BleepingComputer.com: Fake "Blaster Worm" Malware Infection

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 3 Pages +
  • 1
  • 2
  • 3
  • You cannot start a new topic
  • This topic is locked

Fake "Blaster Worm" Malware Infection

#31 User is offline   JSntgRvr 

  • Master Surgeon General
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 5,956
  • Joined: 04-March 06
  • Gender:Male
  • Location:Puerto Rico

Posted 12 December 2011 - 12:58 AM

Please run FRST64 once again, press on the scan button. That should produce another FRST.txt. Post its contents in a reply.
No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
Posted Image

#32 User is offline   sabire148 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 20
  • Joined: 02-December 11

Posted 13 December 2011 - 05:54 PM

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.0
Ran by SYSTEM at 2011-12-13 14:47:13
Running from F:\
Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet002

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] RAVCpl64.exe [x]
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe [152576 2008-07-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [151064 2008-09-16] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [209432 2008-09-16] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [181784 2008-09-16] (Intel Corporation)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2782096 2010-07-25] (CANON INC.)
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [2918656 2011-01-12] (ESET)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup [623880 2008-09-09] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [VAIORegistration] "C:\Program Files\Sony\First Experience\WelcomeLauncher.exe" [16384 2008-06-26] (Sony Electronics, Inc.)
HKLM-x32\...\Run: [VAIOSurvey] "C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe" [385024 2008-07-25] ()
HKLM-x32\...\Run: [VWLASU] "C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe" [24576 2008-05-20] (Sony Electronics, Inc.)
HKLM-x32\...\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [317280 2008-04-03] (Sony Corporation)
HKLM-x32\...\Run: [AML] "C:\Program Files (x86)\Sony\VAIO Launcher\AML.exe" InitApp [1097728 2008-09-09] (Sony)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-12-14] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot [198160 2009-12-25] (RealNetworks, Inc.)
HKLM-x32\...\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [843776 2009-06-04] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2010-12-13] (Apple Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] "C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" /logon [1213848 2010-09-14] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] "C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" /FORCE [452016 2010-09-09] (CANON INC.)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [x]
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [x]
HKU\sabire148\...\Run: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet [4351216 2009-05-26] (Yahoo! Inc.)
HKU\sabire148\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [152064 2008-07-02] (Microsoft Corporation)
HKU\sabire148\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3872080 2010-04-16] (Microsoft Corporation)
HKU\sabire148\...\Run: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2634048 2010-07-06] (Veoh Networks)
HKU\sabire148\...\Run: [RayV] C:\Program Files (x86)\RayV\RayV\RayV.exe /background [3442552 2011-02-15] (RayV)
HKU\sabire148\...\Run: [Google Update] "C:\Users\sabire148\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-04-27] (Google Inc.)
HKU\sabire148\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5471104 2011-08-12] (SUPERAntiSpyware.com)
HKU\sabire148\...\Winlogon: [Shell] explorer.exe
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 btwdins; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [832552 2008-10-14] (Broadcom Corporation.)
3 EhttpSrv; "C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe" [42360 2011-01-12] (ESET)
2 ekrn; "C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe" [810144 2011-01-12] (ESET)
2 gupdate1ca85fbfc1105e0; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc [133104 2009-12-25] (Google Inc.)
2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [137680 2010-07-27] ()
2 IviRegMgr; "C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe" [112152 2007-01-04] (InterVideo)
3 MSCSPTISRV; "C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe" [53248 2008-05-20] (Sony Corporation)
3 PACSPTISVR; "C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe" [53248 2008-05-20] (Sony Corporation)
2 QBCFMonitorService; "C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe" [24576 2008-09-10] (Intuit)
3 QBFCService; "C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe" [61440 2008-08-08] (Intuit Inc.)
2 RtkAudioService; C:\Windows\RtkAudioService.exe [134656 2008-10-17] (Realtek Semiconductor)
2 SampleCollector; "C:\Program Files\Sony\VAIO Care\collsvc.exe" "/service" "/counter=\Processor(_Total)\% Processor Time:5" "/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5" "/counter=\Network Interface(*)\Bytes Total/sec:5" "/directory=inteldata" [167424 2008-09-29] (Intel Corporation)
3 SOHCImp; "C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe" [103712 2008-10-21] (Sony Corporation)
3 SOHDms; "C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe" [353568 2008-10-21] (Sony Corporation)
3 SOHDs; "C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe" [62752 2008-10-21] (Sony Corporation)
3 SPTISRV; "C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe" [77824 2008-05-20] (Sony Corporation)
2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
3 VAIO Entertainment TV Device Arbitration Service; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe" [73728 2008-09-08] (Sony Corporation)
2 VAIO Event Service; "C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe" [203616 2008-10-17] (Sony Corporation)
2 VAIO Power Management; "C:\Program Files\Sony\VAIO Power Management\SPMService.exe" [407392 2008-09-05] (Sony Corporation)
2 VCFw; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe" [446464 2008-09-03] (Sony Corporation)
2 VcmIAlzMgr; "C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" [369952 2008-10-01] (Sony Corporation)
3 VcmXmlIfHelper; "C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe" [108832 2008-09-19] (Sony Corporation)
3 Vcsw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -RunBySCM [279848 2008-09-08] (Sony Corporation)
2 VzCdbSvc; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe" [192512 2008-09-08] (Sony Corporation)
2 WDFME; "C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe" [1034752 2010-09-08] ()
2 WDSC; "C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe" [485376 2010-09-08] ()
2 FastUserSwitchingCompatibility; C:\Windows\system32\FastUserSwitchingCompatibilityex.dll [x]

