Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows7(2012 fake antivirus removed) Combofix will not boot


  • This topic is locked This topic is locked
2 replies to this topic

#1 win7bootedout

win7bootedout

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 22 January 2012 - 10:44 PM

Hi

I am new to this forum and came across this great resource by googling . I got my Sony VaIO laptop infected with the Win 7 2012 fake antivirus along with a combination of google redirect virus.I followed some of the advice given online and used TDSSkiller along with Malware Bytes and Combofix. The malwarebytes and TDSSKiller worked well.The combofix seemed to run in compatibility well and then the system crashed . I have access to a Windows 7 CD and tried all three options of system restore,restore through image and startup repair but the system is not able to perform the repair operation or restore.

After searching some of the threads on this forum came across the Farbar system recovery tool and decided to run it from the command prompt. To save time I scanned it using the FRST tool.Below is the scan log.....I realize should not have run the combofix without supervision .Kindly guide me as soon as possible in getting the system to boot and possibly remove any traces of the malware that might be left.

Scan result of Farbar Recovery Tool (FRST written by farbar) Version: 17-01-2012 00
Ran by SYSTEM at 2012-01-22 18:43:09
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10775584 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 [2040352 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] %ProgramFiles%\Apoint\Apoint.exe [212480 2010-05-31] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1931024 2010-07-19] (Intel® Corporation)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-08-26] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-08-26] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-08-26] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup [89080 2010-07-15] (Sony Electronics Corporation)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [258512 2011-09-23] (Avira Operations GmbH & Co. KG)
HKU\Sravanti\...\Run: [Octoshape Streaming Services] "C:\Users\Sravanti\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun [70936 2009-01-

08] (Octoshape ApS)
HKU\Sravanti\...\Run: [gfUomFNvRQL.exe] C:\ProgramData\gfUomFNvRQL.exe [453376 2012-01-17] ()
HKU\Sravanti\...\Policies\system: [disableregistrytools] 0
HKU\vmuser.Sravanti-PC\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-02-07] (Google Inc.)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

==================== Services (Whitelisted) ======

3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [86224 2011-09-23] (Avira Operations GmbH & Co. KG)
2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [110032 2011-09-23] (Avira Operations GmbH & Co. KG)
2 IAStorDataMgrSvc; "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" [13336 2010-03-03] (Intel Corporation)
2 McciCMService; "C:\Program Files (x86)\Common Files\Motive\McciCMService.exe" [319488 2010-11-08] (Alcatel-Lucent)
2 McciCMService64; "C:\Program Files\Common Files\Motive\McciCMService.exe" [517632 2010-11-08] (Alcatel-Lucent)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-07-19] ()
2 PMBDeviceInfoProvider; "C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe" [367456 2010-06-01] (Sony Corporation)
2 SampleCollector; "C:\Program Files\Sony\VAIO Care\VCPerfService.exe" "/service" "/sstates" "/sampleinterval=2000" "/procinterval=5" "/dllinterval=120" "/counter=\Processor

(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1" "/counter=\Network Interface(*)\Bytes Total/sec:1" "/expandcounter=\Processor Information(*)

\Processor Frequency:1" "/expandcounter=\Processor(*)\% Idle Time:1" "/expandcounter=\Processor(*)\% C1 Time:1" "/expandcounter=\Processor(*)\% C2 Time:1"

"/expandcounter=\Processor(*)\% C3 Time:1" "/expandcounter=\Processor(*)\% Processor Time:1" "/directory=inteldata" [252416 2010-05-25] (Sony Corporation)
4 SOHCImp; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe" [108400 2010-06-20] (Sony Corporation)
4 SOHDms; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe" [423280 2010-06-18] (Sony Corporation)
4 SOHDs; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe" [67952 2010-06-20] (Sony Corporation)
3 Sony Ericsson PCCompanion; "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe" [150528 2011-02-10] (Avanquest Software)
3 SpfService; "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe" [304496 2010-06-06] (Sony Corporation)
2 TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [92592 2011-04-22] (TomTom)
2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2320920 2010-05-28] (Intel Corporation)
2 VAIO Event Service; "C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe" [217968 2010-05-31] (Sony Corporation)
2 VAIO Power Management; "C:\Program Files\Sony\VAIO Power Management\SPMService.exe" [575856 2010-06-21] (Sony Corporation)
2 VCFw; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe" [851824 2010-06-17] (Sony Corporation)
2 VcmIAlzMgr; "C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" [537456 2010-06-09] (Sony Corporation)
2 VcmINSMgr; "C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe" [384880 2010-06-09] (Sony Corporation)
3 VcmXmlIfHelper; "C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe" [101232 2010-06-09] (Sony Corporation)
2 VMAuthdService; "C:\Program Files (x86)\VMware\VMware Server\vmware-authd.exe" [121392 2009-10-20] (VMware, Inc.)
2 VMwareHostd; "C:\Program Files (x86)\VMware\VMware Server\vmware-hostd.exe" -u "C:\ProgramData\VMware\VMware Server\hostd\config.xml" [22161 2011-10-01] ()
2 VMwareServerWebAccess; "C:\Program Files (x86)\VMware\VMware Server\tomcat\bin\Tomcat6.exe" //RS//VMwareServerWebAccess [57344 2009-10-20] (Apache Software Foundation)
3 VUAgent; "C:\Program Files\Sony\VAIO Update Common\VUAgent.exe" [1429608 2011-09-23] (Sony Corporation)
2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [x]
2 VMware NAT Service; C:\Windows\system32\vmnat.exe [x]

========================== Drivers (Whitelisted) =============

3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97312 2011-09-15] (Avira GmbH)
1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130760 2012-01-19] (Avira GmbH)
1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-09-15] (Avira GmbH)
3 ggflt; C:\Windows\System32\DRIVERS\ggflt.sys [13352 2011-06-04] (Sony Ericsson Mobile Communications)
3 ggsemc; C:\Windows\System32\DRIVERS\ggsemc.sys [27176 2011-06-04] (Sony Ericsson Mobile Communications)
2 hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [38448 2009-10-20] (VMware, Inc.)
3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2010-11-08] (Printing Communications Assoc., Inc. (PCAUSA))
3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2010-11-08] (Printing Communications Assoc., Inc. (PCAUSA))
2 MySQL55; "C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld" --defaults-file="C:\ProgramData\MySQL\MySQL Server 5.5\my.ini" MySQL55 [8918 2011-11-24] ()
3 NETwNs64; C:\Windows\System32\DRIVERS\NETwNs64.sys [7821312 2010-07-14] (Intel Corporation)
2 rimspci; C:\Windows\System32\drivers\rimssne64.sys [94208 2010-06-23] (REDC)
2 risdsnpe; C:\Windows\System32\drivers\risdsne64.sys [78848 2010-06-23] (REDC)
2 vmci; \??\C:\Windows\system32\drivers\vmci.sys [65072 2009-10-20] (VMware, Inc.)
3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [20016 2009-10-20] (VMware, Inc.)
2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [38960 2009-10-20] (VMware, Inc.)
2 VMnetuserif; \??\C:\Windows\system32\drivers\vmnetuserif.sys [30256 2009-10-20] (VMware, Inc.)
2 vmx86; \??\C:\Windows\system32\drivers\vmx86.sys [76336 2009-10-20] (VMware, Inc.)
3 wdkmd; C:\Windows\System32\DRIVERS\WDKMD.sys [39832 2010-06-18] (Intel Corporation)
3 aspnet_state; [x]
2 MSSQL$DDNI; [x]

