Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirects/Rootkit


  • This topic is locked This topic is locked
41 replies to this topic

#1 RohanShah

RohanShah

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 19 February 2012 - 10:56 PM

Hello I think I was infected with windows 7 Antivirus earlier I just used task manager to get to file and deleted iron cache and used housecall from trend micro to delete and it did delete the trojan. But when I started my computer today and started the browser again it opened an extra tab which had ad's on em. So I went back to c/users/rohan/local/ and I found Iron cache again.
After that I have tried Malware Antimalware, housecall, and many other things but none of them worked. I also noticed "PING.exe" running which used up 100% of my cpu. So just looking for what to do.

Windows 7 Home Premium - 64 bit
EDIT: I did follow the steps on posting logs. I used Defogger to before scan.
Here is the DDS log:

Attached Files


Edited by RohanShah, 19 February 2012 - 10:58 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:44 AM

Posted 20 February 2012 - 01:50 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 RohanShah

RohanShah
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 20 February 2012 - 05:44 AM

Hey thank you for the reply, I have attached the combofix log. The only problem I am worried about is iron cache.db reappearing on my computer, I delete it everytime I see it and I try to minimize my usage of internet until this is resolved.

ComboFix 12-02-17.02 - Rohan 02/20/2012 5:25.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3892.2154 [GMT -5:00]
Running from: c:\users\Rohan\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Outdated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Outdated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-20 to 2012-02-20 )))))))))))))))))))))))))))))))
.
.
2012-02-20 10:32 . 2012-02-20 10:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-20 10:32 . 2012-02-20 10:32 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-02-20 10:14 . 2012-02-20 10:14 388096 ----a-r- c:\users\Rohan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-20 10:14 . 2012-02-20 10:14 -------- d-----w- c:\program files (x86)\Trend Micro
2012-02-20 05:13 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{22535222-C7C9-4076-AD0B-E39701653634}\mpengine.dll
2012-02-18 05:22 . 2012-02-19 06:53 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-16 05:21 . 2012-02-16 05:21 -------- d-----w- c:\programdata\PreEmptive Solutions
2012-02-16 05:04 . 2012-02-16 05:04 -------- d-----w- c:\programdata\VS
2012-02-16 03:00 . 2012-02-16 03:00 -------- d-----w- c:\users\Rohan\AppData\Roaming\Outlook
2012-02-16 02:53 . 2012-02-20 05:35 -------- d-----w- c:\users\Rohan\AppData\Local\Htc
2012-02-16 02:52 . 2012-02-16 03:00 -------- d-----w- c:\users\Rohan\AppData\Roaming\HTC
2012-02-16 02:51 . 2012-02-16 02:51 -------- d-----w- c:\program files (x86)\Spirent Communications
2012-02-16 02:51 . 2012-02-16 02:52 -------- d-----w- c:\program files (x86)\HTC
2012-02-16 02:44 . 2012-02-16 03:09 -------- d-----w- C:\ruu_log
2012-02-12 07:04 . 2012-02-19 12:50 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-02-12 07:04 . 2012-02-19 12:50 43960 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-02-11 03:01 . 2012-02-11 03:02 -------- d-----w- c:\program files\iTunes
2012-02-11 03:01 . 2012-02-11 03:01 -------- d-----w- c:\program files\iPod
2012-02-10 07:30 . 2011-12-30 22:02 23896 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-02-10 07:20 . 2012-02-10 07:20 -------- d-----w- c:\programdata\IObit
2012-02-10 04:11 . 2012-02-10 04:12 -------- d-----w- c:\users\Rohan\AppData\Roaming\.Tribler
2012-02-10 04:10 . 2012-02-10 04:10 -------- d-----w- c:\program files (x86)\Tribler
2012-02-06 17:51 . 2012-02-06 17:52 -------- d-----w- c:\program files\Recuva
2012-02-06 17:51 . 2012-02-06 17:51 -------- d-----w- c:\program files\CCleaner
2012-02-06 17:50 . 2012-02-06 17:50 -------- d-----w- c:\program files\Speccy
2012-02-04 20:39 . 2012-02-04 20:44 -------- d-----w- c:\program files (x86)\iLivid
2012-02-04 20:39 . 2012-02-04 20:39 -------- d-----w- c:\users\Rohan\AppData\Local\PackageAware
2012-02-04 05:32 . 2012-02-04 05:32 -------- d-----w- C:\Simba
2012-02-04 04:36 . 2012-02-04 04:36 -------- d-----w- c:\users\Rohan\jagexcache
2012-02-02 04:13 . 2012-02-04 05:18 -------- d-----w- c:\program files (x86)\Aurora
2012-01-31 03:24 . 2012-01-31 03:24 -------- d-----w- c:\windows\Watson
2012-01-31 03:24 . 2012-01-31 03:24 -------- d-----w- c:\program files (x86)\Microsoft Games
2012-01-28 20:29 . 2012-02-04 05:18 -------- d-----w- c:\users\Rohan\AppData\Roaming\SUPERAntiSpyware.com
2012-01-28 20:28 . 2012-02-04 05:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-26 20:27 . 2012-01-31 03:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-26 04:52 . 2012-01-26 04:52 -------- d-----w- C:\My Lockbox
2012-01-26 04:51 . 2010-07-22 21:13 54848 ----a-w- c:\windows\system32\drivers\FSPFltd.sys
2012-01-26 04:51 . 2012-01-26 04:51 -------- d-----w- c:\program files\My Lockbox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-17 07:13 . 2011-04-20 19:05 2479904 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-01-31 12:44 . 2010-12-30 00:50 279656 ----a-w- c:\windows\system32\MpSigStub.exe
2012-01-06 02:15 . 2011-01-18 23:11 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-24 04:51 . 2011-06-09 19:39 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 20:24 . 2011-04-15 10:31 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-19_06.53.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-19 05:16 . 2012-02-20 03:35 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012021920120220\index.dat
- 2012-02-19 05:16 . 2012-02-19 06:27 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012021920120220\index.dat
+ 2012-02-18 07:17 . 2012-02-20 03:35 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-02-18 07:17 . 2012-02-19 06:35 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-12-02 21:32 . 2012-02-20 05:17 89756 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-20 05:35 53564 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-29 16:27 . 2012-02-20 05:35 31170 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1723700413-2339148374-4043010873-1000_UserData.bin
+ 2010-12-30 04:29 . 2012-02-20 03:25 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-30 04:29 . 2012-02-19 05:10 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-02-19 05:10 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-20 03:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-29 17:02 . 2012-02-20 10:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-29 17:02 . 2012-02-19 06:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-29 17:02 . 2012-02-19 06:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-29 17:02 . 2012-02-20 10:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-29 16:40 . 2012-01-27 01:00 8192 c:\windows\system32\Microsoft\Protect\Recovery\Recovery.dat
+ 2010-12-29 16:40 . 2012-02-20 03:36 8192 c:\windows\system32\Microsoft\Protect\Recovery\Recovery.dat
- 2012-02-19 06:52 . 2012-02-19 06:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-20 10:33 . 2012-02-20 10:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-20 10:33 . 2012-02-20 10:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-19 06:52 . 2012-02-19 06:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-12-29 16:18 . 2012-02-19 06:35 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-12-29 16:18 . 2012-02-20 03:35 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2012-02-19 06:50 229376 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-02-20 10:34 229376 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-02-20 10:34 917504 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 05:38 . 2012-02-08 21:19 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2009-07-14 05:38 . 2012-02-20 08:12 262144 c:\windows\system32\config\systemprofile\ntuser.dat
- 2009-07-14 05:01 . 2012-02-19 06:51 415732 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-20 10:32 415732 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-02-19 06:50 4505600 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-20 10:34 4505600 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-03-26 05:32 . 2012-02-20 10:32 4166832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1723700413-2339148374-4043010873-1000-12288.dat
- 2011-03-26 05:32 . 2012-02-19 06:51 4166832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1723700413-2339148374-4043010873-1000-12288.dat
+ 2012-02-20 05:21 . 2012-02-20 05:21 1402880 c:\windows\Installer\1025f08.msi
+ 2009-07-14 02:34 . 2012-02-20 07:36 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-02-18 10:40 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-01-24 07:34 . 2012-02-20 10:32 55807672 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1723700413-2339148374-4043010873-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-10 399736]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-29 98304]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"Lenovo SlideNav2"="c:\program files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe" [2009-12-30 318400]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="c:\program files (x86)\Windows Live\Installer\wlstart.exe" [2009-07-26 768336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 SASDIFSV;SASDIFSV; [x]
R1 SASKUTIL;SASKUTIL; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 EagleX64;EagleX64; [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-15 38152]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-11-17 575304]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464]
S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [x]
S1 ArcSec;archlp;c:\windows\system32\drivers\ArcSec.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-30 497496]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2011-06-15 2560]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-06-23 46080]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
S2 Slidebar Notifier Service;Slidebar Notifier Service;c:\program files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe [2009-12-30 69568]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
S3 vm332avs;Lenovo Camera2;c:\windows\system32\Drivers\vm332avs.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1723700413-2339148374-4043010873-1000Core.job
- c:\users\Rohan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-07 16:52]
.
2012-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1723700413-2339148374-4043010873-1000UA.job
- c:\users\Rohan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-07 16:52]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2010-12-02 22:05 1502720 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-29 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-29 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-29 414744]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SynBtnAsst"="c:\program files (x86)\Synaptics\SynTP\SynBtnAsst.exe" [BU]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2009-12-19 776608]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2010-03-11 4448704]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2010-03-11 7056832]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-10-14 2278504]
"mylbx"="c:\program files\My Lockbox\mylbx.exe" [2010-11-09 1792224]
"combofix"="c:\combofix\CF295.3XE" [2009-07-14 344576]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
LSP: mswsock.dll
TCP: DhcpNameServer = 68.105.28.12 68.105.29.11
TCP: Interfaces\{9259C06B-7F0E-4FC7-8194-B982E268E4B9}: NameServer = 0.0.0.0
FF - ProfilePath - c:\users\Rohan\AppData\Roaming\Mozilla\Firefox\Profiles\b9qhwi3d.default\
FF - prefs.js: browser.startup.homepage - hxxps://duckduckgo.com/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.type - 0
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: general.useragent.extra.brc -
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1723700413-2339148374-4043010873-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\TeamViewer\Version6\TeamViewer.exe
c:\program files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
c:\program files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe
.
**************************************************************************
.
Completion time: 2012-02-20 05:41:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-20 10:41
ComboFix2.txt 2012-02-20 05:40
ComboFix3.txt 2012-02-20 04:59
ComboFix4.txt 2012-02-19 07:00
.
Pre-Run: 230,843,604,992 bytes free
Post-Run: 230,409,220,096 bytes free
.
- - End Of File - - 84E3DB6F26D426CD22D3D8D5FE2BEB60

Attached Files

  • Attached File  CF.txt   27.77KB   1 downloads

Edited by gringo_pr, 20 February 2012 - 01:56 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:44 AM

Posted 20 February 2012 - 01:57 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 RohanShah

RohanShah
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 20 February 2012 - 06:53 PM

aswMBR log

aswMBR version 0.9.9.1618 Copyright© 2011 AVAST Software
Run date: 2012-02-20 15:56:04
-----------------------------
15:56:04.227 OS Version: Windows x64 6.1.7600
15:56:04.242 Number of processors: 4 586 0x2505
15:56:04.242 ComputerName: ROHAN-PC UserName: Rohan
15:56:07.721 Initialize success
15:56:10.919 AVAST engine defs: 12022001
15:56:13.805 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:56:13.805 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
15:56:13.821 Disk 0 MBR read successfully
15:56:13.836 Disk 0 MBR scan
15:56:13.836 Disk 0 Windows 7 default MBR code
15:56:13.836 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
15:56:13.852 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 430420 MB offset 411648
15:56:13.852 Disk 0 Partition - 00 0F Extended LBA 31210 MB offset 881911808
15:56:13.899 Disk 0 Partition 3 00 12 Compaq diag NTFS 15109 MB offset 945829888
15:56:13.914 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 31209 MB offset 881913856
15:56:13.930 Service scanning
15:57:20.932 Modules scanning
15:57:20.932 Disk 0 trace - called modules:
15:57:20.948 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
15:57:20.948 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b19060]
15:57:20.963 3 CLASSPNP.SYS[fffff880018c143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049e8050]
15:57:24.894 AVAST engine scan C:\windows
15:57:29.996 AVAST engine scan C:\windows\system32
15:57:44.426 File: C:\windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
16:00:42.753 File: C:\windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
16:00:48.712 File: C:\windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
16:03:54.091 File: C:\windows\assembly\temp\U\80000004.@ **INFECTED** Win64:ZAccess-A [Trj]
16:03:54.153 File: C:\windows\assembly\temp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
16:03:56.010 AVAST engine scan C:\windows\system32\drivers
16:04:20.736 AVAST engine scan C:\Users\Rohan
16:46:53.580 AVAST engine scan C:\ProgramData
16:51:50.156 Scan finished successfully
18:51:02.051 Disk 0 MBR has been saved successfully to "C:\Users\Rohan\Desktop\MBR.dat"
18:51:02.067 The log file has been saved successfully to "C:\Users\Rohan\Desktop\aswMBR.txt"

