar pages.

-----------------------

Click the Chrome menu .
Select Settings.
In the "Appearance" section, if the "Show Home button" checkbox is selected, see if the page listed below is the home page you’d like to use.
If the page isn't the home page you'd like to use, click Change and select your preferred page.

Then if no change:

Please download SystemLook from the link below and save it to your Desktop.
http://jpshortstuff.247fixes.com/SystemLook_x64.exe

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :Filefinddosearches:regfinddosearches
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt


MrC

Link to post
Share on other sites

Hi MrC,

 

1. For Chrome settings, as per my earlier screenshots, manually setting them to my preferences doesn't resolve the issue.

 

2. SystemLook report as below.

 

3. Question: this malware/virus command line contains these words "Corsair Neutron GTX". This is the brand of my RAM. Has the virus somehow affected my RAM hence the difficulty in purging it?

 

 

SystemLook 30.07.11 by jpshortstuff
Log created at 00:26 on 11/10/2013 by GaryLina
Administrator - Elevation successful
 
========== Filefind ==========
 
Searching for "dosearches"
No files found.
 
========== regfind ==========
 
Searching for "dosearches"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command]
@=""C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.dosearches.com/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=sc&from=smt&uid=CorsairXNeutronXGTXXSSD_13267904000097560098&ts=1381309315"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\shell\open\command]
@=""C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.dosearches.com/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=sc&from=smt&uid=CorsairXNeutronXGTXXSSD_13267904000097560098&ts=1381309315"
 
-= EOF =-
Link to post
Share on other sites

Hi MrC,

 

Here's the latest SystemlLook report:

 

 

 

SystemLook 30.07.11 by jpshortstuff
Log created at 17:41 on 11/10/2013 by GaryLina
Administrator - Elevation successful
 
========== Filefind ==========
 
Searching for "dosearches"
No files found.
 
========== regfind ==========
 
Searching for "dosearches"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\shell\open\command]
 
-= EOF =-
Link to post
Share on other sites

Download the attached fixlist.txt to the same folder as FRST.
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

----------------------------------------

Then........

Download the attached fix2.reg and merge it into the registry as before.

Reboot, check the settings in Chrome see how it is.

 

The link better explains resetting Chrome: (it's towards the bottom.....don't download anything from that site)

If no change........

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

MrC

Link to post
Share on other sites

Hi MrC,

 

1. FRST report here:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by GaryLina at 2013-10-12 10:27:22 Run:1
Running from C:\Users\GaryLina\Desktop\FRST_Main
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.dosearche...8&ts=1381309315
 
*****************
 
HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command\\Default => Value was restored successfully.
 
==== End of Fixlog ====
 
2. JRT report here:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by GaryLina on Sat 10/12/2013 at 12:14:04.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASMANCS
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\GaryLina\appdata\local\cre"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 10/12/2013 at 12:17:42.56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
3. Do Search is still there.
 
4. Question: Is it usually this hard to remove this virus? Getting a bit desperate here :(
Link to post
Share on other sites

4. Question: Is it usually this hard to remove this virus? Getting a bit desperate here

It's the first time I've run across the infection, but they're always fixable.

------------------------------------

Open up Chrome and disable all of the extensions.

Can you manually go into the registry and change if they're still present:
(You would want to remove the items in bold)

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command]
@=""C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.dosearche...8&ts=1381309315"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\shell\open\command]
@=""C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.dosearche...8&ts=1381309315"

------------------------------------------

Reset Chrome if necessary:
https://support.google.com/chrome/answer/3296214?hl=en

See if there's any difference.

-----------------------

Delete your copy of AdwCleaner, download and run a fresh copy.

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

Hi MrC,

 

1. The below-mentioned registry entries are not there, please see attached registry screenshots:

 

Can you manually go into the registry and change if they're still present:

(You would want to remove the items in bold)

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command]
@=""C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.dosearche...8&ts=1381309315"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\shell\open\command]
@=""C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.dosearche...8&ts=1381309315"

 

 

2. AdwCleaner and Malwarebytes reports as below:

 

# AdwCleaner v3.007 - Report created 12/10/2013 at 21:55:30

# Updated 09/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : GaryLina - GARYLINA-PC
# Running from : C:\Users\GaryLina\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16720
 
 
-\\ Google Chrome v30.0.1599.69
 
[ File : C:\Users\GaryLina\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R1].txt - [772 octets] - [11/10/2013 16:49:08]
AdwCleaner[R2].txt - [890 octets] - [11/10/2013 16:51:48]
AdwCleaner[R3].txt - [949 octets] - [11/10/2013 16:56:08]
AdwCleaner[R4].txt - [1008 octets] - [11/10/2013 17:01:18]
AdwCleaner[R5].txt - [1129 octets] - [11/10/2013 17:15:38]
AdwCleaner[R6].txt - [1189 octets] - [11/10/2013 17:16:32]
AdwCleaner[R7].txt - [2067 octets] - [12/10/2013 21:54:06]
AdwCleaner[s1].txt - [832 octets] - [11/10/2013 16:50:28]
AdwCleaner[s2].txt - [1069 octets] - [11/10/2013 17:02:08]
AdwCleaner[s3].txt - [1992 octets] - [12/10/2013 21:55:30]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s3].txt - [2052 octets] ##########
 
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.10.12.03
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
GaryLina :: GARYLINA-PC [administrator]
 
10/12/2013 9:57:38 PM
mbam-log-2013-10-12 (21-57-38).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 383619
Time elapsed: 13 minute(s), 42 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
3. I'm willing to open remote access to my PC if that will better assist your efforts to solve this. Thanks!
 

post-146590-0-38777900-1381587774_thumb.

post-146590-0-98434100-1381587776_thumb.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.