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\System32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\System32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\System32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\System32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\System32\drivers\afd.sys D5B031C308A409A0A576BFF4CF083D30
C:\Windows\System32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\System32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\System32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\drivers\Apfiltr.sys 2D45F2DFBC3D8F53DF7EBEFFA8C9BC38
C:\Windows\System32\drivers\appid.sys ==> MD5 is legit
C:\Windows\System32\drivers\arc.sys ==> MD5 is legit
C:\Windows\System32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys C130BC4A51B1382B2BE8E44579EC4C0A
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys CCA705CDF038D5BC243203CE4416B345
C:\Windows\System32\DRIVERS\atikmdag.sys EAEA2CE49DE0CCA80BEB9134107E5DD7
C:\Windows\System32\DRIVERS\avgntflt.sys AA8F79A1BDFC03B3BC70C44AB00589B4
C:\Windows\System32\DRIVERS\avipbb.sys F1C9DB5F7B2A56A0B29667D22BA540FC
C:\Windows\System32\DRIVERS\avkmgr.sys 248DB59FC86DE44D2779F4C7FB1A567D
C:\Windows\System32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\System32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\System32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\System32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 64C198198501F7560EE41D8D1EFA7952
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\cdrom.sys ==> MD5 is legit
C:\Windows\System32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\System32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys C4943B6C962E4B82197542447AD599F4
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\System32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\System32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\System32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\System32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\System32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fssfltr.sys 6C06701BF1DB05405804D7EB610991CE
C:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\System32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ggflt.sys A4198F2BD8AA592CB90476277A81B5E1
C:\Windows\System32\DRIVERS\ggsemc.sys D266350BDAAB9EB6C1AEC370EEAAFF3A
C:\Windows\system32\drivers\hcmon.sys EDB09F2DF76C352B7AF56D0B473049D6
C:\Windows\System32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\System32\drivers\HECIx64.sys B6AC71AAA2B10848F57FC49D55A651AF
C:\Windows\System32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\System32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\System32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\System32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStor.sys ABBF174CB394F5C437410A788B7E404A
C:\Windows\System32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys 31569A2E836C12014148BF7342716946
C:\Windows\System32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Impcd.sys DD587A55390ED2295BCE6D36AD567DA9
C:\Windows\System32\drivers\RTKVHD64.sys 526E482AFB586CB1CDD687869DECF686
C:\Windows\System32\DRIVERS\IntcDAud.sys 03C74719D48056A1078F3A51CEB76BAA
C:\Windows\System32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys DA1E991A61CFDD755A589E206B97644B
C:\Windows\System32\Drivers\ksecpkg.sys 7E33198D956943A4F11A5474C1E9106F
C:\Windows\System32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\System32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\System32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\System32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\System32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\System32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\System32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS 9BD4DCB5412921864A7AACDEDFBD1923
C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS 07C02C892E8E1A72D6BF35004F0E9C5E
C:\Windows\System32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\System32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\System32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\ProgramData\MySQL\MySQL Server 5.5\my.ini 16553899349DCB09A8E7D2135C0F5704
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NETw5s64.sys 18555F48844C2861D9DCE8F2B7223AE5
C:\Windows\System32\DRIVERS\NETwNs64.sys EB43840BABF5589E33186D094DE7381D
C:\Windows\System32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys A2F74975097F52A00745F9637451FDD8
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\System32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\System32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\System32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\System32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\System32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\System32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\drivers\rimssne64.sys FA6ABC06B629DA29634D31F1FE0347BD
C:\Windows\System32\drivers\risdsne64.sys 8F8539A7F5C117D4407B2985995671F2
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\drivers\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\serial.sys ==> MD5 is legit
C:\Windows\System32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\System32\drivers\SFEP.sys 286D3889E6AB5589646FF8A63CB928AE
C:\Windows\System32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\System32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\System32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Sftfslh.sys A40ABFDCB75F835FDF3CE0CC64E4250D
C:\Windows\System32\DRIVERS\Sftplaylh.sys 411769ED1CB12D2B44217734347BDB7A
C:\Windows\System32\DRIVERS\Sftredirlh.sys A14D0DF34BBB00EA94DA16193D0C7957
C:\Windows\System32\DRIVERS\Sftvollh.sys 393B22ADDD89979EB1C60898F51C3648
C:\Windows\System32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\System32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys FC62769E7BFF2896035AEED399108162
C:\Windows\System32\DRIVERS\tcpip.sys FC62769E7BFF2896035AEED399108162
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\System32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\System32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\System32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\System32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\System32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\System32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\System32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmci.sys 69F38919FF1510560D67F9A0B2375B01
C:\Windows\System32\DRIVERS\vmnetadapter.sys 3C37A81C995AEE1802C9D8DD9EA0E835
C:\Windows\System32\DRIVERS\vmnetbridge.sys D3B25ED3A6796FE3078475D8CFCD6024
C:\Windows\system32\drivers\vmnetuserif.sys EA48BEF5BC53D6CB5FEC8F9BE088B337
C:\Windows\system32\drivers\vmx86.sys 1286147733E31FE4E40237EB289CD7A8
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\System32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\System32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WDKMD.sys FE31110E39A0B11ABAE1BA43A2DC94F9
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\yk62x64.sys 5250193EF8E173AA7491250F00EB367F

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-01-22 18:43 - 2012-01-22 18:43 - 0000000 ____D C:\FRST
2012-01-19 18:21 - 2012-01-19 20:06 - 0000000 ____D C:\Users\All Users\HitmanPro
2012-01-19 18:21 - 2012-01-19 20:06 - 0000000 ____D C:\ProgramData\HitmanPro
2012-01-19 16:06 - 2012-01-19 16:06 - 0023204 ____A C:\ComboFix.txt
2012-01-19 14:24 - 2012-01-19 14:24 - 0358144 ____A C:\Users\All Users\Bc8XwRrNlH7q4F.exe
2012-01-19 14:24 - 2012-01-19 14:24 - 0358144 ____A C:\ProgramData\Bc8XwRrNlH7q4F.exe
2012-01-19 14:24 - 2012-01-19 14:24 - 0000653 ____A C:\Users\Sravanti\Desktop\System Check.lnk
2012-01-19 13:55 - 2012-01-19 13:55 - 0002050 ____A C:\Users\Sravanti\Desktop\Avira Free Antivirus Profile Complete system scan.LNK
2012-01-19 13:33 - 2012-01-19 13:33 - 0000000 ____D C:\Users\Sravanti\AppData\Roaming\Avira
2012-01-19 13:32 - 2012-01-20 17:39 - 0000000 ____D C:\Program Files (x86)\Avira
2012-01-19 13:32 - 2012-01-19 13:37 - 0130760 ____A (Avira GmbH) C:\Windows\System32\Drivers\avipbb.sys
2012-01-19 13:32 - 2011-09-15 23:55 - 0097312 ____A (Avira GmbH) C:\Windows\System32\Drivers\avgntflt.sys
2012-01-19 13:32 - 2011-09-15 23:55 - 0027760 ____A (Avira GmbH) C:\Windows\System32\Drivers\avkmgr.sys
2012-01-19 13:14 - 2012-01-20 17:47 - 0000000 ___HD C:\Users\All Users\Avira
2012-01-19 13:14 - 2012-01-20 17:47 - 0000000 ___HD C:\ProgramData\Avira
2012-01-19 13:07 - 2012-01-19 13:10 - 82885256 ___AH C:\Users\Sravanti\Downloads\avira_free_antivirus_en.exe
2012-01-19 12:57 - 2012-01-19 12:57 - 0092696 ____A C:\Windows\ntbtlog.txt
2012-01-17 15:00 - 2012-01-17 14:57 - 0453376 ___AH C:\Users\All Users\gfUomFNvRQL.exe
2012-01-17 15:00 - 2012-01-17 14:57 - 0453376 ___AH C:\ProgramData\gfUomFNvRQL.exe
2012-01-16 16:48 - 2011-11-16 22:49 - 0152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-01-16 16:48 - 2011-11-16 22:49 - 0095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-01-16 16:48 - 2011-11-16 22:44 - 0459232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-01-16 16:48 - 2011-11-16 22:35 - 1447936 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-01-16 16:48 - 2011-11-16 22:35 - 0395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2012-01-16 16:48 - 2011-11-16 22:35 - 0340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-01-16 16:48 - 2011-11-16 22:35 - 0136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2012-01-16 16:48 - 2011-11-16 22:35 - 0029184 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2012-01-16 16:48 - 2011-11-16 22:35 - 0028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2012-01-16 16:48 - 2011-11-16 22:33 - 0031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2012-01-16 16:48 - 2011-11-16 21:35 - 0314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2012-01-16 16:48 - 2011-11-16 21:34 - 0224768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-01-16 16:48 - 2011-11-16 21:34 - 0022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-01-16 16:48 - 2011-11-16 21:28 - 0096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-01-15 20:46 - 2012-01-20 18:10 - 0000000 ___HD C:\ComboFix
2012-01-15 20:42 - 2012-01-20 18:10 - 0000000 ___SD C:\32788R22FWJFW
2012-01-15 20:37 - 2012-01-15 20:37 - 0065536 __ASH C:\Windows\System32\config\components{256bf9f0-3ffb-11e1-8f62-005056c00008}.TxR.blf
2012-01-15 19:56 - 2011-11-19 06:58 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2012-01-15 19:56 - 2011-11-19 06:01 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2012-01-15 19:56 - 2011-11-16 22:41 - 1731920 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2012-01-15 19:56 - 2011-11-16 21:38 - 1292080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2012-01-15 19:56 - 2011-10-25 21:25 - 1572864 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2012-01-15 19:56 - 2011-10-25 21:25 - 0366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-01-15 19:56 - 2011-10-25 20:32 - 1328128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2012-01-15 19:56 - 2011-10-25 20:32 - 0514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-01-15 18:05 - 2012-01-15 20:46 - 0000000 ____D C:\Windows\ERDNT
2012-01-15 18:04 - 2012-01-19 16:06 - 0000000 ____D C:\Qoobox
2012-01-15 18:01 - 2012-01-19 16:15 - 0001630 ____A C:\Users\Sravanti\Desktop\GooredFix.txt
2012-01-15 18:01 - 2012-01-19 16:15 - 0000000 ____D C:\Users\Sravanti\Desktop\GooredFix Backups
2012-01-14 17:54 - 2012-01-15 19:39 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-14 17:54 - 2012-01-14 17:54 - 0000000 ____D C:\Users\Sravanti\AppData\Roaming\Malwarebytes
2012-01-14 17:54 - 2012-01-14 17:54 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-01-14 17:54 - 2012-01-14 17:54 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-01-14 17:48 - 2012-01-19 16:13 - 0000395 ____A C:\rkill.log
2012-01-14 17:09 - 2012-01-14 17:19 - 0006018 __ASH C:\Users\Sravanti\AppData\Local\566b42m18naieo4r8gdr3q
2012-01-14 17:09 - 2012-01-14 17:19 - 0006018 __ASH C:\Users\All Users\566b42m18naieo4r8gdr3q
2012-01-14 17:09 - 2012-01-14 17:19 - 0006018 __ASH C:\ProgramData\566b42m18naieo4r8gdr3q
2012-01-08 23:22 - 2012-01-08 23:22 - 0465605 ____A C:\Users\Sravanti\Downloads\Perfect_2.mp3
2012-01-06 19:25 - 2012-01-06 19:25 - 0000000 ____A C:\Users\Sravanti\tkcon.hst
2012-01-06 16:38 - 2012-01-15 19:30 - 0000000 ____D C:\Tcl
2012-01-06 10:23 - 2012-01-15 19:32 - 0000000 ____D C:\Users\Sravanti\AppData\Roaming\Yahoo!
2012-01-06 10:05 - 2012-01-20 17:48 - 0000000 ___HD C:\Users\Sravanti\AppData\Local\Facebook
2011-12-26 00:46 - 2011-12-26 00:47 - 0424072 ___AH (Yahoo! Inc.) C:\Users\Sravanti\Downloads\msgr11us(1).exe
2011-12-26 00:36 - 2011-12-26 00:36 - 0000000 ____D C:\Users\All Users\ArcSoft
2011-12-26 00:36 - 2011-12-26 00:36 - 0000000 ____D C:\ProgramData\ArcSoft
2011-12-23 16:23 - 2012-01-20 18:13 - 0000000 ____D C:\Windows\System32\Macromed