TDSS log

18:52:08.0644 1444 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
18:52:08.0894 1444 ============================================================
18:52:08.0894 1444 Current date / time: 2012/02/20 18:52:08.0894
18:52:08.0894 1444 SystemInfo:
18:52:08.0894 1444
18:52:08.0894 1444 OS Version: 6.1.7600 ServicePack: 0.0
18:52:08.0894 1444 Product type: Workstation
18:52:08.0894 1444 ComputerName: ROHAN-PC
18:52:08.0894 1444 UserName: Rohan
18:52:08.0894 1444 Windows directory: C:\windows
18:52:08.0894 1444 System windows directory: C:\windows
18:52:08.0894 1444 Running under WOW64
18:52:08.0894 1444 Processor architecture: Intel x64
18:52:08.0894 1444 Number of processors: 4
18:52:08.0894 1444 Page size: 0x1000
18:52:08.0894 1444 Boot type: Normal boot
18:52:08.0894 1444 ============================================================
18:52:09.0268 1444 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:52:09.0518 1444 \Device\Harddisk0\DR0:
18:52:09.0518 1444 MBR used
18:52:09.0518 1444 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
18:52:09.0518 1444 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x348AA000
18:52:09.0549 1444 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3490F000, BlocksNum 0x3CF4800
18:52:09.0643 1444 Initialize success
18:52:09.0643 1444 ============================================================
18:52:10.0485 3436 ============================================================
18:52:10.0485 3436 Scan started
18:52:10.0485 3436 Mode: Manual;
18:52:10.0485 3436 ============================================================
18:52:11.0109 3436 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
18:52:11.0109 3436 1394ohci - ok
18:52:11.0203 3436 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
18:52:11.0203 3436 ACPI - ok
18:52:11.0312 3436 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
18:52:11.0312 3436 AcpiPmi - ok
18:52:11.0405 3436 ACPIVPC (dc201246a14cb3b274df59faf539ab07) C:\windows\system32\DRIVERS\AcpiVpc.sys
18:52:11.0405 3436 ACPIVPC - ok
18:52:11.0515 3436 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
18:52:11.0515 3436 adp94xx - ok
18:52:11.0624 3436 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
18:52:11.0624 3436 adpahci - ok
18:52:11.0717 3436 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
18:52:11.0717 3436 adpu320 - ok
18:52:11.0842 3436 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\windows\system32\drivers\afd.sys
18:52:11.0842 3436 AFD - ok
18:52:11.0936 3436 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
18:52:11.0951 3436 agp440 - ok
18:52:12.0029 3436 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
18:52:12.0029 3436 aliide - ok
18:52:12.0154 3436 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
18:52:12.0154 3436 amdide - ok
18:52:12.0248 3436 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
18:52:12.0248 3436 AmdK8 - ok
18:52:12.0466 3436 amdkmdag (2ae6aa3632589ac805432863d3605ea9) C:\windows\system32\DRIVERS\atikmdag.sys
18:52:12.0607 3436 amdkmdag - ok
18:52:12.0716 3436 amdkmdap (206c28bfa8d52250d163b85e891527e5) C:\windows\system32\DRIVERS\atikmpag.sys
18:52:12.0716 3436 amdkmdap - ok
18:52:12.0825 3436 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
18:52:12.0825 3436 AmdPPM - ok
18:52:12.0919 3436 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
18:52:12.0919 3436 amdsata - ok
18:52:13.0012 3436 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
18:52:13.0012 3436 amdsbs - ok
18:52:13.0121 3436 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
18:52:13.0121 3436 amdxata - ok
18:52:13.0215 3436 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
18:52:13.0215 3436 AppID - ok
18:52:13.0293 3436 appliandMP - ok
18:52:13.0402 3436 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
18:52:13.0402 3436 arc - ok
18:52:13.0496 3436 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
18:52:13.0496 3436 arcsas - ok
18:52:13.0621 3436 ArcSec (a7409b5c0e35ddee64f16f3054e5530b) C:\windows\system32\drivers\ArcSec.sys
18:52:13.0621 3436 ArcSec - ok
18:52:13.0745 3436 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
18:52:13.0745 3436 AsyncMac - ok
18:52:13.0839 3436 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
18:52:13.0839 3436 atapi - ok
18:52:13.0964 3436 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
18:52:13.0964 3436 b06bdrv - ok
18:52:14.0104 3436 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
18:52:14.0104 3436 b57nd60a - ok
18:52:14.0229 3436 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
18:52:14.0229 3436 Beep - ok
18:52:14.0338 3436 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
18:52:14.0338 3436 blbdrive - ok
18:52:14.0464 3436 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
18:52:14.0464 3436 bowser - ok
18:52:14.0573 3436 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
18:52:14.0573 3436 BrFiltLo - ok
18:52:14.0682 3436 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
18:52:14.0682 3436 BrFiltUp - ok
18:52:14.0792 3436 Bridge0 (34f786535f9245e4028c57b28248c9d8) C:\windows\system32\drivers\WDBridge.sys
18:52:14.0792 3436 Bridge0 - ok
18:52:14.0916 3436 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
18:52:14.0916 3436 BridgeMP - ok
18:52:15.0026 3436 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
18:52:15.0041 3436 Brserid - ok
18:52:15.0135 3436 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
18:52:15.0150 3436 BrSerWdm - ok
18:52:15.0260 3436 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
18:52:15.0260 3436 BrUsbMdm - ok
18:52:15.0353 3436 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
18:52:15.0369 3436 BrUsbSer - ok
18:52:15.0478 3436 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
18:52:15.0478 3436 BthEnum - ok
18:52:15.0587 3436 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
18:52:15.0587 3436 BTHMODEM - ok
18:52:15.0696 3436 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
18:52:15.0696 3436 BthPan - ok
18:52:15.0821 3436 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\windows\System32\Drivers\BTHport.sys
18:52:15.0837 3436 BTHPORT - ok
18:52:15.0977 3436 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\windows\System32\Drivers\BTHUSB.sys
18:52:15.0977 3436 BTHUSB - ok
18:52:16.0086 3436 btusbflt (d3466f77c2c49c6e393ba5fba963a33e) C:\windows\system32\drivers\btusbflt.sys
18:52:16.0086 3436 btusbflt - ok
18:52:16.0196 3436 btwaudio (a72a9101f9730db7332714e566614e4d) C:\windows\system32\drivers\btwaudio.sys
18:52:16.0196 3436 btwaudio - ok
18:52:16.0320 3436 btwavdt (5ceec634b617525f2b6ad29f871033f7) C:\windows\system32\drivers\btwavdt.sys
18:52:16.0320 3436 btwavdt - ok
18:52:16.0430 3436 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\windows\system32\DRIVERS\btwl2cap.sys
18:52:16.0430 3436 btwl2cap - ok
18:52:16.0554 3436 btwrchid (2af5604d28bef77b7cf4b9d232fe7cd3) C:\windows\system32\DRIVERS\btwrchid.sys
18:52:16.0554 3436 btwrchid - ok
18:52:16.0648 3436 catchme - ok
18:52:16.0757 3436 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
18:52:16.0773 3436 cdfs - ok
18:52:16.0882 3436 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
18:52:16.0882 3436 cdrom - ok
18:52:16.0991 3436 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
18:52:16.0991 3436 circlass - ok
18:52:17.0116 3436 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
18:52:17.0116 3436 CLFS - ok
18:52:17.0256 3436 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
18:52:17.0256 3436 CmBatt - ok
18:52:17.0366 3436 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
18:52:17.0381 3436 cmdide - ok
18:52:17.0506 3436 CNG (937beb186a735aca91d717044a49d17e) C:\windows\system32\Drivers\cng.sys
18:52:17.0506 3436 CNG - ok
18:52:17.0615 3436 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
18:52:17.0615 3436 Compbatt - ok
18:52:17.0724 3436 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
18:52:17.0724 3436 CompositeBus - ok
18:52:17.0849 3436 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
18:52:17.0849 3436 crcdisk - ok
18:52:17.0990 3436 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
18:52:17.0990 3436 DfsC - ok
18:52:18.0099 3436 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
18:52:18.0114 3436 discache - ok
18:52:18.0224 3436 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
18:52:18.0224 3436 Disk - ok
18:52:18.0333 3436 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
18:52:18.0333 3436 drmkaud - ok
18:52:18.0458 3436 DXGKrnl (24ce1ecf9d0ae0301775b07f5fea175b) C:\windows\System32\drivers\dxgkrnl.sys
18:52:18.0473 3436 DXGKrnl - ok
18:52:18.0567 3436 EagleX64 - ok
18:52:18.0754 3436 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
18:52:18.0816 3436 ebdrv - ok
18:52:18.0941 3436 ElbyCDIO (702d5606cf2199e0edea6f0e0d27cd10) C:\windows\system32\Drivers\ElbyCDIO.sys
18:52:18.0941 3436 ElbyCDIO - ok
18:52:19.0050 3436 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
18:52:19.0066 3436 elxstor - ok
18:52:19.0191 3436 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
18:52:19.0191 3436 ErrDev - ok
18:52:19.0284 3436 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
18:52:19.0300 3436 exfat - ok
18:52:19.0409 3436 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
18:52:19.0425 3436 fastfat - ok
18:52:19.0550 3436 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
18:52:19.0550 3436 fdc - ok
18:52:19.0690 3436 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
18:52:19.0690 3436 FileInfo - ok
18:52:19.0799 3436 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
18:52:19.0799 3436 Filetrace - ok
18:52:19.0908 3436 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
18:52:19.0924 3436 flpydisk - ok
18:52:20.0049 3436 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
18:52:20.0049 3436 FltMgr - ok
18:52:20.0174 3436 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
18:52:20.0174 3436 FsDepends - ok
18:52:20.0298 3436 FSProFilter (8197c85348a33bccfe80dd6e2db53903) C:\windows\system32\Drivers\FSPFltd.sys
18:52:20.0298 3436 FSProFilter - ok
18:52:20.0423 3436 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
18:52:20.0423 3436 Fs_Rec - ok
18:52:20.0548 3436 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
18:52:20.0548 3436 fvevol - ok
18:52:20.0673 3436 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
18:52:20.0673 3436 gagp30kx - ok
18:52:20.0813 3436 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
18:52:20.0813 3436 GEARAspiWDM - ok
18:52:20.0938 3436 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
18:52:20.0938 3436 hcw85cir - ok
18:52:21.0063 3436 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
18:52:21.0078 3436 HdAudAddService - ok
18:52:21.0188 3436 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
18:52:21.0203 3436 HDAudBus - ok
18:52:21.0328 3436 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
18:52:21.0328 3436 HECIx64 - ok
18:52:21.0437 3436 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
18:52:21.0437 3436 HidBatt - ok
18:52:21.0546 3436 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
18:52:21.0562 3436 HidBth - ok
18:52:21.0671 3436 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
18:52:21.0687 3436 HidIr - ok
18:52:21.0796 3436 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
18:52:21.0812 3436 HidUsb - ok
18:52:21.0936 3436 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
18:52:21.0936 3436 HpSAMD - ok
18:52:22.0061 3436 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\windows\system32\Drivers\ANDROIDUSB.sys
18:52:22.0061 3436 HTCAND64 - ok
18:52:22.0186 3436 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\windows\system32\DRIVERS\htcnprot.sys
18:52:22.0186 3436 htcnprot - ok
18:52:22.0311 3436 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
18:52:22.0326 3436 HTTP - ok
18:52:22.0482 3436 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
18:52:22.0482 3436 hwpolicy - ok
18:52:22.0607 3436 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
18:52:22.0607 3436 i8042prt - ok
18:52:22.0732 3436 iaStor (abbf174cb394f5c437410a788b7e404a) C:\windows\system32\DRIVERS\iaStor.sys
18:52:22.0732 3436 iaStor - ok
18:52:22.0857 3436 iaStorV (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
18:52:22.0857 3436 iaStorV - ok
18:52:23.0169 3436 igfx (fbacbed7a37b3223822470ff1d8ea00f) C:\windows\system32\DRIVERS\igdkmd64.sys
18:52:23.0387 3436 igfx - ok
18:52:23.0512 3436 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
18:52:23.0512 3436 iirsp - ok
18:52:23.0621 3436 Impcd (36fdf367a1dabff903e2214023d71368) C:\windows\system32\DRIVERS\Impcd.sys
18:52:23.0621 3436 Impcd - ok
18:52:23.0793 3436 IntcAzAudAddService (f2744fd54be1580be05916d1c755c92a) C:\windows\system32\drivers\RTKVHD64.sys
18:52:23.0855 3436 IntcAzAudAddService - ok
18:52:23.0964 3436 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
18:52:23.0964 3436 intelide - ok
18:52:24.0230 3436 intelkmd (fbacbed7a37b3223822470ff1d8ea00f) C:\windows\system32\DRIVERS\igdpmd64.sys
18:52:24.0417 3436 intelkmd - ok
18:52:24.0557 3436 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
18:52:24.0557 3436 intelppm - ok
18:52:24.0651 3436 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
18:52:24.0666 3436 IpFilterDriver - ok
18:52:24.0744 3436 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
18:52:24.0760 3436 IPMIDRV - ok
18:52:24.0838 3436 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
18:52:24.0838 3436 IPNAT - ok
18:52:24.0916 3436 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
18:52:24.0916 3436 IRENUM - ok
18:52:25.0056 3436 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
18:52:25.0072 3436 isapnp - ok
18:52:25.0197 3436 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
18:52:25.0212 3436 iScsiPrt - ok
18:52:25.0322 3436 JMCR (3926c8c55a2cd2c94888be39b4beb629) C:\windows\system32\DRIVERS\jmcr.sys
18:52:25.0322 3436 JMCR - ok
18:52:25.0415 3436 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\windows\system32\DRIVERS\k57nd60a.sys
18:52:25.0431 3436 k57nd60a - ok
18:52:25.0571 3436 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
18:52:25.0571 3436 kbdclass - ok
18:52:25.0712 3436 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
18:52:25.0712 3436 kbdhid - ok
18:52:25.0852 3436 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\windows\system32\Drivers\ksecdd.sys
18:52:25.0852 3436 KSecDD - ok
18:52:25.0946 3436 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\windows\system32\Drivers\ksecpkg.sys
18:52:25.0946 3436 KSecPkg - ok
18:52:26.0039 3436 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
18:52:26.0039 3436 ksthunk - ok
18:52:26.0195 3436 LHDmgr (be166935083f9c38edfdc21b9a7a679b) C:\windows\system32\DRIVERS\LhdX64.sys
18:52:26.0195 3436 LHDmgr - ok
18:52:26.0336 3436 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
18:52:26.0336 3436 lltdio - ok
18:52:26.0476 3436 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
18:52:26.0476 3436 LSI_FC - ok
18:52:26.0616 3436 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
18:52:26.0616 3436 LSI_SAS - ok
18:52:26.0757 3436 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
18:52:26.0757 3436 LSI_SAS2 - ok
18:52:26.0897 3436 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
18:52:26.0913 3436 LSI_SCSI - ok
18:52:27.0038 3436 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
18:52:27.0038 3436 luafv - ok
18:52:27.0162 3436 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys
18:52:27.0178 3436 MBAMProtector - ok
18:52:27.0318 3436 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
18:52:27.0318 3436 megasas - ok
18:52:27.0474 3436 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
18:52:27.0474 3436 MegaSR - ok
18:52:27.0662 3436 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
18:52:27.0662 3436 Modem - ok
18:52:27.0833 3436 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
18:52:27.0833 3436 monitor - ok
18:52:28.0005 3436 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
18:52:28.0005 3436 mouclass - ok
18:52:28.0192 3436 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
18:52:28.0192 3436 mouhid - ok
18:52:28.0364 3436 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
18:52:28.0364 3436 mountmgr - ok
18:52:28.0535 3436 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\windows\system32\DRIVERS\MpFilter.sys
18:52:28.0535 3436 MpFilter - ok
18:52:28.0722 3436 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
18:52:28.0722 3436 mpio - ok
18:52:28.0878 3436 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\windows\system32\DRIVERS\MpNWMon.sys
18:52:28.0878 3436 MpNWMon - ok
18:52:29.0066 3436 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
18:52:29.0066 3436 mpsdrv - ok
18:52:29.0237 3436 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
18:52:29.0237 3436 MRxDAV - ok
18:52:29.0424 3436 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
18:52:29.0424 3436 mrxsmb - ok
18:52:29.0596 3436 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
18:52:29.0612 3436 mrxsmb10 - ok
18:52:29.0783 3436 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
18:52:29.0783 3436 mrxsmb20 - ok
18:52:29.0955 3436 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
18:52:29.0955 3436 msahci - ok
18:52:30.0142 3436 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
18:52:30.0142 3436 msdsm - ok
18:52:30.0329 3436 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
18:52:30.0329 3436 Msfs - ok
18:52:30.0501 3436 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
18:52:30.0516 3436 mshidkmdf - ok
18:52:30.0688 3436 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
18:52:30.0704 3436 msisadrv - ok
18:52:30.0875 3436 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
18:52:30.0875 3436 MSKSSRV - ok
18:52:31.0062 3436 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
18:52:31.0062 3436 MSPCLOCK - ok
18:52:31.0234 3436 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
18:52:31.0234 3436 MSPQM - ok
18:52:31.0406 3436 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
18:52:31.0421 3436 MsRPC - ok
18:52:31.0593 3436 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
18:52:31.0608 3436 mssmbios - ok
18:52:31.0780 3436 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
18:52:31.0780 3436 MSTEE - ok
18:52:31.0952 3436 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
18:52:31.0952 3436 MTConfig - ok
18:52:32.0123 3436 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
18:52:32.0139 3436 Mup - ok
18:52:32.0310 3436 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
18:52:32.0310 3436 NativeWifiP - ok
18:52:32.0513 3436 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
18:52:32.0513 3436 NDIS - ok
18:52:32.0716 3436 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
18:52:32.0716 3436 NdisCap - ok
18:52:32.0903 3436 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
18:52:32.0903 3436 NdisTapi - ok
18:52:33.0075 3436 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
18:52:33.0075 3436 Ndisuio - ok
18:52:33.0246 3436 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
18:52:33.0262 3436 NdisWan - ok
18:52:33.0449 3436 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
18:52:33.0449 3436 NDProxy - ok
18:52:33.0621 3436 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
18:52:33.0621 3436 NetBIOS - ok
18:52:33.0808 3436 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
18:52:33.0808 3436 NetBT - ok
18:52:34.0136 3436 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\windows\system32\DRIVERS\NETw5s64.sys
18:52:34.0292 3436 NETw5s64 - ok
18:52:34.0572 3436 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\windows\system32\DRIVERS\netw5v64.sys
18:52:34.0697 3436 netw5v64 - ok
18:52:34.0869 3436 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
18:52:34.0869 3436 nfrd960 - ok
18:52:35.0025 3436 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\windows\system32\DRIVERS\NisDrvWFP.sys
18:52:35.0040 3436 NisDrv - ok
18:52:35.0196 3436 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
18:52:35.0212 3436 Npfs - ok
18:52:35.0399 3436 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
18:52:35.0399 3436 nsiproxy - ok
18:52:35.0602 3436 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
18:52:35.0633 3436 Ntfs - ok
18:52:35.0805 3436 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
18:52:35.0805 3436 Null - ok
18:52:35.0945 3436 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
18:52:35.0961 3436 nvraid - ok
18:52:36.0101 3436 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
18:52:36.0117 3436 nvstor - ok
18:52:36.0288 3436 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
18:52:36.0288 3436 nv_agp - ok
18:52:36.0491 3436 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
18:52:36.0491 3436 ohci1394 - ok
18:52:36.0694 3436 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
18:52:36.0694 3436 Parport - ok
18:52:36.0881 3436 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
18:52:36.0881 3436 partmgr - ok
18:52:37.0068 3436 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
18:52:37.0068 3436 pci - ok
18:52:37.0256 3436 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
18:52:37.0256 3436 pciide - ok
18:52:37.0443 3436 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
18:52:37.0458 3436 pcmcia - ok
18:52:37.0630 3436 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
18:52:37.0630 3436 pcw - ok
18:52:37.0817 3436 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
18:52:37.0817 3436 PEAUTH - ok
18:52:38.0036 3436 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
18:52:38.0051 3436 PptpMiniport - ok
18:52:38.0223 3436 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
18:52:38.0223 3436 Processor - ok
18:52:38.0426 3436 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
18:52:38.0426 3436 Psched - ok
18:52:38.0628 3436 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
18:52:38.0660 3436 ql2300 - ok
18:52:38.0847 3436 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
18:52:38.0847 3436 ql40xx - ok
18:52:39.0003 3436 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
18:52:39.0003 3436 QWAVEdrv - ok
18:52:39.0174 3436 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
18:52:39.0174 3436 RasAcd - ok
18:52:39.0346 3436 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
18:52:39.0346 3436 RasAgileVpn - ok
18:52:39.0502 3436 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
18:52:39.0502 3436 Rasl2tp - ok
18:52:39.0674 3436 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
18:52:39.0689 3436 RasPppoe - ok
18:52:39.0861 3436 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
18:52:39.0861 3436 RasSstp - ok
18:52:40.0032 3436 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
18:52:40.0032 3436 rdbss - ok
18:52:40.0204 3436 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
18:52:40.0220 3436 rdpbus - ok
18:52:40.0391 3436 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
18:52:40.0391 3436 RDPCDD - ok
18:52:40.0547 3436 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
18:52:40.0563 3436 RDPENCDD - ok
18:52:40.0719 3436 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
18:52:40.0734 3436 RDPREFMP - ok
18:52:40.0906 3436 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
18:52:40.0906 3436 RDPWD - ok
18:52:41.0078 3436 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
18:52:41.0078 3436 rdyboost - ok
18:52:41.0280 3436 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
18:52:41.0296 3436 RFCOMM - ok
18:52:41.0421 3436 RimUsb - ok
18:52:41.0624 3436 RsFx0105 (c9fe05a63c500abe3afa5786504c4d36) C:\windows\system32\DRIVERS\RsFx0105.sys
18:52:41.0639 3436 RsFx0105 - ok
18:52:41.0811 3436 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
18:52:41.0811 3436 rspndr - ok
18:52:41.0982 3436 RTHDMIAzAudService (d6d381b76056c668679723938f06f16c) C:\windows\system32\drivers\RtHDMIVX.sys
18:52:41.0998 3436 RTHDMIAzAudService - ok
18:52:42.0123 3436 SASDIFSV - ok
18:52:42.0263 3436 SASKUTIL - ok
18:52:42.0341 3436 SbieDrv (1fc5d553f8ec9779702fb8264863e3a2) C:\Program Files\Sandboxie\SbieDrv.sys
18:52:42.0341 3436 SbieDrv - ok
18:52:42.0544 3436 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
18:52:42.0544 3436 sbp2port - ok
18:52:42.0731 3436 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\windows\system32\drivers\SCDEmu.sys
18:52:42.0731 3436 SCDEmu - ok
18:52:42.0903 3436 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
18:52:42.0903 3436 scfilter - ok
18:52:43.0090 3436 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\windows\system32\DRIVERS\sdbus.sys
18:52:43.0090 3436 sdbus - ok
18:52:43.0277 3436 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
18:52:43.0277 3436 secdrv - ok
18:52:43.0480 3436 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
18:52:43.0480 3436 Serenum - ok
18:52:43.0652 3436 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
18:52:43.0652 3436 Serial - ok
18:52:43.0823 3436 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
18:52:43.0823 3436 sermouse - ok
18:52:44.0042 3436 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
18:52:44.0042 3436 sffdisk - ok
18:52:44.0198 3436 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
18:52:44.0213 3436 sffp_mmc - ok
18:52:44.0572 3436 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys
18:52:44.0572 3436 sffp_sd - ok
18:52:44.0744 3436 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
18:52:44.0744 3436 sfloppy - ok
18:52:44.0946 3436 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
18:52:44.0946 3436 SiSRaid2 - ok
18:52:45.0134 3436 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
18:52:45.0134 3436 SiSRaid4 - ok
18:52:45.0305 3436 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
18:52:45.0321 3436 Smb - ok
18:52:45.0524 3436 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
18:52:45.0524 3436 spldr - ok
18:52:45.0726 3436 sptd (aa90a319bb067e0d149b4c95608c4b05) C:\windows\System32\Drivers\sptd.sys
18:52:45.0742 3436 sptd - ok
18:52:45.0929 3436 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
18:52:45.0929 3436 srv - ok
18:52:46.0132 3436 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
18:52:46.0132 3436 srv2 - ok
18:52:46.0694 3436 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
18:52:46.0709 3436 srvnet - ok
18:52:46.0896 3436 ss_bus (d21ff3592daee244ee8376830a672b52) C:\windows\system32\DRIVERS\ss_bus.sys
18:52:46.0896 3436 ss_bus - ok
18:52:47.0084 3436 ss_mdfl (451db3d10e6112e06b4506d4a7becec1) C:\windows\system32\DRIVERS\ss_mdfl.sys
18:52:47.0084 3436 ss_mdfl - ok
18:52:47.0271 3436 ss_mdm (ef40c8a268a5263a0ef48fed8e57cbed) C:\windows\system32\DRIVERS\ss_mdm.sys
18:52:47.0271 3436 ss_mdm - ok
18:52:47.0442 3436 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
18:52:47.0458 3436 stexstor - ok
18:52:47.0630 3436 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
18:52:47.0630 3436 swenum - ok
18:52:47.0832 3436 SynTP (c7e556d216cc864e24ffa797b5c1dd14) C:\windows\system32\DRIVERS\SynTP.sys
18:52:47.0832 3436 SynTP - ok
18:52:48.0066 3436 tap0901 (f0b9d3ed88e56d3cd713dff21e42aaf0) C:\windows\system32\DRIVERS\tap0901.sys
18:52:48.0082 3436 tap0901 - ok
18:52:48.0300 3436 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\drivers\tcpip.sys
18:52:48.0347 3436 Tcpip - ok
18:52:48.0550 3436 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\DRIVERS\tcpip.sys
18:52:48.0566 3436 TCPIP6 - ok
18:52:48.0737 3436 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
18:52:48.0737 3436 tcpipreg - ok
18:52:48.0911 3436 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
18:52:48.0911 3436 TDPIPE - ok
18:52:49.0082 3436 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
18:52:49.0098 3436 TDTCP - ok
18:52:49.0270 3436 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
18:52:49.0270 3436 tdx - ok
18:52:49.0441 3436 teamviewervpn (f5520dbb47c60ee83024b38720abda24) C:\windows\system32\DRIVERS\teamviewervpn.sys
18:52:49.0457 3436 teamviewervpn - ok
18:52:49.0613 3436 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
18:52:49.0628 3436 TermDD - ok
18:52:49.0800 3436 TFsExDisk (48d9d00c2e0e72c3d4f52772c80355f6) C:\windows\System32\Drivers\TFsExDisk.sys
18:52:49.0800 3436 TFsExDisk - ok
18:52:49.0987 3436 TIEHDUSB (199c2e87d9a5ec58d0bcd94e893bf629) C:\windows\system32\DRIVERS\tiehdusb.sys
18:52:49.0987 3436 TIEHDUSB - ok
18:52:50.0175 3436 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
18:52:50.0175 3436 tssecsrv - ok
18:52:50.0346 3436 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
18:52:50.0346 3436 tunnel - ok
18:52:50.0518 3436 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
18:52:50.0518 3436 uagp35 - ok
18:52:50.0689 3436 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
18:52:50.0689 3436 udfs - ok
18:52:50.0877 3436 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
18:52:50.0892 3436 uliagpkx - ok
18:52:51.0048 3436 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
18:52:51.0064 3436 umbus - ok
18:52:51.0235 3436 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
18:52:51.0235 3436 UmPass - ok
18:52:51.0454 3436 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
18:52:51.0454 3436 USBAAPL64 - ok
18:52:51.0625 3436 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\windows\system32\DRIVERS\usbccgp.sys
18:52:51.0625 3436 usbccgp - ok
18:52:51.0797 3436 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
18:52:51.0797 3436 usbcir - ok
18:52:51.0984 3436 usbehci (92969ba5ac44e229c55a332864f79677) C:\windows\system32\drivers\usbehci.sys
18:52:51.0984 3436 usbehci - ok
18:52:52.0171 3436 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\windows\system32\DRIVERS\usbhub.sys
18:52:52.0171 3436 usbhub - ok
18:52:52.0499 3436 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\windows\system32\drivers\usbohci.sys
18:52:52.0515 3436 usbohci - ok
18:52:52.0671 3436 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
18:52:52.0686 3436 usbprint - ok
18:52:52.0858 3436 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS
18:52:52.0873 3436 USBSTOR - ok
18:52:53.0029 3436 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\windows\system32\drivers\usbuhci.sys
18:52:53.0029 3436 usbuhci - ok
18:52:53.0217 3436 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys
18:52:53.0217 3436 usbvideo - ok
18:52:53.0404 3436 VClone (c5e70c4e64666db9d69c9f2fdae22428) C:\windows\system32\DRIVERS\VClone.sys
18:52:53.0419 3436 VClone - ok
18:52:53.0575 3436 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
18:52:53.0591 3436 vdrvroot - ok
18:52:53.0763 3436 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
18:52:53.0763 3436 vga - ok
18:52:53.0919 3436 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
18:52:53.0919 3436 VgaSave - ok
18:52:54.0090 3436 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
18:52:54.0106 3436 vhdmp - ok
18:52:54.0449 3436 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
18:52:54.0449 3436 viaide - ok
18:52:54.0621 3436 vm332avs (f9126b4a657924f523e45c3ca8081b5e) C:\windows\system32\Drivers\vm332avs.sys
18:52:54.0621 3436 vm332avs - ok
18:52:54.0792 3436 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
18:52:54.0808 3436 volmgr - ok
18:52:54.0964 3436 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
18:52:54.0979 3436 volmgrx - ok
18:52:55.0151 3436 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
18:52:55.0167 3436 volsnap - ok
18:52:55.0338 3436 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
18:52:55.0338 3436 vsmraid - ok
18:52:55.0525 3436 VSPerfDrv100 (ca64a8838b4674d14bdf88aba2f253ea) c:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
18:52:55.0525 3436 VSPerfDrv100 - ok
18:52:55.0713 3436 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
18:52:55.0713 3436 vwifibus - ok
18:52:55.0884 3436 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
18:52:55.0884 3436 vwififlt - ok
18:52:56.0056 3436 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
18:52:56.0071 3436 vwifimp - ok
18:52:56.0461 3436 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
18:52:56.0461 3436 WacomPen - ok
18:52:56.0773 3436 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
18:52:56.0773 3436 WANARP - ok
18:52:56.0773 3436 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
18:52:56.0789 3436 Wanarpv6 - ok
18:52:56.0976 3436 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
18:52:56.0976 3436 Wd - ok
18:52:57.0163 3436 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
18:52:57.0179 3436 Wdf01000 - ok
18:52:57.0351 3436 wdkmd (5b34e5938b9e76798977725e3f7847c4) C:\windows\system32\DRIVERS\WDKMD.sys
18:52:57.0351 3436 wdkmd - ok
18:52:57.0522 3436 wdmirror (2a444acf7dd446505bcc801f8f6ae5fd) C:\windows\system32\DRIVERS\WDMirror.sys
18:52:57.0522 3436 wdmirror - ok
18:52:57.0725 3436 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
18:52:57.0725 3436 WfpLwf - ok
18:52:57.0897 3436 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys
18:52:57.0912 3436 WimFltr - ok
18:52:58.0068 3436 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
18:52:58.0084 3436 WIMMount - ok
18:52:58.0552 3436 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys
18:52:58.0552 3436 WinUsb - ok
18:52:59.0051 3436 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
18:52:59.0067 3436 WmiAcpi - ok
18:52:59.0285 3436 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
18:52:59.0285 3436 ws2ifsl - ok
18:52:59.0503 3436 wsvd (83575c43b2bfe9ab0661a7f957e843c0) C:\windows\system32\DRIVERS\wsvd.sys
18:52:59.0503 3436 wsvd - ok
18:52:59.0659 3436 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
18:52:59.0675 3436 WudfPf - ok
18:52:59.0847 3436 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
18:52:59.0847 3436 WUDFRd - ok
18:52:59.0909 3436 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:52:59.0925 3436 \Device\Harddisk0\DR0 - ok
18:52:59.0925 3436 Boot (0x1200) (43bb62ba7bb3c8c8347cd225bfc1cef9) \Device\Harddisk0\DR0\Partition0
18:52:59.0940 3436 \Device\Harddisk0\DR0\Partition0 - ok
18:52:59.0940 3436 Boot (0x1200) (ec8faedf4b5ca83bc1cc70f5e17a97e2) \Device\Harddisk0\DR0\Partition1
18:52:59.0940 3436 \Device\Harddisk0\DR0\Partition1 - ok
18:52:59.0971 3436 Boot (0x1200) (cc229151c07a9d73d167d67c99528767) \Device\Harddisk0\DR0\Partition2
18:52:59.0971 3436 \Device\Harddisk0\DR0\Partition2 - ok
18:52:59.0971 3436 ============================================================
18:52:59.0971 3436 Scan finished
18:52:59.0971 3436 ============================================================
18:52:59.0987 6044 Detected object count: 0
18:52:59.0987 6044 Actual detected object count: 0

