Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran Combofix on Windows 7 pc and now Windows won't start up!


  • This topic is locked This topic is locked
20 replies to this topic

#1 naqman32

naqman32

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 20 March 2012 - 10:23 PM

So I kept on getting redirected whenever I clicked on a link, most often times on google in Chrome and Firefox to some random websites like r.looksmart, shopping hornet, or they would just pop out while I would be viewing one page, a new tab would just come up saying something like "delivery jpc",i forget what it was, been trying to fix this problem for a while. So after a while this got rather tiresome and I decided to try mbam, it says nothing is infected but I still get redirected, I try tdsskiller, same story, and so I try Combofix, ignoring the fact that I tried it before and I spent quite a bit of time trying to fix everything it messed up last time. So I did it, it went through its stages, presumably deleted such infected bleep because it displayed the message that it was deleting some files, and then it would display the message that it would want to reboot, and don't manually reboot it, and so i let it do that, it reboots, i log back on, it then says creating a log report, I wait, the log report is shown..but then after that I exit out of the log report, attempt to open firefox to check if the rootkit/redirection virus is still there, but it wouldn't open and it would say something like "illegal operation...file is going to be deleted..blah, blah ,blah..file deleted or moved"..excuse my inprecise specifications, but I think you guys probably get the point regardless. So since I was unable to open it, I decide to reboot my computer, I click restart, and then i wait, it shows the dell stuff, then it goes to the starting windows animation, but then the screen goes blank and it says something like "going into power save" and then the power light on my monitor goes yellow, and then after like 5 seconds my computer simply reboots and goes back to the first DELL bios display thingy, but then it said windows couldn't start properly and it gives the boot options to either "launch startup repair" or start windows normally..I pick normally but the cycle simply repeats it self and i can't get to the logon screen and it only goes back to the boot option screen. So then I pick the other option to launch startup repair, and then i wait for it to check the system for errors and perform its function..i wait..but then it comes up saying something like "startup repair cannot fix this problem automatically"..so then i was just left there wondering what i should do..theres command prompt, but idk what to do, and theres the dell local backup thing, but i tried that and the whole thing just froze halfway through for 30 minutes and i shut it off. So then I ask my brother to google for something to get me back in control of my computer..he gave me a dvd disk with something called REATOGO-X-PE Desktop with OTLPE which allows me to explore the contents of my hard drive, and the files on regular windows... and now i'm on that writing to you guys in desperation because I just want to get back my normal desktop to do my work. So please help me...btw i don't have a system restore point for some reason..idk last time i ran combofix it gave me one, but this last time i didn't get one so now i had to spend all this time trying to find a way to reboot windows..so please help me..i'll attach the log files i found exploring the hdd from combofix..please tell me what to do to fix this, thanks.Attached File  ComboFix.txt   29.35KB   0 downloads
ComboFix 12-03-20.01 - Nithish 03/20/2012 14:43:05.4.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6109.4798 [GMT -4:00]
Running from: c:\users\Nithish\Desktop\1ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\bleepdragon.exe
c:\programdata\bleep.exe
c:\windows\7Loader.TAG
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\bckfg.tmp
c:\windows\assembly\temp\cfg.ini
c:\windows\assembly\temp\keywords
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\consrv.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\System64
.
---- Previous Run -------
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\consrv.dll
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((( Files Created from 2012-02-20 to 2012-03-20 )))))))))))))))))))))))))))))))
.
.
2012-03-20 18:54 . 2012-03-20 18:54 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-03-20 18:54 . 2012-03-20 18:54 -------- d-----w- c:\users\Nikita\AppData\Local\temp
2012-03-20 18:54 . 2012-03-20 18:54 -------- d-----w- c:\users\Nikil\AppData\Local\temp
2012-03-20 18:54 . 2012-03-20 18:54 -------- d-----w- c:\users\Nikil.Jacob-PC\AppData\Local\temp
2012-03-20 18:54 . 2012-03-20 18:54 -------- d-----w- c:\users\Mcx2-JACOB-PC\AppData\Local\temp
2012-03-20 18:54 . 2012-03-20 18:54 -------- d-----w- c:\users\Mcx1-JACOB-PC\AppData\Local\temp
2012-03-20 18:54 . 2012-03-20 18:54 -------- d-----w- c:\users\Jacob\AppData\Local\temp
2012-03-20 18:54 . 2012-03-20 18:54 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-03-20 18:54 . 2012-03-20 18:54 -------- d-----w- c:\users\For a gay person\AppData\Local\temp
2012-03-20 18:54 . 2012-03-20 18:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-20 18:54 . 2012-03-20 18:54 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-03-20 07:41 . 2012-03-20 07:41 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-20 07:41 . 2012-03-20 07:41 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-20 00:00 . 2011-05-14 23:47 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-09 20:11 . 2012-02-09 20:12 525544 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-06 23:01 . 2012-02-06 23:01 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\E736.tmp
2012-02-06 23:01 . 2012-02-06 23:01 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\E735.tmp
2012-01-29 02:01 . 2012-01-29 02:01 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\9BA4.tmp
2012-01-29 02:01 . 2012-01-29 02:01 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\9BA3.tmp
2009-02-13 15:02 . 2009-02-13 15:02 80896 ----a-w- c:\program files\devcon_amd64.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-31_10.15.13 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-12-22 02:48 . 2011-12-31 07:31 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2011-12-22 02:48 . 2012-02-19 08:44 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2009-11-13 14:33 . 2012-03-20 18:56 77220 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-20 19:02 33196 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-25 23:48 . 2012-03-20 19:02 22796 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1552687033-1708156880-4125484423-1009_UserData.bin
- 2010-02-02 02:01 . 2011-08-14 06:39 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
+ 2010-02-02 02:01 . 2012-03-20 19:24 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
+ 2010-12-24 22:39 . 2011-12-10 20:24 23152 c:\windows\system32\drivers\mbam.sys
+ 2009-11-24 23:04 . 2012-03-20 18:56 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-24 23:04 . 2011-12-31 08:50 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-24 23:04 . 2012-03-20 18:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-24 23:04 . 2011-12-31 08:50 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-31 08:50 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-20 18:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-18 18:04 . 2011-11-18 18:04 39936 c:\windows\Installer\ebaea7d.msi
+ 2012-02-02 00:00 . 2012-02-02 00:00 25600 c:\windows\Installer\2176f46.msi
+ 2011-06-06 16:55 . 2011-06-06 16:55 64952 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\armsvc.exe
+ 2012-02-16 12:47 . 2012-02-16 12:47 66956 c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP\WiseCustomCall.dll
+ 2009-07-13 23:31 . 2009-07-14 01:39 6656 c:\windows\system32\motmodem.dll
- 2011-12-31 08:50 . 2011-12-31 08:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-20 18:55 . 2012-03-20 18:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-31 08:50 . 2011-12-31 08:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-20 18:55 . 2012-03-20 18:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-20 00:00 . 2012-02-20 00:00 250016 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11f_Plugin.exe
+ 2012-01-11 19:44 . 2012-01-11 19:44 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
+ 2012-01-11 19:44 . 2012-01-11 19:44 335520 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.dll
+ 2010-01-22 08:17 . 2012-03-20 18:25 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-01-22 08:17 . 2011-12-31 07:31 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-12-22 02:47 . 2012-03-20 18:25 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-01-29 10:19 . 2012-01-29 10:19 245980 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
+ 2009-11-25 19:34 . 2012-03-12 22:49 393200 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-11-28 07:10 . 2012-03-20 18:37 296808 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2011-08-16 01:26 . 2012-03-20 19:00 418656 c:\windows\system32\perfh011.dat
+ 2011-08-16 00:26 . 2012-03-20 19:00 746174 c:\windows\system32\perfh00A.dat
+ 2009-07-14 02:36 . 2012-03-20 19:00 663222 c:\windows\system32\perfh009.dat
+ 2011-08-16 01:26 . 2012-03-20 19:00 122090 c:\windows\system32\perfc011.dat
+ 2011-08-16 00:26 . 2012-03-20 19:00 158220 c:\windows\system32\perfc00A.dat
+ 2009-07-14 02:36 . 2012-03-20 19:00 122090 c:\windows\system32\perfc009.dat
+ 2012-02-20 00:00 . 2012-02-20 00:00 465056 c:\windows\system32\Macromed\Flash\FlashUtil64_11_1_102_Plugin.exe
+ 2012-02-09 20:12 . 2012-02-09 20:11 190752 c:\windows\system32\javaws.exe
+ 2012-02-09 20:12 . 2012-02-09 20:11 172320 c:\windows\system32\javaw.exe
+ 2012-02-09 20:12 . 2012-02-09 20:11 172320 c:\windows\system32\java.exe
+ 2009-07-14 05:38 . 2012-03-20 22:05 262144 c:\windows\system32\config\systemprofile\ntuser.dat
- 2009-07-14 05:38 . 2011-08-14 09:12 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2009-07-14 05:12 . 2012-02-16 14:56 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2011-08-16 02:10 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-11-27 21:38 . 2011-12-31 10:39 299160 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\1033\StructuredQuerySchema.bin
+ 2009-07-14 04:46 . 2012-03-12 23:10 115000 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 05:01 . 2011-12-31 08:42 590564 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-20 18:55 590564 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-09 20:09 . 2012-02-09 20:09 909312 c:\windows\Installer\ebae9b2.msi
+ 2012-02-16 10:31 . 2012-02-16 10:31 189844 c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP\WiseCustomCalla36.exe
+ 2012-02-16 12:47 . 2012-02-16 12:47 189844 c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP\WiseCustomCalla36.dll
+ 2012-02-16 12:47 . 2012-02-16 12:47 175992 c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP\WiseCustomCalla34.dll
+ 2012-02-16 12:47 . 2012-02-16 12:47 176035 c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP\WiseCustomCalla33.dll
+ 2012-02-16 12:47 . 2012-02-16 12:47 176545 c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP\WiseCustomCalla32.dll
+ 2012-02-16 12:47 . 2012-02-16 12:47 184966 c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP\WiseCustomCalla31.exe
+ 2012-02-16 12:47 . 2012-02-16 12:47 189750 c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP\WiseCustomCalla21.dll
+ 2012-02-16 12:47 . 2012-02-16 12:47 176035 c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP\WiseCustomCalla2.dll
+ 2012-02-16 12:47 . 2012-02-16 12:47 179526 c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP\WiseCustomCalla.dll
- 2009-07-18 03:21 . 2011-11-13 07:59 8527008 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
+ 2009-07-18 03:21 . 2012-02-20 00:00 8527008 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
+ 2009-07-14 04:54 . 2012-03-20 18:54 1261568 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-28 10:41 . 2012-03-20 15:24 3947996 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1552687033-1708156880-4125484423-1009-12288.dat
+ 2012-01-24 06:53 . 2012-01-24 06:53 3629056 c:\windows\Installer\c83d496.msi
+ 2009-07-14 04:54 . 2012-03-20 18:54 13205504 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-20 18:54 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-31 07:58 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-20 00:00 . 2012-02-20 00:00 11350688 c:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll
+ 2010-10-23 13:33 . 2012-03-20 18:55 45562104 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1552687033-1708156880-4125484423-1009-8192.dat
+ 2011-12-24 09:44 . 2012-03-20 18:55 13366536 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-02-09 20:13 . 2012-02-09 20:13 52920320 c:\windows\Installer\ebaea84.msp
+ 2012-01-03 17:58 . 2012-01-03 17:58 15929344 c:\windows\Installer\1321d1e.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 20:50 1197448 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-15 738680]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-24 39408]
"Facebook Update"="c:\users\Nithish\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-12-25 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Google Quick Search Box"="c:\program files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2011-09-01 126976]
"DigidesignMMERefresh"="c:\program files (x86)\Digidesign\Drivers\MMERefresh.exe" [2010-05-05 77824]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
c:\users\Nithish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-1-21 226176]
TimeLeft.lnk - c:\program files (x86)\TimeLeft3\TimeLeft.exe [2011-9-8 2051880]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [x]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [x]
R3 ToolkitDisk;ToolkitDisk;c:\windows\system32\Drivers\toolkitdisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]
R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
R4 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R4 DokanMounter;DokanMounter;c:\program files\Dokan\DokanLibrary\mounter.exe [2008-12-11 10752]
R4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-03-13 1436424]
R4 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [x]
R4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R4 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
R4 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
R4 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 245352]
R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-08-17 656624]
R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-04-14 149032]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 23:02 114688 ----a-w- c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1552687033-1708156880-4125484423-1009Core.job
- c:\users\Nithish\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-25 07:51]
.
2012-03-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1552687033-1708156880-4125484423-1009UA.job
- c:\users\Nithish\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-25 07:51]
.
2012-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cce13da6969c7f.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-04 12:59]
.
2012-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cce13da78dd15e.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-04 12:59]
.
2012-02-19 c:\windows\Tasks\RegInOut Scheduled Scan - Nithish.job
- c:\program files (x86)\RegInOut\RegInOut.exe [2010-08-24 14:31]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\1combofix\CF22253.3XE" [2010-11-20 345088]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
iap
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421
uInternet Settings,ProxyServer = http=127.0.0.1:58828
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
LSP: mswsock.dll
TCP: DhcpNameServer = 167.206.254.2 167.206.254.1
FF - ProfilePath - c:\users\Nithish\AppData\Roaming\Mozilla\Firefox\Profiles\26zxd9sr.default\
FF - prefs.js: browser.search.selectedEngine - Google (SSL)
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 58828
FF - prefs.js: network.proxy.type - 0
tñpœñpðÙ
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKU-Default-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
SafeBoot-86088169.sys
WebBrowser-{D3B22A92-87A2-47B6-B3E6-A64877B5C242} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1552687033-1708156880-4125484423-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1552687033-1708156880-4125484423-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\drivers\CDAC11BA.EXE
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Completion time: 2012-03-20 15:09:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-20 19:09
ComboFix2.txt 2011-12-31 13:43
ComboFix3.txt 2011-12-31 10:27
.
Pre-Run: 6,959,579,136 bytes free
Post-Run: 6,990,647,296 bytes free
.
- - End Of File - - 968F6A6AF4659E275245CF33DDB8BF4E
Attached File  ComboFix-quarantined-files.txt   12.06KB   0 downloads
2012-03-20 19:08:04 . 2012-03-20 19:08:04 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-86088169.sys.reg.dat
2012-03-20 19:07:56 . 2012-03-20 19:07:56 170 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKU-Default-Run-dplaysvr.reg.dat
2012-03-20 18:56:06 . 2012-03-20 18:56:06 0 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\dds_trash_log.cmd.vir
2012-03-20 18:56:00 . 2012-03-20 18:56:00 4,096 ----a-w- C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir
2012-03-20 18:56:00 . 2012-03-20 18:56:00 5,120 ----a-w- C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir
2012-03-20 18:56:00 . 2012-03-20 18:56:00 2,048 ----a-w- C:\Qoobox\Quarantine\C\Windows\assembly\temp\@.vir
2012-03-20 15:29:13 . 2012-03-20 19:00:21 283 ----a-w- C:\Qoobox\Quarantine\C\Windows\assembly\temp\cfg.ini.vir
2012-02-01 13:36:36 . 2012-02-01 13:36:36 340,216 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\bleep.exe.vir
2012-02-01 02:54:32 . 2012-02-01 02:51:32 430,328 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\bleepdragon.exe.vir
2011-12-31 10:17:27 . 2011-12-31 10:17:27 902 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Unlocker.reg.dat
2011-12-31 10:17:27 . 2011-12-31 10:17:27 1,380 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Adobe Shockwave Player.reg.dat
2011-12-31 10:17:18 . 2012-03-20 19:08:12 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{D3B22A92-87A2-47B6-B3E6-A64877B5C242}.reg.dat
2011-12-31 10:17:17 . 2011-12-31 10:17:17 92 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat
2011-12-31 10:16:56 . 2011-12-31 10:16:56 137 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-VoxOxNG.reg.dat
2011-12-31 10:16:56 . 2011-12-31 10:16:56 97 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-AdobeBridge.reg.dat
2011-12-31 10:16:55 . 2012-03-20 19:07:53 104 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-Locked.reg.dat
2011-12-31 09:43:08 . 2011-11-29 07:57:22 32,902 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\Documents\~WRL3294.tmp.vir
2011-12-31 09:43:08 . 2011-03-18 04:59:40 56,275 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\Documents\~WRL3093.tmp.vir
2011-12-31 09:43:08 . 2011-03-08 05:47:31 19,996 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\Documents\~WRL2652.tmp.vir
2011-12-31 09:43:08 . 2010-01-05 02:38:38 14,996 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\Documents\~WRL2617.tmp.vir
2011-12-31 09:43:08 . 2011-05-26 05:07:11 24,476 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\Documents\~WRL1926.tmp.vir
2011-12-31 09:43:08 . 2010-11-03 18:46:53 16,597 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\Documents\~WRL1184.tmp.vir
2011-12-31 09:43:08 . 2011-12-20 04:05:54 12,697 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\Documents\~WRL1027.tmp.vir
2011-12-31 09:43:08 . 2011-06-05 02:28:14 15,691 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\Documents\~WRL0674.tmp.vir
2011-12-31 09:43:08 . 2011-05-23 10:36:20 21,176 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\Documents\~WRL0511.tmp.vir
2011-12-31 09:43:08 . 2011-03-31 03:01:56 30,559 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\Documents\~WRL0228.tmp.vir
2011-12-31 09:43:08 . 2010-12-03 08:25:56 22,830 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\Documents\~WRL0004.tmp.vir
2011-12-31 09:43:08 . 2011-06-03 21:40:29 673 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery\Windows 7 Recovery.lnk.vir
2011-12-31 09:43:08 . 2011-06-03 21:40:29 745 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery\Uninstall Windows 7 Recovery.lnk.vir
2011-12-31 09:43:08 . 2010-12-24 22:25:14 1,726 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool\System Tool 2011.lnk.vir
2011-12-31 09:43:08 . 2011-12-18 04:51:26 95,750 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\AppData\Roaming\PACEDrivers_Install.log.vir
2011-12-31 09:43:08 . 2010-11-28 07:44:13 15,138 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\AppData\Roaming\Nithishlog.dat.vir
2011-12-31 09:43:08 . 2011-12-18 04:24:09 182,128 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\AppData\Roaming\FlamethrowerDriver_Install.log.vir
2011-12-31 09:43:08 . 2011-12-18 04:23:28 178,878 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\AppData\Roaming\DXDriver_Install.log.vir
2011-12-31 09:43:07 . 2007-11-29 23:30:54 647,168 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\_windows_.pyd.vir
2011-12-31 09:43:07 . 2007-11-29 23:33:06 663,552 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\_misc_.pyd.vir
2011-12-31 09:43:07 . 2007-11-29 23:30:36 720,896 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\_gdi_.pyd.vir
2011-12-31 09:43:07 . 2006-09-19 15:52:26 81,920 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\_ctypes.pyd.vir
2011-12-31 09:43:07 . 2007-11-29 23:29:00 962,560 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\_core_.pyd.vir
2011-12-31 09:43:07 . 2007-11-29 23:31:38 909,312 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\_controls_.pyd.vir
2011-12-31 09:43:07 . 2006-09-19 15:52:26 4,608 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\w9xpopen.exe.vir
2011-12-31 09:43:07 . 2006-09-19 15:52:20 2,109,440 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\python25.dll.vir
2011-12-31 09:43:07 . 2008-08-13 21:34:30 44,032 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\mymc.exe.vir
2011-12-31 09:43:07 . 2008-08-13 21:34:30 44,032 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\mymc-gui.exe.vir
2011-12-31 09:43:07 . 2009-02-10 04:18:16 3,764,281 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\lz77.exe.vir
2011-12-31 09:43:07 . 2010-09-23 00:32:12 359,936 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\f0recast.exe.vir
2011-12-31 09:43:07 . 2006-04-18 21:37:48 51,200 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\CB2crypt.exe.vir
2011-12-31 07:57:00 . 2012-03-20 18:50:33 3,780 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-12-31 07:42:25 . 2012-03-20 18:41:31 357 ----a-w- C:\Qoobox\Quarantine\catchme.log
2011-12-22 05:15:06 . 2011-12-24 15:04:38 242 ----a-w- C:\Qoobox\Quarantine\C\Windows\assembly\temp\keywords.vir
2011-12-22 02:36:19 . 2012-01-27 21:07:19 854 ----a-w- C:\Qoobox\Quarantine\C\Windows\assembly\temp\bckfg.tmp.vir
2011-12-20 04:05:54 . 2011-12-20 04:05:54 12,697 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\Documents\~WRL1027.tmp
2011-12-18 04:23:32 . 2011-12-18 04:24:09 182,128 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\AppData\Roaming\FlamethrowerDriver_Install.log
2011-12-18 04:23:03 . 2011-12-18 04:23:28 178,878 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\AppData\Roaming\DXDriver_Install.log
2011-12-18 04:21:44 . 2011-12-18 04:51:26 95,750 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\AppData\Roaming\PACEDrivers_Install.log
2011-11-29 07:57:21 . 2011-11-29 07:57:22 32,902 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\Documents\~WRL3294.tmp
2011-08-15 00:36:18 . 2011-08-15 00:36:20 6 ----a-w- C:\Qoobox\Quarantine\C\Windows\7Loader.TAG.vir
2011-06-23 04:28:13 . 2011-06-23 04:28:13 5,954 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\AppData\Local\{C9F3AD71-FA25-44F0-B124-718FE6062071}\chrome\content\overlay.xul.vir
2011-06-23 04:28:13 . 2011-06-23 04:28:13 2,122 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\AppData\Local\{C9F3AD71-FA25-44F0-B124-718FE6062071}\chrome\content\_cfg.js.vir
2011-06-23 04:28:13 . 2011-06-23 04:28:13 764 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\AppData\Local\{C9F3AD71-FA25-44F0-B124-718FE6062071}\install.rdf.vir
2011-06-23 04:28:12 . 2011-06-23 04:28:12 122 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\AppData\Local\{C9F3AD71-FA25-44F0-B124-718FE6062071}\chrome.manifest.vir
2011-06-05 02:28:13 . 2011-06-05 02:28:14 15,691 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\Documents\~WRL0674.tmp
2011-06-03 21:40:29 . 2011-06-03 21:40:29 745 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery\Uninstall Windows 7 Recovery.lnk
2011-06-03 21:40:29 . 2011-06-03 21:40:29 673 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery\Windows 7 Recovery.lnk
2011-05-26 05:07:10 . 2011-05-26 05:07:11 24,476 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\Documents\~WRL1926.tmp
2011-05-23 04:38:13 . 2011-05-23 10:36:20 21,176 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\Documents\~WRL0511.tmp
2011-03-30 01:21:53 . 2011-03-31 03:01:56 30,559 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\Documents\~WRL0228.tmp
2011-03-18 01:24:12 . 2011-03-18 04:59:40 56,275 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\Documents\~WRL3093.tmp
2011-03-07 00:07:18 . 2011-03-08 05:47:31 19,996 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\Documents\~WRL2652.tmp
2011-01-17 19:45:45 . 2009-02-10 04:18:16 3,764,281 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\lz77.exe
2010-12-30 20:47:59 . 2006-04-18 21:37:48 51,200 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\CB2crypt.exe
2010-12-30 06:23:38 . 2006-09-19 15:52:26 4,608 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\w9xpopen.exe
2010-12-30 06:23:38 . 2006-09-19 15:52:20 2,109,440 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\python25.dll
2010-12-30 06:23:38 . 2008-08-13 21:34:30 44,032 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\mymc-gui.exe
2010-12-30 06:23:38 . 2008-08-13 21:34:30 44,032 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\mymc.exe
2010-12-30 06:23:38 . 2007-11-29 23:30:54 647,168 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\_windows_.pyd
2010-12-30 06:23:38 . 2007-11-29 23:33:06 663,552 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\_misc_.pyd
2010-12-30 06:23:38 . 2007-11-29 23:30:36 720,896 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\_gdi_.pyd
2010-12-30 06:23:38 . 2006-09-19 15:52:26 81,920 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\_ctypes.pyd
2010-12-30 06:23:38 . 2007-11-29 23:29:00 962,560 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\_core_.pyd
2010-12-30 06:23:38 . 2007-11-29 23:31:38 909,312 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\_controls_.pyd
2010-12-24 22:25:14 . 2010-12-24 22:25:14 1,726 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool\System Tool 2011.lnk
2010-12-03 07:52:36 . 2010-12-03 08:25:56 22,830 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\Documents\~WRL0004.tmp
2010-11-18 03:53:52 . 2010-09-23 00:32:12 359,936 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\f0recast.exe
2010-11-03 14:35:24 . 2010-11-03 18:46:53 16,597 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\Documents\~WRL1184.tmp
2010-03-27 18:31:55 . 2010-03-23 11:55:00 545 ----a-w- C:\Qoobox\Quarantine\C\Windows\pkzip.pif.vir
2010-03-27 18:31:55 . 2010-03-23 11:55:00 545 ----a-w- C:\Qoobox\Quarantine\C\Windows\pkunzip.pif.vir
2010-01-05 02:16:57 . 2010-01-05 02:38:38 14,996 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\Documents\~WRL2617.tmp
2009-07-13 23:31:13 . 2009-07-14 01:39:46 51,712 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir
2005-04-10 05:49:05 . 2010-11-28 07:44:13 15,138 ----a-w- C:\Qoobox\Quarantine\C\Users\Nithish\AppData\Roaming\Nithishlog.dat