========================== Drivers (Whitelisted) =============

3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2008-04-24] (ArcSoft, Inc.)
2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [170640 2010-12-21] (ESET)
1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [141264 2010-12-21] (ESET)
2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [170640 2010-12-21] (ESET)
3 Epfwndis; C:\Windows\System32\DRIVERS\Epfwndis.sys [34144 2010-12-21] (ESET)
2 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [50624 2010-12-21] (ESET)
2 regi; \??\C:\Windows\system32\drivers\regi.sys [14112 2007-04-16] (InterVideo)
3 rimsptsk; C:\Windows\System32\DRIVERS\rimssn64.sys [85504 2008-10-22] (REDC)
2 risdptsk; C:\Windows\System32\DRIVERS\risdsn64.sys [76288 2008-10-22] (REDC)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
2 WinFLdrv; C:\Windows\SysWow64\WinFLdrv.sys [21888 2009-06-08] ()
2 WinVd32; \??\C:\Windows\WinVd32.sys [197728 2009-06-08] ()
1 DMICall; C:\Windows\System32\DRIVERS\DMICall.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 msiserver; C:\Windows\System32\msiexec /V [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2011-12-10 17:02 - 2011-12-11 18:45 - 0000000 ____D C:\FRST
2011-12-07 19:42 - 2011-12-09 19:16 - 4126179328 __ASH C:\hiberfil.sys
2011-12-03 06:35 - 2011-12-03 06:35 - 0058880 ____A C:\Users\sabire148\Documents\minitoolbox.wps
2011-12-03 06:06 - 2011-12-03 06:06 - 0381631 ____A C:\Users\sabire148\Downloads\MiniToolBox(1).exe
2011-12-02 18:06 - 2011-12-02 18:06 - 0032256 ____A (TWX Corp.) C:\Windows\SysWOW64\V8CnM.com
2011-12-02 17:54 - 2011-12-02 17:54 - 0000000 ____D C:\Windows\Sun
2011-12-02 00:21 - 2011-12-02 00:21 - 0012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2011-12-02 00:14 - 2011-12-02 05:52 - 0025160 ____A C:\Windows\System32\Drivers\hitmanpro35.sys
2011-12-02 00:14 - 2011-12-02 00:14 - 0001813 ____A C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
2011-12-02 00:14 - 2011-12-02 00:14 - 0000000 ____D C:\Program Files\Hitman Pro 3.5
2011-12-02 00:13 - 2011-12-02 00:21 - 0000000 ____D C:\Users\All Users\Hitman Pro
2011-12-02 00:13 - 2011-12-02 00:21 - 0000000 ____D C:\ProgramData\Hitman Pro
2011-12-02 00:13 - 2011-12-02 00:14 - 7514432 ____A (SurfRight B.V.) C:\Users\sabire148\Downloads\HitmanPro35_x64.exe
2011-12-02 00:11 - 2011-12-02 00:11 - 6480192 ____A (SurfRight B.V.) C:\Users\sabire148\Downloads\HitmanPro35.exe
2011-12-01 23:49 - 2011-12-01 23:51 - 104370944 ____A C:\Users\sabire148\Downloads\setup_11.0.0.1245.x01_2011_12_02_10_18.exe
2011-12-01 23:46 - 2011-12-01 23:46 - 0607260 ____R (Swearware) C:\Users\sabire148\Downloads\dds.scr
2011-12-01 23:42 - 2011-12-01 23:43 - 1008114 ____A C:\Users\sabire148\Downloads\iExplore(1).exe
2011-12-01 23:41 - 2011-12-01 23:41 - 1566512 ____A (Kaspersky Lab ZAO) C:\Users\sabire148\Downloads\tdsskiller.exe
2011-12-01 23:41 - 2011-12-01 23:41 - 0075258 ____A C:\TDSSKiller.2.6.21.0_01.12.2011_23.41.24_log.txt
2011-12-01 22:50 - 2011-12-01 22:50 - 2322184 ____A (ESET) C:\Users\sabire148\Downloads\esetsmartinstaller_enu(2).exe
2011-12-01 21:47 - 2011-12-01 21:47 - 2322184 ____A (ESET) C:\Users\sabire148\Downloads\esetsmartinstaller_enu(1).exe
2011-12-01 21:47 - 2011-12-01 21:47 - 0000000 ____D C:\Program Files (x86)\ESET
2011-12-01 16:48 - 2011-12-01 16:48 - 0011664 ____A C:\Users\sabire148\AppData\Local\dd_vcredistUI5D16.txt
2011-12-01 16:48 - 2011-12-01 16:48 - 0001820 ____A C:\Users\sabire148\AppData\Local\dd_vcredistMSI5D16.txt
2011-12-01 16:48 - 2011-11-28 10:01 - 0256960 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2011-12-01 16:47 - 2011-12-01 19:46 - 0000000 ____D C:\Users\All Users\AVAST Software
2011-12-01 16:47 - 2011-12-01 19:46 - 0000000 ____D C:\ProgramData\AVAST Software
2011-12-01 16:47 - 2011-12-01 16:47 - 64207032 ____A C:\Users\sabire148\Downloads\setup_av_free_cnet.exe