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:44 AM

Posted 20 February 2012 - 08:51 PM

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 RohanShah

RohanShah
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 20 February 2012 - 10:08 PM

now i understand what this scan did =x
Thank you for helping me so far
log:

Scan result of Farbar Recovery Scan Tool Version: 20-02-2012
Ran by SYSTEM at 2012-02-20 21:57:01
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\windows\system32\igfxtray.exe [161304 2010-06-29] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe [386584 2010-06-29] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\windows\system32\igfxpers.exe [414744 2010-06-29] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2101032 2010-05-03] (Synaptics Incorporated)
HKLM\...\Run: [SynBtnAsst] %ProgramFiles%\Synaptics\SynTP\SynBtnAsst.exe Utility_Window [54568 2010-05-03] (Synaptics Incorporated)
HKLM\...\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [776608 2009-12-18] (Lenovo)
HKLM\...\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4448704 2010-03-11] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [7056832 2010-03-11] (Lenovo (Beijing) Limited)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1436736 2011-06-15] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 [2278504 2011-10-14] (Realtek Semiconductor)
HKLM\...\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe /a [1792224 2010-11-09] (FSPro Labs)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-06-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [Lenovo SlideNav2] "C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe" [318400 2009-12-29] (Lenovo)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKU\Rohan\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [399736 2012-02-09] (BitTorrent, Inc.)
HKU\Rohan\...\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart [620376 2011-12-29] (IObit)
HKU\Rohan\...\Policies\system: [EnableLUA] 0
HKU\Rohan\...\Policies\system: [disableregistrytools] 0
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.11
Tcpip\..\Interfaces\{9259C06B-7F0E-4FC7-8194-B982E268E4B9}: [NameServer]0.0.0.0
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 AdvancedSystemCareService5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [497496 2011-12-29] (IObit)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [873248 2010-01-12] (Broadcom Corporation.)
2 IAStorDataMgrSvc; "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" [13336 2010-03-03] (Intel Corporation)
3 IGRS; "C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe" [38152 2009-07-14] (Lenovo Group Limited)
3 Lenovo ReadyComm AppSvc; "C:\Program Files\Lenovo\ReadyComm\AppSvc.exe" [509192 2009-08-14] (Lenovo Group Limited)
3 Lenovo ReadyComm ConnSvc; "C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe" [575304 2009-11-17] (Lenovo Group Limited)
2 LicCtrlService; C:\windows\runservice.exe [2560 2011-06-14] ()
4 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [652360 2012-01-13] (Malwarebytes Corporation)
2 Oasis2Service; "C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe" [46080 2010-06-23] ()
2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] ()
3 PS_MDP; C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)
2 ReadyComm.DirectRouter; C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
2 SbieSvc; "C:\Program Files\Sandboxie\SbieSvc.exe" [94992 2011-11-23] (SANDBOXIE L.T.D)
3 ServiceLayer; "C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe" [633856 2011-06-08] (Nokia)
2 Slidebar Notifier Service; "C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe" [69568 2009-12-29] (Lenovo)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2320920 2009-11-04] (Intel Corporation)
2 uploadmgr; C:\Windows\System32\iaantmon.dll [6656 2009-07-13] (Oak Technology Inc.)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [x]
2 MSSQL$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [x]
4 MSSQLServerADHelper100; "c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [x]
4 NetMsmqActivator; "c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [x]
4 NetPipeActivator; c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x]
4 NetTcpActivator; c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x]
4 NetTcpPortSharing; c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [x]
4 SQLAgent$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS [x]
4 SQLBrowser; "c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x]
2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x]