Edited by naqman32, 20 March 2012 - 10:28 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:02 PM

Posted 21 March 2012 - 12:40 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Backup any files that cannot be replaced

If you have not done it yet spend a few minutes to backup any files that cannot be replaced. Removing malware can be unpredictable and this may save you and me allot of grief later.

You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

you may want to backup the whole harddrive there is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the files backed up you may do the following.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 naqman32

naqman32
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 21 March 2012 - 03:06 PM

Here you go man/lady, magic being who I will forever be grateful to for helping me out, here's the log: Attached File  FRST.txt   48.23KB   0 downloadsScan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 22-03-2012 03:51:18
Running from L:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM-x32\...\Run: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun [126976 2011-09-01] (Google Inc.)
HKLM-x32\...\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2010-05-05] (Avid Technology, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [460872 2012-01-13] (Malwarebytes Corporation)
HKU\Administrator\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-11-24] (Google Inc.)
HKU\Administrator\...\Policies\system: [LogonHoursAction] 2
HKU\Administrator\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Guest\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-11-24] (Google Inc.)
HKU\Mcx1-JACOB-PC\...\Policies\system: [LogonHoursAction] 2
HKU\Mcx1-JACOB-PC\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Mcx1-JACOB-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)
HKU\Mcx2-JACOB-PC\...\Policies\system: [LogonHoursAction] 2
HKU\Mcx2-JACOB-PC\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Mcx2-JACOB-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)
HKU\Nithish\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [738680 2012-02-15] (BitTorrent, Inc.)
HKU\Nithish\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-11-24] (Google Inc.)
HKU\Nithish\...\Run: [Facebook Update] "C:\Users\Nithish\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [137536 2011-12-25] (Facebook Inc.)
HKU\Nithish\...\Policies\system: [LogonHoursAction] 2
HKU\Nithish\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 167.206.254.2 167.206.254.1
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

4 Autodesk Licensing Service; "C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe" [77944 2010-12-06] (Autodesk)
2 C-DillaCdaC11BA; C:\Windows\SysWow64\drivers\CDAC11BA.EXE [54784 2010-12-06] (Macrovision)
2 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -s [77824 2010-05-05] (Avid Technology, Inc.)
4 DokanMounter; C:\Program Files\Dokan\DokanLibrary\mounter.exe [10752 2008-12-11] ()
4 FLEXnet Licensing Service; "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [654848 2010-08-17] (Macrovision Europe Ltd.)
4 FLEXnet Licensing Service 64; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe" [1436424 2011-03-12] (Acresso Software Inc.)
4 HPSIService; C:\Windows\system32\HPSIsvc.exe [127800 2010-04-07] (HP)
2 iap; C:\Windows\System32\motmodem.dll [6656 2009-07-13] (Oak Technology Inc.)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [652360 2012-01-13] (Malwarebytes Corporation)
4 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
4 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
4 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
4 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
4 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
4 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [509416 2010-04-15] (McAfee, Inc.)
4 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [200056 2011-04-14] (McAfee, Inc.)
4 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [245352 2011-04-14] (McAfee, Inc.)
2 mfevtp; "C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe" [149032 2011-04-14] (McAfee, Inc.)
4 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
4 nmservice; "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" [647216 2009-07-07] (Cisco Systems, Inc.)
2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll [x]
4 NetMsmqActivator; "c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [x]
4 NetPipeActivator; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x]
4 NetTcpActivator; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x]
4 NetTcpPortSharing; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x]

========================== Drivers (Whitelisted) =============

3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
2 CdaC15BA; C:\Windows\SysWow64\Drivers\CdaC15BA.sys [12464 2010-12-06] (Macrovision Europe Ltd)
3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [63056 2011-04-14] (McAfee, Inc.)
2 Dokan; C:\Windows\System32\Drivers\Dokan.sys [83288 2008-12-15] (Windows ® Codename Longhorn DDK provider)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [256576 2010-12-03] (DT Soft Ltd)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [23152 2011-12-10] (Malwarebytes Corporation)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [121376 2011-04-14] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [190520 2011-04-14] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [441840 2011-04-14] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [530304 2011-04-14] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75160 2011-04-14] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [94992 2011-04-14] (McAfee, Inc.)
1 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [283744 2011-04-14] (McAfee, Inc.)
3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-03-05] (Marvell Semiconductor, Inc.)
2 pnarp; C:\Windows\System32\Drivers\pnarp.sys [33328 2009-07-07] (Cisco Systems, Inc.)
2 purendis; C:\Windows\System32\Drivers\purendis.sys [35376 2009-07-07] (Cisco Systems, Inc.)
3 pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [19936 2011-09-02] ()
3 pwdspio; \??\C:\Windows\system32\pwdspio.sys [13280 2011-09-02] ()
2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [142120 2007-04-27] (SafeNet, Inc.)
3 tapoas; C:\Windows\System32\Drivers\tapoas.sys [30720 2011-08-19] (The OpenVPN Project)
3 ToolkitDisk; C:\Windows\System32\Drivers\ToolkitDisk.sys [62552 2011-08-05] (Toolkit Development, Ltd.)
0 Tpkd; C:\Windows\System32\Drivers\Tpkd.sys [105592 2009-12-23] (PACE Anti-Piracy, Inc.)
3 WsAudio_DeviceS(1); C:\Windows\System32\Drivers\WsAudio_DeviceS(1).sys [29288 2010-04-13] (Wondershare)
3 WsAudio_DeviceS(2); C:\Windows\System32\Drivers\WsAudio_DeviceS(2).sys [29288 2010-04-13] (Wondershare)
3 WsAudio_DeviceS(3); C:\Windows\System32\Drivers\WsAudio_DeviceS(3).sys [29288 2010-04-13] (Wondershare)
3 WsAudio_DeviceS(4); C:\Windows\System32\Drivers\WsAudio_DeviceS(4).sys [29288 2010-04-13] (Wondershare)
3 WsAudio_DeviceS(5); C:\Windows\System32\Drivers\WsAudio_DeviceS(5).sys [29288 2010-04-13] (Wondershare)
3 catchme; \??\C:\1ComboFix\catchme.sys [x]
3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
3 mfeavfk01; [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: iap

============ One Month Created Files and Folders ==============

2012-03-22 03:51 - 2012-03-22 03:51 - 0000000 ____D C:\FRST
2012-03-21 04:46 - 2012-03-21 04:47 - 0660480 ____A C:\Users\Nithish\Desktop\CFDQ-UsrPrf.exe
2012-03-21 00:15 - 2012-03-21 00:15 - 0000000 ____D C:\Device
2012-03-20 15:09 - 2012-03-20 15:09 - 0030056 ____A C:\ComboFix.txt
2012-03-20 15:01 - 2012-03-20 15:01 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-03-20 15:01 - 2012-03-20 15:01 - 0000000 ____D C:\$RECYCLE.BIN
2012-03-20 14:55 - 2012-03-20 14:55 - 0000552 ____A C:\Windows\PFRO.log
2012-03-20 14:41 - 2012-03-20 14:41 - 4440469 ____R (Swearware) C:\Users\Nithish\Desktop\1ComboFix.exe
2012-03-20 14:24 - 2012-03-20 14:24 - 0083086 ____A C:\TDSSKiller.2.7.20.0_20.03.2012_14.24.24_log.txt
2012-03-20 11:04 - 2012-03-20 11:05 - 0082832 ____A C:\TDSSKiller.2.7.20.0_20.03.2012_11.04.33_log.txt
2012-03-20 11:04 - 2012-03-20 11:04 - 0000348 ____A C:\TDSSKiller.2.7.12.0_20.03.2012_11.04.06_log.txt
2012-03-20 10:59 - 2012-03-21 04:46 - 4441698 ____A (Swearware) C:\Users\Nithish\Desktop\ComboFix.exe
2012-03-20 03:38 - 2012-03-20 03:40 - 0082832 ____A C:\TDSSKiller.2.7.12.0_20.03.2012_03.38.39_log.txt
2012-03-20 02:34 - 2012-03-20 02:38 - 144560731 ____A C:\Users\Nithish\Downloads\[SubDESU-H]_Oshioki_Gakuen_Reijou_Kousei_Keikaku_02_[33CACED99].mkv
2012-03-20 02:33 - 2012-03-20 02:33 - 0011517 ____A C:\Users\Nithish\Downloads\[SubDESU-H]_Oshioki_Gakuen_Reijou_Kousei_Keikaku_02_[33CACED99].mkv.torrent
2012-03-19 13:06 - 2012-03-19 13:17 - 554809340 ____A C:\Users\Nithish\Downloads\[Narutoverse]_NARUTO_Shippuden_254_[1080p].mkv
2012-03-19 13:05 - 2012-03-19 13:05 - 0021647 ____A C:\Users\Nithish\Downloads\[Narutoverse]_NARUTO_Shippuden_254_[1080p].mkv.torrent
2012-03-13 17:07 - 2012-03-13 17:20 - 554837355 ____A C:\Users\Nithish\Downloads\[Narutoverse]_NARUTO_Shippuden_251_[1080p].mkv
2012-03-13 17:06 - 2012-03-13 17:22 - 554318078 ____A C:\Users\Nithish\Downloads\[Narutoverse]_NARUTO_Shippuden_253_[1080p].mkv
2012-03-13 17:05 - 2012-03-13 17:17 - 554932965 ____A C:\Users\Nithish\Downloads\[Narutoverse]_NARUTO_Shippuden_252_[1080p].mkv
2012-03-13 17:05 - 2012-03-13 17:05 - 0021647 ____A C:\Users\Nithish\Downloads\[Narutoverse]_NARUTO_Shippuden_252_[1080p].mkv.torrent
2012-03-13 17:05 - 2012-03-13 17:05 - 0021647 ____A C:\Users\Nithish\Downloads\[Narutoverse]_NARUTO_Shippuden_251_[1080p].mkv.torrent
2012-03-13 17:05 - 2012-03-13 17:05 - 0021627 ____A C:\Users\Nithish\Downloads\[Narutoverse]_NARUTO_Shippuden_253_[1080p].mkv.torrent
2012-03-13 16:59 - 2012-03-13 17:04 - 185102462 ____A C:\Users\Nithish\Downloads\[FAKKU]_Tentacle_and_Witches_Vol.3_[37F62DC4].mkv
2012-03-13 16:58 - 2012-03-13 16:58 - 0014599 ____A C:\Users\Nithish\Downloads\[FAKKU]_Tentacle_and_Witches_Vol.3_[37F62DC4].mkv.torrent
2012-03-13 03:23 - 2012-03-13 03:39 - 0082832 ____A C:\TDSSKiller.2.7.12.0_13.03.2012_03.23.51_log.txt
2012-03-12 18:53 - 2012-03-20 14:55 - 0000426 ____A C:\Windows\setupact.log
2012-03-12 18:53 - 2012-03-12 18:53 - 0000000 ____A C:\Windows\setuperr.log