2011-12-01 16:47 - 2011-12-01 16:47 - 0000000 ____D C:\Program Files\AVAST Software
2011-12-01 16:21 - 2011-12-01 16:23 - 0000000 ____D C:\Program Files (x86)\SpywareBlaster
2011-12-01 16:21 - 2011-12-01 16:21 - 0000918 ____A C:\Users\sabire148\Desktop\SpywareBlaster.lnk
2011-12-01 16:20 - 2011-12-01 16:20 - 3243768 ____A (Javacool Software LLC ) C:\Users\sabire148\Downloads\spywareblastersetup45.exe
2011-12-01 16:16 - 2011-12-01 16:16 - 2322184 ____A (ESET) C:\Users\sabire148\Downloads\esetsmartinstaller_enu.exe
2011-12-01 16:11 - 2011-12-01 16:13 - 84132744 ____A C:\Users\sabire148\Downloads\jdk-7u1-windows-x64.exe
2011-12-01 16:11 - 2011-12-01 16:11 - 0910624 ____A (Sun Microsystems, Inc.) C:\Users\sabire148\Downloads\jxpiinstall.exe
2011-12-01 16:03 - 2011-12-01 16:03 - 1008114 ____A C:\Users\sabire148\Downloads\rkill.exe
2011-12-01 15:44 - 2011-12-01 23:44 - 0000419 ____A C:\rkill.log
2011-12-01 15:15 - 2011-12-01 15:15 - 0816128 ____A (XGI Technology, Inc.) C:\Users\sabire148\AppData\Roaming\privacy.exe
2011-11-25 06:35 - 2011-11-25 06:35 - 0000000 ____D C:\Users\sabire148\AppData\Roaming\JpppmG55aJ6d
2011-11-25 06:35 - 2011-11-25 06:35 - 0000000 ____D C:\Users\sabire148\AppData\Roaming\a888ffRL9hTXjUe
2011-11-25 06:10 - 2011-11-25 06:13 - 0001909 ____A C:\Windows\IE9_main.log
2011-11-24 21:12 - 2011-11-24 21:12 - 0000000 ____D C:\Users\sabire148\AppData\Roaming\rnFF4aaH5
2011-11-24 13:51 - 2011-11-24 13:51 - 0011480 ____A C:\Users\sabire148\AppData\Local\dd_vcredistUI3325.txt
2011-11-24 13:51 - 2011-11-24 13:51 - 0010582 ____A C:\Users\sabire148\AppData\Local\dd_vcredistUI3328.txt
2011-11-24 13:51 - 2011-11-24 13:51 - 0001848 ____A C:\Users\sabire148\AppData\Local\dd_vcredistMSI3325.txt
2011-11-24 13:08 - 2011-11-24 13:08 - 0011416 ____A C:\Users\sabire148\AppData\Local\dd_vcredistUI11FD.txt
2011-11-24 13:08 - 2011-11-24 13:08 - 0011384 ____A C:\Users\sabire148\AppData\Local\dd_vcredistUI1201.txt
2011-11-24 13:08 - 2011-11-24 13:08 - 0001816 ____A C:\Users\sabire148\AppData\Local\dd_vcredistMSI11FD.txt
2011-11-24 13:08 - 2011-11-24 13:08 - 0001800 ____A C:\Users\sabire148\AppData\Local\dd_vcredistMSI1201.txt
2011-11-24 13:04 - 2011-11-24 13:04 - 0011432 ____A C:\Users\sabire148\AppData\Local\dd_vcredistUI0ED4.txt
2011-11-24 13:04 - 2011-11-24 13:04 - 0010678 ____A C:\Users\sabire148\AppData\Local\dd_vcredistUI0ED7.txt
2011-11-24 13:04 - 2011-11-24 13:04 - 0001824 ____A C:\Users\sabire148\AppData\Local\dd_vcredistMSI0ED4.txt
2011-11-24 13:01 - 2011-11-24 13:01 - 0011496 ____A C:\Users\sabire148\AppData\Local\dd_vcredistUI0D01.txt
2011-11-24 13:01 - 2011-11-24 13:01 - 0011480 ____A C:\Users\sabire148\AppData\Local\dd_vcredistUI0D04.txt
2011-11-24 13:01 - 2011-11-24 13:01 - 0001856 ____A C:\Users\sabire148\AppData\Local\dd_vcredistMSI0D01.txt
2011-11-24 13:01 - 2011-11-24 13:01 - 0001848 ____A C:\Users\sabire148\AppData\Local\dd_vcredistMSI0D04.txt
2011-11-24 12:58 - 2011-11-25 06:21 - 0000000 ____D C:\Program Files (x86)\PC Tools Security
2011-11-24 12:58 - 2011-11-24 12:58 - 0011432 ____A C:\Users\sabire148\AppData\Local\dd_vcredistUI0A50.txt
2011-11-24 12:58 - 2011-11-24 12:58 - 0010662 ____A C:\Users\sabire148\AppData\Local\dd_vcredistUI0A51.txt
2011-11-24 12:58 - 2011-11-24 12:58 - 0001824 ____A C:\Users\sabire148\AppData\Local\dd_vcredistMSI0A50.txt
2011-11-24 12:57 - 2011-11-24 12:58 - 0000000 ____D C:\Users\All Users\PC Tools
2011-11-24 12:57 - 2011-11-24 12:58 - 0000000 ____D C:\ProgramData\PC Tools
2011-11-24 10:52 - 2011-11-24 10:53 - 0148586 ____A C:\TDSSKiller.2.6.21.0_24.11.2011_10.52.25_log.txt
2011-11-24 10:21 - 2011-11-24 10:21 - 0000000 ____D C:\rei
2011-11-24 10:21 - 2011-11-24 10:21 - 0000000 ____D C:\Program Files\Reimage
2011-11-24 10:14 - 2011-11-24 21:41 - 0000000 ____D C:\Program Files (x86)\LP
2011-11-21 19:03 - 2011-11-21 19:03 - 0002115 ____A C:\Users\Public\Desktop\Google Earth.lnk