========================== Drivers (Whitelisted) =============

3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [28176 2009-10-18] (Lenovo Corporation)
1 ArcSec; C:\Windows\System32\drivers\ArcSec.sys [312184 2010-09-21] ()
3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [79376 2009-07-15] (Lenovo)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
0 FSProFilter; C:\Windows\System32\Drivers\FSPFltd.sys [54848 2010-07-22] (FSPro Labs)
3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation)
3 htcnprot; C:\Windows\System32\DRIVERS\htcnprot.sys [36928 2010-06-25] (Windows ® Win 7 DDK provider)
3 intelkmd; C:\Windows\System32\DRIVERS\igdpmd64.sys [10342240 2010-06-29] (Intel Corporation)
0 LHDmgr; C:\Windows\System32\DRIVERS\LhdX64.sys [39008 2010-01-15] (Lenovo.)
3 MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [23152 2011-12-10] (Malwarebytes Corporation)
4 RsFx0105; C:\Windows\System32\DRIVERS\RsFx0105.sys [311144 2011-09-22] (Microsoft Corporation)
3 SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [158336 2011-11-23] (SANDBOXIE L.T.D)
4 sptd; C:\Windows\System32\Drivers\sptd.sys [867064 2010-12-29] (Duplex Secure Ltd.)
3 ss_bus; C:\Windows\System32\DRIVERS\ss_bus.sys [127488 2010-04-26] (MCCI Corporation)
3 ss_mdfl; C:\Windows\System32\DRIVERS\ss_mdfl.sys [18944 2010-04-26] (MCCI Corporation)
3 ss_mdm; C:\Windows\System32\DRIVERS\ss_mdm.sys [161280 2010-04-26] (MCCI Corporation)
3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [31232 2011-07-01] (The OpenVPN Project)
3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [35112 2011-01-12] (TeamViewer GmbH)
3 TFsExDisk; \??\C:\windows\System32\Drivers\TFsExDisk.sys [16448 2010-06-14] (Teruten Inc)
3 TIEHDUSB; C:\Windows\System32\DRIVERS\tiehdusb.sys [128512 2009-09-03] (Texas Instruments)
3 vm332avs; C:\Windows\System32\Drivers\vm332avs.sys [229456 2010-06-01] (Vimicro Corporation)
3 VSPerfDrv100; \??\c:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2011-01-18] (Microsoft Corporation)
3 wdkmd; C:\Windows\System32\DRIVERS\WDKMD.sys [39832 2010-04-16] (Intel Corporation)
3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11280 2009-07-16] (Lenovo)
3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [121840 2009-07-21] (CyberLink)
3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [x]
3 BcmSqlStartupSvc; [x]
3 catchme; [x]
3 EagleX64; [x]
2 IviRegMgr; [x]
2 RichVideo; [x]
3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [x]
1 SASDIFSV; [x]
1 SASKUTIL; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-02-20 21:56 - 2012-02-20 21:57 - 0000000 ____D C:\FRST
2012-02-20 18:20 - 2012-02-20 18:20 - 0000000 ____D C:\Users\Rohan\Desktop\aeshapen
2012-02-20 18:17 - 2012-02-20 18:28 - 0000112 ____A C:\Windows\setupact.log
2012-02-20 18:17 - 2012-02-20 18:17 - 0000546 ____A C:\Windows\PFRO.log
2012-02-20 18:17 - 2012-02-20 18:17 - 0000000 ____A C:\Windows\setuperr.log
2012-02-20 15:52 - 2012-02-20 15:53 - 0088350 ____A C:\TDSSKiller.2.7.13.0_20.02.2012_18.52.08_log.txt
2012-02-20 15:51 - 2012-02-20 15:51 - 0002501 ____A C:\Users\Rohan\Desktop\aswMBR.txt
2012-02-20 15:51 - 2012-02-20 15:51 - 0000512 ____A C:\Users\Rohan\Desktop\MBR.dat
2012-02-20 12:55 - 2012-02-20 12:55 - 0000000 ____A C:\Users\Rohan\Desktop\TDSS.txt
2012-02-20 12:53 - 2012-02-20 12:55 - 0088350 ____A C:\TDSSKiller.2.7.13.0_20.02.2012_15.53.41_log.txt
2012-02-20 12:51 - 2012-02-20 12:53 - 0096706 ____A C:\TDSSKiller.2.7.13.0_20.02.2012_15.51.41_log.txt
2012-02-20 12:48 - 2012-02-20 12:52 - 0000000 ___SD C:\ComboFix
2012-02-20 12:44 - 2012-02-20 12:45 - 0088350 ____A C:\TDSSKiller.2.7.13.0_20.02.2012_15.44.28_log.txt
2012-02-20 12:43 - 2012-02-20 12:44 - 4729344 ____A (AVAST Software) C:\Users\Rohan\Desktop\aswMBR.exe
2012-02-20 12:43 - 2012-02-20 12:43 - 2060336 ____A (Kaspersky Lab ZAO) C:\Users\Rohan\Desktop\tdsskiller.exe
2012-02-20 02:41 - 2012-02-20 02:42 - 0028441 ____A C:\Users\Rohan\Desktop\CF.txt
2012-02-20 02:34 - 2012-02-20 02:34 - 0000000 __SHD C:\$RECYCLE.BIN
2012-02-20 02:14 - 2012-02-20 02:14 - 0002975 ____A C:\Users\Rohan\Desktop\HiJackThis.lnk
2012-02-20 02:14 - 2012-02-20 02:14 - 0000000 ____D C:\Program Files (x86)\Trend Micro
2012-02-19 21:21 - 2012-02-19 21:21 - 1402880 ____A C:\Users\Rohan\Desktop\HiJackThis.msi
2012-02-19 20:12 - 2012-02-19 20:15 - 0173498 ____A C:\TDSSKiller.2.7.13.0_19.02.2012_23.12.22_log.txt
2012-02-19 19:44 - 2012-02-19 19:44 - 0027641 ____A C:\Users\Rohan\Desktop\DDS.txt
2012-02-19 19:44 - 2012-02-19 19:44 - 0015757 ____A C:\Users\Rohan\Desktop\Attach.txt
2012-02-19 19:36 - 2012-02-19 19:36 - 0000504 ____A C:\Users\Rohan\Desktop\defogger_disable.log
2012-02-19 19:36 - 2012-02-19 19:36 - 0000020 ____A C:\Users\Rohan\defogger_reenable
2012-02-19 19:31 - 2012-02-19 19:31 - 0607260 ____R (Swearware) C:\Users\Rohan\Desktop\dds.scr
2012-02-19 19:31 - 2012-02-19 19:31 - 0050477 ____A C:\Users\Rohan\Desktop\Defogger.exe
2012-02-19 05:10 - 2012-02-19 05:11 - 0000395 ____A C:\rkill.log
2012-02-19 05:06 - 2012-02-19 05:06 - 1008141 ____A C:\Users\Rohan\Desktop\rkill.com
2012-02-18 22:51 - 2012-02-18 22:51 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-02-18 22:51 - 2012-02-18 22:51 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-02-18 22:51 - 2012-02-18 22:51 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-02-18 22:51 - 2012-02-18 22:51 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-02-18 22:50 - 2012-02-18 22:50 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-02-18 22:50 - 2012-02-18 22:50 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-02-18 22:50 - 2012-02-18 22:50 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-02-18 22:50 - 2012-02-18 22:50 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-02-18 22:50 - 2012-02-18 22:50 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-02-18 22:50 - 2012-02-18 22:50 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-02-18 22:40 - 2012-02-20 02:32 - 0000000 ____D C:\Windows\ERDNT
2012-02-18 22:40 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-02-18 22:40 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-02-18 22:40 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-02-18 22:40 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-02-18 22:40 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-02-18 22:40 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-02-18 22:40 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-02-18 22:40 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-02-18 22:34 - 2012-02-20 12:49 - 0000000 ____D C:\Qoobox
2012-02-18 22:27 - 2012-02-18 22:27 - 4406994 ____R (Swearware) C:\Users\Rohan\Desktop\ComboFix.exe
2012-02-18 22:18 - 2012-02-18 22:18 - 0924828 ____A C:\Users\Rohan\AppData\Local\census.cache
2012-02-18 22:14 - 2012-02-18 22:14 - 0128286 ____A C:\Users\Rohan\AppData\Local\ars.cache
2012-02-18 22:08 - 2012-02-18 22:08 - 0000000 ____D C:\Users\Rohan\Desktop\backups
2012-02-17 23:34 - 2012-02-17 23:41 - 0000030 ____A C:\Users\Rohan\Desktop\file.txt
2012-02-17 21:22 - 2012-02-20 18:28 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-02-17 20:41 - 2012-02-17 20:41 - 0195240 ____A C:\Users\Rohan\Desktop\lol.png
2012-02-17 20:18 - 2012-02-17 20:21 - 0000000 ____D C:\Users\Rohan\Downloads\G.I.Joe.The.Rise.of.Cobra.2009.720p.BRRip.Xid.AC3-FLAWL3SS
2012-02-17 09:24 - 2012-02-17 09:28 - 0000000 ____D C:\Users\Rohan\Downloads\Rockstar - DVDRip - XviD - 1CDRip - [DDR]
2012-02-16 23:22 - 2012-02-16 23:22 - 0126950 ____A C:\Users\Rohan\Desktop\8eb7bfcaa025947fd1803b9952ebd4ee.jpg
2012-02-15 21:21 - 2012-02-15 21:21 - 0000000 ____D C:\Users\All Users\PreEmptive Solutions
2012-02-15 21:21 - 2012-02-15 21:21 - 0000000 ____D C:\ProgramData\PreEmptive Solutions
2012-02-15 21:18 - 2012-02-15 21:18 - 0000000 ____D C:\Users\Default\Documents\Visual Studio 2008
2012-02-15 21:18 - 2012-02-15 21:18 - 0000000 ____D C:\Users\Default User\Documents\Visual Studio 2008
2012-02-15 21:04 - 2012-02-15 21:04 - 0000000 ____D C:\Users\All Users\VS
2012-02-15 21:04 - 2012-02-15 21:04 - 0000000 ____D C:\ProgramData\VS
2012-02-15 20:09 - 2012-02-15 20:25 - 0000000 ____D C:\Users\Rohan\Downloads\Incendiary.2008.DvDRip-FxM
2012-02-15 19:00 - 2012-02-15 19:00 - 0000000 ____D C:\Users\Rohan\AppData\Roaming\Outlook
2012-02-15 18:57 - 2012-02-15 18:58 - 0000000 ____D C:\Users\Rohan\Desktop\lpol
2012-02-15 18:56 - 2012-02-15 18:56 - 0000000 ____D C:\Users\Rohan\Documents\My Photos
2012-02-15 18:56 - 2012-02-15 18:56 - 0000000 ____D C:\Users\Rohan\Documents\My Documents
2012-02-15 18:53 - 2012-02-20 18:31 - 0000000 ____D C:\Users\Rohan\AppData\Local\Htc
2012-02-15 18:53 - 2012-02-15 18:53 - 0000000 ____D C:\Users\Rohan\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
2012-02-15 18:52 - 2012-02-15 19:00 - 0000000 ____D C:\Users\Rohan\AppData\Roaming\HTC
2012-02-15 18:52 - 2012-02-15 18:52 - 0001042 ____A C:\Users\Public\Desktop\HTC Sync.lnk
2012-02-15 18:51 - 2012-02-20 00:11 - 0000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2012-02-15 18:51 - 2012-02-20 00:11 - 0000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2012-02-15 18:51 - 2012-02-15 18:52 - 0000000 ____D C:\Program Files (x86)\HTC
2012-02-15 18:51 - 2012-02-15 18:51 - 0000000 ____D C:\Program Files (x86)\Spirent Communications
2012-02-15 18:50 - 2012-02-17 17:49 - 0000000 ____D C:\Users\Rohan\Downloads\Race 2008 Hindi BDRip x264 E-SuB xRG
2012-02-15 18:44 - 2012-02-15 19:09 - 0000000 ____D C:\ruu_log
2012-02-15 01:42 - 2012-01-13 20:02 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-15 01:42 - 2012-01-04 01:59 - 14164480 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-02-15 01:42 - 2012-01-04 01:58 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-02-15 01:42 - 2012-01-04 01:03 - 12868096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-02-15 01:42 - 2012-01-04 01:03 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2012-02-15 01:42 - 2012-01-02 22:24 - 0515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-02-15 01:42 - 2012-01-02 21:44 - 0478208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2012-02-15 01:42 - 2011-12-27 19:59 - 0499200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2012-02-15 01:42 - 2011-12-16 00:45 - 1501184 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-15 01:42 - 2011-12-16 00:45 - 1197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-15 01:42 - 2011-12-16 00:42 - 9335296 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-15 01:42 - 2011-12-16 00:42 - 1026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-02-15 01:42 - 2011-12-16 00:42 - 0703488 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-02-15 01:42 - 2011-12-16 00:42 - 0634368 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-02-15 01:42 - 2011-12-16 00:40 - 12372480 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-15 01:42 - 2011-12-16 00:40 - 0445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-02-15 01:42 - 2011-12-16 00:02 - 1230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-15 01:42 - 2011-12-16 00:02 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-15 01:42 - 2011-12-15 23:59 - 5999104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-15 01:42 - 2011-12-15 23:59 - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2012-02-15 01:42 - 2011-12-15 23:59 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-02-15 01:42 - 2011-12-15 23:58 - 10991104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-15 01:42 - 2011-12-15 23:58 - 0381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-02-15 01:41 - 2011-12-16 00:45 - 0134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-15 01:41 - 2011-12-16 00:42 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-15 01:41 - 2011-12-16 00:42 - 0082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-02-15 01:41 - 2011-12-16 00:41 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-15 01:41 - 2011-12-16 00:41 - 0057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-02-15 01:41 - 2011-12-16 00:40 - 2458624 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-15 01:41 - 2011-12-16 00:40 - 0256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-02-15 01:41 - 2011-12-16 00:40 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-15 01:41 - 2011-12-16 00:38 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-02-15 01:41 - 2011-12-16 00:02 - 0132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-15 01:41 - 2011-12-15 23:59 - 0606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2012-02-15 01:41 - 2011-12-15 23:59 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-15 01:41 - 2011-12-15 23:59 - 0064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-02-15 01:41 - 2011-12-15 23:58 - 2072576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-15 01:41 - 2011-12-15 23:58 - 0185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-02-15 01:41 - 2011-12-15 23:58 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-15 01:41 - 2011-12-15 23:58 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-15 01:41 - 2011-12-15 23:58 - 0044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-02-15 01:41 - 2011-12-15 23:56 - 0012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-02-15 01:41 - 2011-12-15 23:26 - 0482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-02-15 01:41 - 2011-12-15 22:49 - 0386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-02-15 01:41 - 2011-12-15 22:43 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-15 01:41 - 2011-12-15 22:15 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-14 19:12 - 2012-02-15 09:50 - 0000000 ____D C:\Users\Rohan\Desktop\P (1)
2012-02-14 18:27 - 2012-02-14 18:32 - 0000000 ____D C:\Users\Rohan\Downloads\Ek.Main.Aur.Ekk.Tu.2012.DVDScrRip.XviD.MP3-aSTEEL
2012-02-12 21:10 - 2012-02-12 21:14 - 0000000 ____D C:\Users\Rohan\Downloads\Safe.House.2012.CAM.READNFO.XviD-eXceSs
2012-02-12 15:27 - 2012-02-12 15:38 - 736367732 ____A C:\Users\Rohan\Downloads\Safe_House_2012_CAM_REPACK_XviD_-_ZOMBiES.avi
2012-02-11 20:29 - 2012-02-11 20:36 - 0000000 ____D C:\Users\Rohan\Downloads\CyberBully.2011.DVDRip.XviD.AC3.CrEwSaDe
2012-02-11 20:28 - 2012-02-11 20:31 - 0000000 ____D C:\Users\Rohan\Downloads\Mission Impossible
2012-02-10 19:22 - 2012-02-10 19:35 - 521452816 ____A C:\Users\Rohan\Downloads\[Hindi] [Ek Main Aur Ekk Tu (2012)] [Scam Rip (not a good print at all)] [BiRaKa].avi
2012-02-10 19:02 - 2012-02-10 19:02 - 0001743 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-02-10 19:01 - 2012-02-10 19:02 - 0000000 ____D C:\Program Files\iTunes
2012-02-10 19:01 - 2012-02-10 19:01 - 0000000 ____D C:\Program Files\iPod
2012-02-09 23:30 - 2011-12-30 14:02 - 0023896 ____A (IObit) C:\Windows\System32\RegistryDefragBootTime.exe
2012-02-09 23:26 - 2012-02-20 18:33 - 1057627 ____A C:\Windows\WindowsUpdate.log
2012-02-09 23:20 - 2012-02-09 23:20 - 0001236 ____A C:\Users\Public\Desktop\Uninstaller.lnk
2012-02-09 23:20 - 2012-02-09 23:20 - 0001185 ____A C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
2012-02-09 23:20 - 2012-02-09 23:20 - 0000000 ____D C:\Users\All Users\IObit
2012-02-09 23:20 - 2012-02-09 23:20 - 0000000 ____D C:\ProgramData\IObit
2012-02-09 23:17 - 2012-02-09 23:17 - 0000000 ____D C:\Users\Rohan\Downloads\Advanced System Care 5.1
2012-02-09 22:45 - 2012-02-09 23:06 - 0000000 ____D C:\Users\Rohan\Downloads\Tinker.Tailor.Soldier.Spy.2011.BRRiP.AC3-5.1.XviD-SiC
2012-02-09 22:20 - 2012-02-09 22:20 - 0399736 ____A (BitTorrent, Inc.) C:\Users\Rohan\Desktop\utorrent.exe
2012-02-09 20:11 - 2012-02-09 20:12 - 0000000 ____D C:\Users\Rohan\AppData\Roaming\.Tribler
2012-02-09 20:11 - 2012-02-09 20:11 - 0000000 ____D C:\Users\Rohan\Desktop\TriblerDownloads
2012-02-09 20:10 - 2012-02-09 20:10 - 0000955 ____A C:\Users\Rohan\Desktop\Tribler.lnk
2012-02-09 20:10 - 2012-02-09 20:10 - 0000000 ____D C:\Program Files (x86)\Tribler
2012-02-09 09:54 - 2012-02-09 10:05 - 0000000 ____D C:\Users\Rohan\Downloads\Little Children 2006 BrRip ExtraScene RG
2012-02-09 09:52 - 2012-02-14 08:17 - 0000000 ____D C:\Users\Rohan\Downloads\The.Babysitters.2007.DVDRip.XviD.AC3-TDP
2012-02-08 18:52 - 2012-02-08 19:03 - 0000000 ____D C:\Users\Rohan\Downloads\Gali Gali Chor Hai - DVDScr - x264 - 1CDRip - [DDR]
2012-02-08 16:09 - 2012-02-08 16:09 - 0000000 ____D C:\Users\Rohan\Downloads\pcanywhere
2012-02-07 08:54 - 2012-02-09 09:43 - 0002278 ____A C:\Users\Rohan\Desktop\Google Chrome.lnk
2012-02-07 08:52 - 2012-02-20 17:57 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1723700413-2339148374-4043010873-1000UA.job
2012-02-07 08:52 - 2012-02-19 08:57 - 0000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1723700413-2339148374-4043010873-1000Core.job
2012-02-06 22:21 - 2012-02-06 23:37 - 1368783787 ____A C:\Users\Rohan\Downloads\pcanywhere.rar
2012-02-06 21:27 - 2012-02-06 21:35 - 0000000 ____D C:\Users\Rohan\Downloads\The Grey 2012 TS XVID-WBZ
2012-02-06 09:51 - 2012-02-06 09:52 - 0000000 ____D C:\Program Files\Recuva
2012-02-06 09:51 - 2012-02-06 09:51 - 0000000 ____D C:\Program Files\CCleaner
2012-02-06 09:50 - 2012-02-06 09:50 - 0000000 ____D C:\Program Files\Speccy
2012-02-05 20:23 - 2012-02-05 20:49 - 0000000 ____D C:\Users\Rohan\Downloads\Chronicle 2012 TS XViD - INSPiRAL
2012-02-05 15:18 - 2012-02-05 15:18 - 0000000 ____D C:\Users\Rohan\Downloads\Unfaithful.2002.BRRip.XviD-VLiS
2012-02-05 15:14 - 2012-02-05 16:49 - 0000000 ____D C:\Users\Rohan\Downloads\Notes On A Scandal[2006]DVDRip XviD-ExtraTorrentRG
2012-02-05 14:56 - 2012-02-05 15:16 - 0000000 ____D C:\Users\Rohan\Downloads\Perfect.Partner.2011.PROPER.DVDRip.XviD-CoWRY
2012-02-04 12:39 - 2012-02-04 12:44 - 0000000 ____D C:\Program Files (x86)\iLivid
2012-02-04 12:39 - 2012-02-04 12:39 - 0000000 ____D C:\Users\Rohan\AppData\Local\PackageAware
2012-02-04 12:00 - 2012-02-04 13:47 - 0000000 ____D C:\Users\Rohan\Downloads\Spanish Beauty - DVDRip - XviD - 1CDRip - [DDR]
2012-02-03 22:01 - 2012-02-03 22:01 - 0000000 ____D C:\Users\Rohan\Desktop\Firefoxbackup
2012-02-03 21:32 - 2012-02-03 21:32 - 1472553 ____A ( ) C:\Users\Rohan\Desktop\SimbaInstaller.exe
2012-02-03 21:32 - 2012-02-03 21:32 - 0000562 ____A C:\Users\Public\Desktop\Simba.lnk
2012-02-03 21:32 - 2012-02-03 21:32 - 0000000 ____D C:\Simba
2012-02-03 21:07 - 2012-02-03 21:18 - 0000000 ____D C:\Users\Rohan\Desktop\b9qhwi3d.default
2012-02-03 21:07 - 2012-02-03 21:18 - 0000000 ____D C:\Users\Rohan\Desktop\1lgvssbw.default
2012-02-03 20:36 - 2012-02-03 20:36 - 0000044 ____A C:\Users\Rohan\jagex_cl_runescape_LIVE.dat
2012-02-03 20:36 - 2012-02-03 20:36 - 0000000 ____D C:\Users\Rohan\jagexcache
2012-02-02 21:13 - 2012-02-02 21:32 - 0000000 ____D C:\Users\Rohan\Downloads\Despicable.Me.DVDRip.XviD-iMBT
2012-02-02 13:23 - 2004-12-14 22:09 - 31562496 ____A C:\Users\Rohan\Downloads\IMAGE.sub
2012-02-02 13:22 - 2004-12-14 22:09 - 773281152 ____A C:\Users\Rohan\Downloads\IMAGE.img
2012-02-02 13:22 - 2004-12-14 22:08 - 0000771 ____A C:\Users\Rohan\Downloads\IMAGE.CCD
2012-02-02 13:22 - 2004-12-14 22:08 - 0000069 ____A C:\Users\Rohan\Downloads\IMAGE.cue
2012-02-02 13:22 - 2004-12-14 21:07 - 0000094 ____A C:\Users\Rohan\Downloads\chain.cue
2012-02-01 20:28 - 2012-02-09 23:30 - 0000000 ____D C:\Users\Rohan\Desktop\Shortcut
2012-02-01 20:13 - 2012-02-03 21:18 - 0000000 ____D C:\Program Files (x86)\Aurora
2012-02-01 12:03 - 2012-02-01 12:20 - 608874972 ____A C:\Users\Rohan\Downloads\CHAIN.rar
2012-02-01 11:58 - 2012-02-01 12:06 - 313415559 ____A C:\Users\Rohan\Downloads\[SubDESU-H]_Soredemo_Tsuma_wo_Aibleeperu_-_02_(720x480_x264_AAC)_[642C01C9].wmv
2012-01-30 19:29 - 2012-01-30 19:29 - 0002111 ____A C:\Users\Public\Desktop\Age of Mythology Gold.lnk
2012-01-30 19:24 - 2012-01-30 19:24 - 0000000 ____D C:\Windows\Watson
2012-01-30 19:24 - 2012-01-30 19:24 - 0000000 ____D C:\Program Files (x86)\Microsoft Games
2012-01-30 12:18 - 2012-01-30 19:27 - 0000000 ____D C:\Users\Rohan\Downloads\AOMGOLD
2012-01-29 10:55 - 2012-01-29 10:56 - 0000000 ____D C:\Users\Rohan\Downloads\Agneepath - DVDScr - XviD - [DDR]
2012-01-28 12:29 - 2012-02-03 21:18 - 0000000 ____D C:\Users\Rohan\AppData\Roaming\SUPERAntiSpyware.com
2012-01-28 12:28 - 2012-02-03 21:49 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-01-27 21:22 - 2012-01-27 21:22 - 0065536 __ASH C:\Windows\System32\config\components{8fb487b3-4604-11e1-8040-60eb69697d31}.TxR.blf
2012-01-27 21:19 - 2012-01-28 16:54 - 0000000 ____D C:\Users\Rohan\Downloads\Jo Hum Chahein - DVDRip - XviD - [DDR]
2012-01-26 14:16 - 2012-01-26 14:18 - 0000000 ____D C:\Users\Rohan\Downloads\The Girl With The Dragon Tattoo 2011 DVDSCR XViD DTRG
2012-01-26 12:27 - 2012-01-30 19:37 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-26 12:27 - 2012-01-30 19:22 - 0001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-01-25 20:52 - 2012-01-25 20:52 - 0000000 ____D C:\My Lockbox
2012-01-25 20:51 - 2012-02-11 23:01 - 0000857 ____A C:\Users\Rohan\Desktop\My Lockbox.lnk
2012-01-25 20:51 - 2012-01-25 20:51 - 0000000 ____D C:\Program Files\My Lockbox
2012-01-25 20:51 - 2010-07-22 13:13 - 0054848 ____A (FSPro Labs) C:\Windows\System32\Drivers\FSPFltd.sys
2012-01-25 20:50 - 2012-01-25 20:50 - 0000000 ____D C:\Users\Rohan\Downloads\My Lockbox PRO 2.3.8.281 + key
2012-01-23 19:48 - 2012-01-23 20:33 - 0000000 ____D C:\Users\Rohan\Downloads\Chalis Chaurasi (2012) 2CD PDVD Rip AC3 X264 imamzafar[TDBB]
2012-01-23 19:45 - 2012-01-23 20:59 - 0000000 ____D C:\Users\Rohan\Downloads\Lanka - DVDRip - XviD - [DDR]