============ 3 Months Modified Files and Folders =============

2012-03-22 03:51 - 2012-03-22 03:51 - 0000000 ____D C:\FRST
2012-03-22 02:46 - 2009-11-13 12:58 - 509485056 __ASH C:\hiberfil.sys
2012-03-21 04:47 - 2012-03-21 04:46 - 0660480 ____A C:\Users\Nithish\Desktop\CFDQ-UsrPrf.exe
2012-03-21 04:46 - 2012-03-20 10:59 - 4441698 ____A (Swearware) C:\Users\Nithish\Desktop\ComboFix.exe
2012-03-21 00:15 - 2012-03-21 00:15 - 0000000 ____D C:\Device
2012-03-20 18:10 - 2009-11-25 19:31 - 0000000 ____D C:\users\Nithish
2012-03-20 18:10 - 2009-07-13 23:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-03-20 18:05 - 2010-11-05 18:57 - 0000000 ____D C:\users\Mcx2-JACOB-PC
2012-03-20 18:05 - 2010-07-12 19:10 - 0000000 ____D C:\users\Administrator
2012-03-20 18:05 - 2009-11-25 16:11 - 0000000 ____D C:\users\Mcx1-JACOB-PC
2012-03-20 18:05 - 2009-11-25 10:15 - 0000000 ____D C:\users\Guest
2012-03-20 18:04 - 2009-07-13 23:20 - 0000000 ____D C:\Windows\registration
2012-03-20 15:18 - 2009-07-14 01:10 - 1200267 ____A C:\Windows\WindowsUpdate.log
2012-03-20 15:09 - 2012-03-20 15:09 - 0030056 ____A C:\ComboFix.txt
2012-03-20 15:09 - 2011-12-31 03:42 - 0000000 ____D C:\Qoobox
2012-03-20 15:05 - 2012-02-01 20:00 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cce13da78dd15e.job
2012-03-20 15:01 - 2012-03-20 15:01 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-03-20 15:01 - 2012-03-20 15:01 - 0000000 ____D C:\$RECYCLE.BIN
2012-03-20 15:01 - 2012-02-01 20:00 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cce13da6969c7f.job
2012-03-20 15:01 - 2009-07-14 00:45 - 0035920 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-03-20 15:01 - 2009-07-14 00:45 - 0035920 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-03-20 15:01 - 2009-07-13 22:34 - 0000215 ____A C:\Windows\system.ini
2012-03-20 15:00 - 2011-08-15 21:26 - 0418656 ____A C:\Windows\System32\perfh011.dat
2012-03-20 15:00 - 2011-08-15 21:26 - 0122090 ____A C:\Windows\System32\perfc011.dat
2012-03-20 15:00 - 2011-08-15 20:26 - 0746174 ____A C:\Windows\System32\perfh00A.dat
2012-03-20 15:00 - 2011-08-15 20:26 - 0158220 ____A C:\Windows\System32\perfc00A.dat
2012-03-20 15:00 - 2009-07-14 01:13 - 2211858 ____A C:\Windows\System32\PerfStringBackup.INI
2012-03-20 14:56 - 2011-12-25 03:51 - 0000936 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1552687033-1708156880-4125484423-1009UA.job
2012-03-20 14:55 - 2012-03-20 14:55 - 0000552 ____A C:\Windows\PFRO.log
2012-03-20 14:55 - 2012-03-12 18:53 - 0000426 ____A C:\Windows\setupact.log
2012-03-20 14:55 - 2009-07-14 01:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-03-20 14:55 - 2009-07-13 22:34 - 99041280 ____A C:\Windows\System32\config\software.bak
2012-03-20 14:55 - 2009-07-13 22:34 - 22282240 ____A C:\Windows\System32\config\system.bak
2012-03-20 14:55 - 2009-07-13 22:34 - 0786432 ____A C:\Windows\System32\config\default.bak
2012-03-20 14:55 - 2009-07-13 22:34 - 0208896 ____A C:\Windows\System32\config\sam.bak
2012-03-20 14:55 - 2009-07-13 22:34 - 0028672 ____A C:\Windows\System32\config\security.bak
2012-03-20 14:54 - 2011-12-31 03:42 - 0000000 ____D C:\Windows\ERDNT
2012-03-20 14:54 - 2010-06-16 18:38 - 0000000 ____D C:\Users\Nithish\Application Data\uTorrent
2012-03-20 14:54 - 2010-06-16 18:38 - 0000000 ____D C:\Users\Nithish\AppData\Roaming\uTorrent
2012-03-20 14:41 - 2012-03-20 14:41 - 4440469 ____R (Swearware) C:\Users\Nithish\Desktop\1ComboFix.exe
2012-03-20 14:24 - 2012-03-20 14:24 - 0083086 ____A C:\TDSSKiller.2.7.20.0_20.03.2012_14.24.24_log.txt
2012-03-20 14:20 - 2012-02-04 21:38 - 0000391 ____A C:\rkill.log
2012-03-20 14:16 - 2009-11-25 19:31 - 0000000 ____D C:\Users\Nithish\Local Settings\Google
2012-03-20 14:16 - 2009-11-25 19:31 - 0000000 ____D C:\Users\Nithish\Local Settings\Application Data\Google
2012-03-20 14:16 - 2009-11-25 19:31 - 0000000 ____D C:\Users\Nithish\AppData\Local\Google
2012-03-20 14:00 - 2009-11-25 16:10 - 0000362 _RASH C:\Users\All Users\ntuser.pol
2012-03-20 14:00 - 2009-11-25 16:10 - 0000362 _RASH C:\Users\All Users\Application Data\ntuser.pol
2012-03-20 14:00 - 2009-11-25 16:10 - 0000362 _RASH C:\ProgramData\ntuser.pol
2012-03-20 13:58 - 2009-11-24 20:01 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-03-20 11:05 - 2012-03-20 11:04 - 0082832 ____A C:\TDSSKiller.2.7.20.0_20.03.2012_11.04.33_log.txt
2012-03-20 11:04 - 2012-03-20 11:04 - 0000348 ____A C:\TDSSKiller.2.7.12.0_20.03.2012_11.04.06_log.txt
2012-03-20 03:40 - 2012-03-20 03:38 - 0082832 ____A C:\TDSSKiller.2.7.12.0_20.03.2012_03.38.39_log.txt
2012-03-20 02:56 - 2011-12-25 03:51 - 0000914 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1552687033-1708156880-4125484423-1009Core.job
2012-03-20 02:38 - 2012-03-20 02:34 - 144560731 ____A C:\Users\Nithish\Downloads\[SubDESU-H]_Oshioki_Gakuen_Reijou_Kousei_Keikaku_02_[33CACED99].mkv
2012-03-20 02:33 - 2012-03-20 02:33 - 0011517 ____A C:\Users\Nithish\Downloads\[SubDESU-H]_Oshioki_Gakuen_Reijou_Kousei_Keikaku_02_[33CACED99].mkv.torrent
2012-03-19 13:17 - 2012-03-19 13:06 - 554809340 ____A C:\Users\Nithish\Downloads\[Narutoverse]_NARUTO_Shippuden_254_[1080p].mkv
2012-03-19 13:05 - 2012-03-19 13:05 - 0021647 ____A C:\Users\Nithish\Downloads\[Narutoverse]_NARUTO_Shippuden_254_[1080p].mkv.torrent
2012-03-13 17:22 - 2012-03-13 17:06 - 554318078 ____A C:\Users\Nithish\Downloads\[Narutoverse]_NARUTO_Shippuden_253_[1080p].mkv
2012-03-13 17:20 - 2012-03-13 17:07 - 554837355 ____A C:\Users\Nithish\Downloads\[Narutoverse]_NARUTO_Shippuden_251_[1080p].mkv
2012-03-13 17:17 - 2012-03-13 17:05 - 554932965 ____A C:\Users\Nithish\Downloads\[Narutoverse]_NARUTO_Shippuden_252_[1080p].mkv
2012-03-13 17:06 - 2010-10-15 22:33 - 0000000 ____D C:\Users\Nithish\Application Data\Media Player Classic
2012-03-13 17:06 - 2010-10-15 22:33 - 0000000 ____D C:\Users\Nithish\AppData\Roaming\Media Player Classic
2012-03-13 17:05 - 2012-03-13 17:05 - 0021647 ____A C:\Users\Nithish\Downloads\[Narutoverse]_NARUTO_Shippuden_252_[1080p].mkv.torrent
2012-03-13 17:05 - 2012-03-13 17:05 - 0021647 ____A C:\Users\Nithish\Downloads\[Narutoverse]_NARUTO_Shippuden_251_[1080p].mkv.torrent
2012-03-13 17:05 - 2012-03-13 17:05 - 0021627 ____A C:\Users\Nithish\Downloads\[Narutoverse]_NARUTO_Shippuden_253_[1080p].mkv.torrent
2012-03-13 17:04 - 2012-03-13 16:59 - 185102462 ____A C:\Users\Nithish\Downloads\[FAKKU]_Tentacle_and_Witches_Vol.3_[37F62DC4].mkv
2012-03-13 16:58 - 2012-03-13 16:58 - 0014599 ____A C:\Users\Nithish\Downloads\[FAKKU]_Tentacle_and_Witches_Vol.3_[37F62DC4].mkv.torrent
2012-03-13 03:39 - 2012-03-13 03:23 - 0082832 ____A C:\TDSSKiller.2.7.12.0_13.03.2012_03.23.51_log.txt
2012-03-12 18:53 - 2012-03-12 18:53 - 0000000 ____A C:\Windows\setuperr.log
2012-03-09 17:12 - 2012-02-06 19:28 - 2063920 ____A (Kaspersky Lab ZAO) C:\Users\Nithish\Desktop\TDSSKiller.exe
2012-02-21 07:03 - 2010-11-11 23:07 - 0332800 __ASH C:\Users\Nithish\Desktop\Thumbs.db
2012-02-21 07:03 - 2009-07-13 23:20 - 0000000 ____D C:\Windows\System32\NDF
2012-02-19 20:00 - 2011-05-14 19:47 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-02-19 04:00 - 2010-11-28 18:54 - 0000360 ____A C:\Windows\Tasks\RegInOut Scheduled Scan - Nithish.job
2012-02-18 06:51 - 2012-02-18 06:50 - 0082832 ____A C:\TDSSKiller.2.7.12.0_18.02.2012_05.50.40_log.txt
2012-02-17 09:40 - 2012-02-17 09:40 - 0065289 ____A C:\Users\Nithish\Downloads\justthink.jpg
2012-02-16 19:50 - 2012-02-16 19:41 - 0082832 ____A C:\TDSSKiller.2.7.12.0_16.02.2012_18.41.34_log.txt
2012-02-16 19:37 - 2012-02-07 01:35 - 0000000 ____D C:\Users\Nithish\Application Data\7F643
2012-02-16 19:37 - 2012-02-07 01:35 - 0000000 ____D C:\Users\Nithish\AppData\Roaming\7F643
2012-02-16 19:37 - 2012-02-07 01:34 - 0000000 ____D C:\Users\Nithish\Application Data\3617F
2012-02-16 19:37 - 2012-02-07 01:34 - 0000000 ____D C:\Users\Nithish\AppData\Roaming\3617F
2012-02-16 10:55 - 2012-02-16 08:19 - 555096155 ____A C:\Users\Nithish\Downloads\[Narutoverse]_NARUTO_Shippuden_250_[1080p].mkv
2012-02-16 08:48 - 2012-02-16 06:31 - 0000000 ____D C:\sh4ldr
2012-02-16 08:47 - 2012-02-16 06:31 - 0000000 ____D C:\Windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-02-16 08:43 - 2010-12-24 18:39 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-16 08:43 - 2010-06-16 18:38 - 0000000 ____D C:\Program Files (x86)\uTorrent
2012-02-16 08:41 - 2012-02-16 08:41 - 0001075 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-02-16 08:41 - 2012-02-16 08:41 - 0001075 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-02-16 08:15 - 2011-08-15 01:15 - 0000000 ____D C:\Windows\pss
2012-02-16 08:09 - 2010-12-03 17:45 - 0000000 ____D C:\Users\Nithish\Application Data\DAEMON Tools Pro
2012-02-16 08:09 - 2010-12-03 17:45 - 0000000 ____D C:\Users\Nithish\AppData\Roaming\DAEMON Tools Pro
2012-02-16 08:09 - 2010-09-06 00:54 - 0000000 ____D C:\Users\Nithish\Tracing
2012-02-16 08:08 - 2009-12-13 15:08 - 0000000 ____D C:\Windows\Minidump
2012-02-16 08:08 - 2009-11-13 12:44 - 0000000 ____D C:\Windows\Panther
2012-02-16 07:56 - 2012-02-16 07:56 - 0000784 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-02-16 07:56 - 2012-02-16 07:56 - 0000784 ____A C:\Users\All Users\Desktop\CCleaner.lnk
2012-02-16 07:56 - 2012-02-16 07:56 - 0000000 ____D C:\Program Files\CCleaner
2012-02-16 07:56 - 2012-02-16 07:55 - 3587688 ____A (Piriform Ltd) C:\Users\Nithish\Downloads\ccsetup315.exe
2012-02-16 07:54 - 2012-02-16 07:54 - 0001205 ____A C:\Users\Nithish\Downloads\FixNCR.reg
2012-02-16 07:43 - 2012-02-16 07:43 - 1008141 ____A C:\Users\Nithish\Downloads\rkill.com
2012-02-16 06:34 - 2012-02-16 00:47 - 0000000 ___HD C:\Users\Nithish\Application Data\DEF30794
2012-02-16 06:34 - 2012-02-16 00:47 - 0000000 ___HD C:\Users\Nithish\AppData\Roaming\DEF30794
2012-02-16 06:31 - 2012-02-16 06:31 - 0000000 ____D C:\Program Files\Enigma Software Group
2012-02-16 03:59 - 2012-02-16 03:58 - 0082762 ____A C:\TDSSKiller.2.7.12.0_16.02.2012_02.58.41_log.txt
2012-02-16 03:58 - 2012-02-16 03:57 - 0000352 ____A C:\TDSSKiller.2.7.6.0_16.02.2012_02.57.57_log.txt
2012-02-16 03:39 - 2011-11-09 20:37 - 0000000 ____D C:\Users\Nithish\Local Settings\Application Data\Akamai
2012-02-16 03:39 - 2011-11-09 20:37 - 0000000 ____D C:\Users\Nithish\Local Settings\Akamai
2012-02-16 03:39 - 2011-11-09 20:37 - 0000000 ____D C:\Users\Nithish\AppData\Local\Akamai
2012-02-15 08:25 - 2012-02-15 07:56 - 0082760 ____A C:\TDSSKiller.2.7.9.0_15.02.2012_06.56.20_log.txt
2012-02-15 07:38 - 2012-02-15 07:38 - 0001096 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-02-15 07:38 - 2012-02-15 07:38 - 0001096 ____A C:\Users\All Users\Desktop\Mozilla Firefox.lnk
2012-02-15 07:37 - 2012-02-15 07:37 - 15795360 ____A (Mozilla) C:\Users\Nithish\Desktop\Firefox Setup 10.0.1.exe
2012-02-15 05:20 - 2012-02-08 16:10 - 0000000 ____D C:\Users\Nithish\Application Data\Xyib
2012-02-15 05:20 - 2012-02-08 16:10 - 0000000 ____D C:\Users\Nithish\AppData\Roaming\Xyib
2012-02-15 02:25 - 2012-02-15 02:24 - 0083926 ____A C:\TDSSKiller.2.7.12.0_15.02.2012_01.24.17_log.txt
2012-02-15 02:24 - 2012-02-15 02:24 - 0000000 ____D C:\Users\Nithish\Downloads\tdsskiller (1)
2012-02-15 02:23 - 2012-02-15 02:23 - 2042462 ____A C:\Users\Nithish\Downloads\tdsskiller (1).zip
2012-02-15 02:23 - 2012-02-15 02:23 - 0000352 ____A C:\TDSSKiller.2.7.6.0_15.02.2012_01.23.12_log.txt
2012-02-15 02:23 - 2010-08-12 23:57 - 0000000 ____D C:\Users\Nithish\Local Settings\ElevatedDiagnostics
2012-02-15 02:23 - 2010-08-12 23:57 - 0000000 ____D C:\Users\Nithish\Local Settings\Application Data\ElevatedDiagnostics
2012-02-15 02:23 - 2010-08-12 23:57 - 0000000 ____D C:\Users\Nithish\AppData\Local\ElevatedDiagnostics
2012-02-15 02:22 - 2012-02-15 02:22 - 0002346 ____A C:\TDSSKiller.2.7.6.0_15.02.2012_01.22.09_log.txt
2012-02-15 02:22 - 2012-02-15 02:22 - 0000352 ____A C:\TDSSKiller.2.7.6.0_15.02.2012_01.22.24_log.txt
2012-02-12 20:16 - 2012-02-08 16:10 - 0000000 ____D C:\Users\Nithish\Application Data\Ogixp
2012-02-12 20:16 - 2012-02-08 16:10 - 0000000 ____D C:\Users\Nithish\AppData\Roaming\Ogixp
2012-02-10 07:08 - 2012-02-10 07:05 - 0015778 ____A C:\Users\Nithish\My Documents\response to asian on jeremy lin harvard video.docx
2012-02-10 07:08 - 2012-02-10 07:05 - 0015778 ____A C:\Users\Nithish\Documents\response to asian on jeremy lin harvard video.docx
2012-02-10 07:05 - 2012-02-10 07:05 - 0000162 ____A C:\Users\Nithish\My Documents\~$sponse to asian on jeremy lin harvard video.docx
2012-02-10 07:05 - 2012-02-10 07:05 - 0000162 ____A C:\Users\Nithish\Documents\~$sponse to asian on jeremy lin harvard video.docx
2012-02-10 04:34 - 2012-02-10 04:34 - 0013798 ____A C:\Users\Nithish\My Documents\bethke counter.docx
2012-02-10 04:34 - 2012-02-10 04:34 - 0013798 ____A C:\Users\Nithish\Documents\bethke counter.docx
2012-02-10 03:07 - 2012-02-10 03:03 - 120985942 ____A C:\Users\Nithish\Downloads\[SubDESU-H] HHH - 04 (704x396 xx264 AAC)[A14FC001].mkv
2012-02-09 22:53 - 2012-02-09 22:32 - 554211894 ____A C:\Users\Nithish\Downloads\[Narutoverse]_NARUTO_Shippuden_248_[1080p].mkv
2012-02-09 22:52 - 2012-02-09 22:32 - 555446827 ____A C:\Users\Nithish\Downloads\[Narutoverse]_NARUTO_Shippuden_249_[1080p].mkv
2012-02-09 21:06 - 2012-02-09 21:03 - 0082726 ____A C:\TDSSKiller.2.7.9.0_09.02.2012_20.03.50_log.txt
2012-02-09 16:13 - 2012-02-09 16:13 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2012-02-09 16:13 - 2012-02-09 16:13 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-09 16:11 - 2012-02-09 16:12 - 0525544 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-02-09 16:11 - 2012-02-09 16:12 - 0190752 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-02-09 16:11 - 2012-02-09 16:12 - 0172320 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-02-09 16:11 - 2012-02-09 16:12 - 0172320 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-02-09 16:11 - 2012-02-09 16:11 - 0000000 ____D C:\Program Files\Java
2012-02-09 16:10 - 2012-02-09 16:10 - 13072536 ____A (Microsoft Corporation) C:\Users\Nithish\Desktop\Silverlight_x64.exe
2012-02-09 16:09 - 2012-02-09 16:09 - 17268512 ____A (Sun Microsystems, Inc.) C:\Users\Nithish\Desktop\jre-6u30-windows-x64.exe
2012-02-07 23:36 - 2012-02-07 23:35 - 0083262 ____A C:\TDSSKiller.2.7.9.0_07.02.2012_22.35.15_log.txt
2012-02-07 23:36 - 2012-02-03 14:53 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-02-06 19:31 - 2012-02-06 19:28 - 0083304 ____A C:\TDSSKiller.2.7.6.0_06.02.2012_18.28.45_log.txt
2012-02-06 19:27 - 2012-02-06 19:27 - 0000346 ____A C:\TDSSKiller.2.7.6.0_06.02.2012_18.27.47_log.txt
2012-02-06 19:01 - 2009-07-13 23:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-02-06 05:18 - 2012-02-06 05:18 - 0000000 ____D C:\Program Files (x86)\Combined Community Codec Pack
2012-02-06 05:17 - 2012-02-06 05:17 - 9889896 ____A (CCCP Project ) C:\Users\Nithish\Desktop\Combined-Community-Codec-Pack-2011-11-11.exe
2012-02-06 05:00 - 2012-02-06 04:37 - 504867447 ____A C:\Users\Nithish\Downloads\[SubDESU-H]_Ore_wa_Kanojo_o_Shinjiteru!_-_01_[DVDrip][10-bit]_[656CA77F].mkv
2012-02-06 05:00 - 2012-02-06 04:37 - 400592773 ____A C:\Users\Nithish\Downloads\[SubDESU-H]_Kyuuketsuki_-_01_[DVDrip][8-bit]_[B67AC50C].mkv
2012-02-05 21:09 - 2012-02-05 21:05 - 195946303 ____A C:\Users\Nithish\Downloads\[SubDESU-H] Vampire 02(720x480 x264 AAC)[CDBD55C3].mkv
2012-02-05 15:59 - 2012-02-05 21:09 - 163159164 ____A C:\Users\Nithish\Desktop\HHH Triple Ecchi - 04.mp4
2012-02-05 04:48 - 2012-02-05 04:47 - 0082522 ____A C:\TDSSKiller.2.7.6.0_05.02.2012_03.47.20_log.txt
2012-02-04 21:51 - 2012-02-04 21:48 - 0081938 ____A C:\TDSSKiller.2.7.6.0_04.02.2012_20.48.14_log.txt
2012-02-04 21:31 - 2012-02-04 21:31 - 1008120 ____A C:\Users\Nithish\Desktop\dfdf.com
2012-02-04 21:07 - 2012-02-04 21:03 - 200617765 ____A C:\Users\Nithish\Downloads\Haramasete Seiryuu-kun! Vol. 2.mkv
2012-02-04 20:15 - 2012-02-04 19:20 - 0161666 ____A C:\TDSSKiller.2.7.6.0_04.02.2012_18.20.25_log.txt
2012-02-03 18:28 - 2012-02-03 18:28 - 0000000 ____D C:\Users\Nithish\Application Data\Adobe Mini Bridge CS5.1
2012-02-03 18:28 - 2012-02-03 18:28 - 0000000 ____D C:\Users\Nithish\AppData\Roaming\Adobe Mini Bridge CS5.1