============ 3 Months Modified Files and Folders =============

2011-12-11 18:45 - 2011-12-10 17:02 - 0000000 ____D C:\FRST
2011-12-09 19:16 - 2011-12-07 19:42 - 4126179328 __ASH C:\hiberfil.sys
2011-12-07 19:15 - 2010-03-30 11:01 - 2236332 ____A C:\Windows\ntbtlog.txt
2011-12-03 21:25 - 2008-01-20 19:26 - 0029874 ____A C:\Windows\PFRO.log
2011-12-03 21:12 - 2009-09-27 11:06 - 0002317 ____A C:\Users\Public\Desktop\Safari.lnk
2011-12-03 21:11 - 2010-02-22 11:57 - 0001356 ____A C:\Users\sabire148\AppData\Local\d3d9caps.dat
2011-12-03 20:37 - 2009-04-28 23:03 - 1801540 ____A C:\Windows\WindowsUpdate.log
2011-12-03 20:37 - 2008-10-30 18:17 - 0001076 ____A C:\Windows\bthservsdp.dat
2011-12-03 20:37 - 2006-11-02 07:42 - 0032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2011-12-03 20:37 - 2006-11-02 07:42 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-12-03 20:37 - 2006-11-02 07:22 - 0003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2011-12-03 20:37 - 2006-11-02 07:22 - 0003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2011-12-03 20:34 - 2009-06-17 19:31 - 0000000 ____D C:\Users\sabire148\Tracing
2011-12-03 20:34 - 2006-11-02 07:07 - 0000000 ___RD C:\Users\Public\Recorded TV
2011-12-03 20:27 - 2009-12-25 23:30 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2011-12-03 20:03 - 2011-04-27 11:06 - 0000924 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3027169160-2356507555-3409028379-1000UA.job
2011-12-03 19:48 - 2010-03-31 22:03 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-03 06:35 - 2011-12-03 06:35 - 0058880 ____A C:\Users\sabire148\Documents\minitoolbox.wps
2011-12-03 06:35 - 2009-06-10 20:09 - 0002220 ____A C:\Users\sabire148\AppData\Roaming\wklnhst.dat
2011-12-03 06:22 - 2011-05-11 09:29 - 0059904 ____A C:\Users\sabire148\Documents\maralyce ferree.wps
2011-12-03 06:08 - 2009-07-10 18:44 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2011-12-03 06:06 - 2011-12-03 06:06 - 0381631 ____A C:\Users\sabire148\Downloads\MiniToolBox(1).exe
2011-12-02 19:40 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\tracing
2011-12-02 19:06 - 2009-12-25 23:30 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2011-12-02 18:06 - 2011-12-02 18:06 - 0032256 ____A (TWX Corp.) C:\Windows\SysWOW64\V8CnM.com
2011-12-02 17:54 - 2011-12-02 17:54 - 0000000 ____D C:\Windows\Sun
2011-12-02 05:52 - 2011-12-02 00:14 - 0025160 ____A C:\Windows\System32\Drivers\hitmanpro35.sys
2011-12-02 05:50 - 2011-03-14 06:41 - 0065536 _____ C:\Windows\System32\Ikeext.etl
2011-12-02 00:21 - 2011-12-02 00:21 - 0012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2011-12-02 00:21 - 2011-12-02 00:13 - 0000000 ____D C:\Users\All Users\Hitman Pro
2011-12-02 00:21 - 2011-12-02 00:13 - 0000000 ____D C:\ProgramData\Hitman Pro
2011-12-02 00:14 - 2011-12-02 00:14 - 0001813 ____A C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
2011-12-02 00:14 - 2011-12-02 00:14 - 0000000 ____D C:\Program Files\Hitman Pro 3.5
2011-12-02 00:14 - 2011-12-02 00:13 - 7514432 ____A (SurfRight B.V.) C:\Users\sabire148\Downloads\HitmanPro35_x64.exe
2011-12-02 00:11 - 2011-12-02 00:11 - 6480192 ____A (SurfRight B.V.) C:\Users\sabire148\Downloads\HitmanPro35.exe
2011-12-01 23:51 - 2011-12-01 23:49 - 104370944 ____A C:\Users\sabire148\Downloads\setup_11.0.0.1245.x01_2011_12_02_10_18.exe
2011-12-01 23:46 - 2011-12-01 23:46 - 0607260 ____R (Swearware) C:\Users\sabire148\Downloads\dds.scr
2011-12-01 23:44 - 2011-12-01 15:44 - 0000419 ____A C:\rkill.log
2011-12-01 23:43 - 2011-12-01 23:42 - 1008114 ____A C:\Users\sabire148\Downloads\iExplore(1).exe
2011-12-01 23:41 - 2011-12-01 23:41 - 1566512 ____A (Kaspersky Lab ZAO) C:\Users\sabire148\Downloads\tdsskiller.exe
2011-12-01 23:41 - 2011-12-01 23:41 - 0075258 ____A C:\TDSSKiller.2.6.21.0_01.12.2011_23.41.24_log.txt
2011-12-01 23:32 - 2011-07-07 22:48 - 0001460 ____A C:\Users\sabire148\AppData\Local\d3d9caps64.dat
2011-12-01 22:50 - 2011-12-01 22:50 - 2322184 ____A (ESET) C:\Users\sabire148\Downloads\esetsmartinstaller_enu(2).exe
2011-12-01 21:47 - 2011-12-01 21:47 - 2322184 ____A (ESET) C:\Users\sabire148\Downloads\esetsmartinstaller_enu(1).exe
2011-12-01 21:47 - 2011-12-01 21:47 - 0000000 ____D C:\Program Files (x86)\ESET
2011-12-01 19:46 - 2011-12-01 16:47 - 0000000 ____D C:\Users\All Users\AVAST Software
2011-12-01 19:46 - 2011-12-01 16:47 - 0000000 ____D C:\ProgramData\AVAST Software
2011-12-01 16:48 - 2011-12-01 16:48 - 0011664 ____A C:\Users\sabire148\AppData\Local\dd_vcredistUI5D16.txt
2011-12-01 16:48 - 2011-12-01 16:48 - 0001820 ____A C:\Users\sabire148\AppData\Local\dd_vcredistMSI5D16.txt
2011-12-01 16:48 - 2010-01-16 19:10 - 0000000 ____A C:\Windows\SysWOW64\config.nt
2011-12-01 16:47 - 2011-12-01 16:47 - 64207032 ____A C:\Users\sabire148\Downloads\setup_av_free_cnet.exe
2011-12-01 16:47 - 2011-12-01 16:47 - 0000000 ____D C:\Program Files\AVAST Software
2011-12-01 16:23 - 2011-12-01 16:21 - 0000000 ____D C:\Program Files (x86)\SpywareBlaster
2011-12-01 16:21 - 2011-12-01 16:21 - 0000918 ____A C:\Users\sabire148\Desktop\SpywareBlaster.lnk
2011-12-01 16:20 - 2011-12-01 16:20 - 3243768 ____A (Javacool Software LLC ) C:\Users\sabire148\Downloads\spywareblastersetup45.exe
2011-12-01 16:16 - 2011-12-01 16:16 - 2322184 ____A (ESET) C:\Users\sabire148\Downloads\esetsmartinstaller_enu.exe
2011-12-01 16:13 - 2011-12-01 16:11 - 84132744 ____A C:\Users\sabire148\Downloads\jdk-7u1-windows-x64.exe
2011-12-01 16:11 - 2011-12-01 16:11 - 0910624 ____A (Sun Microsystems, Inc.) C:\Users\sabire148\Downloads\jxpiinstall.exe
2011-12-01 16:03 - 2011-12-01 16:03 - 1008114 ____A C:\Users\sabire148\Downloads\rkill.exe
2011-12-01 15:15 - 2011-12-01 15:15 - 0816128 ____A (XGI Technology, Inc.) C:\Users\sabire148\AppData\Roaming\privacy.exe
2011-12-01 03:03 - 2011-04-27 11:06 - 0000872 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3027169160-2356507555-3409028379-1000Core.job