============ 3 Months Modified Files and Folders =============

2012-02-20 21:57 - 2012-02-20 21:56 - 0000000 ____D C:\FRST
2012-02-20 18:33 - 2012-02-09 23:26 - 1057627 ____A C:\Windows\WindowsUpdate.log
2012-02-20 18:33 - 2011-12-08 21:12 - 1377831 ____A C:\FaceProv.log
2012-02-20 18:33 - 2009-07-13 20:45 - 0013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-02-20 18:33 - 2009-07-13 20:45 - 0013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-02-20 18:31 - 2012-02-15 18:53 - 0000000 ____D C:\Users\Rohan\AppData\Local\Htc
2012-02-20 18:30 - 2010-12-29 14:41 - 0000000 ____D C:\Users\Rohan\AppData\Roaming\uTorrent
2012-02-20 18:28 - 2012-02-20 18:17 - 0000112 ____A C:\Windows\setupact.log
2012-02-20 18:28 - 2012-02-17 21:22 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-02-20 18:28 - 2011-06-14 20:37 - 0000681 __ASH C:\Windows\SysWOW64\mmf.sys
2012-02-20 18:28 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-02-20 18:27 - 2010-12-02 13:19 - 3061166080 __ASH C:\hiberfil.sys
2012-02-20 18:20 - 2012-02-20 18:20 - 0000000 ____D C:\Users\Rohan\Desktop\aeshapen
2012-02-20 18:17 - 2012-02-20 18:17 - 0000546 ____A C:\Windows\PFRO.log
2012-02-20 18:17 - 2012-02-20 18:17 - 0000000 ____A C:\Windows\setuperr.log
2012-02-20 17:57 - 2012-02-07 08:52 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1723700413-2339148374-4043010873-1000UA.job
2012-02-20 15:53 - 2012-02-20 15:52 - 0088350 ____A C:\TDSSKiller.2.7.13.0_20.02.2012_18.52.08_log.txt
2012-02-20 15:51 - 2012-02-20 15:51 - 0002501 ____A C:\Users\Rohan\Desktop\aswMBR.txt
2012-02-20 15:51 - 2012-02-20 15:51 - 0000512 ____A C:\Users\Rohan\Desktop\MBR.dat
2012-02-20 12:55 - 2012-02-20 12:55 - 0000000 ____A C:\Users\Rohan\Desktop\TDSS.txt
2012-02-20 12:55 - 2012-02-20 12:53 - 0088350 ____A C:\TDSSKiller.2.7.13.0_20.02.2012_15.53.41_log.txt
2012-02-20 12:53 - 2012-02-20 12:51 - 0096706 ____A C:\TDSSKiller.2.7.13.0_20.02.2012_15.51.41_log.txt
2012-02-20 12:52 - 2012-02-20 12:48 - 0000000 ___SD C:\ComboFix
2012-02-20 12:49 - 2012-02-18 22:34 - 0000000 ____D C:\Qoobox
2012-02-20 12:45 - 2012-02-20 12:44 - 0088350 ____A C:\TDSSKiller.2.7.13.0_20.02.2012_15.44.28_log.txt
2012-02-20 12:44 - 2012-02-20 12:43 - 4729344 ____A (AVAST Software) C:\Users\Rohan\Desktop\aswMBR.exe
2012-02-20 12:43 - 2012-02-20 12:43 - 2060336 ____A (Kaspersky Lab ZAO) C:\Users\Rohan\Desktop\tdsskiller.exe
2012-02-20 12:42 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-02-20 12:39 - 2010-12-29 20:30 - 0000000 ____D C:\users\Rohan
2012-02-20 02:42 - 2012-02-20 02:41 - 0028441 ____A C:\Users\Rohan\Desktop\CF.txt
2012-02-20 02:35 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
2012-02-20 02:34 - 2012-02-20 02:34 - 0000000 __SHD C:\$RECYCLE.BIN
2012-02-20 02:32 - 2012-02-18 22:40 - 0000000 ____D C:\Windows\ERDNT
2012-02-20 02:32 - 2009-07-13 18:34 - 96464896 ____A C:\Windows\System32\config\software.bak
2012-02-20 02:32 - 2009-07-13 18:34 - 5382144 ____A C:\Windows\System32\config\default.bak
2012-02-20 02:32 - 2009-07-13 18:34 - 23068672 ____A C:\Windows\System32\config\system.bak
2012-02-20 02:32 - 2009-07-13 18:34 - 0065536 ____A C:\Windows\System32\config\sam.bak
2012-02-20 02:32 - 2009-07-13 18:34 - 0028672 ____A C:\Windows\System32\config\security.bak
2012-02-20 02:14 - 2012-02-20 02:14 - 0002975 ____A C:\Users\Rohan\Desktop\HiJackThis.lnk
2012-02-20 02:14 - 2012-02-20 02:14 - 0000000 ____D C:\Program Files (x86)\Trend Micro
2012-02-20 00:12 - 2010-12-29 08:01 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-02-20 00:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-02-20 00:11 - 2012-02-15 18:51 - 0000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2012-02-20 00:11 - 2012-02-15 18:51 - 0000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2012-02-20 00:11 - 2011-06-10 22:24 - 0000000 ____D C:\Users\All Users\Real
2012-02-20 00:11 - 2011-06-10 22:24 - 0000000 ____D C:\ProgramData\Real
2012-02-20 00:11 - 2010-12-29 08:10 - 0000000 ____D C:\Users\Rohan\AppData\Roaming\Macromedia
2012-02-20 00:11 - 2010-12-29 08:01 - 0000000 ____D C:\Users\Rohan\AppData\Local\Mozilla
2012-02-19 21:21 - 2012-02-19 21:21 - 1402880 ____A C:\Users\Rohan\Desktop\HiJackThis.msi
2012-02-19 20:15 - 2012-02-19 20:12 - 0173498 ____A C:\TDSSKiller.2.7.13.0_19.02.2012_23.12.22_log.txt
2012-02-19 19:44 - 2012-02-19 19:44 - 0027641 ____A C:\Users\Rohan\Desktop\DDS.txt
2012-02-19 19:44 - 2012-02-19 19:44 - 0015757 ____A C:\Users\Rohan\Desktop\Attach.txt
2012-02-19 19:36 - 2012-02-19 19:36 - 0000504 ____A C:\Users\Rohan\Desktop\defogger_disable.log
2012-02-19 19:36 - 2012-02-19 19:36 - 0000020 ____A C:\Users\Rohan\defogger_reenable
2012-02-19 19:31 - 2012-02-19 19:31 - 0607260 ____R (Swearware) C:\Users\Rohan\Desktop\dds.scr
2012-02-19 19:31 - 2012-02-19 19:31 - 0050477 ____A C:\Users\Rohan\Desktop\Defogger.exe
2012-02-19 08:57 - 2012-02-07 08:52 - 0000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1723700413-2339148374-4043010873-1000Core.job
2012-02-19 05:11 - 2012-02-19 05:10 - 0000395 ____A C:\rkill.log
2012-02-19 05:06 - 2012-02-19 05:06 - 1008141 ____A C:\Users\Rohan\Desktop\rkill.com
2012-02-18 23:00 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Default
2012-02-18 23:00 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-02-18 22:51 - 2012-02-18 22:51 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-02-18 22:51 - 2012-02-18 22:51 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-02-18 22:51 - 2012-02-18 22:51 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-02-18 22:51 - 2012-02-18 22:51 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-02-18 22:50 - 2012-02-18 22:50 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-02-18 22:50 - 2012-02-18 22:50 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-02-18 22:50 - 2012-02-18 22:50 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-02-18 22:50 - 2012-02-18 22:50 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-02-18 22:50 - 2012-02-18 22:50 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-02-18 22:50 - 2012-02-18 22:50 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-02-18 22:27 - 2012-02-18 22:27 - 4406994 ____R (Swearware) C:\Users\Rohan\Desktop\ComboFix.exe
2012-02-18 22:18 - 2012-02-18 22:18 - 0924828 ____A C:\Users\Rohan\AppData\Local\census.cache
2012-02-18 22:14 - 2012-02-18 22:14 - 0128286 ____A C:\Users\Rohan\AppData\Local\ars.cache
2012-02-18 22:08 - 2012-02-18 22:08 - 0000000 ____D C:\Users\Rohan\Desktop\backups
2012-02-18 22:08 - 2011-04-20 11:04 - 0000000 ____D C:\Users\Rohan\Documents\Visual Studio 2010
2012-02-18 12:22 - 2009-07-13 21:13 - 0880426 ____A C:\Windows\System32\PerfStringBackup.INI
2012-02-18 04:55 - 2009-07-13 21:08 - 0032648 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-02-17 23:41 - 2012-02-17 23:34 - 0000030 ____A C:\Users\Rohan\Desktop\file.txt
2012-02-17 20:41 - 2012-02-17 20:41 - 0195240 ____A C:\Users\Rohan\Desktop\lol.png
2012-02-17 20:21 - 2012-02-17 20:18 - 0000000 ____D C:\Users\Rohan\Downloads\G.I.Joe.The.Rise.of.Cobra.2009.720p.BRRip.Xid.AC3-FLAWL3SS
2012-02-17 17:49 - 2012-02-15 18:50 - 0000000 ____D C:\Users\Rohan\Downloads\Race 2008 Hindi BDRip x264 E-SuB xRG
2012-02-17 09:28 - 2012-02-17 09:24 - 0000000 ____D C:\Users\Rohan\Downloads\Rockstar - DVDRip - XviD - 1CDRip - [DDR]
2012-02-17 09:20 - 2010-12-02 14:14 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-16 23:22 - 2012-02-16 23:22 - 0126950 ____A C:\Users\Rohan\Desktop\8eb7bfcaa025947fd1803b9952ebd4ee.jpg
2012-02-15 21:25 - 2011-04-20 10:59 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 10.0
2012-02-15 21:23 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\MSBuild
2012-02-15 21:21 - 2012-02-15 21:21 - 0000000 ____D C:\Users\All Users\PreEmptive Solutions
2012-02-15 21:21 - 2012-02-15 21:21 - 0000000 ____D C:\ProgramData\PreEmptive Solutions
2012-02-15 21:18 - 2012-02-15 21:18 - 0000000 ____D C:\Users\Default\Documents\Visual Studio 2008
2012-02-15 21:18 - 2012-02-15 21:18 - 0000000 ____D C:\Users\Default User\Documents\Visual Studio 2008
2012-02-15 21:04 - 2012-02-15 21:04 - 0000000 ____D C:\Users\All Users\VS
2012-02-15 21:04 - 2012-02-15 21:04 - 0000000 ____D C:\ProgramData\VS
2012-02-15 21:04 - 2011-04-20 10:57 - 0000000 ____D C:\Program Files (x86)\Microsoft SDKs
2012-02-15 20:54 - 2011-01-17 15:17 - 0874642 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-02-15 20:25 - 2012-02-15 20:09 - 0000000 ____D C:\Users\Rohan\Downloads\Incendiary.2008.DvDRip-FxM
2012-02-15 19:09 - 2012-02-15 18:44 - 0000000 ____D C:\ruu_log
2012-02-15 19:00 - 2012-02-15 19:00 - 0000000 ____D C:\Users\Rohan\AppData\Roaming\Outlook
2012-02-15 19:00 - 2012-02-15 18:52 - 0000000 ____D C:\Users\Rohan\AppData\Roaming\HTC
2012-02-15 18:58 - 2012-02-15 18:57 - 0000000 ____D C:\Users\Rohan\Desktop\lpol
2012-02-15 18:56 - 2012-02-15 18:56 - 0000000 ____D C:\Users\Rohan\Documents\My Photos
2012-02-15 18:56 - 2012-02-15 18:56 - 0000000 ____D C:\Users\Rohan\Documents\My Documents
2012-02-15 18:53 - 2012-02-15 18:53 - 0000000 ____D C:\Users\Rohan\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
2012-02-15 18:52 - 2012-02-15 18:52 - 0001042 ____A C:\Users\Public\Desktop\HTC Sync.lnk
2012-02-15 18:52 - 2012-02-15 18:51 - 0000000 ____D C:\Program Files (x86)\HTC
2012-02-15 18:51 - 2012-02-15 18:51 - 0000000 ____D C:\Program Files (x86)\Spirent Communications
2012-02-15 18:51 - 2011-04-10 18:44 - 0000000 ____D C:\Users\Rohan\AppData\Local\Downloaded Installations
2012-02-15 18:51 - 2011-01-08 22:42 - 0000000 ____D C:\Users\Rohan\AppData\Local\Adobe
2012-02-15 18:51 - 2010-12-29 20:33 - 0000000 ____D C:\Users\Rohan\AppData\Roaming\Adobe
2012-02-15 18:51 - 2010-12-02 13:45 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-02-15 18:50 - 2011-07-17 08:12 - 0000000 ____D C:\Program Files (x86)\MSXML 4.0
2012-02-15 09:50 - 2012-02-14 19:12 - 0000000 ____D C:\Users\Rohan\Desktop\P (1)
2012-02-15 09:03 - 2010-12-29 20:30 - 0000174 ___SH C:\Users\Rohan\Start Menu\Programs\Startup\desktop.ini
2012-02-15 09:03 - 2010-12-29 20:30 - 0000174 ___SH C:\Users\Rohan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-15 09:02 - 2009-07-13 20:45 - 0440960 ____A C:\Windows\System32\FNTCACHE.DAT
2012-02-15 01:56 - 2011-06-21 10:13 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-02-15 01:56 - 2011-06-21 10:13 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-02-15 01:48 - 2010-12-29 08:04 - 54585368 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-02-14 18:32 - 2012-02-14 18:27 - 0000000 ____D C:\Users\Rohan\Downloads\Ek.Main.Aur.Ekk.Tu.2012.DVDScrRip.XviD.MP3-aSTEEL
2012-02-14 08:17 - 2012-02-09 09:52 - 0000000 ____D C:\Users\Rohan\Downloads\The.Babysitters.2007.DVDRip.XviD.AC3-TDP
2012-02-12 21:14 - 2012-02-12 21:10 - 0000000 ____D C:\Users\Rohan\Downloads\Safe.House.2012.CAM.READNFO.XviD-eXceSs
2012-02-12 15:38 - 2012-02-12 15:27 - 736367732 ____A C:\Users\Rohan\Downloads\Safe_House_2012_CAM_REPACK_XviD_-_ZOMBiES.avi
2012-02-11 23:04 - 2010-12-29 08:01 - 0001013 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-02-11 23:01 - 2012-01-25 20:51 - 0000857 ____A C:\Users\Rohan\Desktop\My Lockbox.lnk
2012-02-11 20:36 - 2012-02-11 20:29 - 0000000 ____D C:\Users\Rohan\Downloads\CyberBully.2011.DVDRip.XviD.AC3.CrEwSaDe
2012-02-11 20:31 - 2012-02-11 20:28 - 0000000 ____D C:\Users\Rohan\Downloads\Mission Impossible
2012-02-10 19:35 - 2012-02-10 19:22 - 521452816 ____A C:\Users\Rohan\Downloads\[Hindi] [Ek Main Aur Ekk Tu (2012)] [Scam Rip (not a good print at all)] [BiRaKa].avi
2012-02-10 19:02 - 2012-02-10 19:02 - 0001743 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-02-10 19:02 - 2012-02-10 19:01 - 0000000 ____D C:\Program Files\iTunes
2012-02-10 19:02 - 2012-01-15 20:38 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-02-10 19:01 - 2012-02-10 19:01 - 0000000 ____D C:\Program Files\iPod
2012-02-09 23:30 - 2012-02-01 20:28 - 0000000 ____D C:\Users\Rohan\Desktop\Shortcut
2012-02-09 23:20 - 2012-02-09 23:20 - 0001236 ____A C:\Users\Public\Desktop\Uninstaller.lnk
2012-02-09 23:20 - 2012-02-09 23:20 - 0001185 ____A C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
2012-02-09 23:20 - 2012-02-09 23:20 - 0000000 ____D C:\Users\All Users\IObit
2012-02-09 23:20 - 2012-02-09 23:20 - 0000000 ____D C:\ProgramData\IObit
2012-02-09 23:20 - 2011-12-08 19:37 - 0000000 ____D C:\Program Files (x86)\IObit
2012-02-09 23:20 - 2011-04-16 08:03 - 0000000 ____D C:\Users\Rohan\AppData\Roaming\IObit
2012-02-09 23:17 - 2012-02-09 23:17 - 0000000 ____D C:\Users\Rohan\Downloads\Advanced System Care 5.1
2012-02-09 23:06 - 2012-02-09 22:45 - 0000000 ____D C:\Users\Rohan\Downloads\Tinker.Tailor.Soldier.Spy.2011.BRRiP.AC3-5.1.XviD-SiC
2012-02-09 22:23 - 2010-12-29 14:41 - 0000907 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-02-09 22:23 - 2010-12-29 14:41 - 0000000 ____D C:\Program Files (x86)\uTorrent
2012-02-09 22:20 - 2012-02-09 22:20 - 0399736 ____A (BitTorrent, Inc.) C:\Users\Rohan\Desktop\utorrent.exe
2012-02-09 20:12 - 2012-02-09 20:11 - 0000000 ____D C:\Users\Rohan\AppData\Roaming\.Tribler
2012-02-09 20:11 - 2012-02-09 20:11 - 0000000 ____D C:\Users\Rohan\Desktop\TriblerDownloads
2012-02-09 20:10 - 2012-02-09 20:10 - 0000955 ____A C:\Users\Rohan\Desktop\Tribler.lnk
2012-02-09 20:10 - 2012-02-09 20:10 - 0000000 ____D C:\Program Files (x86)\Tribler
2012-02-09 10:05 - 2012-02-09 09:54 - 0000000 ____D C:\Users\Rohan\Downloads\Little Children 2006 BrRip ExtraScene RG
2012-02-09 10:00 - 2011-11-12 16:41 - 0000000 ___HD C:\Users\Rohan\Downloads\cellphone
2012-02-09 09:43 - 2012-02-07 08:54 - 0002278 ____A C:\Users\Rohan\Desktop\Google Chrome.lnk
2012-02-08 19:03 - 2012-02-08 18:52 - 0000000 ____D C:\Users\Rohan\Downloads\Gali Gali Chor Hai - DVDScr - x264 - 1CDRip - [DDR]
2012-02-08 18:45 - 2012-01-18 21:52 - 0000000 ____D C:\Users\Rohan\Downloads\Contraband.2012.CAM.READNFO.XviD-GooN
2012-02-08 16:09 - 2012-02-08 16:09 - 0000000 ____D C:\Users\Rohan\Downloads\pcanywhere
2012-02-07 08:52 - 2010-12-31 11:17 - 0000000 ____D C:\Users\Rohan\AppData\Local\Google
2012-02-06 23:37 - 2012-02-06 22:21 - 1368783787 ____A C:\Users\Rohan\Downloads\pcanywhere.rar
2012-02-06 21:35 - 2012-02-06 21:27 - 0000000 ____D C:\Users\Rohan\Downloads\The Grey 2012 TS XVID-WBZ
2012-02-06 09:53 - 2009-07-28 23:00 - 0000000 ____D C:\Windows\Panther
2012-02-06 09:52 - 2012-02-06 09:51 - 0000000 ____D C:\Program Files\Recuva
2012-02-06 09:51 - 2012-02-06 09:51 - 0000000 ____D C:\Program Files\CCleaner
2012-02-06 09:50 - 2012-02-06 09:50 - 0000000 ____D C:\Program Files\Speccy
2012-02-05 20:49 - 2012-02-05 20:23 - 0000000 ____D C:\Users\Rohan\Downloads\Chronicle 2012 TS XViD - INSPiRAL
2012-02-05 16:49 - 2012-02-05 15:14 - 0000000 ____D C:\Users\Rohan\Downloads\Notes On A Scandal[2006]DVDRip XviD-ExtraTorrentRG
2012-02-05 15:18 - 2012-02-05 15:18 - 0000000 ____D C:\Users\Rohan\Downloads\Unfaithful.2002.BRRip.XviD-VLiS
2012-02-05 15:16 - 2012-02-05 14:56 - 0000000 ____D C:\Users\Rohan\Downloads\Perfect.Partner.2011.PROPER.DVDRip.XviD-CoWRY
2012-02-04 13:47 - 2012-02-04 12:00 - 0000000 ____D C:\Users\Rohan\Downloads\Spanish Beauty - DVDRip - XviD - 1CDRip - [DDR]
2012-02-04 12:44 - 2012-02-04 12:39 - 0000000 ____D C:\Program Files (x86)\iLivid
2012-02-04 12:39 - 2012-02-04 12:39 - 0000000 ____D C:\Users\Rohan\AppData\Local\PackageAware
2012-02-03 22:02 - 2011-09-29 08:14 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-02-03 22:02 - 2011-09-29 08:14 - 0000000 ____D C:\Users\Rohan\AppData\Roaming\Skype
2012-02-03 22:02 - 2011-09-29 08:14 - 0000000 ____D C:\Users\All Users\Skype
2012-02-03 22:02 - 2011-09-29 08:14 - 0000000 ____D C:\ProgramData\Skype
2012-02-03 22:01 - 2012-02-03 22:01 - 0000000 ____D C:\Users\Rohan\Desktop\Firefoxbackup
2012-02-03 21:57 - 2011-11-26 14:30 - 0000000 ____D C:\Users\Rohan\Desktop\real
2012-02-03 21:49 - 2012-01-28 12:28 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-02-03 21:44 - 2011-04-21 19:59 - 0000000 ____D C:\Users\Rohan\Desktop\C++