2012-02-03 18:23 - 2011-05-29 02:13 - 0000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
2012-02-03 18:23 - 2011-05-29 02:13 - 0000000 ____D C:\Users\All Users\Application Data\regid.1986-12.com.adobe
2012-02-03 18:23 - 2011-05-29 02:13 - 0000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2012-02-03 15:38 - 2012-02-03 15:31 - 554295307 ____A C:\Users\Nithish\Downloads\[Narutoverse]_NARUTO_Shippuden_247_[1080p].mkv
2012-02-03 14:57 - 2012-02-03 14:56 - 0081986 ____A C:\TDSSKiller.2.7.6.0_03.02.2012_13.56.39_log.txt
2012-02-03 14:53 - 2012-02-03 14:52 - 0085206 ____A C:\TDSSKiller.2.7.9.0_03.02.2012_13.52.49_log.txt
2012-02-03 14:52 - 2012-02-03 14:52 - 0000346 ____A C:\TDSSKiller.2.7.6.0_03.02.2012_13.52.15_log.txt
2012-02-01 11:00 - 2012-02-01 11:00 - 0013107 ____A C:\Windows\SysWOW64\hs_err_pid1096.log
2012-02-01 10:32 - 2012-02-01 10:32 - 0000000 ____D C:\Users\Nithish\Local Settings\Cooliris
2012-02-01 10:32 - 2012-02-01 10:32 - 0000000 ____D C:\Users\Nithish\Local Settings\Application Data\Cooliris
2012-02-01 10:32 - 2012-02-01 10:32 - 0000000 ____D C:\Users\Nithish\AppData\Local\Cooliris
2012-02-01 09:36 - 2012-02-01 09:36 - 0000328 ____A C:\Users\All Users\Application Data\1nzjBqqyBHED8g
2012-02-01 09:36 - 2012-02-01 09:36 - 0000328 ____A C:\Users\All Users\1nzjBqqyBHED8g
2012-02-01 09:36 - 2012-02-01 09:36 - 0000328 ____A C:\ProgramData\1nzjBqqyBHED8g
2012-02-01 09:36 - 2012-02-01 09:36 - 0000288 ____A C:\Users\All Users\Application Data\~1nzjBqqyBHED8g
2012-02-01 09:36 - 2012-02-01 09:36 - 0000288 ____A C:\Users\All Users\~1nzjBqqyBHED8g
2012-02-01 09:36 - 2012-02-01 09:36 - 0000288 ____A C:\ProgramData\~1nzjBqqyBHED8g
2012-02-01 09:36 - 2012-02-01 09:36 - 0000200 ____A C:\Users\All Users\Application Data\~1nzjBqqyBHED8gr
2012-02-01 09:36 - 2012-02-01 09:36 - 0000200 ____A C:\Users\All Users\~1nzjBqqyBHED8gr
2012-02-01 09:36 - 2012-02-01 09:36 - 0000200 ____A C:\ProgramData\~1nzjBqqyBHED8gr
2012-01-30 10:42 - 2012-01-30 10:36 - 0000000 ____D C:\Users\Nithish\Downloads\[ www.Speed.Cd ] - Family.Guy.S10E12.720p.HDTV.X264-DIMENSION
2012-01-29 06:19 - 2010-12-18 20:50 - 2250872 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-01-28 22:03 - 2009-07-14 01:08 - 0032648 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-01-28 06:49 - 2011-08-05 21:53 - 0000000 ____D C:\Users\Nithish\Desktop\Nikil's Songs
2012-01-28 06:15 - 2011-11-29 03:57 - 0044091 ____A C:\Users\Nithish\My Documents\This is Awesome Music .rtf
2012-01-28 06:15 - 2011-11-29 03:57 - 0044091 ____A C:\Users\Nithish\Documents\This is Awesome Music .rtf
2012-01-26 15:03 - 2012-01-26 14:52 - 556235712 ____A C:\Users\Nithish\Downloads\[Narutoverse]_NARUTO_Shippuden_246_[1080p].mkv
2012-01-25 02:04 - 2012-01-25 10:21 - 0000000 ____D C:\Users\Nithish\Desktop\NBA.2012.01.24.Knicks.vs.Bobcats.540p.LPRip.H264-RayAllen34
2012-01-23 14:21 - 2012-01-23 14:21 - 0000162 ____A C:\Users\Nithish\My Documents\~$diterranean Basin Map Assignment.docx
2012-01-23 14:21 - 2012-01-23 14:21 - 0000162 ____A C:\Users\Nithish\Documents\~$diterranean Basin Map Assignment.docx
2012-01-20 11:36 - 2012-01-20 11:34 - 0170264 ____A C:\TDSSKiller.2.7.6.0_20.01.2012_10.34.33_log.txt
2012-01-20 11:36 - 2011-08-27 17:13 - 0000000 ____D C:\Users\Nithish\Desktop\DosFlash64
2012-01-20 07:24 - 2012-01-20 07:20 - 0168274 ____A C:\TDSSKiller.2.7.6.0_20.01.2012_06.20.46_log.txt
2012-01-20 07:23 - 2012-01-20 07:23 - 1932256 ____A (Symantec Corporation) C:\Users\Nithish\Desktop\FixTDSS.exe
2012-01-20 07:20 - 2012-01-20 07:20 - 2054448 ____A (Kaspersky Lab ZAO) C:\Users\Nithish\Desktop\TOOLKITKILLER.exe
2012-01-20 01:21 - 2012-01-20 01:21 - 0050989 ____A C:\Users\Nithish\Downloads\[Narutoverse]_NARUTO_Shippuden_245_[720p].mkv.torrent
2012-01-18 01:26 - 2012-01-01 13:52 - 11259904 ____A C:\Users\Nithish\Desktop\sea2tqmbmuaqbaaaaaickqyus3mft1iwqjozdvccw
2012-01-17 04:12 - 2012-01-17 03:45 - 0000000 ____D C:\Users\Nithish\Downloads\[ www.Speed.Cd ] - Family.Guy.S10E11.720p.HDTV.X264-DIMENSION
2012-01-17 03:49 - 2012-01-17 03:44 - 0000000 ____D C:\Users\Nithish\Downloads\[ www.Speed.Cd ] - Family.Guy.S10E10.720p.HDTV.X264-DIMENSION
2012-01-17 03:44 - 2012-01-17 03:44 - 0016747 ____A C:\Users\Nithish\Downloads\Family.Guy.S10E11.720p.HDTV.X264-DIMENSION.6958612.TPB.torrent
2012-01-17 03:43 - 2012-01-17 03:43 - 0019876 ____A C:\Users\Nithish\Downloads\Family.Guy.S10E10.720p.HDTV.X264-DIMENSION.6941919.TPB.torrent
2012-01-15 21:26 - 2012-01-15 21:25 - 16884248 ____A (Mozilla) C:\Users\Nithish\Downloads\firefox-11.0a2.en-US.win32.installer.exe
2012-01-13 05:48 - 2012-01-13 05:56 - 11259904 ____A C:\Users\Nithish\Desktop\backup_sea25plduuaqbaaaaaickqyus3mft1iwqjozdvccw
2012-01-13 04:12 - 2012-01-13 05:41 - 11259904 ____A C:\Users\Nithish\Desktop\backup_sea2z25dwuaqbaaaaaickqyus3mft1iwqjozdvccw
2012-01-12 23:52 - 2012-01-12 23:52 - 0015062 ____A C:\Users\Nithish\My Documents\Why my schoolwork completion percentage is only 10.docx
2012-01-12 23:52 - 2012-01-12 23:52 - 0015062 ____A C:\Users\Nithish\Documents\Why my schoolwork completion percentage is only 10.docx
2012-01-12 23:52 - 2012-01-12 23:52 - 0000162 ____A C:\Users\Nithish\My Documents\~$y my schoolwork completion percentage is only 10.docx
2012-01-12 23:52 - 2012-01-12 23:52 - 0000162 ____A C:\Users\Nithish\Documents\~$y my schoolwork completion percentage is only 10.docx
2012-01-12 17:10 - 2012-01-12 17:09 - 0050989 ____A C:\Users\Nithish\Downloads\[Narutoverse]_NARUTO_Shippuden_244_[720p].mkv.torrent
2012-01-11 17:46 - 2012-01-11 17:46 - 0000162 ____A C:\Users\Nithish\Desktop\~$sus_Religion.docx
2012-01-11 17:42 - 2012-01-11 17:42 - 0143636 ____A C:\Users\Nithish\Desktop\Jesus_Religion.docx
2012-01-11 16:56 - 2012-01-11 16:54 - 21936373 ____A (Igor Pavlov) C:\Users\Nithish\Desktop\tor-browser-2.2.35-4_en-US.exe
2012-01-11 15:46 - 2012-01-11 15:44 - 0011610 ____A C:\Users\Nithish\Local Settings\Application Data\546o4j6k6254
2012-01-11 15:46 - 2012-01-11 15:44 - 0011610 ____A C:\Users\Nithish\Local Settings\546o4j6k6254
2012-01-11 15:46 - 2012-01-11 15:44 - 0011610 ____A C:\Users\Nithish\AppData\Local\546o4j6k6254
2012-01-11 15:46 - 2012-01-11 15:44 - 0011610 ____A C:\Users\All Users\Application Data\546o4j6k6254
2012-01-11 15:46 - 2012-01-11 15:44 - 0011610 ____A C:\Users\All Users\546o4j6k6254
2012-01-11 15:46 - 2012-01-11 15:44 - 0011610 ____A C:\ProgramData\546o4j6k6254
2012-01-11 15:44 - 2012-01-11 15:44 - 0000000 ____D C:\Users\Nithish\Local Settings\SanctionedMedia
2012-01-11 15:44 - 2012-01-11 15:44 - 0000000 ____D C:\Users\Nithish\Local Settings\Application Data\SanctionedMedia
2012-01-11 15:44 - 2012-01-11 15:44 - 0000000 ____D C:\Users\Nithish\AppData\Local\SanctionedMedia
2012-01-10 05:36 - 2012-01-10 05:36 - 1251338 ____A C:\Users\Nithish\Desktop\FW_WRT120N_1.0.06.001_US.bin
2012-01-07 15:59 - 2011-12-27 13:04 - 0000000 ____D C:\Users\Nithish\Downloads\{www.scenetime.com}American.Dad.S07E07.720p.HDTV.X264-DIMENSION
2012-01-05 11:57 - 2012-01-05 11:49 - 330728714 ____A C:\Users\Nithish\Downloads\[Narutoverse]_NARUTO_Shippuden_243_[720p].mkv
2012-01-05 11:48 - 2012-01-05 11:48 - 0050929 ____A C:\Users\Nithish\Downloads\[Narutoverse]_NARUTO_Shippuden_243_[720p].mkv.torrent
2012-01-05 07:28 - 2012-01-11 16:56 - 0000000 ____D C:\Users\Nithish\Desktop\Tor Browser
2012-01-03 21:33 - 2012-01-03 21:33 - 0015816 ____A C:\Users\Nithish\Desktop\Kim_Jong-il_on_August_24,_2011.jpg
2012-01-02 10:10 - 2012-01-02 10:09 - 9804197 ____A (XboxMB) C:\Users\Nithish\Downloads\Horizon.exe
2012-01-01 16:28 - 2012-01-01 16:15 - 11259904 ____A C:\Users\Nithish\Desktop\sea2vajcouaqbaaaaaickqyus3mft1iwqjozdvccw
2012-01-01 16:27 - 2012-01-01 16:26 - 4661036 ____A C:\Users\Nithish\Downloads\haloreachliberty-10391.zip
2012-01-01 16:15 - 2012-01-01 16:28 - 11259904 ____A C:\Users\Nithish\Desktop\sea2vajcouaqbaaaaaickqyus3mft1iwqjozdvccw (2)
2012-01-01 15:46 - 2012-01-01 15:46 - 0000701 ____A C:\Users\Nithish\Desktop\VideoGamestoPlaycomplete.txt
2012-01-01 14:02 - 2012-01-01 14:02 - 11296768 ____A C:\Users\Nithish\Desktop\seqwl4yb2uaqbaaaaaic0rgxuznhbkcdyaaaaaaaa
2012-01-01 13:09 - 2012-01-01 13:05 - 11259904 ____A C:\Users\Nithish\Desktop\sey1twwbguaqbaaaaaicc3exubomlzihujofliit2
2012-01-01 11:05 - 2011-12-30 04:09 - 0000000 ____D C:\Users\Nithish\Desktop\HALO 3 AND BIGS 2
2011-12-31 09:56 - 2009-11-25 19:31 - 0166008 ____A C:\Users\Nithish\Local Settings\GDIPFONTCACHEV1.DAT
2011-12-31 09:56 - 2009-11-25 19:31 - 0166008 ____A C:\Users\Nithish\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2011-12-31 09:56 - 2009-11-25 19:31 - 0166008 ____A C:\Users\Nithish\AppData\Local\GDIPFONTCACHEV1.DAT
2011-12-31 09:07 - 2011-12-31 09:07 - 4353794 ____A (Swearware) C:\Users\Nithish\Downloads\ComboFix.exe
2011-12-31 09:06 - 2011-12-31 09:06 - 0000000 ____D C:\Users\Nithish\Downloads\USBXTAFGUI_v44
2011-12-31 08:49 - 2011-12-31 08:49 - 0414661 ____A C:\Users\Nithish\Downloads\USBXTAFGUI_v44.zip
2011-12-31 07:17 - 2011-12-30 04:09 - 0000000 ____D C:\Users\Nithish\Desktop\CRYSIS 2 AND DEVIL MAY CRY JIZZZ4
2011-12-31 07:08 - 2011-12-31 07:07 - 13186525 ____A C:\Users\Nithish\Downloads\Modio 3.zip
2011-12-31 06:27 - 2009-07-13 23:20 - 0000000 __RHD C:\users\Default
2011-12-31 06:27 - 2009-07-13 23:20 - 0000000 ____D C:\users\Public
2011-12-31 05:44 - 2011-12-31 05:44 - 0660480 ____A C:\Users\Nithish\Downloads\CFDQ-UsrPrf .exe
2011-12-31 05:43 - 2011-12-31 05:43 - 0660480 ____A C:\Users\Nithish\Downloads\CFDQ-UsrPrf.exe
2011-12-31 05:31 - 2011-01-01 05:07 - 0166008 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT
2011-12-31 05:28 - 2010-11-08 23:42 - 0000000 ____D C:\Users\Nithish\Local Settings\GameTuts
2011-12-31 05:28 - 2010-11-08 23:42 - 0000000 ____D C:\Users\Nithish\Local Settings\Application Data\GameTuts
2011-12-31 05:28 - 2010-11-08 23:42 - 0000000 ____D C:\Users\Nithish\AppData\Local\GameTuts
2011-12-31 04:02 - 2011-12-31 04:02 - 0000000 ____A C:\Windows\System32\config\system.tmp.LOG2
2011-12-31 04:02 - 2011-12-31 04:02 - 0000000 ____A C:\Windows\System32\config\system.tmp.LOG1
2011-12-31 04:02 - 2011-12-31 04:02 - 0000000 ____A C:\Windows\System32\config\software.tmp.LOG2
2011-12-31 04:02 - 2011-12-31 04:02 - 0000000 ____A C:\Windows\System32\config\software.tmp.LOG1
2011-12-31 04:02 - 2011-12-31 04:02 - 0000000 ____A C:\Windows\System32\config\security.tmp.LOG2
2011-12-31 04:02 - 2011-12-31 04:02 - 0000000 ____A C:\Windows\System32\config\security.tmp.LOG1
2011-12-31 04:02 - 2011-12-31 04:02 - 0000000 ____A C:\Windows\System32\config\sam.tmp.LOG2
2011-12-31 04:02 - 2011-12-31 04:02 - 0000000 ____A C:\Windows\System32\config\sam.tmp.LOG1
2011-12-31 04:02 - 2011-12-31 04:02 - 0000000 ____A C:\Windows\System32\config\default.tmp.LOG2
2011-12-31 04:02 - 2011-12-31 04:02 - 0000000 ____A C:\Windows\System32\config\default.tmp.LOG1
2011-12-31 03:42 - 2011-12-26 02:57 - 0000045 ____A C:\Users\Nithish\Desktop\allahu pass.txt
2011-12-31 02:39 - 2011-12-31 02:30 - 0246636 ____A C:\TDSSKiller.2.6.25.0_31.12.2011_01.30.45_log.txt
2011-12-31 02:30 - 2011-12-31 02:30 - 1558406 ____A C:\Users\Nithish\Downloads\tdsskiller.zip
2011-12-30 21:26 - 2011-12-30 21:21 - 329826045 ____A C:\Users\Nithish\Downloads\[Narutoverse]_NARUTO_Shippuden_242_[720p].mkv
2011-12-30 21:21 - 2011-12-30 21:21 - 0050789 ____A C:\Users\Nithish\Downloads\[Narutoverse]_NARUTO_Shippuden_242_[720p].mkv.torrent
2011-12-30 05:02 - 2010-11-05 19:34 - 0223744 __ASH C:\Users\Nithish\Downloads\Thumbs.db
2011-12-30 03:28 - 2011-12-18 16:37 - 0166008 ____A C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2011-12-30 03:02 - 2011-12-30 03:02 - 0000000 ____D C:\Users\Nithish\Desktop\SOULCALIBURIV AND BATMAN ARKHAM ASYLM
2011-12-30 01:17 - 2011-12-29 07:50 - 0000000 ____D C:\Users\Nithish\Desktop\Xbox360
2011-12-30 01:15 - 2010-12-05 13:58 - 0000000 ____D C:\Users\Nithish\Downloads\Assassins.Creed.Brotherhood.XBOX360-GLoBAL
2011-12-30 01:15 - 2010-10-22 22:30 - 0000000 ____D C:\Users\Nithish\Downloads\NBA.2K11.XBOX360-MARVEL
2011-12-30 01:14 - 2011-02-13 15:03 - 0000000 ____D C:\Users\Nithish\Downloads\Need.4.Speed.Hot.Pursuit.NTSC.XBOX360-COMPLEX
2011-12-29 21:51 - 2011-12-29 21:51 - 0000044 ____A C:\Users\Nithish\Desktop\mr.hankygunit@hotmail.com
2011-12-29 03:14 - 2011-12-29 03:14 - 0056315 ____A C:\Users\Nithish\Downloads\Xplorer360.beta6.rar
2011-12-28 11:22 - 2011-12-28 11:22 - 0000000 ____D C:\Program Files (x86)\MiniTool Partition Wizard Home Edition 7.0
2011-12-28 03:45 - 2011-12-28 03:45 - 0033457 ____A C:\Users\Nithish\Desktop\10.195.100.158-image18-1000.jpg
2011-12-27 13:16 - 2011-12-27 13:13 - 2179072 ____A C:\Users\Nithish\Desktop\ED105F07B74E39C2
2011-12-27 12:51 - 2011-12-27 12:50 - 0000000 ____D C:\Users\Nithish\Local Settings\Revolt
2011-12-27 12:51 - 2011-12-27 12:50 - 0000000 ____D C:\Users\Nithish\Local Settings\Application Data\Revolt
2011-12-27 12:51 - 2011-12-27 12:50 - 0000000 ____D C:\Users\Nithish\AppData\Local\Revolt
2011-12-27 12:50 - 2011-12-27 12:50 - 0000000 ____D C:\Users\Nithish\Local Settings\Coma
2011-12-27 12:50 - 2011-12-27 12:50 - 0000000 ____D C:\Users\Nithish\Local Settings\Application Data\Coma
2011-12-27 12:50 - 2011-12-27 12:50 - 0000000 ____D C:\Users\Nithish\AppData\Local\Coma
2011-12-27 12:23 - 2010-12-23 23:07 - 0000000 ____D C:\Users\Nithish\Local Settings\XboxMB
2011-12-27 12:23 - 2010-12-23 23:07 - 0000000 ____D C:\Users\Nithish\Local Settings\Application Data\XboxMB
2011-12-27 12:23 - 2010-12-23 23:07 - 0000000 ____D C:\Users\Nithish\AppData\Local\XboxMB
2011-12-27 11:47 - 2011-11-09 09:50 - 0000000 ____D C:\Users\Nithish\Downloads\ANGRY BIRDS
2011-12-27 09:55 - 2011-12-24 09:05 - 0002720 ____A C:\Users\Nithish\ovpntray.log
2011-12-25 16:53 - 2011-12-25 16:53 - 42407468 ____A C:\Users\Nithish\Desktop\6. Justin Bieber Duet With Mariah Carey - All I Want For.wav
2011-12-25 16:53 - 2011-11-25 03:04 - 0000000 ____D C:\Users\Nithish\Application Data\Audacity
2011-12-25 16:53 - 2011-11-25 03:04 - 0000000 ____D C:\Users\Nithish\AppData\Roaming\Audacity
2011-12-25 16:51 - 2011-10-29 19:13 - 9601397 ____A C:\Users\Nithish\Desktop\6. Justin Bieber Duet With Mariah Carey - All I Want For (Www.JustinBieberZone.Mihanblog.Com).mp3
2011-12-25 03:51 - 2011-12-25 03:51 - 0000000 ____D C:\Users\Nithish\Local Settings\Facebook
2011-12-25 03:51 - 2011-12-25 03:51 - 0000000 ____D C:\Users\Nithish\Local Settings\Application Data\Facebook
2011-12-25 03:51 - 2011-12-25 03:51 - 0000000 ____D C:\Users\Nithish\AppData\Local\Facebook
2011-12-24 09:15 - 2011-12-24 09:15 - 0000259 ____A C:\Users\Nithish\openvpn-connect.json
2011-12-24 09:03 - 2011-12-24 09:03 - 0000000 ____D C:\Program Files (x86)\OpenVPN Technologies
2011-12-24 06:21 - 2010-02-06 15:59 - 0000000 ____D C:\Program Files (x86)\NDSROM Player
2011-12-24 06:20 - 2010-06-15 12:19 - 0000000 ____D C:\Nexon
2011-12-24 06:17 - 2010-07-17 11:02 - 0000000 ____D C:\Users\All Users\Norton
2011-12-24 06:17 - 2010-07-17 11:02 - 0000000 ____D C:\Users\All Users\Application Data\Norton
2011-12-24 06:17 - 2010-07-17 11:02 - 0000000 ____D C:\ProgramData\Norton
2011-12-24 06:16 - 2011-12-24 06:16 - 0000000 ____A C:\Users\All Users\Jw5ul40hG.dat
2011-12-24 06:16 - 2011-12-24 06:16 - 0000000 ____A C:\Users\All Users\Application Data\Jw5ul40hG.dat
2011-12-24 06:16 - 2011-12-24 06:16 - 0000000 ____A C:\ProgramData\Jw5ul40hG.dat
2011-12-24 06:13 - 2010-11-13 18:12 - 0000000 ____D C:\Riot Games
2011-12-24 06:13 - 2010-08-24 19:43 - 0000000 ____D C:\Program Files (x86)\iSkysoft
2011-12-24 06:13 - 2009-11-13 10:07 - 0000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2011-12-24 05:58 - 2011-12-23 02:54 - 0000000 ____D C:\Program Files (x86)\Zoiper Communicator
2011-12-24 05:58 - 2011-12-19 03:39 - 0000000 ____D C:\Program Files (x86)\Yahoo!
2011-12-24 05:57 - 2009-11-13 10:11 - 0000000 ____D C:\Users\All Users\WildTangent
2011-12-24 05:57 - 2009-11-13 10:11 - 0000000 ____D C:\Users\All Users\Application Data\WildTangent
2011-12-24 05:57 - 2009-11-13 10:11 - 0000000 ____D C:\ProgramData\WildTangent