============ 3 Months Modified Files and Folders =============

2012-01-22 18:43 - 2012-01-22 18:43 - 0000000 ____D C:\FRST
2012-01-22 18:43 - 2010-11-28 19:52 - 0000000 ____D C:\users\boinc_master
2012-01-20 18:13 - 2011-12-23 16:23 - 0000000 ____D C:\Windows\System32\Macromed
2012-01-20 18:13 - 2011-11-17 17:32 - 0000000 ___HD C:\users\vmuser.Sravanti-PC
2012-01-20 18:13 - 2011-09-28 22:47 - 0000000 ____D C:\users\vmuser
2012-01-20 18:13 - 2011-08-08 22:35 - 0000000 ____D C:\Windows\SysWOW64\URTTEMP
2012-01-20 18:13 - 2011-07-11 11:31 - 0000000 ____D C:\Windows\System32\SPReview
2012-01-20 18:13 - 2011-07-11 11:30 - 0000000 ____D C:\Windows\System32\EventProviders
2012-01-20 18:13 - 2011-06-01 21:51 - 0000000 ____D C:\Windows\SysWOW64\TVUAx
2012-01-20 18:13 - 2011-02-07 13:21 - 0000000 ____D C:\Windows\SysWOW64\VAIO Startup Setting Tool
2012-01-20 18:13 - 2011-02-07 13:21 - 0000000 ____D C:\Windows\pss
2012-01-20 18:13 - 2011-02-07 13:20 - 0000000 ___HD C:\users\Sravanti
2012-01-20 18:13 - 2010-11-28 19:29 - 0000000 ____D C:\Windows\Sonysys
2012-01-20 18:13 - 2010-11-28 19:19 - 0000000 ____D C:\Windows\SysWOW64\RTCOM
2012-01-20 18:13 - 2010-11-03 15:33 - 0000000 ____D C:\Windows\SysWOW64\SDA
2012-01-20 18:13 - 2010-11-03 14:36 - 0000000 ____D C:\Windows\InstDrvs
2012-01-20 18:13 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-01-20 18:13 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-01-20 18:13 - 2009-07-13 20:45 - 0000000 ____D C:\Windows\Setup
2012-01-20 18:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\TAPI
2012-01-20 18:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Recovery
2012-01-20 18:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\oobe
2012-01-20 18:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-01-20 18:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\oobe
2012-01-20 18:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-01-20 18:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Msdtc
2012-01-20 18:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\system
2012-01-20 18:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\security
2012-01-20 18:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Resources
2012-01-20 18:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-01-20 18:12 - 2011-12-19 15:26 - 0000000 ___HD C:\Users\Sravanti\AppData\Roaming\SpinTop
2012-01-20 18:12 - 2011-10-24 01:34 - 0000000 ___HD C:\Users\Sravanti\AppData\Roaming\SmartDraw
2012-01-20 18:12 - 2011-10-24 00:03 - 0000000 ___HD C:\Users\Sravanti\AppData\Local\UML Lab Modeling IDE
2012-01-20 18:12 - 2011-10-03 17:49 - 0000000 __RHD C:\Users\Sravanti\Desktop\Dropbox
2012-01-20 18:12 - 2011-10-02 21:50 - 0000000 ___HD C:\Users\Sravanti\AppData\Roaming\TeamViewer
2012-01-20 18:12 - 2011-09-11 12:32 - 0000000 ___HD C:\Users\Sravanti\AppData\Roaming\gtk-2.0
2012-01-20 18:12 - 2011-08-08 22:36 - 0000000 ___HD C:\Users\Sravanti\AppData\Local\{4A943398-A046-488D-B198-25A8DEF59F1B}
2012-01-20 18:12 - 2011-07-17 22:08 - 0000000 ___HD C:\Users\Sravanti\AppData\Local\{2D1D5390-30CD-44E5-BC85-DB4134620734}
2012-01-20 18:12 - 2011-03-25 11:51 - 0000000 ___HD C:\Users\Sravanti\AppData\Roaming\Skype
2012-01-20 18:12 - 2011-02-10 21:58 - 0000000 ___HD C:\Users\Sravanti\AppData\Roaming\VMware
2012-01-20 18:12 - 2011-02-07 22:19 - 0000000 ___HD C:\Users\Sravanti\AppData\Roaming\ArcSoft
2012-01-20 18:12 - 2011-02-07 13:29 - 0000000 ___HD C:\Users\Sravanti\AppData\Roaming\Mozilla
2012-01-20 18:12 - 2011-02-07 13:20 - 0000000 ___HD C:\Users\Sravanti\AppData\LocalLow
2012-01-20 18:12 - 2010-11-28 20:28 - 0000000 ____D C:\Windows\en
2012-01-20 18:12 - 2010-11-28 19:50 - 0000000 ____D C:\Windows\Downloaded Installations
2012-01-20 18:12 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-01-20 18:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Help
2012-01-20 18:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-01-20 18:11 - 2011-11-24 13:20 - 0000000 ____D C:\Program Files (x86)\Windows Installer Clean Up
2012-01-20 18:11 - 2011-11-22 12:28 - 0000000 ____D C:\Program Files\NetBeans 7.0.1
2012-01-20 18:11 - 2011-10-24 00:57 - 0000000 ___HD C:\Users\All Users\Altova
2012-01-20 18:11 - 2011-10-24 00:57 - 0000000 ___HD C:\ProgramData\Altova
2012-01-20 18:11 - 2011-09-20 21:31 - 0000000 ____D C:\Program Files (x86)\TomTom International B.V
2012-01-20 18:11 - 2011-09-20 21:31 - 0000000 ____D C:\Program Files (x86)\TomTom HOME 2
2012-01-20 18:11 - 2011-08-08 22:36 - 0000000 ___HD C:\Users\Sravanti\AppData\Local\ApplicationHistory
2012-01-20 18:11 - 2011-08-06 06:18 - 0000000 ____D C:\Program Files (x86)\WinRAR
2012-01-20 18:11 - 2011-06-12 19:41 - 0000000 ___HD C:\Users\All Users\Apple Computer
2012-01-20 18:11 - 2011-06-12 19:41 - 0000000 ___HD C:\ProgramData\Apple Computer
2012-01-20 18:11 - 2011-06-08 21:56 - 0000000 ___HD C:\Users\Sravanti\AppData\Local\Sony
2012-01-20 18:11 - 2011-06-08 21:55 - 0000000 ___HD C:\Users\Sravanti\AppData\Local\Downloaded Installations
2012-01-20 18:11 - 2011-06-04 20:27 - 0000000 ___HD C:\Users\All Users\Real
2012-01-20 18:11 - 2011-06-04 20:27 - 0000000 ___HD C:\ProgramData\Real
2012-01-20 18:11 - 2011-06-04 20:27 - 0000000 ____D C:\Program Files (x86)\Real
2012-01-20 18:11 - 2011-05-23 17:49 - 0000000 ___HD C:\Users\Sravanti\AppData\Local\Citrix
2012-01-20 18:11 - 2011-05-17 19:26 - 0000000 ____D C:\Program Files\Common Files\Motive
2012-01-20 18:11 - 2011-05-17 19:26 - 0000000 ____D C:\Program Files\ATT-HSI
2012-01-20 18:11 - 2011-05-08 18:34 - 0000000 ___HD C:\Users\All Users\Microsoft Help
2012-01-20 18:11 - 2011-05-08 18:34 - 0000000 ___HD C:\ProgramData\Microsoft Help
2012-01-20 18:11 - 2011-03-14 09:18 - 0000000 __HDC C:\Users\All Users\{F77EE8EF-305B-4394-A018-C1A57D2D66B5}
2012-01-20 18:11 - 2011-03-14 09:18 - 0000000 __HDC C:\ProgramData\{F77EE8EF-305B-4394-A018-C1A57D2D66B5}
2012-01-20 18:11 - 2011-03-13 14:00 - 0000000 ___HD C:\Users\Sravanti\AppData\Local\Eclipse
2012-01-20 18:11 - 2011-02-11 11:38 - 0000000 ___HD C:\Users\All Users\Yahoo!
2012-01-20 18:11 - 2011-02-11 11:38 - 0000000 ___HD C:\ProgramData\Yahoo!
2012-01-20 18:11 - 2011-02-11 11:35 - 0000000 ____D C:\Program Files (x86)\Yahoo!
2012-01-20 18:11 - 2011-02-08 22:51 - 0000000 ___HD C:\Users\All Users\Intel
2012-01-20 18:11 - 2011-02-08 22:51 - 0000000 ___HD C:\ProgramData\Intel
2012-01-20 18:11 - 2011-02-08 22:43 - 0000000 ___HD C:\Update
2012-01-20 18:11 - 2011-02-07 22:32 - 0000000 ____D C:\Program Files\Google
2012-01-20 18:11 - 2010-11-28 20:35 - 0000000 ___HD C:\Users\All Users\Norton
2012-01-20 18:11 - 2010-11-28 20:35 - 0000000 ___HD C:\ProgramData\Norton