2012-02-03 21:32 - 2012-02-03 21:32 - 1472553 ____A ( ) C:\Users\Rohan\Desktop\SimbaInstaller.exe
2012-02-03 21:32 - 2012-02-03 21:32 - 0000562 ____A C:\Users\Public\Desktop\Simba.lnk
2012-02-03 21:32 - 2012-02-03 21:32 - 0000000 ____D C:\Simba
2012-02-03 21:24 - 2011-12-06 19:18 - 0000000 ____D C:\Users\Rohan\Desktop\TextFiles
2012-02-03 21:18 - 2012-02-03 21:07 - 0000000 ____D C:\Users\Rohan\Desktop\b9qhwi3d.default
2012-02-03 21:18 - 2012-02-03 21:07 - 0000000 ____D C:\Users\Rohan\Desktop\1lgvssbw.default
2012-02-03 21:18 - 2012-02-01 20:13 - 0000000 ____D C:\Program Files (x86)\Aurora
2012-02-03 21:18 - 2012-01-28 12:29 - 0000000 ____D C:\Users\Rohan\AppData\Roaming\SUPERAntiSpyware.com
2012-02-03 21:18 - 2010-12-29 08:01 - 0000000 ____D C:\Users\Rohan\AppData\Roaming\Mozilla
2012-02-03 20:48 - 2011-12-13 21:26 - 0000024 ____A C:\Users\Rohan\random.dat
2012-02-03 20:36 - 2012-02-03 20:36 - 0000044 ____A C:\Users\Rohan\jagex_cl_runescape_LIVE.dat
2012-02-03 20:36 - 2012-02-03 20:36 - 0000000 ____D C:\Users\Rohan\jagexcache
2012-02-02 21:32 - 2012-02-02 21:13 - 0000000 ____D C:\Users\Rohan\Downloads\Despicable.Me.DVDRip.XviD-iMBT
2012-02-01 20:29 - 2011-12-06 10:20 - 0000000 ____D C:\Users\Rohan\Desktop\HBP
2012-02-01 18:47 - 2010-12-29 20:30 - 0002243 ____A C:\Users\Rohan\Desktop\OneKey Recovery.lnk
2012-02-01 12:20 - 2012-02-01 12:03 - 608874972 ____A C:\Users\Rohan\Downloads\CHAIN.rar
2012-02-01 12:06 - 2012-02-01 11:58 - 313415559 ____A C:\Users\Rohan\Downloads\[SubDESU-H]_Soredemo_Tsuma_wo_Aibleeperu_-_02_(720x480_x264_AAC)_[642C01C9].wmv
2012-01-31 11:25 - 2011-11-14 11:56 - 0000000 ____D C:\Users\Rohan\Documents\My Games
2012-01-31 04:44 - 2010-12-29 16:50 - 0279656 ____A (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-01-30 19:38 - 2011-12-24 17:26 - 0115968 ____A C:\Users\Rohan\AppData\Local\GDIPFONTCACHEV1.DAT
2012-01-30 19:37 - 2012-01-26 12:27 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-30 19:29 - 2012-01-30 19:29 - 0002111 ____A C:\Users\Public\Desktop\Age of Mythology Gold.lnk
2012-01-30 19:27 - 2012-01-30 12:18 - 0000000 ____D C:\Users\Rohan\Downloads\AOMGOLD
2012-01-30 19:24 - 2012-01-30 19:24 - 0000000 ____D C:\Windows\Watson
2012-01-30 19:24 - 2012-01-30 19:24 - 0000000 ____D C:\Program Files (x86)\Microsoft Games
2012-01-30 19:22 - 2012-01-26 12:27 - 0001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-01-29 10:56 - 2012-01-29 10:55 - 0000000 ____D C:\Users\Rohan\Downloads\Agneepath - DVDScr - XviD - [DDR]
2012-01-28 16:54 - 2012-01-27 21:19 - 0000000 ____D C:\Users\Rohan\Downloads\Jo Hum Chahein - DVDRip - XviD - [DDR]
2012-01-28 12:51 - 2011-05-12 00:48 - 0000000 ____D C:\Program Files (x86)\SwiftKit
2012-01-27 22:11 - 2011-01-26 15:42 - 0000000 ____D C:\Program Files (x86)\The KMPlayer
2012-01-27 21:22 - 2012-01-27 21:22 - 0065536 __ASH C:\Windows\System32\config\components{8fb487b3-4604-11e1-8040-60eb69697d31}.TxR.blf
2012-01-26 17:03 - 2010-12-02 14:05 - 0000000 ____D C:\Users\All Users\VeriFace
2012-01-26 17:03 - 2010-12-02 14:05 - 0000000 ____D C:\ProgramData\VeriFace
2012-01-26 14:18 - 2012-01-26 14:16 - 0000000 ____D C:\Users\Rohan\Downloads\The Girl With The Dragon Tattoo 2011 DVDSCR XViD DTRG
2012-01-25 20:52 - 2012-01-25 20:52 - 0000000 ____D C:\My Lockbox
2012-01-25 20:51 - 2012-01-25 20:51 - 0000000 ____D C:\Program Files\My Lockbox
2012-01-25 20:50 - 2012-01-25 20:50 - 0000000 ____D C:\Users\Rohan\Downloads\My Lockbox PRO 2.3.8.281 + key
2012-01-23 20:59 - 2012-01-23 19:45 - 0000000 ____D C:\Users\Rohan\Downloads\Lanka - DVDRip - XviD - [DDR]
2012-01-23 20:33 - 2012-01-23 19:48 - 0000000 ____D C:\Users\Rohan\Downloads\Chalis Chaurasi (2012) 2CD PDVD Rip AC3 X264 imamzafar[TDBB]
2012-01-18 21:37 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-01-16 10:18 - 2012-01-16 10:05 - 0000000 ____D C:\Users\Rohan\Downloads\Contraband 2012 REPACK CAM XViD AC3-26K
2012-01-15 21:58 - 2012-01-15 21:58 - 0000000 ____D C:\Users\Rohan\Downloads\Players (2012) 2 CD PDVD Rip AC3 X264 imamzafar[TDBB]
2012-01-15 20:33 - 2011-08-01 13:44 - 0000000 ____D C:\Program Files\Common Files\Apple
2012-01-13 20:02 - 2012-02-15 01:42 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-11 22:07 - 2011-02-22 12:53 - 0000000 ____D C:\Windows\pss
2012-01-11 20:19 - 2012-01-11 20:19 - 0187822 ____A C:\Users\Rohan\Desktop\0001.pdf
2012-01-09 22:34 - 2012-01-09 22:31 - 0002012 __ASH C:\Users\Rohan\AppData\Local\bf476me556kjbj44161wp31657g52kx364n8wc6o7kk488
2012-01-09 22:34 - 2012-01-09 22:31 - 0002012 __ASH C:\Users\All Users\bf476me556kjbj44161wp31657g52kx364n8wc6o7kk488
2012-01-09 22:34 - 2012-01-09 22:31 - 0002012 __ASH C:\ProgramData\bf476me556kjbj44161wp31657g52kx364n8wc6o7kk488
2012-01-09 22:31 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\sysprep
2012-01-09 10:50 - 2012-01-06 20:47 - 0000000 ____D C:\Users\Rohan\Downloads\Undercover Boss - S2
2012-01-09 10:32 - 2012-01-09 10:12 - 0000000 ____D C:\Users\Rohan\Downloads\I Can't Think Straight[2008]DVDRip XviD-ExtraTorrentRG
2012-01-08 16:52 - 2012-01-08 14:42 - 1464667170 ____A C:\Users\Rohan\Downloads\Players.2012.MCScrRip.x264.MM[TDBB].mkv
2012-01-06 20:52 - 2012-01-06 20:48 - 0000000 ____D C:\Users\Rohan\Downloads\Undercover Boss (USA) - Season 1
2012-01-04 01:59 - 2012-02-15 01:42 - 14164480 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-01-04 01:58 - 2012-02-15 01:42 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-01-04 01:03 - 2012-02-15 01:42 - 12868096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-01-04 01:03 - 2012-02-15 01:42 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2012-01-02 22:24 - 2012-02-15 01:42 - 0515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-01-02 21:44 - 2012-02-15 01:42 - 0478208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2011-12-31 20:51 - 2011-12-31 20:13 - 0000000 ____D C:\Users\Rohan\Downloads\Mausam.650MB.DVDRip.x264-RippeR
2011-12-30 14:02 - 2012-02-09 23:30 - 0023896 ____A (IObit) C:\Windows\System32\RegistryDefragBootTime.exe
2011-12-28 20:17 - 2011-12-28 20:13 - 0000000 ____D C:\Users\Rohan\Downloads\Last.Night.2010.BDRip.XviD-iLG
2011-12-28 20:01 - 2011-12-28 20:00 - 0000000 ____D C:\Users\Rohan\Downloads\Choke.2008.LIMITED.BRRIP.X264.AC3.CrEwSaDe
2011-12-28 15:38 - 2011-12-28 15:35 - 0000000 ____D C:\Users\Rohan\Downloads\Ladies vs Ricky Bahl - DVDScr - x264 - 1CDRip - [DDR]
2011-12-27 19:59 - 2012-02-15 01:42 - 0499200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2011-12-26 20:24 - 2011-11-27 21:21 - 0000000 ____D C:\Users\Rohan\Downloads\Advanced.Archive.Password.Recovery.Professional.v4.53_CW
2011-12-26 16:15 - 2011-12-26 16:09 - 0000000 ____D C:\Users\Rohan\Downloads\Don 2 - DVDScr - XviD - 1CDRip - [DDR]
2011-12-23 20:53 - 2011-12-23 20:49 - 0001714 __ASH C:\Users\Rohan\AppData\Local\xkxqmv2b0hgj3vuq3tfr5c448t1j
2011-12-23 20:53 - 2011-12-23 20:49 - 0001714 __ASH C:\Users\All Users\xkxqmv2b0hgj3vuq3tfr5c448t1j
2011-12-23 20:53 - 2011-12-23 20:49 - 0001714 __ASH C:\ProgramData\xkxqmv2b0hgj3vuq3tfr5c448t1j
2011-12-23 20:51 - 2011-06-09 11:39 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-12-23 16:28 - 2011-12-23 16:26 - 0000000 ____D C:\Users\Rohan\Downloads\Don 2 (2011) - TELESYNC - 1CDRip - x264 [DDR]
2011-12-20 20:33 - 2010-12-29 20:30 - 0000000 ____D C:\Users\Rohan\AppData\LocalLow
2011-12-20 16:06 - 2011-12-20 16:06 - 0005828 ____A C:\Users\Rohan\Desktop\Default_EXE.reg
2011-12-20 14:59 - 2011-12-20 14:55 - 0002016 __ASH C:\Users\Rohan\AppData\Local\882146l3n571m668j688e0tvj7p3
2011-12-20 14:59 - 2011-12-20 14:55 - 0002016 __ASH C:\Users\All Users\882146l3n571m668j688e0tvj7p3
2011-12-20 14:59 - 2011-12-20 14:55 - 0002016 __ASH C:\ProgramData\882146l3n571m668j688e0tvj7p3
2011-12-20 13:02 - 2011-12-18 14:28 - 0000000 ____D C:\Users\Rohan\Downloads\Y.Tu.Mama.Tambien.2001.UNRATED.INTERNAL.DVDrip.XviD-QiX
2011-12-17 13:01 - 2011-09-30 22:47 - 0000047 ____A C:\Users\Rohan\Downloads\quicksave.txt
2011-12-16 00:45 - 2012-02-15 01:42 - 1501184 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-12-16 00:45 - 2012-02-15 01:42 - 1197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-12-16 00:45 - 2012-02-15 01:41 - 0134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-12-16 00:42 - 2012-02-15 01:42 - 9335296 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-12-16 00:42 - 2012-02-15 01:42 - 1026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2011-12-16 00:42 - 2012-02-15 01:42 - 0703488 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2011-12-16 00:42 - 2012-02-15 01:42 - 0634368 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2011-12-16 00:42 - 2012-02-15 01:41 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-12-16 00:42 - 2012-02-15 01:41 - 0082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2011-12-16 00:41 - 2012-02-15 01:41 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-12-16 00:41 - 2012-02-15 01:41 - 0057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2011-12-16 00:40 - 2012-02-15 01:42 - 12372480 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-12-16 00:40 - 2012-02-15 01:42 - 0445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2011-12-16 00:40 - 2012-02-15 01:41 - 2458624 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-12-16 00:40 - 2012-02-15 01:41 - 0256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2011-12-16 00:40 - 2012-02-15 01:41 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-12-16 00:38 - 2012-02-15 01:41 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2011-12-16 00:08 - 2011-12-15 20:21 - 0000000 ____D C:\Users\Rohan\Downloads\Chloe.2009.480p.BRRip.XviD.AC3-FLAWL3SS
2011-12-16 00:02 - 2012-02-15 01:42 - 1230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-12-16 00:02 - 2012-02-15 01:42 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-12-16 00:02 - 2012-02-15 01:41 - 0132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-12-15 23:59 - 2012-02-15 01:42 - 5999104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-12-15 23:59 - 2012-02-15 01:42 - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2011-12-15 23:59 - 2012-02-15 01:42 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2011-12-15 23:59 - 2012-02-15 01:41 - 0606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2011-12-15 23:59 - 2012-02-15 01:41 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-12-15 23:59 - 2012-02-15 01:41 - 0064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2011-12-15 23:58 - 2012-02-15 01:42 - 10991104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-12-15 23:58 - 2012-02-15 01:42 - 0381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2011-12-15 23:58 - 2012-02-15 01:41 - 2072576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-12-15 23:58 - 2012-02-15 01:41 - 0185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2011-12-15 23:58 - 2012-02-15 01:41 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-12-15 23:58 - 2012-02-15 01:41 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-12-15 23:58 - 2012-02-15 01:41 - 0044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2011-12-15 23:56 - 2012-02-15 01:41 - 0012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2011-12-15 23:26 - 2012-02-15 01:41 - 0482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2011-12-15 22:49 - 2012-02-15 01:41 - 0386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2011-12-15 22:43 - 2012-02-15 01:41 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-12-15 22:15 - 2012-02-15 01:41 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-12-15 21:58 - 2011-12-15 21:58 - 0000004 ____A C:\Users\Rohan\cache.dat
2011-12-15 20:28 - 2011-12-15 20:28 - 0000000 ____D C:\Program Files (x86)\Windows Resource Kits
2011-12-15 13:29 - 2011-12-15 13:21 - 0000000 ____D C:\Users\Rohan\Downloads\He's Just Not That Into You[2009]DvDrip[Eng]-FXG
2011-12-15 13:02 - 2011-12-15 13:02 - 0000000 ____D C:\Users\All Users\Intel
2011-12-15 13:02 - 2011-12-15 13:02 - 0000000 ____D C:\ProgramData\Intel
2011-12-15 13:02 - 2009-07-13 21:08 - 0000000 ____D C:\users\Administrator
2011-12-15 13:00 - 2011-12-15 13:00 - 0000000 ____D C:\Program Files\Common Files\Intel
2011-12-15 13:00 - 2011-12-15 13:00 - 0000000 ____D C:\Program Files (x86)\Cisco
2011-12-15 01:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2011-12-14 23:23 - 2011-12-14 23:18 - 0042884 ____A C:\Windows\SysWOW64\epfwdata.bin
2011-12-14 23:12 - 2011-12-14 23:12 - 0000000 ____D C:\Users\Rohan\AppData\Roaming\SystemRequirementsLab
2011-12-14 23:12 - 2011-12-14 23:12 - 0000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2011-12-14 22:32 - 2011-12-14 22:32 - 0000000 ____D C:\Users\Rohan\AppData\Roaming\ESET
2011-12-14 22:32 - 2011-12-14 22:32 - 0000000 ____D C:\Users\Rohan\AppData\Local\ESET
2011-12-14 22:24 - 2011-12-14 22:24 - 0000000 ____D C:\Program Files\ESET
2011-12-14 21:40 - 2011-12-14 21:40 - 0000000 ____D C:\Users\Rohan\AppData\Roaming\Malwarebytes
2011-12-14 21:40 - 2011-12-14 21:40 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-12-14 21:40 - 2011-12-14 21:40 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-12-14 20:56 - 2011-12-14 20:13 - 0009184 __ASH C:\Users\Rohan\AppData\Local\jonlub3e8brh0gic0seh0b553s1r
2011-12-14 20:56 - 2011-12-14 20:13 - 0009184 __ASH C:\Users\All Users\jonlub3e8brh0gic0seh0b553s1r
2011-12-14 20:56 - 2011-12-14 20:13 - 0009184 __ASH C:\ProgramData\jonlub3e8brh0gic0seh0b553s1r
2011-12-10 12:24 - 2011-04-15 02:31 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-12-10 00:23 - 2011-12-10 00:12 - 0000000 ____D C:\Users\Rohan\Downloads\X-Art - Constance (X-Art on TV) (720p)
2011-12-09 23:47 - 2011-12-09 23:47 - 0000000 ____D C:\Users\Rohan\Downloads\Kiss the Girls (1997)-DVDRIp Xvid-THC
2011-12-09 12:31 - 2011-12-09 12:31 - 0000000 ____D C:\Windows\SysWOW64\RTCOM
2011-12-09 12:29 - 2010-12-02 13:29 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2011-12-09 12:24 - 2011-12-09 11:58 - 784001024 ____A C:\Users\Rohan\Downloads\Ladies VS Ricky Bahl - 2011 Scam.mpg
2011-12-08 20:23 - 2011-01-25 05:28 - 0000000 ____D C:\Users\Rohan\Documents\Youcam
2011-12-08 20:13 - 2011-04-20 11:09 - 0000000 ____D C:\Program Files\Microsoft SQL Server
2011-12-08 20:13 - 2011-04-20 11:08 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2011-12-07 19:46 - 2011-12-07 19:46 - 0000000 ____D C:\Users\Rohan\Downloads\dll
2011-12-06 12:09 - 2011-12-06 11:11 - 0000000 ____D C:\Users\Rohan\Downloads\Zindagi Na Milegi Dobara - BDRip - x264 - 1CDRip - ESubs - [DDR]
2011-12-06 09:31 - 2011-12-06 09:31 - 0000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2011-12-06 09:31 - 2011-12-06 09:31 - 0000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2011-12-06 09:29 - 2009-07-13 18:34 - 0000510 ____A C:\Windows\win.ini
2011-12-05 15:42 - 2011-12-05 15:41 - 0000000 ____D C:\Users\Rohan\Downloads\Moneyball{2011}R5.XviD-Hackulus (SEEDBOX SUPPORTED)
2011-12-03 13:13 - 2011-12-03 13:01 - 0000000 ____D C:\Users\Rohan\Downloads\The Dirty Picture (2011) - 1CD SCam Rip - x264 - [Team ExD]
2011-12-03 13:01 - 2011-12-03 13:01 - 0000000 ____D C:\Users\Rohan\Downloads\Dirty Picture (2011) 1CD Scam Rip AAC X264 imamzafar [TDBB]
2011-12-02 19:55 - 2011-12-02 19:54 - 0000000 ____D C:\Users\Rohan\AppData\Roaming\ooVoo Details
2011-12-02 19:53 - 2011-12-02 19:53 - 0000000 ____D C:\Program Files (x86)\ooVoo
2011-12-01 13:51 - 2011-06-10 22:24 - 0000000 ____D C:\Users\Rohan\AppData\Roaming\Real
2011-12-01 10:18 - 2011-12-01 10:09 - 732001340 ____A C:\Users\Rohan\Downloads\Desi Boyz.2011.1CD.DVDScr.X264.E-Subs.MM[TDBB].mkv
2011-11-30 11:23 - 2011-11-28 07:08 - 0000000 ____D C:\Users\Rohan\AppData\Roaming\Charles
2011-11-27 22:35 - 2011-11-27 22:24 - 0001768 ____A C:\Windows\Sandboxie.ini
2011-11-27 22:25 - 2011-11-27 22:25 - 0000000 ___RD C:\Sandbox
2011-11-27 22:24 - 2011-11-27 22:18 - 0000000 ____D C:\Program Files\Sandboxie
2011-11-27 21:22 - 2011-11-27 21:22 - 0000000 ____D C:\Program Files (x86)\ElcomSoft
2011-11-24 14:54 - 2011-11-24 14:32 - 0000000 ____D C:\Users\Rohan\Downloads\50-50 2011 DVDSCR XViD - U.S.M