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 12%
Total physical RAM: 6109.18 MB
Available physical RAM: 5363.2 MB
Total Pagefile: 6107.33 MB
Available Pagefile: 5356.9 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:585.43 GB) (Free:5.72 GB) NTFS
3 Drive e: (RECOVERY) (Fixed) (Total:10.69 GB) (Free:4.68 GB) NTFS ==>[System with boot components (obtained from reading drive)]
8 Drive j: (WD SmartWare) (CDROM) (Total:0.65 GB) (Free:0 GB) UDF
9 Drive k: (HALO3BIGS2) (Fixed) (Total:251.47 GB) (Free:201.96 GB) FAT32
10 Drive l: () (Removable) (Total:1.86 GB) (Free:0 GB) FAT32
11 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 930 GB 679 GB
Disk 6 Online 1907 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 54 MB 31 KB
Partition 2 Primary 10 GB 55 MB
Partition 3 Primary 585 GB 10 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 10 FAT Partition 54 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E RECOVERY NTFS Partition 10 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C OS NTFS Partition 585 GB Healthy

======================================================================================================

Partitions of Disk 5:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 251 GB 31 KB

======================================================================================================

Disk: 5
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 K HALO3BIGS2 FAT32 Partition 251 GB Healthy

======================================================================================================

Partitions of Disk 6:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 1907 MB 0 B

======================================================================================================

Disk: 6
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

======================================================================================================

==========================================================

Last Boot: 2012-03-13 04:18

======================= End Of Log ==========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:02 PM

Posted 21 March 2012 - 08:27 PM

Hello

I would like you to run the fix below and when it is complete I need you to rerun combofix and send me the report.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

SubSystems: [Windows] ==> ZeroAccess
2 iap; C:\Windows\System32\motmodem.dll [6656 2009-07-13] (Oak Technology Inc.)
C:\Windows\System32\motmodem.dll
NETSVC: iap
2012-02-01 09:36 - 2012-02-01 09:36 - 0000328 ____A C:\Users\All Users\Application Data\1nzjBqqyBHED8g
2012-02-01 09:36 - 2012-02-01 09:36 - 0000328 ____A C:\Users\All Users\1nzjBqqyBHED8g
2012-02-01 09:36 - 2012-02-01 09:36 - 0000328 ____A C:\ProgramData\1nzjBqqyBHED8g
2012-02-01 09:36 - 2012-02-01 09:36 - 0000288 ____A C:\Users\All Users\Application Data\~1nzjBqqyBHED8g
2012-02-01 09:36 - 2012-02-01 09:36 - 0000288 ____A C:\Users\All Users\~1nzjBqqyBHED8g
2012-02-01 09:36 - 2012-02-01 09:36 - 0000288 ____A C:\ProgramData\~1nzjBqqyBHED8g
2012-02-01 09:36 - 2012-02-01 09:36 - 0000200 ____A C:\Users\All Users\Application Data\~1nzjBqqyBHED8gr
2012-02-01 09:36 - 2012-02-01 09:36 - 0000200 ____A C:\Users\All Users\~1nzjBqqyBHED8gr
2012-02-01 09:36 - 2012-02-01 09:36 - 0000200 ____A C:\ProgramData\~1nzjBqqyBHED8gr
2012-01-11 15:46 - 2012-01-11 15:44 - 0011610 ____A C:\Users\Nithish\Local Settings\Application Data\546o4j6k6254
2012-01-11 15:46 - 2012-01-11 15:44 - 0011610 ____A C:\Users\Nithish\Local Settings\546o4j6k6254
2012-01-11 15:46 - 2012-01-11 15:44 - 0011610 ____A C:\Users\Nithish\AppData\Local\546o4j6k6254
2012-01-11 15:46 - 2012-01-11 15:44 - 0011610 ____A C:\Users\All Users\Application Data\546o4j6k6254
2012-01-11 15:46 - 2012-01-11 15:44 - 0011610 ____A C:\Users\All Users\546o4j6k6254
2012-01-11 15:46 - 2012-01-11 15:44 - 0011610 ____A C:\ProgramData\546o4j6k6254


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 naqman32

naqman32
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 21 March 2012 - 10:31 PM

THANK YOU GRINGO, IK YOU WERE MAGICAL!..ahh thanks man for all your help so far into this..so i copied that code into the fixlist.txt, ran farban in recovery..BUT HOLD ON, it said it was successful, made a log..then and i restarted my computer..and then i expected it to just start as it would, but it didn't..the same problem persisted, as it simply displayed "starting windows", and then boom, black screen and then "going into power save, blah, blah"..so then i start clicking buttons..and i was like bleep..this didn't work..i thought it didn't work so i turned off my computer and turned it back on..went into repair mode..and went into command prompt..i checked the log this time it said everything was moved successfully..so i was kinda baffled, maybe i didn't close farban properly or something..idk, i'm assuming that's meaningless but idk..so then i rerun farban..click on fix..fixes..and then i closed everything a little more properly (like i said idk if that means anything but idk)..click on the restart button..and then my computer restarts.bios loads..displays "starting windows", i'm anxiously waiting, afraid that the same thing will happen, and then it does..it said it was going into power save, it does..but then i click buttons around..and nothing happens..but then i open my dvd tray, thinking maybe the disk i was using for that recovery operating system thing could have something to do with it this time or maybe it would just indicate to my computer that i want it to do something and it would have to get out of power save sleep..and then it finally does..ROUND OF APPLAUSE FOR MR. GRINGO..LADIES AND GENTLEMAN, A HERO IS BEFORE US (OR SHOULD I SAY ME)..my beloves log in screen appears, it displays me username, i type in my password, finally back in my desktop..now i'm on internet explorer updating you on this info..alright so heres the log Attached File  Fixlog.txt   1.26KB   1 downloadsFix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 15-03-2012
Ran by SYSTEM at 2012-03-22 14:00:36 R:2
Running from J:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
iap service not found.
C:\Windows\System32\motmodem.dll not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs iap not found.
C:\Users\All Users\Application Data\1nzjBqqyBHED8g not found.
C:\Users\All Users\1nzjBqqyBHED8g not found.
C:\ProgramData\1nzjBqqyBHED8g not found.
C:\Users\All Users\Application Data\~1nzjBqqyBHED8g not found.
C:\Users\All Users\~1nzjBqqyBHED8g not found.
C:\ProgramData\~1nzjBqqyBHED8g not found.
C:\Users\All Users\Application Data\~1nzjBqqyBHED8gr not found.
C:\Users\All Users\~1nzjBqqyBHED8gr not found.
C:\ProgramData\~1nzjBqqyBHED8gr not found.
C:\Users\Nithish\Local Settings\Application Data\546o4j6k6254 not found.
C:\Users\Nithish\Local Settings\546o4j6k6254 not found.
C:\Users\Nithish\AppData\Local\546o4j6k6254 not found.
C:\Users\All Users\Application Data\546o4j6k6254 not found.
C:\Users\All Users\546o4j6k6254 not found.
C:\ProgramData\546o4j6k6254 not found.

==== End of Fixlog ====

O IMPORTANT- although it says not found, everything was moved successfully on the first time i think..cause like i mentioned before in this reply, i ran this twice because i was unsure if i ran it properly and did everything accordingly to your instructions..so farban just replaced the previous log with the second log..so i don't think you should worry about that...alright..so i should run combofix now right..hmmm idk if i should, i'm afraid the same thing will happen and it won't boot again, but w.e, you've helped me get back here, so i'll take your word for it and run it..i'll get you the report in the next post

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:02 PM

Posted 21 March 2012 - 10:38 PM

Yes I want you to run combofix now - what was removed with Farbar was what caused the computer not to boot


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 naqman32

naqman32
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 21 March 2012 - 10:55 PM

ComboFix 12-03-20.02 - Nithish 03/22/2012 14:36:11.5.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6109.4462 [GMT -4:00]
Running from: c:\users\Nithish\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\temp\cfg.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-02-22 to 2012-03-22 )))))))))))))))))))))))))))))))
.
.
2012-03-22 07:51 . 2012-03-22 07:52 -------- d-----w- C:\FRST
2012-03-21 04:15 . 2012-03-21 04:15 -------- d-----w- C:\Device
2012-03-20 07:41 . 2012-03-20 07:41 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-20 07:41 . 2012-03-20 07:41 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-20 00:00 . 2011-05-14 23:47 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-09 20:11 . 2012-02-09 20:12 525544 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-06 23:01 . 2012-02-06 23:01 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\E736.tmp
2012-02-06 23:01 . 2012-02-06 23:01 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\E735.tmp
2012-01-29 02:01 . 2012-01-29 02:01 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\9BA4.tmp
2012-01-29 02:01 . 2012-01-29 02:01 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\9BA3.tmp
2009-02-13 15:02 . 2009-02-13 15:02 80896 ----a-w- c:\program files\devcon_amd64.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-03-20_19.01.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-03-22 18:09 33204 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-25 23:48 . 2012-03-22 18:09 23004 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1552687033-1708156880-4125484423-1009_UserData.bin
+ 2010-02-02 02:01 . 2012-03-22 01:38 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2010-02-02 02:01 . 2012-03-20 19:24 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2009-11-24 23:04 . 2012-03-20 18:56 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-24 23:04 . 2012-03-22 18:07 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-24 23:04 . 2012-03-22 18:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-24 23:04 . 2012-03-20 18:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-22 18:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-20 18:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-29 12:50 . 2012-03-20 19:18 3702 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-03-20 18:55 . 2012-03-20 18:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-22 18:06 . 2012-03-22 18:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-20 18:55 . 2012-03-20 18:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-22 18:06 . 2012-03-22 18:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-16 01:26 . 2012-03-22 18:12 418656 c:\windows\system32\perfh011.dat
- 2011-08-16 01:26 . 2012-03-20 19:00 418656 c:\windows\system32\perfh011.dat
+ 2011-08-16 00:26 . 2012-03-22 18:12 746174 c:\windows\system32\perfh00A.dat
- 2011-08-16 00:26 . 2012-03-20 19:00 746174 c:\windows\system32\perfh00A.dat
- 2009-07-14 02:36 . 2012-03-20 19:00 663222 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-22 18:12 663222 c:\windows\system32\perfh009.dat
+ 2011-08-16 01:26 . 2012-03-22 18:12 122090 c:\windows\system32\perfc011.dat
- 2011-08-16 01:26 . 2012-03-20 19:00 122090 c:\windows\system32\perfc011.dat
- 2011-08-16 00:26 . 2012-03-20 19:00 158220 c:\windows\system32\perfc00A.dat
+ 2011-08-16 00:26 . 2012-03-22 18:12 158220 c:\windows\system32\perfc00A.dat
- 2009-07-14 02:36 . 2012-03-20 19:00 122090 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-03-22 18:12 122090 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-03-20 18:55 590564 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-20 19:18 590564 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-03-20 18:54 1261568 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-20 19:16 1261568 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-03-22 18:13 . 2012-03-22 18:13 4460544 c:\windows\Installer\7a5ab.msi
+ 2009-07-14 04:54 . 2012-03-20 19:16 13205504 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-20 18:54 13205504 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-20 18:54 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-20 19:16 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 02:34 . 2011-08-16 01:23 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-03-22 02:50 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 20:50 1197448 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-15 738680]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-24 39408]
"Facebook Update"="c:\users\Nithish\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-12-25 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Google Quick Search Box"="c:\program files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2011-09-01 126976]
"DigidesignMMERefresh"="c:\program files (x86)\Digidesign\Drivers\MMERefresh.exe" [2010-05-05 77824]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
c:\users\Nithish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-1-21 226176]
TimeLeft.lnk - c:\program files (x86)\TimeLeft3\TimeLeft.exe [2011-9-8 2051880]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [x]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [x]
R3 ToolkitDisk;ToolkitDisk;c:\windows\system32\Drivers\toolkitdisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]
R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
R4 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R4 DokanMounter;DokanMounter;c:\program files\Dokan\DokanLibrary\mounter.exe [2008-12-11 10752]
R4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-03-13 1436424]
R4 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [x]
R4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R4 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
R4 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
R4 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 245352]
R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-08-17 656624]
R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-04-14 149032]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 23:02 114688 ----a-w- c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1552687033-1708156880-4125484423-1009Core.job
- c:\users\Nithish\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-25 07:51]
.
2012-03-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1552687033-1708156880-4125484423-1009UA.job
- c:\users\Nithish\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-25 07:51]
.
2012-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cce13da6969c7f.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-04 12:59]
.
2012-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cce13da78dd15e.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-04 12:59]
.
2012-02-19 c:\windows\Tasks\RegInOut Scheduled Scan - Nithish.job
- c:\program files (x86)\RegInOut\RegInOut.exe [2010-08-24 14:31]
.
.
--------- x86-64 -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421
uInternet Settings,ProxyServer = http=127.0.0.1:58828
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 167.206.254.2 167.206.254.1
FF - ProfilePath - c:\users\Nithish\AppData\Roaming\Mozilla\Firefox\Profiles\26zxd9sr.default\
FF - prefs.js: browser.search.selectedEngine - Google (SSL)
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 58828
FF - prefs.js: network.proxy.type - 0
tpp
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D3B22A92-87A2-47B6-B3E6-A64877B5C242} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1552687033-1708156880-4125484423-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1552687033-1708156880-4125484423-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-22 14:49:23
ComboFix-quarantined-files.txt 2012-03-22 18:49
ComboFix2.txt 2012-03-20 19:09
ComboFix3.txt 2011-12-31 13:43
ComboFix4.txt 2011-12-31 10:27
.
Pre-Run: 5,706,440,704 bytes free
Post-Run: 5,505,732,608 bytes free
.
- - End Of File - - 402E3B3324AA90654E26441FC03E9DF2
Attached File  ComboFix.txt   22.66KB   0 downloads
Alright, thanks again man for helping me out. Everything seems to have run smoothly, idk, but above is the log, so you tell me if it's good.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:02 PM

Posted 21 March 2012 - 11:34 PM

Greetings

I will be double checking things now to make sure all is well

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 naqman32

naqman32
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 22 March 2012 - 01:59 AM