2012-01-20 18:11 - 2010-11-28 20:27 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-01-20 18:11 - 2010-11-28 20:26 - 0000000 ____D C:\Program Files\Windows Live
2012-01-20 18:11 - 2010-11-28 19:55 - 0000000 ___HD C:\SPLASH.SYS
2012-01-20 18:11 - 2010-11-28 19:44 - 0000000 ____D C:\Program Files (x86)\Sony
2012-01-20 18:11 - 2010-11-28 19:43 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-01-20 18:11 - 2010-11-28 19:42 - 0000000 ___HD C:\Users\All Users\Skype
2012-01-20 18:11 - 2010-11-28 19:42 - 0000000 ___HD C:\ProgramData\Skype
2012-01-20 18:11 - 2010-11-28 19:41 - 0000000 ___AD C:\Program Files\Shutterfly
2012-01-20 18:11 - 2010-11-28 19:38 - 0000000 ____D C:\Program Files\Sony
2012-01-20 18:11 - 2010-11-28 19:20 - 0000000 ____D C:\Program Files\Apoint
2012-01-20 18:11 - 2010-11-28 19:19 - 0000000 ____D C:\Program Files\Realtek
2012-01-20 18:11 - 2010-11-28 19:19 - 0000000 ____D C:\Program Files (x86)\Realtek
2012-01-20 18:11 - 2010-11-03 16:24 - 0000000 ___HD C:\Users\All Users\Sony Corporation
2012-01-20 18:11 - 2010-11-03 16:24 - 0000000 ___HD C:\ProgramData\Sony Corporation
2012-01-20 18:11 - 2010-11-03 14:59 - 0000000 ____D C:\Program Files\Common Files\Intel
2012-01-20 18:11 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Microsoft Games
2012-01-20 18:11 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-01-20 18:10 - 2012-01-15 20:46 - 0000000 ___HD C:\ComboFix
2012-01-20 18:10 - 2012-01-15 20:42 - 0000000 ___SD C:\32788R22FWJFW
2012-01-20 18:10 - 2011-11-23 20:40 - 0000000 ____D C:\Program Files (x86)\MySQL
2012-01-20 18:10 - 2011-11-16 15:53 - 0000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2012-01-20 18:10 - 2011-09-29 06:42 - 0000000 ____D C:\Program Files (x86)\Glary Utilities
2012-01-20 18:10 - 2011-06-12 19:41 - 0000000 ____D C:\Program Files (x86)\QuickTime
2012-01-20 18:10 - 2011-05-17 19:26 - 0000000 ___HD C:\Program Files (x86)\ATT-HSI
2012-01-20 18:10 - 2011-04-09 19:51 - 0000000 ____D C:\Program Files (x86)\Jagannatha Hora
2012-01-20 18:10 - 2011-02-24 20:54 - 0000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-01-20 18:10 - 2011-02-07 22:36 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-01-20 18:10 - 2011-02-07 22:32 - 0000000 ____D C:\Program Files (x86)\Google
2012-01-20 18:10 - 2010-11-28 20:24 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-01-20 18:10 - 2010-11-28 19:54 - 0000000 ____D C:\Program Files (x86)\Downloaded Installations
2012-01-20 18:10 - 2010-11-28 19:50 - 0000000 ____D C:\Program Files (x86)\BOINC
2012-01-20 18:10 - 2010-11-03 15:36 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-01-20 18:10 - 2010-11-03 14:56 - 0000000 ___HD C:\Intel
2012-01-20 18:10 - 2009-07-13 19:18 - 0000000 __SHD C:\$Recycle.Bin
2012-01-20 18:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-01-20 18:07 - 2010-11-28 19:26 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2012-01-20 18:07 - 2010-11-28 19:11 - 0000000 ____D C:\Windows\SysWOW64\winrm
2012-01-20 18:07 - 2010-11-28 19:11 - 0000000 ____D C:\Windows\SysWOW64\WCN
2012-01-20 18:07 - 2010-11-28 19:11 - 0000000 ____D C:\Windows\SysWOW64\slmgr
2012-01-20 18:07 - 2010-11-28 19:11 - 0000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2012-01-20 18:07 - 2010-11-28 19:11 - 0000000 ____D C:\Windows\System32\winrm
2012-01-20 18:07 - 2010-11-28 19:11 - 0000000 ____D C:\Windows\System32\WCN
2012-01-20 18:07 - 2010-11-28 19:11 - 0000000 ____D C:\Windows\System32\slmgr
2012-01-20 18:07 - 2010-11-28 19:11 - 0000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2012-01-20 18:07 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
2012-01-20 18:07 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\WindowsPowerShell
2012-01-20 18:07 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\WinBioPlugIns
2012-01-20 18:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Web
2012-01-20 18:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Vss
2012-01-20 18:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\spp
2012-01-20 18:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Speech
2012-01-20 18:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\NetworkList
2012-01-20 18:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\MUI
2012-01-20 18:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Msdtc
2012-01-20 18:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2012-01-20 18:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\InstallShield
2012-01-20 18:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\IME
2012-01-20 18:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2012-01-20 18:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\com
2012-01-20 18:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\spp
2012-01-20 18:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\spool
2012-01-20 18:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Speech
2012-01-20 18:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\SMI
2012-01-20 18:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NetworkList
2012-01-20 18:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\MUI
2012-01-20 18:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\migwiz
2012-01-20 18:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\IME
2012-01-20 18:06 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Performance
2012-01-20 18:06 - 2009-07-13 20:45 - 0000000 ____D C:\Windows\ServiceProfiles
2012-01-20 18:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Dism
2012-01-20 18:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\com
2012-01-20 18:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Speech
2012-01-20 18:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\schemas
2012-01-20 18:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-01-20 18:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PLA
2012-01-20 18:00 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\IME
2012-01-20 18:00 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Globalization
2012-01-20 17:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Branding
2012-01-20 17:56 - 2011-10-24 00:20 - 0000000 ___HD C:\Users\Sravanti\Workspaces
2012-01-20 17:56 - 2011-10-24 00:02 - 0000000 ___HD C:\Users\Sravanti\workspace1
2012-01-20 17:56 - 2011-09-30 09:48 - 0000000 __RHD C:\Users\Sravanti\Dropbox
2012-01-20 17:56 - 2011-08-17 18:09 - 0000000 ___HD C:\VMDataStore
2012-01-20 17:56 - 2011-03-13 14:00 - 0000000 ___HD C:\Users\Sravanti\workspace
2012-01-20 17:55 - 2011-11-28 21:38 - 0000000 ___HD C:\Users\Sravanti\Downloads\rmi_c
2012-01-20 17:53 - 2011-11-27 23:56 - 0000000 ___HD C:\Users\Sravanti\Downloads\basic-jgroups
2012-01-20 17:53 - 2011-11-27 23:56 - 0000000 ___HD C:\Users\Sravanti\Downloads\__MACOSX