2011-11-28 10:01 - 2011-12-01 16:48 - 0256960 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2011-11-27 21:58 - 2011-05-01 21:55 - 0000000 ____D C:\Users\All Users\CanonIJPLM
2011-11-27 21:58 - 2011-05-01 21:55 - 0000000 ____D C:\ProgramData\CanonIJPLM
2011-11-25 06:38 - 2006-11-02 04:46 - 0703388 ____A C:\Windows\System32\PerfStringBackup.INI
2011-11-25 06:36 - 2009-07-10 18:44 - 0000000 ____D C:\Users\sabire148\AppData\Roaming\Mozilla
2011-11-25 06:35 - 2011-11-25 06:35 - 0000000 ____D C:\Users\sabire148\AppData\Roaming\JpppmG55aJ6d
2011-11-25 06:35 - 2011-11-25 06:35 - 0000000 ____D C:\Users\sabire148\AppData\Roaming\a888ffRL9hTXjUe
2011-11-25 06:35 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\System32\config\TxR
2011-11-25 06:31 - 2011-09-04 12:37 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2011-11-25 06:31 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\System32\Msdtc
2011-11-25 06:25 - 2009-06-06 18:42 - 0000000 ____D C:\users\sabire148
2011-11-25 06:25 - 2006-11-02 04:33 - 77332480 ____A C:\Windows\System32\config\software_previous
2011-11-25 06:25 - 2006-11-02 04:33 - 22020096 ____A C:\Windows\System32\config\system_previous
2011-11-25 06:24 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\System32\spool
2011-11-25 06:24 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\registration
2011-11-25 06:21 - 2011-11-24 12:58 - 0000000 ____D C:\Program Files (x86)\PC Tools Security
2011-11-25 06:21 - 2006-11-02 04:33 - 0262144 ____A C:\Windows\System32\config\default_previous
2011-11-25 06:15 - 2006-11-02 04:33 - 0262144 ____A C:\Windows\System32\config\sam_previous
2011-11-25 06:13 - 2011-11-25 06:10 - 0001909 ____A C:\Windows\IE9_main.log
2011-11-25 06:13 - 2008-11-21 03:03 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2011-11-25 06:10 - 2006-11-02 04:33 - 0262144 ____A C:\Windows\System32\config\security_previous
2011-11-25 06:07 - 2006-11-02 04:33 - 56885248 ____A C:\Windows\System32\config\components_previous
2011-11-24 21:41 - 2011-11-24 10:14 - 0000000 ____D C:\Program Files (x86)\LP
2011-11-24 21:12 - 2011-11-24 21:12 - 0000000 ____D C:\Users\sabire148\AppData\Roaming\rnFF4aaH5
2011-11-24 21:07 - 2009-08-22 15:57 - 0000000 ____D C:\Windows\Minidump
2011-11-24 13:51 - 2011-11-24 13:51 - 0011480 ____A C:\Users\sabire148\AppData\Local\dd_vcredistUI3325.txt
2011-11-24 13:51 - 2011-11-24 13:51 - 0010582 ____A C:\Users\sabire148\AppData\Local\dd_vcredistUI3328.txt
2011-11-24 13:51 - 2011-11-24 13:51 - 0001848 ____A C:\Users\sabire148\AppData\Local\dd_vcredistMSI3325.txt
2011-11-24 13:08 - 2011-11-24 13:08 - 0011416 ____A C:\Users\sabire148\AppData\Local\dd_vcredistUI11FD.txt
2011-11-24 13:08 - 2011-11-24 13:08 - 0011384 ____A C:\Users\sabire148\AppData\Local\dd_vcredistUI1201.txt
2011-11-24 13:08 - 2011-11-24 13:08 - 0001816 ____A C:\Users\sabire148\AppData\Local\dd_vcredistMSI11FD.txt
2011-11-24 13:08 - 2011-11-24 13:08 - 0001800 ____A C:\Users\sabire148\AppData\Local\dd_vcredistMSI1201.txt
2011-11-24 13:04 - 2011-11-24 13:04 - 0011432 ____A C:\Users\sabire148\AppData\Local\dd_vcredistUI0ED4.txt
2011-11-24 13:04 - 2011-11-24 13:04 - 0010678 ____A C:\Users\sabire148\AppData\Local\dd_vcredistUI0ED7.txt
2011-11-24 13:04 - 2011-11-24 13:04 - 0001824 ____A C:\Users\sabire148\AppData\Local\dd_vcredistMSI0ED4.txt
2011-11-24 13:01 - 2011-11-24 13:01 - 0011496 ____A C:\Users\sabire148\AppData\Local\dd_vcredistUI0D01.txt
2011-11-24 13:01 - 2011-11-24 13:01 - 0011480 ____A C:\Users\sabire148\AppData\Local\dd_vcredistUI0D04.txt
2011-11-24 13:01 - 2011-11-24 13:01 - 0001856 ____A C:\Users\sabire148\AppData\Local\dd_vcredistMSI0D01.txt
2011-11-24 13:01 - 2011-11-24 13:01 - 0001848 ____A C:\Users\sabire148\AppData\Local\dd_vcredistMSI0D04.txt
2011-11-24 12:58 - 2011-11-24 12:58 - 0011432 ____A C:\Users\sabire148\AppData\Local\dd_vcredistUI0A50.txt
2011-11-24 12:58 - 2011-11-24 12:58 - 0010662 ____A C:\Users\sabire148\AppData\Local\dd_vcredistUI0A51.txt
2011-11-24 12:58 - 2011-11-24 12:58 - 0001824 ____A C:\Users\sabire148\AppData\Local\dd_vcredistMSI0A50.txt
2011-11-24 12:58 - 2011-11-24 12:57 - 0000000 ____D C:\Users\All Users\PC Tools
2011-11-24 12:58 - 2011-11-24 12:57 - 0000000 ____D C:\ProgramData\PC Tools
2011-11-24 10:53 - 2011-11-24 10:52 - 0148586 ____A C:\TDSSKiller.2.6.21.0_24.11.2011_10.52.25_log.txt
2011-11-24 10:21 - 2011-11-24 10:21 - 0000000 ____D C:\rei
2011-11-24 10:21 - 2011-11-24 10:21 - 0000000 ____D C:\Program Files\Reimage
2011-11-21 19:03 - 2011-11-21 19:03 - 0002115 ____A C:\Users\Public\Desktop\Google Earth.lnk
2011-11-21 19:03 - 2009-12-25 23:20 - 0000000 ____D C:\Program Files (x86)\Google
2011-11-18 19:19 - 2010-11-28 22:02 - 0000000 ____D C:\Users\sabire148\Desktop\AHMED
2011-11-18 17:52 - 2009-12-25 23:21 - 0002025 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2011-11-11 19:38 - 2011-09-10 18:50 - 0000000 ____D C:\Users\sabire148\AppData\Local\Solid State Networks
2011-11-11 19:30 - 2008-10-30 20:37 - 0000000 ____D C:\Users\All Users\Adobe
2011-11-11 19:30 - 2008-10-30 20:37 - 0000000 ____D C:\ProgramData\Adobe
2011-11-10 03:05 - 2006-11-02 05:33 - 0000000 ____D C:\Program Files\Common Files\System
2011-11-10 03:01 - 2006-11-02 04:35 - 52174280 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2011-11-09 21:45 - 2011-11-09 21:45 - 0000000 ____D C:\Users\sabire148\AppData\Local\Western_Digital
2011-11-06 17:35 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\rescache
2011-11-06 16:56 - 2006-11-02 05:33 - 0000000 __RHD C:\users\Default
2011-11-05 14:31 - 2011-11-05 14:31 - 0000104 ____A C:\Users\sabire148\Computer - Shortcut.lnk
2011-11-01 14:13 - 2009-09-07 13:35 - 0000000 ____D C:\Users\sabire148\AppData\Roaming\Skype
2011-10-17 13:55 - 2011-10-17 13:55 - 0038351 ____A C:\Users\sabire148\Desktop\original.jpg
2011-10-14 02:50 - 2011-10-14 02:50 - 0269048 ____A C:\Windows\Minidump\Mini101411-01.dmp
2011-10-14 02:50 - 2009-08-22 15:56 - 553938419 ____A C:\Windows\MEMORY.DMP
2011-10-13 03:26 - 2011-10-13 03:26 - 0269048 ____A C:\Windows\Minidump\Mini101311-02.dmp