16:03:16.0478 4148 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
16:03:17.0113 4148 ============================================================
16:03:17.0113 4148 Current date / time: 2012/03/22 16:03:17.0113
16:03:17.0113 4148 SystemInfo:
16:03:17.0113 4148
16:03:17.0113 4148 OS Version: 6.1.7601 ServicePack: 1.0
16:03:17.0113 4148 Product type: Workstation
16:03:17.0113 4148 ComputerName: NIKIL-THYPARAMP
16:03:17.0114 4148 UserName: Nithish
16:03:17.0114 4148 Windows directory: C:\Windows
16:03:17.0114 4148 System windows directory: C:\Windows
16:03:17.0114 4148 Running under WOW64
16:03:17.0114 4148 Processor architecture: Intel x64
16:03:17.0114 4148 Number of processors: 4
16:03:17.0114 4148 Page size: 0x1000
16:03:17.0114 4148 Boot type: Normal boot
16:03:17.0114 4148 ============================================================
16:03:18.0127 4148 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:03:18.0145 4148 \Device\Harddisk0\DR0:
16:03:18.0145 4148 MBR used
16:03:18.0145 4148 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x155F000
16:03:18.0145 4148 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x157A800, BlocksNum 0x492DD000
16:03:18.0204 4148 Initialize success
16:03:18.0204 4148 ============================================================
16:04:05.0158 0420 ============================================================
16:04:05.0158 0420 Scan started
16:04:05.0158 0420 Mode: Manual;
16:04:05.0158 0420 ============================================================
16:04:06.0434 0420 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:04:06.0436 0420 1394ohci - ok
16:04:06.0511 0420 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:04:06.0514 0420 ACPI - ok
16:04:06.0572 0420 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:04:06.0573 0420 AcpiPmi - ok
16:04:06.0678 0420 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:04:06.0679 0420 AdobeARMservice - ok
16:04:06.0734 0420 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:04:06.0738 0420 adp94xx - ok
16:04:06.0781 0420 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:04:06.0783 0420 adpahci - ok
16:04:06.0798 0420 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:04:06.0799 0420 adpu320 - ok
16:04:06.0835 0420 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:04:06.0836 0420 AeLookupSvc - ok
16:04:06.0907 0420 AERTFilters (3ac22a3dfa8a050e35f0e3cd99d0cdf2) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
16:04:06.0908 0420 AERTFilters - ok
16:04:06.0989 0420 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
16:04:06.0992 0420 AFD - ok
16:04:07.0062 0420 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:04:07.0063 0420 agp440 - ok
16:04:07.0270 0420 Akamai (31bd294dc6ddbc0f16356d958d0743a4) c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll
16:04:07.0270 0420 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll. md5: 31bd294dc6ddbc0f16356d958d0743a4
16:04:07.0276 0420 Akamai ( HiddenFile.Multi.Generic ) - warning
16:04:07.0277 0420 Akamai - detected HiddenFile.Multi.Generic (1)
16:04:07.0322 0420 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:04:07.0323 0420 ALG - ok
16:04:07.0359 0420 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:04:07.0360 0420 aliide - ok
16:04:07.0372 0420 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:04:07.0373 0420 amdide - ok
16:04:07.0425 0420 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:04:07.0426 0420 AmdK8 - ok
16:04:07.0446 0420 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:04:07.0447 0420 AmdPPM - ok
16:04:07.0526 0420 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:04:07.0527 0420 amdsata - ok
16:04:07.0570 0420 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:04:07.0571 0420 amdsbs - ok
16:04:07.0591 0420 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:04:07.0592 0420 amdxata - ok
16:04:07.0647 0420 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:04:07.0648 0420 AppID - ok
16:04:07.0667 0420 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:04:07.0668 0420 AppIDSvc - ok
16:04:07.0734 0420 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:04:07.0735 0420 Appinfo - ok
16:04:07.0865 0420 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:04:07.0866 0420 Apple Mobile Device - ok
16:04:07.0946 0420 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
16:04:07.0947 0420 AppMgmt - ok
16:04:07.0969 0420 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:04:07.0970 0420 arc - ok
16:04:07.0988 0420 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:04:07.0989 0420 arcsas - ok
16:04:08.0164 0420 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:04:08.0165 0420 aspnet_state - ok
16:04:08.0205 0420 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:04:08.0205 0420 AsyncMac - ok
16:04:08.0263 0420 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:04:08.0263 0420 atapi - ok
16:04:08.0346 0420 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:04:08.0351 0420 AudioEndpointBuilder - ok
16:04:08.0378 0420 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:04:08.0383 0420 AudioSrv - ok
16:04:08.0510 0420 Autodesk Licensing Service (7cc8cd6f86054c563e47e7f063ce7a61) C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
16:04:08.0511 0420 Autodesk Licensing Service - ok
16:04:08.0588 0420 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:04:08.0589 0420 AxInstSV - ok
16:04:08.0640 0420 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:04:08.0643 0420 b06bdrv - ok
16:04:08.0692 0420 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:04:08.0694 0420 b57nd60a - ok
16:04:08.0725 0420 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:04:08.0726 0420 BDESVC - ok
16:04:08.0743 0420 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:04:08.0743 0420 Beep - ok
16:04:08.0826 0420 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:04:08.0832 0420 BFE - ok
16:04:08.0892 0420 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
16:04:08.0899 0420 BITS - ok
16:04:08.0935 0420 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:04:08.0936 0420 blbdrive - ok
16:04:09.0065 0420 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
16:04:09.0068 0420 Bonjour Service - ok
16:04:09.0122 0420 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:04:09.0124 0420 bowser - ok
16:04:09.0143 0420 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:04:09.0144 0420 BrFiltLo - ok
16:04:09.0152 0420 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:04:09.0153 0420 BrFiltUp - ok
16:04:09.0198 0420 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
16:04:09.0199 0420 BridgeMP - ok
16:04:09.0256 0420 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:04:09.0258 0420 Browser - ok
16:04:09.0280 0420 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:04:09.0282 0420 Brserid - ok
16:04:09.0302 0420 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:04:09.0302 0420 BrSerWdm - ok
16:04:09.0311 0420 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:04:09.0312 0420 BrUsbMdm - ok
16:04:09.0322 0420 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:04:09.0323 0420 BrUsbSer - ok
16:04:09.0340 0420 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:04:09.0341 0420 BTHMODEM - ok
16:04:09.0377 0420 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:04:09.0378 0420 bthserv - ok
16:04:09.0413 0420 C-DillaCdaC11BA - ok
16:04:09.0431 0420 catchme - ok
16:04:09.0444 0420 CdaC15BA - ok
16:04:09.0499 0420 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:04:09.0500 0420 cdfs - ok
16:04:09.0608 0420 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
16:04:09.0610 0420 cdrom - ok
16:04:09.0683 0420 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:04:09.0684 0420 CertPropSvc - ok
16:04:09.0725 0420 cfwids (676535b3156fecf7133cf80b4d2f6cf7) C:\Windows\system32\drivers\cfwids.sys
16:04:09.0726 0420 cfwids - ok
16:04:09.0751 0420 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:04:09.0752 0420 circlass - ok
16:04:09.0827 0420 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:04:09.0829 0420 CLFS - ok
16:04:09.0889 0420 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:04:09.0890 0420 clr_optimization_v2.0.50727_32 - ok
16:04:09.0945 0420 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:04:09.0946 0420 clr_optimization_v2.0.50727_64 - ok
16:04:10.0055 0420 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:04:10.0057 0420 clr_optimization_v4.0.30319_32 - ok
16:04:10.0114 0420 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:04:10.0116 0420 clr_optimization_v4.0.30319_64 - ok
16:04:10.0137 0420 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:04:10.0138 0420 CmBatt - ok
16:04:10.0221 0420 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:04:10.0221 0420 cmdide - ok
16:04:10.0287 0420 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
16:04:10.0290 0420 CNG - ok
16:04:10.0313 0420 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:04:10.0313 0420 Compbatt - ok
16:04:10.0377 0420 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:04:10.0378 0420 CompositeBus - ok
16:04:10.0404 0420 COMSysApp - ok
16:04:10.0432 0420 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:04:10.0432 0420 crcdisk - ok
16:04:10.0510 0420 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
16:04:10.0512 0420 CryptSvc - ok
16:04:10.0589 0420 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
16:04:10.0593 0420 CSC - ok
16:04:10.0669 0420 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
16:04:10.0673 0420 CscService - ok
16:04:10.0694 0420 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:04:10.0698 0420 DcomLaunch - ok
16:04:10.0753 0420 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:04:10.0755 0420 defragsvc - ok
16:04:10.0822 0420 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:04:10.0823 0420 DfsC - ok
16:04:10.0846 0420 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:04:10.0848 0420 Dhcp - ok
16:04:10.0954 0420 DigiRefresh - ok
16:04:10.0982 0420 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:04:10.0982 0420 discache - ok
16:04:11.0029 0420 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:04:11.0030 0420 Disk - ok
16:04:11.0077 0420 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:04:11.0079 0420 Dnscache - ok
16:04:11.0198 0420 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
16:04:11.0200 0420 DockLoginService - ok
16:04:11.0258 0420 Dokan (9939bf4d9222d96fe7d0f788142831ee) C:\Windows\system32\drivers\dokan.sys
16:04:11.0259 0420 Dokan - ok
16:04:11.0315 0420 DokanMounter (b0e6c0e45598cac28bd8b49b87756b13) C:\Program Files\Dokan\DokanLibrary\mounter.exe
16:04:11.0316 0420 DokanMounter - ok
16:04:11.0372 0420 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:04:11.0374 0420 dot3svc - ok
16:04:11.0476 0420 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
16:04:11.0477 0420 Dot4 - ok
16:04:11.0571 0420 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
16:04:11.0572 0420 Dot4Print - ok
16:04:11.0614 0420 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
16:04:11.0615 0420 dot4usb - ok
16:04:11.0678 0420 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:04:11.0680 0420 DPS - ok
16:04:11.0755 0420 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:04:11.0756 0420 drmkaud - ok
16:04:11.0833 0420 dtsoftbus01 (8aae70d76436e4695455aa9ca634a9f4) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:04:11.0834 0420 dtsoftbus01 - ok
16:04:11.0903 0420 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:04:11.0909 0420 DXGKrnl - ok
16:04:11.0941 0420 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:04:11.0942 0420 EapHost - ok
16:04:12.0021 0420 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:04:12.0041 0420 ebdrv - ok
16:04:12.0067 0420 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
16:04:12.0068 0420 EFS - ok
16:04:12.0100 0420 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:04:12.0104 0420 ehRecvr - ok
16:04:12.0133 0420 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:04:12.0134 0420 ehSched - ok
16:04:12.0183 0420 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:04:12.0187 0420 elxstor - ok
16:04:12.0232 0420 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:04:12.0233 0420 ErrDev - ok
16:04:12.0291 0420 esgiguard - ok
16:04:12.0312 0420 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:04:12.0314 0420 EventSystem - ok
16:04:12.0338 0420 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:04:12.0339 0420 exfat - ok
16:04:12.0361 0420 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:04:12.0362 0420 fastfat - ok
16:04:12.0438 0420 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:04:12.0443 0420 Fax - ok
16:04:12.0464 0420 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:04:12.0465 0420 fdc - ok
16:04:12.0480 0420 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:04:12.0481 0420 fdPHost - ok
16:04:12.0497 0420 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:04:12.0498 0420 FDResPub - ok
16:04:12.0513 0420 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:04:12.0514 0420 FileInfo - ok
16:04:12.0525 0420 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:04:12.0526 0420 Filetrace - ok
16:04:12.0646 0420 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:04:12.0650 0420 FLEXnet Licensing Service - ok
16:04:12.0871 0420 FLEXnet Licensing Service 64 (a4297244d4f817278a6ae45b1899ca9c) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
16:04:12.0881 0420 FLEXnet Licensing Service 64 - ok
16:04:12.0900 0420 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:04:12.0901 0420 flpydisk - ok
16:04:12.0950 0420 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:04:12.0952 0420 FltMgr - ok
16:04:13.0018 0420 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:04:13.0026 0420 FontCache - ok
16:04:13.0107 0420 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:04:13.0109 0420 FontCache3.0.0.0 - ok
16:04:13.0124 0420 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:04:13.0125 0420 FsDepends - ok
16:04:13.0192 0420 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
16:04:13.0193 0420 fssfltr - ok
16:04:13.0349 0420 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
16:04:13.0358 0420 fsssvc - ok
16:04:13.0387 0420 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:04:13.0388 0420 Fs_Rec - ok
16:04:13.0471 0420 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:04:13.0472 0420 fvevol - ok
16:04:13.0513 0420 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:04:13.0514 0420 gagp30kx - ok
16:04:13.0567 0420 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:04:13.0567 0420 GEARAspiWDM - ok
16:04:13.0637 0420 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
16:04:13.0638 0420 GoToAssist - ok
16:04:13.0692 0420 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:04:13.0697 0420 gpsvc - ok
16:04:13.0824 0420 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:04:13.0826 0420 gupdate - ok
16:04:13.0856 0420 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:04:13.0857 0420 gupdatem - ok
16:04:13.0935 0420 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:04:13.0937 0420 gusvc - ok
16:04:13.0956 0420 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:04:13.0957 0420 hcw85cir - ok
16:04:14.0019 0420 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:04:14.0020 0420 HDAudBus - ok
16:04:14.0029 0420 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:04:14.0029 0420 HidBatt - ok
16:04:14.0048 0420 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:04:14.0049 0420 HidBth - ok
16:04:14.0071 0420 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:04:14.0072 0420 HidIr - ok
16:04:14.0100 0420 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
16:04:14.0102 0420 hidserv - ok
16:04:14.0139 0420 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:04:14.0140 0420 HidUsb - ok
16:04:14.0182 0420 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:04:14.0184 0420 hkmsvc - ok
16:04:14.0281 0420 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:04:14.0284 0420 HomeGroupListener - ok
16:04:14.0342 0420 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:04:14.0344 0420 HomeGroupProvider - ok
16:04:14.0406 0420 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:04:14.0407 0420 HpSAMD - ok
16:04:14.0481 0420 HPSIService (5a539a3cbd6ec1609d5333b486d5f74c) C:\Windows\system32\HPSIsvc.exe
16:04:14.0483 0420 HPSIService - ok
16:04:14.0548 0420 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:04:14.0553 0420 HTTP - ok
16:04:14.0608 0420 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:04:14.0609 0420 hwpolicy - ok
16:04:14.0673 0420 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:04:14.0674 0420 i8042prt - ok
16:04:14.0729 0420 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
16:04:14.0731 0420 iaStor - ok
16:04:14.0807 0420 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:04:14.0809 0420 iaStorV - ok
16:04:14.0993 0420 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
16:04:14.0994 0420 IDriverT - ok
16:04:15.0083 0420 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:04:15.0090 0420 idsvc - ok
16:04:15.0310 0420 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys
16:04:15.0377 0420 igfx - ok
16:04:15.0434 0420 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:04:15.0435 0420 iirsp - ok
16:04:15.0561 0420 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:04:15.0568 0420 IKEEXT - ok
16:04:15.0626 0420 IntcAzAudAddService (f2b52c7b1c8e6a4fc4c4564f4a421f23) C:\Windows\system32\drivers\RTKVHD64.sys
16:04:15.0637 0420 IntcAzAudAddService - ok
16:04:15.0682 0420 IntcHdmiAddService (d485d3bd3e2179aa86853a182f70699f) C:\Windows\system32\drivers\IntcHdmi.sys
16:04:15.0684 0420 IntcHdmiAddService - ok
16:04:15.0744 0420 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:04:15.0745 0420 intelide - ok
16:04:15.0783 0420 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:04:15.0784 0420 intelppm - ok
16:04:15.0819 0420 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:04:15.0820 0420 IPBusEnum - ok
16:04:15.0888 0420 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:04:15.0889 0420 IpFilterDriver - ok
16:04:15.0961 0420 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:04:15.0966 0420 iphlpsvc - ok
16:04:16.0035 0420 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:04:16.0036 0420 IPMIDRV - ok
16:04:16.0083 0420 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:04:16.0085 0420 IPNAT - ok
16:04:16.0212 0420 iPod Service (f8e8676d1b6b2cc12df9aa6b1a43d929) C:\Program Files\iPod\bin\iPodService.exe
16:04:16.0218 0420 iPod Service - ok
16:04:16.0261 0420 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:04:16.0262 0420 IRENUM - ok
16:04:16.0306 0420 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:04:16.0307 0420 isapnp - ok
16:04:16.0366 0420 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:04:16.0368 0420 iScsiPrt - ok
16:04:16.0385 0420 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:04:16.0386 0420 kbdclass - ok
16:04:16.0457 0420 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
16:04:16.0457 0420 kbdhid - ok
16:04:16.0483 0420 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
16:04:16.0484 0420 KeyIso - ok
16:04:16.0571 0420 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
16:04:16.0573 0420 KSecDD - ok
16:04:16.0623 0420 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
16:04:16.0624 0420 KSecPkg - ok
16:04:16.0637 0420 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:04:16.0638 0420 ksthunk - ok
16:04:16.0683 0420 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:04:16.0687 0420 KtmRm - ok
16:04:16.0748 0420 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
16:04:16.0751 0420 LanmanServer - ok
16:04:16.0765 0420 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:04:16.0767 0420 LanmanWorkstation - ok
16:04:16.0815 0420 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:04:16.0816 0420 lltdio - ok
16:04:16.0842 0420 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:04:16.0844 0420 lltdsvc - ok
16:04:16.0863 0420 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:04:16.0864 0420 lmhosts - ok
16:04:16.0914 0420 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:04:16.0915 0420 LSI_FC - ok
16:04:16.0932 0420 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:04:16.0933 0420 LSI_SAS - ok
16:04:16.0953 0420 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:04:16.0953 0420 LSI_SAS2 - ok
16:04:16.0972 0420 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:04:16.0974 0420 LSI_SCSI - ok
16:04:16.0996 0420 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:04:16.0998 0420 luafv - ok
16:04:17.0024 0420 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
16:04:17.0024 0420 MBAMProtector - ok
16:04:17.0135 0420 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:04:17.0139 0420 MBAMService - ok
16:04:17.0260 0420 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
16:04:17.0262 0420 McComponentHostService - ok
16:04:17.0478 0420 McMPFSvc (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:04:17.0480 0420 McMPFSvc - ok
16:04:17.0495 0420 mcmscsvc (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:04:17.0497 0420 mcmscsvc - ok
16:04:17.0517 0420 McNaiAnn (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:04:17.0519 0420 McNaiAnn - ok
16:04:17.0569 0420 McNASvc (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:04:17.0572 0420 McNASvc - ok
16:04:17.0686 0420 McODS (3809b77eb1734cd5fb317425f188abc1) C:\Program Files\McAfee\VirusScan\mcods.exe
16:04:17.0689 0420 McODS - ok
16:04:17.0711 0420 McProxy (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:04:17.0713 0420 McProxy - ok
16:04:17.0814 0420 McShield (87cc32f90123313a3febe6a71fc62dad) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
16:04:17.0816 0420 McShield - ok
16:04:17.0965 0420 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:04:17.0967 0420 Mcx2Svc - ok
16:04:17.0995 0420 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:04:17.0996 0420 megasas - ok
16:04:18.0023 0420 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:04:18.0025 0420 MegaSR - ok
16:04:18.0084 0420 mfeapfk (31338e489314ae2a29534fbaa7ad2f1b) C:\Windows\system32\drivers\mfeapfk.sys
16:04:18.0085 0420 mfeapfk - ok
16:04:18.0148 0420 mfeavfk (5822e70233218bcf22a65fcea74d012d) C:\Windows\system32\drivers\mfeavfk.sys
16:04:18.0150 0420 mfeavfk - ok
16:04:18.0178 0420 mfeavfk01 - ok
16:04:18.0231 0420 mfefire (ad2b622b46b78f212eb82330073b79e0) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
16:04:18.0233 0420 mfefire - ok
16:04:18.0263 0420 mfefirek (5a24e7c834576313d8c5eaf0825da844) C:\Windows\system32\drivers\mfefirek.sys
16:04:18.0265 0420 mfefirek - ok
16:04:18.0328 0420 mfehidk (a2607740bb18d631da01e01dcb81843b) C:\Windows\system32\drivers\mfehidk.sys
16:04:18.0331 0420 mfehidk - ok
16:04:18.0401 0420 mfenlfk (50c3a9d7465d385061c0601deefb5a8e) C:\Windows\system32\DRIVERS\mfenlfk.sys
16:04:18.0402 0420 mfenlfk - ok
16:04:18.0426 0420 mferkdet (edf5ee799a0b3ed6dce8bb16a51f3d1f) C:\Windows\system32\drivers\mferkdet.sys
16:04:18.0427 0420 mferkdet - ok
16:04:18.0491 0420 mfevtp (39e1dfb1700294e6c829465bd39e58b2) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
16:04:18.0493 0420 mfevtp - ok
16:04:18.0581 0420 mfewfpk (9182faf9addd5ea6308d155ceb502c6f) C:\Windows\system32\drivers\mfewfpk.sys
16:04:18.0584 0420 mfewfpk - ok
16:04:18.0722 0420 Microsoft SharePoint Workspace Audit Service - ok
16:04:18.0771 0420 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:04:18.0773 0420 MMCSS - ok
16:04:18.0803 0420 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:04:18.0803 0420 Modem - ok
16:04:18.0862 0420 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:04:18.0863 0420 monitor - ok
16:04:18.0936 0420 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:04:18.0937 0420 mouclass - ok
16:04:18.0981 0420 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:04:18.0982 0420 mouhid - ok
16:04:19.0055 0420 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:04:19.0056 0420 mountmgr - ok
16:04:19.0137 0420 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:04:19.0138 0420 mpio - ok
16:04:19.0157 0420 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:04:19.0158 0420 mpsdrv - ok
16:04:19.0352 0420 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:04:19.0358 0420 MpsSvc - ok
16:04:19.0414 0420 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:04:19.0415 0420 MRxDAV - ok
16:04:19.0460 0420 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:04:19.0462 0420 mrxsmb - ok
16:04:19.0525 0420 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:04:19.0527 0420 mrxsmb10 - ok
16:04:19.0542 0420 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:04:19.0543 0420 mrxsmb20 - ok
16:04:19.0621 0420 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:04:19.0622 0420 msahci - ok
16:04:19.0695 0420 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:04:19.0697 0420 msdsm - ok
16:04:19.0725 0420 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:04:19.0727 0420 MSDTC - ok
16:04:19.0749 0420 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:04:19.0750 0420 Msfs - ok
16:04:19.0763 0420 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:04:19.0763 0420 mshidkmdf - ok
16:04:19.0836 0420 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:04:19.0836 0420 msisadrv - ok
16:04:19.0885 0420 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:04:19.0887 0420 MSiSCSI - ok
16:04:19.0895 0420 msiserver - ok
16:04:20.0071 0420 MSK80Service (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:04:20.0073 0420 MSK80Service - ok
16:04:20.0112 0420 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:04:20.0113 0420 MSKSSRV - ok