2012-01-20 17:53 - 2011-11-22 12:46 - 0000000 ___HD C:\Users\Sravanti\Documents\NetBeansProjects
2012-01-20 17:53 - 2011-10-24 01:01 - 0000000 ___HD C:\Users\Sravanti\Documents\Altova
2012-01-20 17:53 - 2011-09-14 23:04 - 0000000 ___HD C:\Users\Sravanti\Downloads\eclipse-jee-indigo-win32-x86_64
2012-01-20 17:53 - 2011-03-13 13:59 - 0000000 ___HD C:\Users\Sravanti\Downloads\eclipse-cpp-helios-SR1-win32-x86_64
2012-01-20 17:52 - 2011-11-16 15:55 - 0000000 ___HD C:\Users\Sravanti\AppData\Roaming\OpenOffice.org
2012-01-20 17:52 - 2011-10-14 15:03 - 0000000 ___HD C:\Users\Sravanti\AppData\Roaming\Oberon Media
2012-01-20 17:52 - 2011-09-30 09:46 - 0000000 ___HD C:\Users\Sravanti\AppData\Roaming\Dropbox
2012-01-20 17:52 - 2011-09-20 21:31 - 0000000 ___HD C:\Users\Sravanti\AppData\Roaming\TomTom
2012-01-20 17:52 - 2011-09-20 21:31 - 0000000 ___HD C:\Users\Sravanti\AppData\Local\TomTom
2012-01-20 17:52 - 2011-08-17 16:33 - 0000000 ___HD C:\Users\Sravanti\AppData\Roaming\GlarySoft
2012-01-20 17:52 - 2011-06-04 20:27 - 0000000 ___HD C:\Users\Sravanti\AppData\Roaming\Real
2012-01-20 17:52 - 2011-06-01 21:46 - 0000000 ___HD C:\Users\Sravanti\AppData\Roaming\Octoshape
2012-01-20 17:52 - 2011-02-24 20:54 - 0000000 ___HD C:\Users\Sravanti\AppData\Roaming\SoftGrid Client
2012-01-20 17:52 - 2011-02-07 13:27 - 0000000 ___HD C:\Users\Sravanti\AppData\Roaming\Adobe
2012-01-20 17:52 - 2011-02-07 13:24 - 0000000 ___HD C:\Users\Sravanti\AppData\Roaming\Intel
2012-01-20 17:52 - 2011-02-07 13:21 - 0000000 ___HD C:\Users\Sravanti\AppData\Roaming\Sony Corporation
2012-01-20 17:52 - 2011-02-07 13:21 - 0000000 ___HD C:\Users\Sravanti\AppData\Local\VirtualStore
2012-01-20 17:51 - 2011-02-07 22:36 - 0000000 ___HD C:\Users\Sravanti\AppData\Local\Mozilla
2012-01-20 17:51 - 2011-02-07 13:32 - 0000000 ___HD C:\Users\Sravanti\AppData\Local\Sony Corporation
2012-01-20 17:48 - 2012-01-06 10:05 - 0000000 ___HD C:\Users\Sravanti\AppData\Local\Facebook
2012-01-20 17:48 - 2011-11-22 12:41 - 0000000 ___HD C:\Users\Sravanti\.netbeans
2012-01-20 17:48 - 2011-10-24 00:01 - 0000000 ___HD C:\Users\Sravanti\.eclipse
2012-01-20 17:48 - 2011-10-01 12:17 - 0000000 ___HD C:\Users\All Users\VMware
2012-01-20 17:48 - 2011-10-01 12:17 - 0000000 ___HD C:\ProgramData\VMware
2012-01-20 17:48 - 2011-05-19 21:54 - 0000000 ___HD C:\Users\All Users\Sony Ericsson
2012-01-20 17:48 - 2011-05-19 21:54 - 0000000 ___HD C:\ProgramData\Sony Ericsson
2012-01-20 17:48 - 2011-02-07 22:44 - 0000000 ___HD C:\Users\Sravanti\AppData\Local\Microsoft Games
2012-01-20 17:48 - 2011-02-07 22:32 - 0000000 ___HD C:\Users\Sravanti\AppData\Local\Google
2012-01-20 17:48 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Public
2012-01-20 17:48 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Default
2012-01-20 17:47 - 2012-01-19 13:14 - 0000000 ___HD C:\Users\All Users\Avira
2012-01-20 17:47 - 2012-01-19 13:14 - 0000000 ___HD C:\ProgramData\Avira
2012-01-20 17:47 - 2011-11-23 20:40 - 0000000 ___HD C:\Users\All Users\MySQL
2012-01-20 17:47 - 2011-11-23 20:40 - 0000000 ___HD C:\ProgramData\MySQL
2012-01-20 17:47 - 2011-07-17 22:09 - 0000000 ___HD C:\Users\All Users\Boson
2012-01-20 17:47 - 2011-07-17 22:09 - 0000000 ___HD C:\ProgramData\Boson
2012-01-20 17:47 - 2011-02-07 22:32 - 0000000 ___HD C:\Users\All Users\Google
2012-01-20 17:47 - 2011-02-07 22:32 - 0000000 ___HD C:\ProgramData\Google
2012-01-20 17:47 - 2010-11-28 19:27 - 0000000 ___HD C:\Users\All Users\Adobe
2012-01-20 17:47 - 2010-11-28 19:27 - 0000000 ___HD C:\ProgramData\Adobe
2012-01-20 17:47 - 2010-11-28 19:17 - 0000000 ___HD C:\Users\All Users\DDNi
2012-01-20 17:47 - 2010-11-28 19:17 - 0000000 ___HD C:\ProgramData\DDNi
2012-01-20 17:46 - 2011-09-29 13:44 - 0000000 ____D C:\Program Files\Oracle
2012-01-20 17:46 - 2010-11-04 16:28 - 0000000 ____D C:\Program Files\Windows Journal
2012-01-20 17:46 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2012-01-20 17:46 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Defender
2012-01-20 17:46 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Reference Assemblies
2012-01-20 17:46 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Windows NT
2012-01-20 17:45 - 2011-11-23 20:42 - 0000000 ____D C:\Program Files\MySQL
2012-01-20 17:45 - 2010-11-28 19:36 - 0000000 ____D C:\Program Files\Microsoft Office
2012-01-20 17:45 - 2010-11-28 19:31 - 0000000 ____D C:\Program Files\Java
2012-01-20 17:45 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\MSBuild
2012-01-20 17:44 - 2010-11-28 19:26 - 0000000 ____D C:\Program Files\Common Files\Sony Shared
2012-01-20 17:44 - 2010-11-28 19:20 - 0000000 ____D C:\Program Files\Intel
2012-01-20 17:44 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\DVD Maker
2012-01-20 17:44 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-01-20 17:44 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Defender
2012-01-20 17:44 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2012-01-20 17:44 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\SpeechEngines
2012-01-20 17:44 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files (x86)\Windows NT
2012-01-20 17:43 - 2011-10-02 21:48 - 0000000 ____D C:\Program Files (x86)\TeamViewer
2012-01-20 17:43 - 2011-10-01 12:17 - 0000000 ____D C:\Program Files (x86)\VMware
2012-01-20 17:42 - 2011-05-19 21:54 - 0000000 ____D C:\Program Files (x86)\Sony Ericsson
2012-01-20 17:42 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Reference Assemblies
2012-01-20 17:41 - 2011-06-04 10:40 - 0000000 ____D C:\Program Files (x86)\Java
2012-01-20 17:41 - 2011-04-18 22:52 - 0000000 ____D C:\Program Files (x86)\MSECache
2012-01-20 17:41 - 2010-11-28 19:35 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2012-01-20 17:41 - 2010-11-03 14:56 - 0000000 ____D C:\Program Files (x86)\Intel
2012-01-20 17:41 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\MSBuild
2012-01-20 17:40 - 2010-11-28 19:55 - 0000000 ____D C:\Program Files (x86)\Evernote
2012-01-20 17:40 - 2010-11-28 19:31 - 0000000 ____D C:\Program Files (x86)\Intel Corporation
2012-01-20 17:40 - 2010-11-28 19:17 - 0000000 ____D C:\Program Files (x86)\DDNi
2012-01-20 17:39 - 2012-01-19 13:32 - 0000000 ____D C:\Program Files (x86)\Avira
2012-01-20 17:39 - 2011-02-12 10:01 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-01-20 17:39 - 2011-02-08 22:50 - 0000000 ____D C:\Program Files (x86)\Cisco
2012-01-20 17:39 - 2010-11-28 19:57 - 0000000 ____D C:\Program Files (x86)\ArcSoft
2012-01-19 20:06 - 2012-01-19 18:21 - 0000000 ____D C:\Users\All Users\HitmanPro
2012-01-19 20:06 - 2012-01-19 18:21 - 0000000 ____D C:\ProgramData\HitmanPro
2012-01-19 16:15 - 2012-01-15 18:01 - 0001630 ____A C:\Users\Sravanti\Desktop\GooredFix.txt