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\User32.dll
[2009-07-13 15:38] - [2009-07-13 17:41] - 1008640 ____A (Microsoft Corporation) 72D7B3EA16946E8F0CF7458150031CC6

C:\Windows\SysWOW64\User32.dll
[2009-07-13 15:24] - [2009-07-13 17:11] - 0833024 ____A (Microsoft Corporation) E8B0FFC209E504CB7E79FC24E6C085F0

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 3892.48 MB
Available physical RAM: 3281.66 MB
Total Pagefile: 3890.63 MB
Available Pagefile: 3269.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:420.33 GB) (Free:220.37 GB) NTFS
2 Drive d: (LENOVO) (Fixed) (Total:30.48 GB) (Free:28.45 GB) NTFS
4 Drive g: (AESHA'S PEN) (Removable) (Total:0.24 GB) (Free:0.24 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: () (Fixed) (Total:0.2 GB) (Free:0.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 1024 KB
Disk 1 Online 246 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 200 MB 1024 KB
Partition 2 Primary 420 GB 201 MB
Partition 0 Extended 30 GB 420 GB
Partition 4 Logical 30 GB 420 GB
Partition 3 OEM 14 GB 451 GB

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y NTFS Partition 200 MB Healthy

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 420 GB Healthy

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D LENOVO NTFS Partition 30 GB Healthy

Disk: 0
Partition 3
Type : 12
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 LENOVO_PART NTFS Partition 14 GB Healthy Hidden

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 245 MB 16 KB

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G AESHA'S PEN FAT Removable 245 MB Healthy



==========================================================

Last Boot: 2012-02-19 03:30

======================= End Of Log ==========================

Edited by RohanShah, 20 February 2012 - 10:20 PM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:44 AM

Posted 20 February 2012 - 10:29 PM

Hello

I want you to run the fix below and when it is complete I want you to rerun combofix for me

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

SubSystems: [Windows] ==> ZeroAccess
2 uploadmgr; C:\Windows\System32\iaantmon.dll [6656 2009-07-13] (Oak Technology Inc.)
C:\Windows\System32\iaantmon.dll


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 RohanShah

RohanShah
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 20 February 2012 - 11:06 PM

fixlog:
Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 20-02-2012
Ran by SYSTEM at 2012-02-20 22:47:35 R:1
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
uploadmgr service deleted successfully.
C:\Windows\System32\iaantmon.dll moved successfully.