2011-10-13 02:55 - 2011-10-13 02:54 - 0269048 ____A C:\Windows\Minidump\Mini101311-01.dmp
2011-10-13 02:24 - 2006-11-02 07:21 - 0351168 ____A C:\Windows\System32\FNTCACHE.DAT
2011-10-13 02:22 - 2009-06-07 18:39 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2011-10-07 18:19 - 2011-10-07 18:19 - 0000000 ____D C:\Users\All Users\Sun
2011-10-07 18:19 - 2011-10-07 18:19 - 0000000 ____D C:\ProgramData\Sun
2011-10-07 18:17 - 2011-10-07 18:18 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2011-10-07 18:17 - 2011-10-07 18:18 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2011-10-07 18:17 - 2011-10-07 18:18 - 0145184 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2011-10-07 18:17 - 2011-10-07 18:18 - 0145184 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2011-10-07 18:17 - 2008-10-30 20:38 - 0000000 ____D C:\Program Files (x86)\Java
2011-09-30 15:25 - 2011-10-12 02:03 - 1488384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-09-30 15:25 - 2011-10-12 02:03 - 1147904 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-09-30 15:25 - 2011-10-12 02:03 - 0108032 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-09-30 15:23 - 2011-10-12 02:03 - 0243712 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2011-09-30 15:22 - 2011-10-12 02:03 - 1062912 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2011-09-30 15:21 - 2011-10-12 02:03 - 9284096 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-09-30 15:21 - 2011-10-12 02:03 - 1538560 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-09-30 15:21 - 2011-10-12 02:03 - 0710656 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2011-09-30 15:21 - 2011-10-12 02:03 - 0096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-09-30 15:21 - 2011-10-12 02:03 - 0071680 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2011-09-30 15:21 - 2011-10-12 02:03 - 0056832 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2011-09-30 15:21 - 2011-10-12 02:03 - 0031744 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-09-30 15:20 - 2011-10-12 02:03 - 2350592 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-09-30 15:20 - 2011-10-12 02:03 - 12476928 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-09-30 15:20 - 2011-10-12 02:03 - 0459776 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2011-09-30 15:20 - 2011-10-12 02:03 - 0252416 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2011-09-30 15:20 - 2011-10-12 02:03 - 0219136 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-09-30 15:20 - 2011-10-12 02:03 - 0132096 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2011-09-30 15:20 - 2011-10-12 02:03 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2011-09-30 15:20 - 2011-10-12 02:03 - 0072192 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2011-09-30 15:06 - 2011-10-12 02:03 - 1212416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-09-30 15:06 - 2011-10-12 02:03 - 0916480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-09-30 15:06 - 2011-10-12 02:03 - 0105984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-09-30 15:04 - 2011-10-12 02:03 - 0206848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2011-09-30 15:03 - 2011-10-12 02:03 - 0611840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2011-09-30 15:02 - 2011-10-12 02:03 - 5971456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-09-30 15:02 - 2011-10-12 02:03 - 0602112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2011-09-30 15:02 - 2011-10-12 02:03 - 0066560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-09-30 15:02 - 2011-10-12 02:03 - 0055296 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2011-09-30 15:02 - 2011-10-12 02:03 - 0043520 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2011-09-30 15:01 - 2011-10-12 02:03 - 2000384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-09-30 15:01 - 2011-10-12 02:03 - 1469440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2011-09-30 15:01 - 2011-10-12 02:03 - 11081728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-09-30 15:01 - 2011-10-12 02:03 - 0387584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2011-09-30 15:01 - 2011-10-12 02:03 - 0184320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2011-09-30 15:01 - 2011-10-12 02:03 - 0164352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-09-30 15:01 - 2011-10-12 02:03 - 0109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2011-09-30 15:01 - 2011-10-12 02:03 - 0071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2011-09-30 15:01 - 2011-10-12 02:03 - 0055808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2011-09-30 15:01 - 2011-10-12 02:03 - 0025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-09-30 14:29 - 2011-10-12 02:03 - 0479232 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2011-09-30 14:07 - 2011-10-12 02:03 - 0385024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2011-09-30 13:48 - 2011-10-12 02:03 - 0162816 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2011-09-30 13:47 - 2011-10-12 02:03 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-09-30 13:47 - 2011-10-12 02:03 - 0070656 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2011-09-30 13:47 - 2011-10-12 02:03 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2011-09-30 13:29 - 2011-10-12 02:03 - 0174080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2011-09-30 13:29 - 2011-10-12 02:03 - 0133632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2011-09-30 13:29 - 2011-10-12 02:03 - 0013312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2011-09-30 13:28 - 2011-10-12 02:03 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-09-20 13:06 - 2011-11-09 18:38 - 1426304 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2011-09-16 02:06 - 2008-11-21 03:06 - 0000000 ____D C:\Users\All Users\Microsoft Help
2011-09-16 02:06 - 2008-11-21 03:06 - 0000000 ____D C:\ProgramData\Microsoft Help