2012-01-19 16:15 - 2012-01-15 18:01 - 0000000 ____D C:\Users\Sravanti\Desktop\GooredFix Backups
2012-01-19 16:13 - 2012-01-14 17:48 - 0000395 ____A C:\rkill.log
2012-01-19 16:06 - 2012-01-19 16:06 - 0023204 ____A C:\ComboFix.txt
2012-01-19 16:06 - 2012-01-15 18:04 - 0000000 ____D C:\Qoobox
2012-01-19 14:40 - 2011-02-07 13:15 - 2955485184 __ASH C:\hiberfil.sys
2012-01-19 14:27 - 2010-12-25 14:41 - 1435675 ____A C:\Windows\WindowsUpdate.log
2012-01-19 14:24 - 2012-01-19 14:24 - 0358144 ____A C:\Users\All Users\Bc8XwRrNlH7q4F.exe
2012-01-19 14:24 - 2012-01-19 14:24 - 0358144 ____A C:\ProgramData\Bc8XwRrNlH7q4F.exe
2012-01-19 14:24 - 2012-01-19 14:24 - 0000653 ____A C:\Users\Sravanti\Desktop\System Check.lnk
2012-01-19 14:23 - 2011-10-01 11:37 - 0000330 ____A C:\Windows\Tasks\GlaryInitialize.job
2012-01-19 14:23 - 2011-08-22 07:05 - 0014748 ____A C:\Windows\setupact.log
2012-01-19 14:23 - 2011-02-07 22:32 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-01-19 14:23 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-01-19 14:22 - 2009-07-13 20:45 - 0013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-01-19 14:22 - 2009-07-13 20:45 - 0013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-01-19 14:12 - 2009-07-13 21:13 - 0745992 ____A C:\Windows\System32\PerfStringBackup.INI
2012-01-19 13:55 - 2012-01-19 13:55 - 0002050 ____A C:\Users\Sravanti\Desktop\Avira Free Antivirus Profile Complete system scan.LNK
2012-01-19 13:47 - 2011-08-22 07:05 - 0362298 ____A C:\Windows\PFRO.log
2012-01-19 13:40 - 2011-02-07 22:32 - 0000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-01-19 13:37 - 2012-01-19 13:32 - 0130760 ____A (Avira GmbH) C:\Windows\System32\Drivers\avipbb.sys
2012-01-19 13:33 - 2012-01-19 13:33 - 0000000 ____D C:\Users\Sravanti\AppData\Roaming\Avira
2012-01-19 13:30 - 2011-07-29 15:17 - 0000920 ___AH C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3562534644-70929150-3015409922-1005UA.job
2012-01-19 13:10 - 2012-01-19 13:07 - 82885256 ___AH C:\Users\Sravanti\Downloads\avira_free_antivirus_en.exe
2012-01-19 12:59 - 2011-07-29 15:17 - 0000868 ___AH C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3562534644-70929150-3015409922-1005Core.job
2012-01-19 12:57 - 2012-01-19 12:57 - 0092696 ____A C:\Windows\ntbtlog.txt
2012-01-17 14:57 - 2012-01-17 15:00 - 0453376 ___AH C:\Users\All Users\gfUomFNvRQL.exe
2012-01-17 14:57 - 2012-01-17 15:00 - 0453376 ___AH C:\ProgramData\gfUomFNvRQL.exe
2012-01-15 22:30 - 2011-12-04 19:33 - 0000000 ____D C:\Users\Sravanti\AppData\Local\ElevatedDiagnostics
2012-01-15 22:01 - 2011-06-18 13:55 - 0044579 ____A C:\test.xml
2012-01-15 20:46 - 2012-01-15 18:05 - 0000000 ____D C:\Windows\ERDNT
2012-01-15 20:43 - 2011-03-13 11:15 - 54008112 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-01-15 20:41 - 2011-04-08 12:03 - 0000000 ____D C:\Users\Sravanti\AppData\Local\CrashDumps
2012-01-15 20:37 - 2012-01-15 20:37 - 0065536 __ASH C:\Windows\System32\config\components{256bf9f0-3ffb-11e1-8f62-005056c00008}.TxR.blf
2012-01-15 20:37 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-01-15 19:39 - 2012-01-14 17:54 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-15 19:32 - 2012-01-06 10:23 - 0000000 ____D C:\Users\Sravanti\AppData\Roaming\Yahoo!
2012-01-15 19:30 - 2012-01-06 16:38 - 0000000 ____D C:\Tcl
2012-01-15 18:54 - 2011-12-20 15:58 - 0000000 __SHD C:\Users\Sravanti\AppData\Local\64b5e28e
2012-01-14 17:54 - 2012-01-14 17:54 - 0000000 ____D C:\Users\Sravanti\AppData\Roaming\Malwarebytes
2012-01-14 17:54 - 2012-01-14 17:54 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-01-14 17:54 - 2012-01-14 17:54 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-01-14 17:19 - 2012-01-14 17:09 - 0006018 __ASH C:\Users\Sravanti\AppData\Local\566b42m18naieo4r8gdr3q
2012-01-14 17:19 - 2012-01-14 17:09 - 0006018 __ASH C:\Users\All Users\566b42m18naieo4r8gdr3q
2012-01-14 17:19 - 2012-01-14 17:09 - 0006018 __ASH C:\ProgramData\566b42m18naieo4r8gdr3q
2012-01-08 23:22 - 2012-01-08 23:22 - 0465605 ____A C:\Users\Sravanti\Downloads\Perfect_2.mp3
2012-01-08 10:40 - 2011-03-25 11:52 - 0000000 ____D C:\Users\Sravanti\AppData\Roaming\skypePM
2012-01-06 19:25 - 2012-01-06 19:25 - 0000000 ____A C:\Users\Sravanti\tkcon.hst
2012-01-06 19:14 - 2011-10-27 17:25 - 0005429 ____A C:\WirelessDiagLog.csv
2011-12-26 00:48 - 2011-05-17 22:00 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-12-26 00:47 - 2011-12-26 00:46 - 0424072 ___AH (Yahoo! Inc.) C:\Users\Sravanti\Downloads\msgr11us(1).exe
2011-12-26 00:36 - 2011-12-26 00:36 - 0000000 ____D C:\Users\All Users\ArcSoft
2011-12-26 00:36 - 2011-12-26 00:36 - 0000000 ____D C:\ProgramData\ArcSoft
2011-12-23 16:27 - 2011-09-14 22:16 - 0000600 ____A C:\Users\Sravanti\AppData\Local\PUTTY.RND
2011-12-20 20:05 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\servicing
2011-12-20 19:52 - 2011-08-19 06:48 - 0000000 ____D C:\Windows\Minidump
2011-12-20 18:55 - 2011-12-20 18:55 - 0000000 ____D C:\Windows\SysWOW64\%LOCALAPPDATA%
2011-12-20 17:50 - 2011-12-20 17:50 - 0000000 ____D C:\Users\Sravanti\AppData\Roaming\Tific
2011-12-20 17:49 - 2011-12-20 17:49 - 0000000 ____D C:\Users\Sravanti\AppData\Local\Symantec
2011-12-20 13:14 - 2011-12-20 13:14 - 0000000 ____D C:\Users\Sravanti\AppData\Roaming\OpenCandy
2011-12-19 23:05 - 2011-10-26 11:16 - 0000000 ____D C:\Users\Sravanti\AppData\Roaming\Meridian93
2011-12-19 23:02 - 2011-12-19 23:01 - 93344995 ___AH (Meridian'93 ) C:\Users\Sravanti\Downloads\mf2.exe
2011-12-15 00:16 - 2009-07-13 20:45 - 0336472 ____A C:\Windows\System32\FNTCACHE.DAT
2011-12-14 00:02 - 2011-12-14 00:02 - 0001522 ____A C:\Users\Sravanti\Downloads\CMPE207FinalPaper.txt
2011-12-08 15:09 - 2011-12-08 15:09 - 1266612 ___AH C:\Users\Sravanti\Downloads\viperclientsetup_aca.exe
2011-12-08 15:08 - 2011-12-08 15:08 - 0463080 ___AH (CNET Download.com) C:\Users\Sravanti\Downloads\cnet2_viperclientsetup_aca_exe.exe
2011-12-08 12:05 - 2011-02-07 13:24 - 0077456 ____A C:\Users\Sravanti\AppData\Local\GDIPFONTCACHEV1.DAT
2011-12-08 12:04 - 2009-07-13 21:38 - 0067584 ___AS C:\Windows\bootstat(27).dat
2011-12-07 16:22 - 2011-12-07 16:22 - 0032216 ____A C:\Users\Sravanti\Downloads\StudentDetails.java
2011-12-07 16:22 - 2011-12-07 16:22 - 0023015 ____A C:\Users\Sravanti\Downloads\StudentDetails.form
2011-12-07 12:20 - 2011-12-07 12:20 - 0009901 ____A C:\Users\Sravanti\Downloads\DeleteCourseStdnt(1).java
2011-12-07 12:20 - 2011-12-07 12:20 - 0007575 ____A C:\Users\Sravanti\Downloads\DeleteCourseStdnt(1).form
2011-12-06 23:15 - 2011-12-06 23:14 - 13620852 ____A C:\Users\Sravanti\Downloads\P3_Mobile.zip
2011-12-06 01:54 - 2011-12-06 01:54 - 0017572 ____A C:\Users\Sravanti\Downloads\graph info.xlsx