==== End of Fixlog ====


CF log:

ComboFix 12-02-17.02 - Rohan 02/20/2012 22:51:45.5.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3892.2464 [GMT -5:00]
Running from: c:\users\Rohan\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Outdated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Outdated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-21 to 2012-02-21 )))))))))))))))))))))))))))))))
.
.
2012-02-21 05:56 . 2012-02-21 05:58 -------- d-----w- C:\FRST
2012-02-21 04:01 . 2012-02-21 04:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-21 04:01 . 2012-02-21 04:01 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-02-20 10:14 . 2012-02-20 10:14 388096 ----a-r- c:\users\Rohan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-20 10:14 . 2012-02-20 10:14 -------- d-----w- c:\program files (x86)\Trend Micro
2012-02-20 05:13 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{22535222-C7C9-4076-AD0B-E39701653634}\mpengine.dll
2012-02-18 05:22 . 2012-02-21 03:00 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-16 05:21 . 2012-02-16 05:21 -------- d-----w- c:\programdata\PreEmptive Solutions
2012-02-16 05:04 . 2012-02-16 05:04 -------- d-----w- c:\programdata\VS
2012-02-16 03:00 . 2012-02-16 03:00 -------- d-----w- c:\users\Rohan\AppData\Roaming\Outlook
2012-02-16 02:53 . 2012-02-21 03:03 -------- d-----w- c:\users\Rohan\AppData\Local\Htc
2012-02-16 02:52 . 2012-02-16 03:00 -------- d-----w- c:\users\Rohan\AppData\Roaming\HTC
2012-02-16 02:51 . 2012-02-16 02:51 -------- d-----w- c:\program files (x86)\Spirent Communications
2012-02-16 02:51 . 2012-02-16 02:52 -------- d-----w- c:\program files (x86)\HTC
2012-02-16 02:44 . 2012-02-16 03:09 -------- d-----w- C:\ruu_log
2012-02-12 07:04 . 2012-02-19 12:50 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-02-12 07:04 . 2012-02-19 12:50 43960 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-02-11 03:01 . 2012-02-11 03:02 -------- d-----w- c:\program files\iTunes
2012-02-11 03:01 . 2012-02-11 03:01 -------- d-----w- c:\program files\iPod
2012-02-10 07:30 . 2011-12-30 22:02 23896 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-02-10 07:20 . 2012-02-10 07:20 -------- d-----w- c:\programdata\IObit
2012-02-10 04:11 . 2012-02-10 04:12 -------- d-----w- c:\users\Rohan\AppData\Roaming\.Tribler
2012-02-10 04:10 . 2012-02-10 04:10 -------- d-----w- c:\program files (x86)\Tribler
2012-02-06 17:51 . 2012-02-06 17:52 -------- d-----w- c:\program files\Recuva
2012-02-06 17:51 . 2012-02-06 17:51 -------- d-----w- c:\program files\CCleaner
2012-02-06 17:50 . 2012-02-06 17:50 -------- d-----w- c:\program files\Speccy
2012-02-04 20:39 . 2012-02-04 20:44 -------- d-----w- c:\program files (x86)\iLivid
2012-02-04 20:39 . 2012-02-04 20:39 -------- d-----w- c:\users\Rohan\AppData\Local\PackageAware
2012-02-04 05:32 . 2012-02-04 05:32 -------- d-----w- C:\Simba
2012-02-04 04:36 . 2012-02-04 04:36 -------- d-----w- c:\users\Rohan\jagexcache
2012-02-02 04:13 . 2012-02-04 05:18 -------- d-----w- c:\program files (x86)\Aurora
2012-01-31 03:24 . 2012-01-31 03:24 -------- d-----w- c:\windows\Watson
2012-01-31 03:24 . 2012-01-31 03:24 -------- d-----w- c:\program files (x86)\Microsoft Games
2012-01-28 20:29 . 2012-02-04 05:18 -------- d-----w- c:\users\Rohan\AppData\Roaming\SUPERAntiSpyware.com
2012-01-28 20:28 . 2012-02-04 05:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-26 20:27 . 2012-01-31 03:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-26 04:51 . 2010-07-22 21:13 54848 ----a-w- c:\windows\system32\drivers\FSPFltd.sys
2012-01-26 04:51 . 2012-01-26 04:51 -------- d-----w- c:\program files\My Lockbox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-17 07:13 . 2011-04-20 19:05 2479904 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-01-31 12:44 . 2010-12-30 00:50 279656 ----a-w- c:\windows\system32\MpSigStub.exe
2012-01-06 02:15 . 2011-01-18 23:11 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-24 04:51 . 2011-06-09 19:39 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 20:24 . 2011-04-15 10:31 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-10 399736]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-29 98304]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"Lenovo SlideNav2"="c:\program files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe" [2009-12-30 318400]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="c:\program files (x86)\Windows Live\Installer\wlstart.exe" [2009-07-26 768336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 SASDIFSV;SASDIFSV; [x]
R1 SASKUTIL;SASKUTIL; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2011-06-15 2560]
R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 EagleX64;EagleX64; [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-15 38152]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-11-17 575304]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464]
S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [x]
S1 ArcSec;archlp;c:\windows\system32\drivers\ArcSec.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-30 497496]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-06-23 46080]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
S2 Slidebar Notifier Service;Slidebar Notifier Service;c:\program files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe [2009-12-30 69568]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
S3 vm332avs;Lenovo Camera2;c:\windows\system32\Drivers\vm332avs.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1723700413-2339148374-4043010873-1000Core.job
- c:\users\Rohan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-07 16:52]
.
2012-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1723700413-2339148374-4043010873-1000UA.job
- c:\users\Rohan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-07 16:52]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2010-12-02 22:05 1502720 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-29 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-29 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-29 414744]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SynBtnAsst"="c:\program files (x86)\Synaptics\SynTP\SynBtnAsst.exe" [BU]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2009-12-19 776608]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2010-03-11 4448704]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2010-03-11 7056832]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-10-14 2278504]
"mylbx"="c:\program files\My Lockbox\mylbx.exe" [2010-11-09 1792224]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{9259C06B-7F0E-4FC7-8194-B982E268E4B9}: NameServer = 0.0.0.0
FF - ProfilePath - c:\users\Rohan\AppData\Roaming\Mozilla\Firefox\Profiles\b9qhwi3d.default\
FF - prefs.js: browser.startup.homepage - hxxps://duckduckgo.com/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.type - 0
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: general.useragent.extra.brc -
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1723700413-2339148374-4043010873-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-20 23:04:01
ComboFix-quarantined-files.txt 2012-02-21 04:04
ComboFix2.txt 2012-02-20 10:41
ComboFix3.txt 2012-02-20 05:40
ComboFix4.txt 2012-02-20 04:59
ComboFix5.txt 2012-02-20 20:49
.
Pre-Run: 236,648,894,464 bytes free
Post-Run: 236,147,843,072 bytes free
.
- - End Of File - - 1A8BF01DCC5D92215D419379F03DAAA9

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:44 AM

Posted 21 February 2012 - 12:14 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

File::
c:\windows\system32\dds_trash_log.cmd

Folder::
c:\program files (x86)\iLivid
c:\users\Rohan\AppData\Local\PackageAware

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 RohanShah

RohanShah
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 21 February 2012 - 12:48 AM

Thanks for the help so far my only concern is iron cache.db which is associated with "win 7 antivirus" virus and here is the log you requested
But I think my pc seems clean now I have been using google and other websites no redirects in about 50 webpages.
Donated,
Thanks

log:

ComboFix 12-02-21.01 - Rohan 02/21/2012 0:31.6.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3892.2264 [GMT -5:00]
Running from: c:\users\Rohan\Desktop\ComboFix.exe
Command switches used :: c:\users\Rohan\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Outdated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Outdated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\dds_trash_log.cmd"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\iLivid
c:\program files (x86)\iLivid\ilivid.exe
c:\program files (x86)\iLivid\imageformats\qgif4.dll
c:\program files (x86)\iLivid\imageformats\qjpeg4.dll
c:\program files (x86)\iLivid\libgcc_s_dw2-1.dll
c:\program files (x86)\iLivid\mingwm10.dll
c:\program files (x86)\iLivid\phonon4.dll
c:\program files (x86)\iLivid\QtCore4.dll
c:\program files (x86)\iLivid\QtGui4.dll
c:\program files (x86)\iLivid\QtNetwork4.dll
c:\program files (x86)\iLivid\QtScript4.dll
c:\program files (x86)\iLivid\QtWebKit4.dll
c:\users\Rohan\AppData\Local\PackageAware
.
.
((((((((((((((((((((((((( Files Created from 2012-01-21 to 2012-02-21 )))))))))))))))))))))))))))))))
.
.
2012-02-21 05:56 . 2012-02-21 05:58 -------- d-----w- C:\FRST
2012-02-21 05:36 . 2012-02-21 05:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-21 05:36 . 2012-02-21 05:36 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-02-20 10:14 . 2012-02-20 10:14 388096 ----a-r- c:\users\Rohan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-20 10:14 . 2012-02-20 10:14 -------- d-----w- c:\program files (x86)\Trend Micro
2012-02-20 05:13 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{22535222-C7C9-4076-AD0B-E39701653634}\mpengine.dll
2012-02-18 05:22 . 2012-02-21 03:00 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-16 05:21 . 2012-02-16 05:21 -------- d-----w- c:\programdata\PreEmptive Solutions
2012-02-16 05:04 . 2012-02-16 05:04 -------- d-----w- c:\programdata\VS
2012-02-16 03:00 . 2012-02-16 03:00 -------- d-----w- c:\users\Rohan\AppData\Roaming\Outlook
2012-02-16 02:53 . 2012-02-21 03:03 -------- d-----w- c:\users\Rohan\AppData\Local\Htc
2012-02-16 02:52 . 2012-02-16 03:00 -------- d-----w- c:\users\Rohan\AppData\Roaming\HTC
2012-02-16 02:51 . 2012-02-16 02:51 -------- d-----w- c:\program files (x86)\Spirent Communications
2012-02-16 02:51 . 2012-02-16 02:52 -------- d-----w- c:\program files (x86)\HTC
2012-02-16 02:44 . 2012-02-16 03:09 -------- d-----w- C:\ruu_log
2012-02-12 07:04 . 2012-02-19 12:50 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-02-12 07:04 . 2012-02-19 12:50 43960 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-02-11 03:01 . 2012-02-11 03:02 -------- d-----w- c:\program files\iTunes
2012-02-11 03:01 . 2012-02-11 03:01 -------- d-----w- c:\program files\iPod
2012-02-10 07:30 . 2011-12-30 22:02 23896 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-02-10 07:20 . 2012-02-10 07:20 -------- d-----w- c:\programdata\IObit
2012-02-10 04:11 . 2012-02-10 04:12 -------- d-----w- c:\users\Rohan\AppData\Roaming\.Tribler
2012-02-10 04:10 . 2012-02-10 04:10 -------- d-----w- c:\program files (x86)\Tribler
2012-02-06 17:51 . 2012-02-06 17:52 -------- d-----w- c:\program files\Recuva
2012-02-06 17:51 . 2012-02-06 17:51 -------- d-----w- c:\program files\CCleaner
2012-02-06 17:50 . 2012-02-06 17:50 -------- d-----w- c:\program files\Speccy
2012-02-04 05:32 . 2012-02-04 05:32 -------- d-----w- C:\Simba
2012-02-04 04:36 . 2012-02-04 04:36 -------- d-----w- c:\users\Rohan\jagexcache
2012-02-02 04:13 . 2012-02-04 05:18 -------- d-----w- c:\program files (x86)\Aurora
2012-01-31 03:24 . 2012-01-31 03:24 -------- d-----w- c:\windows\Watson
2012-01-31 03:24 . 2012-01-31 03:24 -------- d-----w- c:\program files (x86)\Microsoft Games
2012-01-28 20:29 . 2012-02-04 05:18 -------- d-----w- c:\users\Rohan\AppData\Roaming\SUPERAntiSpyware.com
2012-01-28 20:28 . 2012-02-04 05:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-26 20:27 . 2012-01-31 03:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-26 04:51 . 2010-07-22 21:13 54848 ----a-w- c:\windows\system32\drivers\FSPFltd.sys
2012-01-26 04:51 . 2012-01-26 04:51 -------- d-----w- c:\program files\My Lockbox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-17 07:13 . 2011-04-20 19:05 2479904 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-01-31 12:44 . 2010-12-30 00:50 279656 ----a-w- c:\windows\system32\MpSigStub.exe
2012-01-06 02:15 . 2011-01-18 23:11 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-24 04:51 . 2011-06-09 19:39 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 20:24 . 2011-04-15 10:31 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-21_04.01.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-02 21:32 . 2012-02-21 05:40 90362 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-02-21 03:51 53806 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-21 05:40 53806 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-29 16:27 . 2012-02-21 05:40 31406 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1723700413-2339148374-4043010873-1000_UserData.bin
- 2010-12-29 17:02 . 2012-02-21 03:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-29 17:02 . 2012-02-21 05:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-29 17:02 . 2012-02-21 03:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-29 17:02 . 2012-02-21 05:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-02-21 03:48 . 2012-02-21 03:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-21 05:37 . 2012-02-21 05:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-21 05:37 . 2012-02-21 05:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-21 03:48 . 2012-02-21 03:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-02-21 03:49 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-02-21 05:38 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 05:01 . 2012-02-21 03:05 415732 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-21 05:36 415732 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-02-21 03:49 4505600 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-21 05:38 4505600 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-21 03:49 1163264 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-21 05:38 1163264 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-24 07:34 . 2012-02-21 05:36 55815164 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1723700413-2339148374-4043010873-1000-8192.dat
- 2011-01-24 07:34 . 2012-02-21 03:06 55815164 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1723700413-2339148374-4043010873-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-10 399736]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-29 98304]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"Lenovo SlideNav2"="c:\program files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe" [2009-12-30 318400]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="c:\program files (x86)\Windows Live\Installer\wlstart.exe" [2009-07-26 768336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 SASDIFSV;SASDIFSV; [x]
R1 SASKUTIL;SASKUTIL; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 EagleX64;EagleX64; [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-15 38152]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-11-17 575304]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464]
S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [x]
S1 ArcSec;archlp;c:\windows\system32\drivers\ArcSec.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-30 497496]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2011-06-15 2560]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-06-23 46080]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
S2 Slidebar Notifier Service;Slidebar Notifier Service;c:\program files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe [2009-12-30 69568]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
S3 vm332avs;Lenovo Camera2;c:\windows\system32\Drivers\vm332avs.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1723700413-2339148374-4043010873-1000Core.job
- c:\users\Rohan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-07 16:52]
.
2012-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1723700413-2339148374-4043010873-1000UA.job
- c:\users\Rohan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-07 16:52]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2010-12-02 22:05 1502720 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-29 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-29 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-29 414744]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SynBtnAsst"="c:\program files (x86)\Synaptics\SynTP\SynBtnAsst.exe" [BU]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2009-12-19 776608]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2010-03-11 4448704]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2010-03-11 7056832]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-10-14 2278504]
"mylbx"="c:\program files\My Lockbox\mylbx.exe" [2010-11-09 1792224]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 68.105.28.12 68.105.29.11
TCP: Interfaces\{9259C06B-7F0E-4FC7-8194-B982E268E4B9}: NameServer = 0.0.0.0
FF - ProfilePath - c:\users\Rohan\AppData\Roaming\Mozilla\Firefox\Profiles\b9qhwi3d.default\
FF - prefs.js: browser.startup.homepage - hxxps://duckduckgo.com/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.type - 0
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: general.useragent.extra.brc -
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1723700413-2339148374-4043010873-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\TeamViewer\Version6\TeamViewer.exe
c:\program files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
c:\program files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe
.
**************************************************************************
.
Completion time: 2012-02-21 00:45:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-21 05:45
ComboFix2.txt 2012-02-21 04:04
ComboFix3.txt 2012-02-20 10:41
ComboFix4.txt 2012-02-20 05:40
ComboFix5.txt 2012-02-21 05:31
.
Pre-Run: 236,219,445,248 bytes free
Post-Run: 236,145,463,296 bytes free
.
- - End Of File - - A7970C5E2DDA58A1CE791FA9C6DF6A28

Edited by RohanShah, 21 February 2012 - 01:15 AM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:44 AM

Posted 21 February 2012 - 01:19 AM

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 RohanShah

RohanShah
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 21 February 2012 - 01:45 AM

My computer seems to be doing fine, but only problem I found out is in task manager i saw svchost.exe using up 105,878k memory I dont know if it is normal or not. The process is using these services, these are the descriptions : Desktop Window Manager Session, Diagnostic system host, Distributed link tracking, network connections, program compatibility service, superfetch, windows audio endpoint builder, windows driver foundation, and WLAN auto config.

MBAM log:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.21.02

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Rohan :: ROHAN-PC [administrator]

2/21/2012 1:30:59 AM
mbam-log-2012-02-21 (01-30-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 198167
Time elapsed: 4 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

HijackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:37:32 AM, on 2/21/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16930)
Boot mode: Normal

Running processes:
C:\Program Files\My Lockbox\mylbx.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
C:\PROGRAM FILES (X86)\HTC\HTC SYNC 3.0\HTCUPCTLOADER.EXE
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [Lenovo SlideNav2] "C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9259C06B-7F0E-4FC7-8194-B982E268E4B9}: NameServer = 0.0.0.0
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IGRS - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo ReadyComm AppSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
O23 - Service: Lenovo ReadyComm ConnSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\windows\runservice.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Oasis2Service - Unknown owner - C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Slidebar Notifier Service - Lenovo - C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12424 bytes

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:44 AM

Posted 21 February 2012 - 01:47 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKUS\S-1-5-18\..\RunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\RunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage (User 'Default user')
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 RohanShah

RohanShah
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 21 February 2012 - 08:01 AM

ESET log:

C:\Program Files (x86)\Cheat Engine 6.1\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB application
C:\Qoobox\Quarantine\C\Users\Rohan\AppData\Local\TempDIR\BetterInstaller.exe.vir a variant of Win32/Adware.Somoto.A application
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.DN trojan
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.G trojan
C:\Qoobox\Quarantine\C\Windows\SysWOW64\BReWErS.dll.vir a variant of Win32/GameHack.D application
C:\Windows\assembly\temp\U\80000032.@ probably a variant of Win32/Olmarik.AVQ trojan




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users