16:04:20.0156 0420 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:04:20.0157 0420 MSPCLOCK - ok
16:04:20.0209 0420 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:04:20.0210 0420 MSPQM - ok
16:04:20.0262 0420 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:04:20.0264 0420 MsRPC - ok
16:04:20.0280 0420 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:04:20.0281 0420 mssmbios - ok
16:04:20.0297 0420 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:04:20.0298 0420 MSTEE - ok
16:04:20.0313 0420 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:04:20.0314 0420 MTConfig - ok
16:04:20.0336 0420 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:04:20.0337 0420 Mup - ok
16:04:20.0399 0420 mvusbews (8fa52b6049596fe2fdbc8a5e8b14ebfc) C:\Windows\system32\Drivers\mvusbews.sys
16:04:20.0400 0420 mvusbews - ok
16:04:20.0463 0420 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:04:20.0467 0420 napagent - ok
16:04:20.0507 0420 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:04:20.0510 0420 NativeWifiP - ok
16:04:20.0539 0420 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:04:20.0546 0420 NDIS - ok
16:04:20.0591 0420 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:04:20.0592 0420 NdisCap - ok
16:04:20.0631 0420 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:04:20.0632 0420 NdisTapi - ok
16:04:20.0702 0420 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:04:20.0703 0420 Ndisuio - ok
16:04:20.0815 0420 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:04:20.0816 0420 NdisWan - ok
16:04:20.0864 0420 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:04:20.0865 0420 NDProxy - ok
16:04:20.0927 0420 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
16:04:20.0928 0420 Net Driver HPZ12 - ok
16:04:21.0003 0420 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:04:21.0004 0420 NetBIOS - ok
16:04:21.0057 0420 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:04:21.0058 0420 NetBT - ok
16:04:21.0083 0420 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
16:04:21.0085 0420 Netlogon - ok
16:04:21.0132 0420 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:04:21.0136 0420 Netman - ok
16:04:21.0294 0420 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:04:21.0295 0420 NetMsmqActivator - ok
16:04:21.0315 0420 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:04:21.0316 0420 NetPipeActivator - ok
16:04:21.0361 0420 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:04:21.0365 0420 netprofm - ok
16:04:21.0389 0420 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:04:21.0391 0420 NetTcpActivator - ok
16:04:21.0396 0420 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:04:21.0398 0420 NetTcpPortSharing - ok
16:04:21.0444 0420 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:04:21.0445 0420 nfrd960 - ok
16:04:21.0625 0420 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:04:21.0628 0420 NlaSvc - ok
16:04:21.0770 0420 nmservice (cd569fa91ec6f59d045c19d0d3850f44) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
16:04:21.0774 0420 nmservice - ok
16:04:21.0792 0420 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:04:21.0794 0420 Npfs - ok
16:04:21.0822 0420 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:04:21.0824 0420 nsi - ok
16:04:21.0839 0420 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:04:21.0839 0420 nsiproxy - ok
16:04:21.0929 0420 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:04:21.0941 0420 Ntfs - ok
16:04:21.0956 0420 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:04:21.0956 0420 Null - ok
16:04:22.0027 0420 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:04:22.0028 0420 nvraid - ok
16:04:22.0087 0420 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:04:22.0089 0420 nvstor - ok
16:04:22.0147 0420 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:04:22.0148 0420 nv_agp - ok
16:04:22.0201 0420 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:04:22.0202 0420 ohci1394 - ok
16:04:22.0303 0420 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:04:22.0304 0420 ose - ok
16:04:22.0592 0420 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:04:22.0626 0420 osppsvc - ok
16:04:22.0657 0420 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:04:22.0660 0420 p2pimsvc - ok
16:04:22.0678 0420 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:04:22.0682 0420 p2psvc - ok
16:04:22.0710 0420 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:04:22.0711 0420 Parport - ok
16:04:22.0770 0420 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:04:22.0771 0420 partmgr - ok
16:04:22.0810 0420 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:04:22.0812 0420 PcaSvc - ok
16:04:22.0873 0420 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:04:22.0875 0420 pci - ok
16:04:22.0889 0420 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:04:22.0889 0420 pciide - ok
16:04:22.0914 0420 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:04:22.0916 0420 pcmcia - ok
16:04:22.0936 0420 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:04:22.0937 0420 pcw - ok
16:04:22.0982 0420 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:04:22.0986 0420 PEAUTH - ok
16:04:23.0070 0420 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
16:04:23.0080 0420 PeerDistSvc - ok
16:04:23.0172 0420 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:04:23.0174 0420 PerfHost - ok
16:04:23.0313 0420 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:04:23.0322 0420 pla - ok
16:04:23.0400 0420 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:04:23.0404 0420 PlugPlay - ok
16:04:23.0486 0420 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
16:04:23.0487 0420 Pml Driver HPZ12 - ok
16:04:23.0573 0420 pnarp (fb83b6c62dff5abe36304351d2bed581) C:\Windows\system32\DRIVERS\pnarp.sys
16:04:23.0574 0420 pnarp - ok
16:04:23.0601 0420 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:04:23.0603 0420 PNRPAutoReg - ok
16:04:23.0624 0420 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:04:23.0627 0420 PNRPsvc - ok
16:04:23.0646 0420 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:04:23.0650 0420 PolicyAgent - ok
16:04:23.0680 0420 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:04:23.0683 0420 Power - ok
16:04:23.0716 0420 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:04:23.0717 0420 PptpMiniport - ok
16:04:23.0767 0420 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:04:23.0768 0420 Processor - ok
16:04:23.0787 0420 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
16:04:23.0790 0420 ProfSvc - ok
16:04:23.0816 0420 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
16:04:23.0818 0420 ProtectedStorage - ok
16:04:23.0882 0420 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:04:23.0883 0420 Psched - ok
16:04:23.0953 0420 purendis (1b3434642ce3c26e6f24d3a76d749c2a) C:\Windows\system32\DRIVERS\purendis.sys
16:04:23.0954 0420 purendis - ok
16:04:24.0010 0420 pwdrvio (595a22c4cce855e72d475835f3df2d53) C:\Windows\system32\pwdrvio.sys
16:04:24.0012 0420 pwdrvio - ok
16:04:24.0035 0420 pwdspio (70eb529f6fedac79d0a8e3bb79999277) C:\Windows\system32\pwdspio.sys
16:04:24.0037 0420 pwdspio - ok
16:04:24.0114 0420 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
16:04:24.0115 0420 PxHlpa64 - ok
16:04:24.0156 0420 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:04:24.0166 0420 ql2300 - ok
16:04:24.0178 0420 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:04:24.0179 0420 ql40xx - ok
16:04:24.0209 0420 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:04:24.0212 0420 QWAVE - ok
16:04:24.0228 0420 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:04:24.0229 0420 QWAVEdrv - ok
16:04:24.0239 0420 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:04:24.0240 0420 RasAcd - ok
16:04:24.0290 0420 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:04:24.0290 0420 RasAgileVpn - ok
16:04:24.0309 0420 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:04:24.0311 0420 RasAuto - ok
16:04:24.0366 0420 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:04:24.0367 0420 Rasl2tp - ok
16:04:24.0424 0420 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:04:24.0428 0420 RasMan - ok
16:04:24.0444 0420 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:04:24.0445 0420 RasPppoe - ok
16:04:24.0491 0420 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:04:24.0492 0420 RasSstp - ok
16:04:24.0545 0420 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:04:24.0547 0420 rdbss - ok
16:04:24.0560 0420 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:04:24.0560 0420 rdpbus - ok
16:04:24.0574 0420 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:04:24.0575 0420 RDPCDD - ok
16:04:24.0626 0420 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
16:04:24.0627 0420 RDPDR - ok
16:04:24.0666 0420 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:04:24.0667 0420 RDPENCDD - ok
16:04:24.0684 0420 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:04:24.0684 0420 RDPREFMP - ok
16:04:24.0765 0420 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
16:04:24.0766 0420 RdpVideoMiniport - ok
16:04:24.0823 0420 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
16:04:24.0825 0420 RDPWD - ok
16:04:24.0882 0420 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:04:24.0884 0420 rdyboost - ok
16:04:24.0941 0420 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:04:24.0943 0420 RemoteAccess - ok
16:04:24.0973 0420 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:04:24.0975 0420 RemoteRegistry - ok
16:04:24.0990 0420 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:04:24.0992 0420 RpcEptMapper - ok
16:04:25.0050 0420 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:04:25.0052 0420 RpcLocator - ok
16:04:25.0102 0420 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:04:25.0107 0420 RpcSs - ok
16:04:25.0123 0420 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:04:25.0124 0420 rspndr - ok
16:04:25.0187 0420 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:04:25.0190 0420 RTL8167 - ok
16:04:25.0208 0420 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
16:04:25.0209 0420 SamSs - ok
16:04:25.0281 0420 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:04:25.0282 0420 sbp2port - ok
16:04:25.0300 0420 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:04:25.0302 0420 SCardSvr - ok
16:04:25.0367 0420 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
16:04:25.0368 0420 SCDEmu - ok
16:04:25.0431 0420 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:04:25.0432 0420 scfilter - ok
16:04:25.0507 0420 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:04:25.0516 0420 Schedule - ok
16:04:25.0574 0420 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:04:25.0575 0420 SCPolicySvc - ok
16:04:25.0631 0420 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:04:25.0633 0420 SDRSVC - ok
16:04:25.0773 0420 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
16:04:25.0775 0420 SeaPort - ok
16:04:25.0823 0420 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:04:25.0823 0420 secdrv - ok
16:04:25.0880 0420 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:04:25.0882 0420 seclogon - ok
16:04:25.0910 0420 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
16:04:25.0912 0420 SENS - ok
16:04:25.0926 0420 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:04:25.0928 0420 SensrSvc - ok
16:04:25.0998 0420 Sentinel64 (84ac127242dd3ccde02f9a4673214b1f) C:\Windows\System32\Drivers\Sentinel64.sys
16:04:26.0000 0420 Sentinel64 - ok
16:04:26.0022 0420 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:04:26.0023 0420 Serenum - ok
16:04:26.0034 0420 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:04:26.0035 0420 Serial - ok
16:04:26.0108 0420 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:04:26.0109 0420 sermouse - ok
16:04:26.0180 0420 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:04:26.0182 0420 SessionEnv - ok
16:04:26.0246 0420 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:04:26.0246 0420 sffdisk - ok
16:04:26.0266 0420 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:04:26.0266 0420 sffp_mmc - ok
16:04:26.0280 0420 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:04:26.0281 0420 sffp_sd - ok
16:04:26.0291 0420 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:04:26.0292 0420 sfloppy - ok
16:04:26.0360 0420 SftService (dbeb7c353fb71e7d8b9abce62d93d590) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
16:04:26.0365 0420 SftService - ok
16:04:26.0428 0420 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:04:26.0431 0420 SharedAccess - ok
16:04:26.0490 0420 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:04:26.0494 0420 ShellHWDetection - ok
16:04:26.0504 0420 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:04:26.0506 0420 SiSRaid2 - ok
16:04:26.0528 0420 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:04:26.0529 0420 SiSRaid4 - ok
16:04:26.0557 0420 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:04:26.0558 0420 Smb - ok
16:04:26.0613 0420 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:04:26.0615 0420 SNMPTRAP - ok
16:04:26.0627 0420 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:04:26.0627 0420 spldr - ok
16:04:26.0649 0420 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:04:26.0653 0420 Spooler - ok
16:04:26.0767 0420 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:04:26.0791 0420 sppsvc - ok
16:04:26.0814 0420 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:04:26.0816 0420 sppuinotify - ok
16:04:26.0907 0420 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
16:04:26.0909 0420 sprtsvc_DellSupportCenter - ok
16:04:26.0974 0420 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:04:26.0977 0420 srv - ok
16:04:26.0999 0420 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:04:27.0001 0420 srv2 - ok
16:04:27.0050 0420 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:04:27.0052 0420 srvnet - ok
16:04:27.0094 0420 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:04:27.0097 0420 SSDPSRV - ok
16:04:27.0116 0420 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:04:27.0118 0420 SstpSvc - ok
16:04:27.0140 0420 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:04:27.0141 0420 stexstor - ok
16:04:27.0207 0420 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:04:27.0212 0420 stisvc - ok
16:04:27.0276 0420 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:04:27.0277 0420 swenum - ok
16:04:27.0410 0420 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
16:04:27.0414 0420 SwitchBoard - ok
16:04:27.0444 0420 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:04:27.0448 0420 swprv - ok
16:04:27.0458 0420 Synth3dVsc - ok
16:04:27.0544 0420 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:04:27.0557 0420 SysMain - ok
16:04:27.0600 0420 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:04:27.0602 0420 TabletInputService - ok
16:04:27.0663 0420 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:04:27.0667 0420 TapiSrv - ok
16:04:27.0730 0420 tapoas (927d0cdb3f96efc1e98fb1a2c9fb67ad) C:\Windows\system32\DRIVERS\tapoas.sys
16:04:27.0731 0420 tapoas - ok
16:04:27.0746 0420 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:04:27.0748 0420 TBS - ok
16:04:27.0821 0420 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
16:04:27.0834 0420 Tcpip - ok
16:04:27.0904 0420 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
16:04:27.0916 0420 TCPIP6 - ok
16:04:27.0971 0420 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:04:27.0972 0420 tcpipreg - ok
16:04:28.0029 0420 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:04:28.0030 0420 TDPIPE - ok
16:04:28.0050 0420 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:04:28.0050 0420 TDTCP - ok
16:04:28.0140 0420 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:04:28.0141 0420 tdx - ok
16:04:28.0201 0420 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:04:28.0202 0420 TermDD - ok
16:04:28.0228 0420 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:04:28.0234 0420 TermService - ok
16:04:28.0248 0420 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:04:28.0250 0420 Themes - ok
16:04:28.0278 0420 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:04:28.0280 0420 THREADORDER - ok
16:04:28.0358 0420 ToolkitDisk (5c248e03921137e131ac5f1459fd42c9) C:\Windows\system32\Drivers\toolkitdisk.sys
16:04:28.0359 0420 ToolkitDisk - ok
16:04:28.0443 0420 Tpkd (c676b0f52f2b6483afb88f79cabb011e) C:\Windows\system32\drivers\Tpkd.sys
16:04:28.0444 0420 Tpkd - ok
16:04:28.0460 0420 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:04:28.0462 0420 TrkWks - ok
16:04:28.0526 0420 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:04:28.0528 0420 TrustedInstaller - ok
16:04:28.0588 0420 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:04:28.0589 0420 tssecsrv - ok
16:04:28.0670 0420 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:04:28.0671 0420 TsUsbFlt - ok
16:04:28.0695 0420 tsusbhub - ok
16:04:28.0792 0420 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:04:28.0794 0420 tunnel - ok
16:04:28.0837 0420 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:04:28.0838 0420 uagp35 - ok
16:04:28.0910 0420 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:04:28.0913 0420 udfs - ok
16:04:28.0938 0420 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:04:28.0940 0420 UI0Detect - ok
16:04:29.0026 0420 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:04:29.0027 0420 uliagpkx - ok
16:04:29.0099 0420 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
16:04:29.0100 0420 umbus - ok
16:04:29.0145 0420 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:04:29.0146 0420 UmPass - ok
16:04:29.0266 0420 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
16:04:29.0270 0420 UmRdpService - ok
16:04:29.0305 0420 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:04:29.0308 0420 upnphost - ok
16:04:29.0324 0420 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:04:29.0326 0420 usbccgp - ok
16:04:29.0387 0420 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:04:29.0388 0420 usbcir - ok
16:04:29.0407 0420 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:04:29.0408 0420 usbehci - ok
16:04:29.0427 0420 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:04:29.0430 0420 usbhub - ok
16:04:29.0450 0420 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:04:29.0450 0420 usbohci - ok
16:04:29.0475 0420 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:04:29.0476 0420 usbprint - ok
16:04:29.0535 0420 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:04:29.0535 0420 usbscan - ok
16:04:29.0555 0420 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:04:29.0556 0420 USBSTOR - ok
16:04:29.0615 0420 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
16:04:29.0616 0420 usbuhci - ok
16:04:29.0633 0420 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:04:29.0635 0420 UxSms - ok
16:04:29.0666 0420 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
16:04:29.0668 0420 VaultSvc - ok
16:04:29.0750 0420 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:04:29.0751 0420 vdrvroot - ok
16:04:29.0816 0420 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:04:29.0821 0420 vds - ok
16:04:29.0860 0420 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:04:29.0860 0420 vga - ok
16:04:29.0882 0420 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:04:29.0883 0420 VgaSave - ok
16:04:29.0892 0420 VGPU - ok
16:04:30.0008 0420 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:04:30.0010 0420 vhdmp - ok
16:04:30.0032 0420 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:04:30.0033 0420 viaide - ok
16:04:30.0081 0420 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:04:30.0082 0420 volmgr - ok
16:04:30.0133 0420 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:04:30.0136 0420 volmgrx - ok
16:04:30.0161 0420 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:04:30.0163 0420 volsnap - ok
16:04:30.0209 0420 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:04:30.0210 0420 vsmraid - ok
16:04:30.0291 0420 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:04:30.0303 0420 VSS - ok
16:04:30.0319 0420 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
16:04:30.0320 0420 vwifibus - ok
16:04:30.0354 0420 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:04:30.0358 0420 W32Time - ok
16:04:30.0372 0420 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:04:30.0373 0420 WacomPen - ok
16:04:30.0420 0420 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:04:30.0421 0420 WANARP - ok
16:04:30.0444 0420 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:04:30.0445 0420 Wanarpv6 - ok
16:04:30.0512 0420 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
16:04:30.0520 0420 WatAdminSvc - ok
16:04:30.0604 0420 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:04:30.0615 0420 wbengine - ok
16:04:30.0658 0420 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:04:30.0661 0420 WbioSrvc - ok
16:04:30.0714 0420 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:04:30.0717 0420 wcncsvc - ok
16:04:30.0731 0420 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:04:30.0734 0420 WcsPlugInService - ok
16:04:30.0744 0420 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:04:30.0745 0420 Wd - ok
16:04:30.0772 0420 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
16:04:30.0773 0420 WDC_SAM - ok
16:04:30.0806 0420 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:04:30.0811 0420 Wdf01000 - ok
16:04:30.0828 0420 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:04:30.0830 0420 WdiServiceHost - ok
16:04:30.0836 0420 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:04:30.0839 0420 WdiSystemHost - ok
16:04:30.0899 0420 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:04:30.0902 0420 WebClient - ok
16:04:30.0918 0420 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:04:30.0921 0420 Wecsvc - ok
16:04:30.0941 0420 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:04:30.0944 0420 wercplsupport - ok
16:04:30.0982 0420 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:04:30.0984 0420 WerSvc - ok
16:04:31.0008 0420 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:04:31.0009 0420 WfpLwf - ok
16:04:31.0061 0420 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
16:04:31.0062 0420 WimFltr - ok
16:04:31.0086 0420 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:04:31.0087 0420 WIMMount - ok
16:04:31.0111 0420 WinDefend - ok
16:04:31.0138 0420 WinHttpAutoProxySvc - ok
16:04:31.0194 0420 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:04:31.0195 0420 Winmgmt - ok
16:04:31.0279 0420 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:04:31.0294 0420 WinRM - ok
16:04:31.0383 0420 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:04:31.0384 0420 WinUsb - ok
16:04:31.0429 0420 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:04:31.0436 0420 Wlansvc - ok
16:04:31.0545 0420 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:04:31.0546 0420 wlcrasvc - ok
16:04:31.0676 0420 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:04:31.0692 0420 wlidsvc - ok
16:04:31.0709 0420 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:04:31.0710 0420 WmiAcpi - ok
16:04:31.0738 0420 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:04:31.0739 0420 wmiApSrv - ok
16:04:31.0790 0420 WMPNetworkSvc - ok
16:04:31.0805 0420 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:04:31.0807 0420 WPCSvc - ok
16:04:31.0865 0420 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:04:31.0868 0420 WPDBusEnum - ok
16:04:31.0898 0420 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:04:31.0899 0420 ws2ifsl - ok
16:04:31.0956 0420 WsAudio_DeviceS(1) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
16:04:31.0957 0420 WsAudio_DeviceS(1) - ok
16:04:32.0025 0420 WsAudio_DeviceS(2) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
16:04:32.0026 0420 WsAudio_DeviceS(2) - ok
16:04:32.0039 0420 WsAudio_DeviceS(3) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
16:04:32.0040 0420 WsAudio_DeviceS(3) - ok
16:04:32.0087 0420 WsAudio_DeviceS(4) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
16:04:32.0088 0420 WsAudio_DeviceS(4) - ok
16:04:32.0117 0420 WsAudio_DeviceS(5) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
16:04:32.0118 0420 WsAudio_DeviceS(5) - ok
16:04:32.0182 0420 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
16:04:32.0184 0420 wscsvc - ok
16:04:32.0193 0420 WSearch - ok
16:04:32.0297 0420 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
16:04:32.0313 0420 wuauserv - ok
16:04:32.0364 0420 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:04:32.0365 0420 WudfPf - ok
16:04:32.0416 0420 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:04:32.0418 0420 WUDFRd - ok
16:04:32.0464 0420 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:04:32.0466 0420 wudfsvc - ok
16:04:32.0498 0420 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:04:32.0501 0420 WwanSvc - ok
16:04:32.0556 0420 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:04:32.0617 0420 \Device\Harddisk0\DR0 - ok
16:04:32.0621 0420 Boot (0x1200) (1e7f17fe66028297dbf7638759c7662f) \Device\Harddisk0\DR0\Partition0
16:04:32.0622 0420 \Device\Harddisk0\DR0\Partition0 - ok
16:04:32.0639 0420 Boot (0x1200) (c811d8578292290fe4eb6368e2f020e1) \Device\Harddisk0\DR0\Partition1
16:04:32.0640 0420 \Device\Harddisk0\DR0\Partition1 - ok
16:04:32.0641 0420 ============================================================
16:04:32.0641 0420 Scan finished
16:04:32.0641 0420 ============================================================
16:04:32.0652 4928 Detected object count: 1
16:04:32.0652 4928 Actual detected object count: 1
16:05:02.0186 4928 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
16:05:02.0187 4928 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