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 3934.11 MB
Available physical RAM: 3363.38 MB
Total Pagefile: 3662.92 MB
Available Pagefile: 3340.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:287.59 GB) (Free:209.81 GB) NTFS ==>[System with boot components]
3 Drive e: (Recovery) (Fixed) (Total:10.5 GB) (Free:0.83 GB) NTFS ==>[System with boot components]
4 Drive f: (HP T DRIVE) (Removable) (Total:3.81 GB) (Free:3.68 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 3915 MB 0 B

Partitions of Disk 0:

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 10 GB 1024 KB
Partition 2 Primary 288 GB 10 GB

Disk: 0
Partition 2
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 288 GB Healthy

==========================================================

Last Boot: 2011-12-03 20:55

======================= End Of Log ==========================

#33 User is offline   JSntgRvr 

  • Master Surgeon General
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 5,956
  • Joined: 04-March 06
  • Gender:Male
  • Location:Puerto Rico

Posted 13 December 2011 - 08:48 PM

Lets shake the boot store.

Download the enclosed file. [attachment=113933:fixlist.txt]

Save it in the USB drive.

Insert the USB drive in the ailing computer and run FRST64 as you did before. This time around click on the Fix button and wait.

The tool will make a log in the flashdrive (Fixlog.txt) please post it in your next reply.

Restart in Normal Mode. If successful, run Combofix as previously suggested.
No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
Posted Image

#34 User is offline   sabire148 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 20
  • Joined: 02-December 11