2011-12-06 01:20 - 2011-12-06 01:20 - 0179200 ____A C:\Users\Sravanti\Downloads\Client_Server_chat.doc
2011-12-05 03:26 - 2011-12-05 03:26 - 1612288 ____A C:\Users\Sravanti\Downloads\LoadBalancing.ppt
2011-12-05 02:53 - 2011-12-05 02:53 - 2921472 ____A C:\Users\Sravanti\Downloads\intermachine-parallelism-lecture.ppt
2011-12-05 00:25 - 2011-12-05 00:25 - 0007270 ____A C:\Users\Sravanti\Downloads\MonteCarlo(1).java
2011-12-04 19:37 - 2009-07-13 19:20 - 0000000 __RHD C:\Users\Public\Libraries
2011-12-04 19:08 - 2011-12-04 19:08 - 0010099 ____A C:\Users\Sravanti\Downloads\components-FileChooserDemoProject.zip
2011-12-04 17:27 - 2011-12-04 17:27 - 0009787 ____A C:\Users\Sravanti\Downloads\PayFees.java
2011-12-04 17:27 - 2011-12-04 17:27 - 0009315 ____A C:\Users\Sravanti\Downloads\PostFees.java
2011-12-04 17:27 - 2011-12-04 17:27 - 0007050 ____A C:\Users\Sravanti\Downloads\PayFees.form
2011-12-04 17:27 - 2011-12-04 17:27 - 0006935 ____A C:\Users\Sravanti\Downloads\PostFees.form
2011-12-04 17:24 - 2011-12-04 17:24 - 0001160 ___AH C:\Users\Sravanti\Downloads\Downloads - Shortcut.lnk
2011-12-04 17:23 - 2011-12-04 17:23 - 0010398 ____A C:\Users\Sravanti\Downloads\ViewScheduleStudent.java
2011-12-04 17:23 - 2011-12-04 17:23 - 0006860 ____A C:\Users\Sravanti\Downloads\ViewScheduleStudent.form
2011-12-04 17:11 - 2011-12-04 17:11 - 0010399 ____A C:\Users\Sravanti\Downloads\ViewSchedule.java
2011-12-04 17:11 - 2011-12-04 17:11 - 0006860 ____A C:\Users\Sravanti\Downloads\ViewSchedule.form
2011-12-04 17:03 - 2011-12-04 17:03 - 0010333 ____A C:\Users\Sravanti\Downloads\AddCourseStudent.java
2011-12-04 17:03 - 2011-12-04 17:03 - 0007951 ____A C:\Users\Sravanti\Downloads\AddCourseStudent.form
2011-12-04 01:00 - 2011-12-04 01:00 - 0001235 ____A C:\Users\Sravanti\Downloads\Direct.java
2011-12-04 00:58 - 2011-12-04 00:58 - 0006332 ____A C:\Users\Sravanti\Downloads\MonteCarlo.java
2011-12-04 00:58 - 2011-12-04 00:58 - 0001173 ____A C:\Users\Sravanti\Downloads\MonteMove.java
2011-12-04 00:58 - 2011-12-04 00:58 - 0000992 ____A C:\Users\Sravanti\Downloads\SimulationNode.java
2011-12-04 00:58 - 2011-12-04 00:58 - 0000676 ____A C:\Users\Sravanti\Downloads\Nodes.java
2011-12-03 19:25 - 2011-12-03 19:25 - 0010733 ____A C:\Users\Sravanti\Downloads\PostGrade.java
2011-12-03 19:25 - 2011-12-03 19:25 - 0008971 ____A C:\Users\Sravanti\Downloads\DeleteCourseStdnt.java
2011-12-03 19:25 - 2011-12-03 19:25 - 0008098 ____A C:\Users\Sravanti\Downloads\PostGrade.form
2011-12-03 19:25 - 2011-12-03 19:25 - 0006483 ____A C:\Users\Sravanti\Downloads\DeleteCourseStdnt.form
2011-12-03 18:52 - 2011-11-28 16:00 - 0000000 ____D C:\Users\Sravanti\Documents\dumps
2011-12-01 16:24 - 2011-12-01 16:24 - 0017653 ____A C:\Users\Sravanti\Downloads\hdfsarchitecture.gif
2011-11-29 23:26 - 2011-11-29 23:26 - 0548952 ___AH C:\Users\Sravanti\Downloads\smartdraw_11E_POYOZ_setup.exe
2011-11-29 23:14 - 2011-11-29 23:14 - 0243200 ____A C:\Users\Sravanti\Downloads\lec2-mapred.ppt
2011-11-28 21:56 - 2011-11-28 21:56 - 0004622 ____A C:\Users\Sravanti\Downloads\JGroupRandomWalk.java
2011-11-28 21:38 - 2011-11-28 21:38 - 0993194 ____A C:\Users\Sravanti\Downloads\rmi_c.rar
2011-11-23 22:03 - 2011-11-23 22:03 - 1767172 ____A C:\Users\Sravanti\Downloads\jgroups-3.0.0.Final.jar
2011-11-23 20:52 - 2011-12-14 09:50 - 3145216 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-11-23 20:45 - 2011-11-23 20:45 - 0000000 ____D C:\Users\Sravanti\AppData\Roaming\MySQL
2011-11-23 20:43 - 2011-02-10 21:16 - 0762690 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2011-11-23 20:42 - 2011-11-23 20:42 - 0000232 ____A C:\Windows\ODBCINST.INI
2011-11-22 12:40 - 2011-11-22 12:26 - 0000000 ____D C:\Users\Sravanti\.nbi
2011-11-22 12:23 - 2011-11-22 12:16 - 255885010 ___AH C:\Users\Sravanti\Downloads\netbeans-7.0.1-ml-windows.exe
2011-11-19 06:58 - 2012-01-15 19:56 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2011-11-19 06:01 - 2012-01-15 19:56 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2011-11-17 17:34 - 2011-11-17 17:34 - 0000000 ____D C:\Users\vmuser.Sravanti-PC\AppData\Roaming\Google
2011-11-17 17:34 - 2011-11-17 17:34 - 0000000 ____D C:\Users\vmuser.Sravanti-PC\AppData\Local\Google
2011-11-17 17:34 - 2011-11-17 17:32 - 0000000 ____D C:\Users\vmuser.Sravanti-PC\AppData\Roaming\Sony Corporation
2011-11-17 17:33 - 2011-11-17 17:33 - 0076872 ____A C:\Users\vmuser.Sravanti-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2011-11-17 17:33 - 2011-11-17 17:33 - 0000174 __ASH C:\Users\vmuser.Sravanti-PC\Start Menu\Programs\Startup\desktop.ini
2011-11-17 17:33 - 2011-11-17 17:33 - 0000174 __ASH C:\Users\vmuser.Sravanti-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2011-11-17 17:33 - 2011-11-17 17:33 - 0000000 ____D C:\Users\vmuser.Sravanti-PC\AppData\Roaming\Intel Corporation
2011-11-17 17:33 - 2011-11-17 17:33 - 0000000 ____D C:\Users\vmuser.Sravanti-PC\AppData\Roaming\Intel
2011-11-17 17:33 - 2011-11-17 17:32 - 0000000 ____D C:\Users\vmuser.Sravanti-PC\AppData\LocalLow
2011-11-17 17:32 - 2011-11-17 17:32 - 0000020 __ASH C:\Users\vmuser.Sravanti-PC\ntuser.ini
2011-11-17 17:32 - 2011-11-17 17:32 - 0000000 __SHD C:\Users\vmuser.Sravanti-PC\Templates
2011-11-17 17:32 - 2011-11-17 17:32 - 0000000 __SHD C:\Users\vmuser.Sravanti-PC\Start Menu
2011-11-17 17:32 - 2011-11-17 17:32 - 0000000 __SHD C:\Users\vmuser.Sravanti-PC\PrintHood
2011-11-17 17:32 - 2011-11-17 17:32 - 0000000 __SHD C:\Users\vmuser.Sravanti-PC\NetHood
2011-11-17 17:32 - 2011-11-17 17:32 - 0000000 __SHD C:\Users\vmuser.Sravanti-PC\My Documents
2011-11-17 17:32 - 2011-11-17 17:32 - 0000000 __SHD C:\Users\vmuser.Sravanti-PC\Documents\My Videos
2011-11-17 17:32 - 2011-11-17 17:32 - 0000000 __SHD C:\Users\vmuser.Sravanti-PC\Documents\My Pictures
2011-11-17 17:32 - 2011-11-17 17:32 - 0000000 __SHD C:\Users\vmuser.Sravanti-PC\Documents\My Music
2011-11-17 17:32 - 2011-11-17 17:32 - 0000000 __SHD C:\Users\vmuser.Sravanti-PC\AppData\Local\Temporary Internet Files
2011-11-17 17:32 - 2011-11-17 17:32 - 0000000 __SHD C:\Users\vmuser.Sravanti-PC\AppData\Local\History
2011-11-17 17:32 - 2011-11-17 17:32 - 0000000 ____D C:\Users\vmuser.Sravanti-PC\AppData\Local\VirtualStore