^that's the tdss killer log

Heres the aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-22 16:07:08
-----------------------------
16:07:08.631 OS Version: Windows x64 6.1.7601 Service Pack 1
16:07:08.631 Number of processors: 4 586 0x170A
16:07:08.632 ComputerName: NIKIL-THYPARAMP UserName: Nithish
16:07:10.077 Initialize success
13:09:01.627 AVAST engine defs: 12032000
13:11:37.617 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:11:37.619 Disk 0 Vendor: WDC_WD6400AAKS-75A7B2 01.03B01 Size: 610480MB BusType: 3
13:11:37.638 Disk 0 MBR read successfully
13:11:37.641 Disk 0 MBR scan
13:11:37.645 Disk 0 Windows 7 default MBR code
13:11:37.648 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
13:11:37.657 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 10942 MB offset 112640
13:11:37.670 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 599482 MB offset 22521856
13:11:37.695 Disk 0 scanning C:\Windows\system32\drivers
13:11:49.399 Service scanning
13:12:14.009 Modules scanning
13:12:14.017 Disk 0 trace - called modules:
13:12:14.052 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
13:12:14.382 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800622a060]
13:12:14.388 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8005fff580]
13:12:14.393 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8006001060]
13:12:16.965 AVAST engine scan C:\Windows
13:12:21.332 AVAST engine scan C:\Windows\system32
13:15:35.121 File: C:\Windows\assembly\temp\U\80000004.@ **INFECTED** Win64:ZAccess-A [Trj]
13:15:35.165 File: C:\Windows\assembly\temp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
13:15:37.189 AVAST engine scan C:\Windows\system32\drivers
13:15:59.179 AVAST engine scan C:\Users\Nithish
13:17:19.860 File: C:\Users\Nithish\AppData\Local\Microsoft\Crack.exe **INFECTED** Win32:Malware-gen
13:22:12.782 File: C:\Users\Nithish\AppData\Roaming\fixflash\MPLIB.dll **INFECTED** Win32:Rootkit-gen [Rtk]
13:35:44.360 File: C:\Users\Nithish\Downloads\Halo CE Hacks\FaithInject.exe **INFECTED** Win32:Malware-gen
13:37:50.174 Disk 0 MBR has been saved successfully to "C:\Users\Nithish\Desktop\MBR.dat"
13:37:50.176 The log file has been saved successfully to "C:\Users\Nithish\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-22 16:07:08
-----------------------------
16:07:08.631 OS Version: Windows x64 6.1.7601 Service Pack 1
16:07:08.631 Number of processors: 4 586 0x170A
16:07:08.632 ComputerName: NIKIL-THYPARAMP UserName: Nithish
16:07:10.077 Initialize success
13:09:01.627 AVAST engine defs: 12032000
13:11:37.617 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:11:37.619 Disk 0 Vendor: WDC_WD6400AAKS-75A7B2 01.03B01 Size: 610480MB BusType: 3
13:11:37.638 Disk 0 MBR read successfully
13:11:37.641 Disk 0 MBR scan
13:11:37.645 Disk 0 Windows 7 default MBR code
13:11:37.648 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
13:11:37.657 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 10942 MB offset 112640
13:11:37.670 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 599482 MB offset 22521856
13:11:37.695 Disk 0 scanning C:\Windows\system32\drivers
13:11:49.399 Service scanning
13:12:14.009 Modules scanning
13:12:14.017 Disk 0 trace - called modules:
13:12:14.052 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
13:12:14.382 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800622a060]
13:12:14.388 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8005fff580]
13:12:14.393 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8006001060]
13:12:16.965 AVAST engine scan C:\Windows
13:12:21.332 AVAST engine scan C:\Windows\system32
13:15:35.121 File: C:\Windows\assembly\temp\U\80000004.@ **INFECTED** Win64:ZAccess-A [Trj]
13:15:35.165 File: C:\Windows\assembly\temp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
13:15:37.189 AVAST engine scan C:\Windows\system32\drivers
13:15:59.179 AVAST engine scan C:\Users\Nithish
13:17:19.860 File: C:\Users\Nithish\AppData\Local\Microsoft\Crack.exe **INFECTED** Win32:Malware-gen
13:22:12.782 File: C:\Users\Nithish\AppData\Roaming\fixflash\MPLIB.dll **INFECTED** Win32:Rootkit-gen [Rtk]
13:35:44.360 File: C:\Users\Nithish\Downloads\Halo CE Hacks\FaithInject.exe **INFECTED** Win32:Malware-gen
13:37:50.174 Disk 0 MBR has been saved successfully to "C:\Users\Nithish\Desktop\MBR.dat"
13:37:50.176 The log file has been saved successfully to "C:\Users\Nithish\Desktop\aswMBR.txt"
13:41:51.929 File: C:\Users\Nithish\XBOX 360\Xport360.exe **INFECTED** Win32:Dropper-gen [Drp]
13:43:08.759 AVAST engine scan C:\ProgramData
14:10:22.817 File: C:\ProgramData\Microsoft\Windows\DRM\9BA3.tmp **INFECTED** Win32:Malware-gen
14:10:22.881 File: C:\ProgramData\Microsoft\Windows\DRM\9BA4.tmp **INFECTED** Win32:Malware-gen
14:10:23.896 File: C:\ProgramData\Microsoft\Windows\DRM\E735.tmp **INFECTED** Win32:Malware-gen
14:10:23.921 File: C:\ProgramData\Microsoft\Windows\DRM\E736.tmp **INFECTED** Win32:Malware-gen
14:11:03.273 Scan finished successfully
14:36:33.891 Disk 0 MBR has been saved successfully to "C:\Users\Nithish\Desktop\MBR.dat"
14:36:33.899 The log file has been saved successfully to "C:\Users\Nithish\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-22 16:07:08
-----------------------------
16:07:08.631 OS Version: Windows x64 6.1.7601 Service Pack 1
16:07:08.631 Number of processors: 4 586 0x170A
16:07:08.632 ComputerName: NIKIL-THYPARAMP UserName: Nithish
16:07:10.077 Initialize success
13:09:01.627 AVAST engine defs: 12032000
13:11:37.617 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:11:37.619 Disk 0 Vendor: WDC_WD6400AAKS-75A7B2 01.03B01 Size: 610480MB BusType: 3
13:11:37.638 Disk 0 MBR read successfully
13:11:37.641 Disk 0 MBR scan
13:11:37.645 Disk 0 Windows 7 default MBR code
13:11:37.648 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
13:11:37.657 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 10942 MB offset 112640
13:11:37.670 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 599482 MB offset 22521856
13:11:37.695 Disk 0 scanning C:\Windows\system32\drivers
13:11:49.399 Service scanning
13:12:14.009 Modules scanning
13:12:14.017 Disk 0 trace - called modules:
13:12:14.052 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
13:12:14.382 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800622a060]
13:12:14.388 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8005fff580]
13:12:14.393 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8006001060]
13:12:16.965 AVAST engine scan C:\Windows
13:12:21.332 AVAST engine scan C:\Windows\system32
13:15:35.121 File: C:\Windows\assembly\temp\U\80000004.@ **INFECTED** Win64:ZAccess-A [Trj]
13:15:35.165 File: C:\Windows\assembly\temp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
13:15:37.189 AVAST engine scan C:\Windows\system32\drivers
13:15:59.179 AVAST engine scan C:\Users\Nithish
13:17:19.860 File: C:\Users\Nithish\AppData\Local\Microsoft\Crack.exe **INFECTED** Win32:Malware-gen
13:22:12.782 File: C:\Users\Nithish\AppData\Roaming\fixflash\MPLIB.dll **INFECTED** Win32:Rootkit-gen [Rtk]
13:35:44.360 File: C:\Users\Nithish\Downloads\Halo CE Hacks\FaithInject.exe **INFECTED** Win32:Malware-gen
13:37:50.174 Disk 0 MBR has been saved successfully to "C:\Users\Nithish\Desktop\MBR.dat"
13:37:50.176 The log file has been saved successfully to "C:\Users\Nithish\Desktop\aswMBR.txt"
13:41:51.929 File: C:\Users\Nithish\XBOX 360\Xport360.exe **INFECTED** Win32:Dropper-gen [Drp]
13:43:08.759 AVAST engine scan C:\ProgramData
14:10:22.817 File: C:\ProgramData\Microsoft\Windows\DRM\9BA3.tmp **INFECTED** Win32:Malware-gen
14:10:22.881 File: C:\ProgramData\Microsoft\Windows\DRM\9BA4.tmp **INFECTED** Win32:Malware-gen
14:10:23.896 File: C:\ProgramData\Microsoft\Windows\DRM\E735.tmp **INFECTED** Win32:Malware-gen
14:10:23.921 File: C:\ProgramData\Microsoft\Windows\DRM\E736.tmp **INFECTED** Win32:Malware-gen
14:11:03.273 Scan finished successfully
14:36:33.891 Disk 0 MBR has been saved successfully to "C:\Users\Nithish\Desktop\MBR.dat"
14:36:33.899 The log file has been saved successfully to "C:\Users\Nithish\Desktop\aswMBR.txt"
14:57:03.550 Disk 0 MBR has been saved successfully to "C:\Users\Nithish\Desktop\MBR.dat"
14:57:03.556 The log file has been saved successfully to "C:\Users\Nithish\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:02 PM

Posted 22 March 2012 - 02:12 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
C:\Windows\assembly\temp\U
C:\ProgramData\Microsoft\Windows\DRM
c:\program files (x86)\Ask.com

File::
C:\Users\Nithish\AppData\Local\Microsoft\Crack.exe
C:\Users\Nithish\AppData\Roaming\fixflash\MPLIB.dll
C:\Users\Nithish\Downloads\Halo CE Hacks\FaithInject.exe
C:\Users\Nithish\XBOX 360\Xport360.exe

FireFox::
FF - ProfilePath - c:\users\Nithish\AppData\Roaming\Mozilla\Firefox\Profiles\26zxd9sr.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 58828

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 naqman32

naqman32
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 22 March 2012 - 04:27 AM

ComboFix 12-03-20.02 - Nithish 03/22/2012 16:45:07.6.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6109.4082 [GMT -4:00]
Running from: c:\users\Nithish\Desktop\ComboFix.exe
Command switches used :: c:\users\Nithish\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\users\Nithish\AppData\Local\Microsoft\Crack.exe"
"c:\users\Nithish\AppData\Roaming\fixflash\MPLIB.dll"
"c:\users\Nithish\Downloads\Halo CE Hacks\FaithInject.exe"
"c:\users\Nithish\XBOX 360\Xport360.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Nithish\AppData\Local\Microsoft\Crack.exe
c:\users\Nithish\AppData\Roaming\fixflash\MPLIB.dll
c:\users\Nithish\Downloads\Halo CE Hacks\FaithInject.exe
c:\users\Nithish\XBOX 360\Xport360.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-22 to 2012-03-22 )))))))))))))))))))))))))))))))
.
.
2012-03-22 20:55 . 2012-03-22 20:55 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-03-22 20:55 . 2012-03-22 20:55 -------- d-----w- c:\users\Nikita\AppData\Local\temp
2012-03-22 20:55 . 2012-03-22 20:55 -------- d-----w- c:\users\Nikil\AppData\Local\temp
2012-03-22 20:55 . 2012-03-22 20:55 -------- d-----w- c:\users\Nikil.Jacob-PC\AppData\Local\temp
2012-03-22 20:55 . 2012-03-22 20:55 -------- d-----w- c:\users\Mcx2-JACOB-PC\AppData\Local\temp
2012-03-22 20:55 . 2012-03-22 20:55 -------- d-----w- c:\users\Mcx1-JACOB-PC\AppData\Local\temp
2012-03-22 20:55 . 2012-03-22 20:55 -------- d-----w- c:\users\Jacob\AppData\Local\temp
2012-03-22 20:55 . 2012-03-22 20:55 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-03-22 20:55 . 2012-03-22 20:55 -------- d-----w- c:\users\For a gay person\AppData\Local\temp
2012-03-22 20:55 . 2012-03-22 20:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-22 20:55 . 2012-03-22 20:55 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-03-22 07:51 . 2012-03-22 07:52 -------- d-----w- C:\FRST
2012-03-21 04:15 . 2012-03-21 04:15 -------- d-----w- C:\Device
2012-03-20 07:41 . 2012-03-20 07:41 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-20 07:41 . 2012-03-20 07:41 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-20 00:00 . 2011-05-14 23:47 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-09 20:11 . 2012-02-09 20:12 525544 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-06 23:01 . 2012-02-06 23:01 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\E736.tmp
2012-02-06 23:01 . 2012-02-06 23:01 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\E735.tmp
2012-01-29 02:01 . 2012-01-29 02:01 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\9BA4.tmp
2012-01-29 02:01 . 2012-01-29 02:01 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\9BA3.tmp
2009-02-13 15:02 . 2009-02-13 15:02 80896 ----a-w- c:\program files\devcon_amd64.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-03-20_19.01.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-13 14:33 . 2012-03-22 20:59 77512 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-22 20:58 33212 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-25 23:48 . 2012-03-22 18:09 23004 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1552687033-1708156880-4125484423-1009_UserData.bin
- 2010-02-02 02:01 . 2012-03-20 19:24 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
+ 2010-02-02 02:01 . 2012-03-22 01:38 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2009-11-24 23:04 . 2012-03-20 18:56 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-24 23:04 . 2012-03-22 19:35 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-24 23:04 . 2012-03-20 18:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-24 23:04 . 2012-03-22 19:35 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-20 18:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-22 19:35 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-29 12:50 . 2012-03-20 19:18 3702 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-03-20 18:55 . 2012-03-20 18:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-22 20:57 . 2012-03-22 20:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-20 18:55 . 2012-03-20 18:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-22 20:57 . 2012-03-22 20:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-08-16 01:26 . 2012-03-20 19:00 418656 c:\windows\system32\perfh011.dat
+ 2011-08-16 01:26 . 2012-03-22 18:12 418656 c:\windows\system32\perfh011.dat
- 2011-08-16 00:26 . 2012-03-20 19:00 746174 c:\windows\system32\perfh00A.dat
+ 2011-08-16 00:26 . 2012-03-22 18:12 746174 c:\windows\system32\perfh00A.dat
+ 2009-07-14 02:36 . 2012-03-22 18:12 663222 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-20 19:00 663222 c:\windows\system32\perfh009.dat
- 2011-08-16 01:26 . 2012-03-20 19:00 122090 c:\windows\system32\perfc011.dat
+ 2011-08-16 01:26 . 2012-03-22 18:12 122090 c:\windows\system32\perfc011.dat
- 2011-08-16 00:26 . 2012-03-20 19:00 158220 c:\windows\system32\perfc00A.dat
+ 2011-08-16 00:26 . 2012-03-22 18:12 158220 c:\windows\system32\perfc00A.dat
- 2009-07-14 02:36 . 2012-03-20 19:00 122090 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-03-22 18:12 122090 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-03-20 18:55 590564 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-22 20:56 590564 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-03-20 18:54 1261568 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-20 19:16 1261568 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-03-22 18:13 . 2012-03-22 18:13 4460544 c:\windows\Installer\7a5ab.msi
+ 2009-07-14 04:54 . 2012-03-20 19:16 13205504 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-20 18:54 13205504 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-20 18:54 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-20 19:16 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 02:34 . 2012-03-22 02:50 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2011-08-16 01:23 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2010-10-23 13:33 . 2012-03-22 20:56 45952696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1552687033-1708156880-4125484423-1009-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 20:50 1197448 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-15 738680]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-24 39408]
"Facebook Update"="c:\users\Nithish\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-12-25 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Google Quick Search Box"="c:\program files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2011-09-01 126976]
"DigidesignMMERefresh"="c:\program files (x86)\Digidesign\Drivers\MMERefresh.exe" [2010-05-05 77824]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
c:\users\Nithish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-1-21 226176]
TimeLeft.lnk - c:\program files (x86)\TimeLeft3\TimeLeft.exe [2011-9-8 2051880]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [x]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [x]
R3 ToolkitDisk;ToolkitDisk;c:\windows\system32\Drivers\toolkitdisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]
R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
R4 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R4 DokanMounter;DokanMounter;c:\program files\Dokan\DokanLibrary\mounter.exe [2008-12-11 10752]
R4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-03-13 1436424]
R4 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [x]
R4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R4 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
R4 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
R4 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 245352]
R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-08-17 656624]
R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-04-14 149032]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 23:02 114688 ----a-w- c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1552687033-1708156880-4125484423-1009Core.job
- c:\users\Nithish\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-25 07:51]
.
2012-03-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1552687033-1708156880-4125484423-1009UA.job
- c:\users\Nithish\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-25 07:51]
.
2012-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cce13da6969c7f.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-04 12:59]
.
2012-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cce13da78dd15e.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-04 12:59]
.
2012-02-19 c:\windows\Tasks\RegInOut Scheduled Scan - Nithish.job
- c:\program files (x86)\RegInOut\RegInOut.exe [2010-08-24 14:31]
.
.
--------- x86-64 -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421
uInternet Settings,ProxyServer = http=127.0.0.1:58828
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 167.206.254.2 167.206.254.1
FF - ProfilePath - c:\users\Nithish\AppData\Roaming\Mozilla\Firefox\Profiles\26zxd9sr.default\
FF - prefs.js: browser.search.selectedEngine - Google (SSL)
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.type - 0
tpp
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D3B22A92-87A2-47B6-B3E6-A64877B5C242} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1552687033-1708156880-4125484423-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1552687033-1708156880-4125484423-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\drivers\CDAC11BA.EXE
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Completion time: 2012-03-22 17:08:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-22 21:08
ComboFix2.txt 2012-03-22 18:49
ComboFix3.txt 2012-03-20 19:09
ComboFix4.txt 2011-12-31 13:43
ComboFix5.txt 2012-03-22 20:42
.
Pre-Run: 5,250,883,584 bytes free
Post-Run: 5,399,224,320 bytes free
.
- - End Of File - - 599B0E2AACD8EE62AD0A61D68D4A1DF0

^ the combofix report that you've requested my good man. Thanks for all your help man through all this, would've took me quite (quite, quite a long while for sure) a while to figure all of this out by myself. So I did as you've instructed, moved CFScript into combofix, it ran...rebooted the pc..it booted up fine..logged back in..combofix open, produced the log file..then i looked at that..tried to open firefox..it said illegal operation blah blah..so i restarted the computer as you said..everything booted up properly..logged back in..opened up firefox..and now i'm replying to you...nothing seems peculiar, and everything seems to be running smoothly..again, i'm extremely grateful for your assistance, thanks man.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:02 PM

Posted 22 March 2012 - 02:50 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 naqman32

naqman32
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 22 March 2012 - 03:49 PM

Torrent
7-Zip 9.22beta
abgx360 v1.0.5
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Community Help
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Download Assistant
Adobe ExtendScript Toolkit 2
Adobe Flash Player 11 ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS5.1
Adobe Reader X (10.1.2)
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AIO_Scan
Akamai NetSession Interface Service
Alarm Clock v1.0
Anime Studio Pro 7.0
Any Video Converter 3.3.2
Apple Application Support
ASIO4ALL
Ask Toolbar
Audacity 1.3.13 (Unicode)
AutoCAD 2006 - English
Autodesk DWF Viewer
Autodesk Material Library 2011
Autodesk Material Library 2011 Base Image library
AviSynth 2.5
Bing Bar
Bing Bar Platform
BufferChm
Cheat Engine 6.0
Cisco Network Magic
Combined Community Codec Pack 2011-11-11
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
D3DX10
DAEMON Tools Pro
Definition update for Microsoft Office 2010 (KB982726)
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Getting Started Guide
Dell Support Center (Support Software)
DiskAid 3.11
DivX Setup
DJ_AIO_Software
DJ_AIO_Software_min
EASEUS Partition Master 6.5.2 Home Edition
Facebook Video Calling 1.2.0.159
FARO LS 1.1.406.58
Feedback Tool
FL Studio 10
GIMP 2.6.8
Google Chrome
Google Earth
Google Quick Search Box
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
Halo Combat Evolved
Halo Tool Box
HPPhotoGadget
HxD Hex Editor version 1.7.7.0
IL Download Manager
ImgBurn
Internet TV for Windows Media Center
iPhone Tunnel Suite v3.0
iPhoneBrowser
iPrep 101
Java Auto Updater
Java™ 6 Update 26
Junk Mail filter update
K-Lite Codec Pack 6.5.0 (Full)
League of Legends
Malwarebytes Anti-Malware version 1.60.1.1000
McAfee Security Scan Plus
McAfee SecurityCenter
MediaFACE 5.0
Memorex exPressit Label Design Studio
Mesh Runtime
Messenger Companion
Microsoft Halo Trial
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MiniTool Partition Wizard Home Edition 7.0
Mozilla Firefox 11.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NBA 2K11
NBA 2K11 MOD TOOL
NBA 2K12
Network Magic
OpenSSL 1.0.0a Light (32-bit)
Pando Media Booster
Partition Wizard Enterprise Edition 5.0 DEMO
Partition Wizard Home Edition 5.0
PCSX2 - Playstation 2 Emulator
Pcsx2 0.9.6
PDF Settings
PDF Settings CS5
PixiePack Codec Pack
PowerDVD DX
PowerISO
Prism Video File Converter
Pure Networks Platform
QualXServ Service Agreement
QuickTime
RAR Password Recovery Magic v6.1.1.393
Real Alternative 2.0.2
Realtek High Definition Audio Driver
RegInOut
Roxio Burn
Roxio Update Manager
SafeCast Shared Components
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
System Requirements Lab
The Core Media Player 4.0
TI Connect 1.6
TimeLeft
Toolbox
Total Commander (Remove or Repair)
Tunebite
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2010 (KB2494150)
VC80CRTRedist - 8.0.50727.4053
Videora iPod touch Converter 6
Videora Xbox 360 Converter 6
Virus Guard - powered by BitDefender
VLC media player 1.1.4
WBFS Manager 3.0
WebReg
WiiMedia Savegame Manager
Windows 7 Upgrade Advisor
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR archiver
WinSCP 4.2.3 beta


^there you go. Thanks again for your help.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:02 PM

Posted 22 March 2012 - 09:47 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Torrent
Ask Toolbar
Bing Bar
Bing Bar Platform
Java 6 Update 26
McAfee Security Scan Plus
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 naqman32

naqman32
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 23 March 2012 - 12:03 AM

1. Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.22.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Nithish :: NIKIL-THYPARAMP [administrator]

Protection: Disabled

3/23/2012 12:54:19 AM
mbam-log-2012-03-23 (00-54-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 350300
Time elapsed: 5 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

^mbam log

2. Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:57:00 AM, on 3/23/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\TimeLeft3\TimeLeft.exe
C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\WinRAR\WinRAR.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Users\Nithish\AppData\Roaming\Egome\umbu.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Nithish\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:58828
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110513175434.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Nithish\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Moublogyno] C:\Users\Nithish\AppData\Roaming\Egome\umbu.exe
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Startup: TimeLeft.lnk = C:\Program Files (x86)\TimeLeft3\TimeLeft.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\Windows\system32\drivers\CDAC11BA.EXE
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Avid Technology, Inc. - C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11033 bytes

^HijackThis Log

3. No problems whatsoever..everything running seemingly smoothly
4. Computer seems to be doing great..nothing redirecting me anymore..browsing is smoother..just great..Thanks again man for your help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users