Posted 14 December 2011 - 10:38 PM

ComboFix 11-12-13.03 - sabire148 12/14/2011 18:54:58.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3934.2283 [GMT -8:00]
Running from: c:\users\sabire148\Downloads\ComboFix.exe
AV: ESET Smart Security 4.2 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\LP
c:\program files (x86)\LP\7956\7E53.tmp
c:\program files (x86)\LP\7956\CBC8.tmp
c:\programdata\Roaming
c:\users\sabire148\AppData\Roaming\.#
c:\users\sabire148\AppData\Roaming\a888ffRL9hTXjUe
c:\users\sabire148\AppData\Roaming\a888ffRL9hTXjUe\Cloud AV 2012.ico
c:\users\sabire148\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cloud AV 2012
c:\users\sabire148\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cloud AV 2012\Cloud AV 2012.lnk
c:\users\sabire148\AppData\Roaming\privacy.exe
c:\users\sabire148\Taskmgr.exe
c:\windows\SysWow64\FastUserSwitchingCompatibilityex.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_KXESCORE
.
.
((((((((((((((((((((((((( Files Created from 2011-11-15 to 2011-12-15 )))))))))))))))))))))))))))))))
.
.
2011-12-11 01:02 . 2011-12-13 22:48 -------- d-----w- C:\FRST
2011-12-03 02:06 . 2011-12-03 02:06 32256 ----a-w- c:\windows\SysWow64\V8CnM.com
2011-12-03 01:54 . 2011-12-03 01:54 -------- d-----w- c:\windows\Sun
2011-12-02 08:21 . 2011-12-02 08:21 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-12-02 08:14 . 2011-12-02 13:52 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-12-02 08:14 . 2011-12-02 08:14 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-12-02 08:13 . 2011-12-02 08:21 -------- d-----w- c:\programdata\Hitman Pro
2011-12-02 00:48 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-12-02 00:47 . 2011-12-02 03:46 -------- d-----w- c:\programdata\AVAST Software
2011-12-02 00:47 . 2011-12-02 00:47 -------- d-----w- c:\program files\AVAST Software
2011-12-02 00:21 . 2011-12-14 07:29 -------- d-----w- c:\program files (x86)\SpywareBlaster
2011-11-29 15:04 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{36CC981D-7489-4E3D-85C1-F1645627D091}\mpengine.dll
2011-11-25 14:35 . 2011-11-25 14:35 -------- d-----w- c:\users\sabire148\AppData\Roaming\JpppmG55aJ6d
2011-11-25 05:12 . 2011-11-25 05:12 -------- d-----w- c:\users\sabire148\AppData\Roaming\rnFF4aaH5
2011-11-24 20:58 . 2011-11-25 14:31 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2011-11-24 20:58 . 2011-11-25 14:21 -------- d-----w- c:\program files (x86)\PC Tools Security
2011-11-24 20:57 . 2011-11-24 20:58 -------- d-----w- c:\programdata\PC Tools
2011-11-24 18:21 . 2011-11-24 18:21 -------- d-----w- C:\rei
2011-11-24 18:21 . 2011-11-24 18:21 -------- d-----w- c:\program files\Reimage
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-08 02:17 . 2011-10-08 02:18 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-30 23:25 . 2011-10-12 10:03 1147904 ----a-w- c:\windows\system32\wininet.dll
2011-09-30 23:21 . 2011-10-12 10:03 56832 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-30 23:21 . 2011-10-12 10:03 1538560 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-30 23:20 . 2011-10-12 10:03 132096 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-30 23:20 . 2011-10-12 10:03 77312 ----a-w- c:\windows\system32\iesetup.dll
2011-09-30 23:06 . 2011-10-12 10:03 916480 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-30 23:02 . 2011-10-12 10:03 43520 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-09-30 23:01 . 2011-10-12 10:03 1469440 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-09-30 23:01 . 2011-10-12 10:03 71680 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-09-30 23:01 . 2011-10-12 10:03 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-09-30 22:29 . 2011-10-12 10:03 479232 ----a-w- c:\windows\system32\html.iec
2011-09-30 22:07 . 2011-10-12 10:03 385024 ----a-w- c:\windows\SysWow64\html.iec
2011-09-30 21:48 . 2011-10-12 10:03 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-30 21:47 . 2011-10-12 10:03 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-30 21:29 . 2011-10-12 10:03 133632 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-09-30 21:28 . 2011-10-12 10:03 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-20 21:06 . 2011-11-10 02:38 1426304 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 152064]
"VeohPlugin"="c:\program files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
"RayV"="c:\program files (x86)\RayV\RayV\RayV.exe" [2011-02-15 3442552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880]
"VAIORegistration"="c:\program files\Sony\First Experience\WelcomeLauncher.exe" [2008-06-26 16384]
"VAIOSurvey"="c:\program files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe" [2008-07-25 385024]
"VWLASU"="c:\program files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe" [2008-05-20 24576]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
"AML"="c:\program files (x86)\Sony\VAIO Launcher\AML.exe" [2008-09-09 1097728]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-15 47904]
"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2009-12-26 198160]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-05 843776]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-14 421160]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-15 1213848]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2010-09-09 452016]
.
c:\users\sabire148\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
autobahn.lnk - c:\users\sabire148\AppData\Local\Autobahn\autobahn.exe [2010-9-13 711384]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-10-14 1062440]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-9-11 984352]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-9-8 6163456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-10-18 02:19 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate1ca85fbfc1105e0;Google Update Service (gupdate1ca85fbfc1105e0);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-26 133104]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-26 133104]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Sony\VAIO Media plus\SOHCImp.exe [2008-10-21 103712]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Sony\VAIO Media plus\SOHDms.exe [2008-10-21 353568]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Sony\VAIO Media plus\SOHDs.exe [2008-10-21 62752]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2008-09-19 108832]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 RtkAudioService;Realtek Audio Service;c:\windows\RtkAudioService.exe [2008-10-17 134656]
S2 SampleCollector;Intel® Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2008-09-30 167424]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-09-05 407392]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-09-04 446464]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-10-02 369952]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-09-08 288256]
S2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe [2010-09-08 1034752]
S2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe [2010-09-08 485376]
S2 WinFLdrv;WinFLdrv;SysWOW64\WinFLdrv.sys [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-26 07:20]
.
2011-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-26 07:20]
.
2011-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3027169160-2356507555-3409028379-1000Core.job
- c:\users\sabire148\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-27 19:06]
.
2011-12-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3027169160-2356507555-3409028379-1000UA.job
- c:\users\sabire148\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-27 19:06]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-10-17 6453760]
"Skytel"="Skytel.exe" [2008-10-17 1826816]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-07-18 152576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-17 151064]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-17 209432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-17 181784]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]
"combofix"="c:\combofix\CF13361.3XE" [2008-01-21 363008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\sabire148\AppData\Roaming\Mozilla\Firefox\Profiles\tdfal9of.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d50aff0&v=6.010.006.004&i=29&tp=ab&iy=&ychte=us&lng=en-US&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@SACL=
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@SACL=
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@SACL=
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Sony\VAIO Care\listener.exe
c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2011-12-14 19:36:32 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-15 03:36
.
Pre-Run: 222,061,629,440 bytes free
Post-Run: 225,207,181,312 bytes free
.
- - End Of File - - 5F3B57BE772D7F1F34B00AD9AB4FAECD

#35 User is offline   sabire148 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 20
  • Joined: 02-December 11

Posted 14 December 2011 - 10:41 PM

I attempted multiple times to delete/uninstall ESET from my computer. It would tell me that the uninstall was complete, but then when Combofix would try to run, It would say it was still running. So I ran the OpSwat AppRemover, both functions on it, to remove programs, and remove any remaining traces of the anti-virus programs-both scans turned up nothing, could find no trace of the ESET anywhere.

#36 User is offline   JSntgRvr 

  • Master Surgeon General
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 5,956
  • Joined: 04-March 06
  • Gender:Male
  • Location:Puerto Rico

Posted 15 December 2011 - 12:05 AM

View Postsabire148, on 14 December 2011 - 10:41 PM, said:

I attempted multiple times to delete/uninstall ESET from my computer. It would tell me that the uninstall was complete, but then when Combofix would try to run, It would say it was still running. So I ran the OpSwat AppRemover, both functions on it, to remove programs, and remove any remaining traces of the anti-virus programs-both scans turned up nothing, could find no trace of the ESET anywhere.

Traces will remain in the Security Center, but wont affect Combofix.

Lets scan for remnants:

Posted Image Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.


If you are planning to remove ESET for good, you need an antivirus. I would recommend AVAST. Install the application, register, update and perform a full scan. Let me know the outcome.

If you are keeping ESET, reinstall, update and perform a full scan.
No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
Posted Image

#37 User is offline   JSntgRvr 

  • Master Surgeon General
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 5,956
  • Joined: 04-March 06
  • Gender:Male
  • Location:Puerto Rico

Posted 21 December 2011 - 09:43 PM

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
Posted Image

Share this topic:


  • 3 Pages +
  • 1
  • 2
  • 3
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users