2011-11-16 22:49 - 2012-01-16 16:48 - 0152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2011-11-16 22:49 - 2012-01-16 16:48 - 0095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2011-11-16 22:44 - 2012-01-16 16:48 - 0459232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2011-11-16 22:41 - 2012-01-15 19:56 - 1731920 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2011-11-16 22:35 - 2012-01-16 16:48 - 1447936 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2011-11-16 22:35 - 2012-01-16 16:48 - 0395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2011-11-16 22:35 - 2012-01-16 16:48 - 0340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2011-11-16 22:35 - 2012-01-16 16:48 - 0136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2011-11-16 22:35 - 2012-01-16 16:48 - 0029184 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2011-11-16 22:35 - 2012-01-16 16:48 - 0028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2011-11-16 22:33 - 2012-01-16 16:48 - 0031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2011-11-16 21:38 - 2012-01-15 19:56 - 1292080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2011-11-16 21:35 - 2012-01-16 16:48 - 0314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2011-11-16 21:34 - 2012-01-16 16:48 - 0224768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2011-11-16 21:34 - 2012-01-16 16:48 - 0022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2011-11-16 21:28 - 2012-01-16 16:48 - 0096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2011-11-15 16:29 - 2011-11-15 16:29 - 0024004 ____A C:\Users\Sravanti\Downloads\english
2011-11-15 14:29 - 2011-03-11 03:02 - 0270720 ____A (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2011-11-14 23:58 - 2011-11-14 23:58 - 0606552 ___AH (Google Inc.) C:\Users\Sravanti\Downloads\GoogleEarthPluginSetup(1).exe
2011-11-09 17:03 - 2011-11-09 17:03 - 0007179 ____A C:\Users\Sravanti\Downloads\lab4.zip
2011-11-07 14:33 - 2011-11-07 14:33 - 0000000 ____D C:\Users\Sravanti\AppData\Local\Oberon Games
2011-11-04 21:32 - 2011-12-14 09:50 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2011-11-04 20:26 - 2011-12-14 09:50 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2011-11-04 10:49 - 2011-11-04 10:49 - 3191696 ___AH (TeamViewer GmbH) C:\Users\Sravanti\Downloads\TeamViewer_Setup_en.exe
2011-11-03 23:24 - 2011-11-03 22:58 - 1578679 ____A C:\Users\Sravanti\Downloads\CMPE207_Lab3_007471685_007522801.docx
2011-11-03 18:38 - 2011-12-15 00:11 - 17786368 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-11-03 17:59 - 2011-12-15 00:11 - 10886656 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-11-03 17:53 - 2011-12-15 00:11 - 2309120 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2011-11-03 17:46 - 2011-12-15 00:11 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-11-03 17:44 - 2011-12-15 00:11 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-11-03 17:44 - 2011-12-15 00:11 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-11-03 17:43 - 2011-12-15 00:11 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-11-03 17:41 - 2011-12-15 00:11 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-11-03 17:39 - 2011-12-15 00:11 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2011-11-03 17:36 - 2011-12-15 00:11 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-11-03 17:35 - 2011-12-15 00:11 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-11-03 17:34 - 2011-12-15 00:11 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-11-03 17:30 - 2011-12-15 00:11 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-11-03 15:02 - 2011-12-15 00:11 - 12279808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-11-03 14:47 - 2011-12-15 00:11 - 1798144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2011-11-03 14:46 - 2011-12-15 00:11 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-11-03 14:40 - 2011-12-15 00:11 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2011-11-03 14:40 - 2011-12-15 00:11 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-11-03 14:39 - 2011-12-15 00:11 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-11-03 14:38 - 2011-12-15 00:11 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-11-03 14:37 - 2011-12-15 00:11 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-11-03 14:34 - 2011-12-15 00:11 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2011-11-03 14:32 - 2011-12-15 00:11 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-11-03 14:32 - 2011-12-15 00:11 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-11-03 14:31 - 2011-12-15 00:11 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-11-03 14:28 - 2011-12-15 00:11 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-11-02 21:43 - 2011-08-21 21:38 - 0000000 ____A C:\Windows\Model.log
2011-11-02 21:43 - 2011-02-08 22:48 - 0000021 ____A C:\Windows\Model.txt
2011-10-31 09:27 - 2009-07-13 21:08 - 0032562 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2011-10-25 21:25 - 2012-01-15 19:56 - 1572864 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2011-10-25 21:25 - 2012-01-15 19:56 - 0366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2011-10-25 21:21 - 2011-12-14 09:51 - 0043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2011-10-25 20:32 - 2012-01-15 19:56 - 1328128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2011-10-25 20:32 - 2012-01-15 19:56 - 0514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 16%
Total physical RAM: 3758.1 MB
Available physical RAM: 3154.89 MB
Total Pagefile: 3756.25 MB
Available Pagefile: 3146.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:455.24 GB) (Free:294.31 GB) NTFS
2 Drive e: (Recovery) (Fixed) (Total:10.42 GB) (Free:0.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (GRMCULXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
4 Drive g: (TRAVELDRIVE) (Removable) (Total:1.92 GB) (Free:1 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 1968 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 10 GB 1024 KB
Partition 2 Primary 100 MB 10 GB
Partition 3 Primary 455 GB 10 GB

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Recovery NTFS Partition 10 GB Healthy Hidden

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 455 GB Healthy

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1967 MB 16 KB

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G TRAVELDRIVE FAT32 Removable 1967 MB Healthy

==========================================================

Last Boot: 2012-01-12 14:53

======================= End Of Log ==========================

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,112 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:02 AM

Posted 26 January 2012 - 04:57 AM

Hello, can you please post me c:\combofix.txt as well so I can see what it deleted? (you can open it by typing c:\combofix.txt at the command prompt in the recovery environment and then saving it to a flashdrive).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,112 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:02 AM

Posted 07 February 2012 - 09:48 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users