Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Ads playing in background and google redirection


  • This topic is locked This topic is locked
19 replies to this topic

#1 Imran786

Imran786

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 16 June 2012 - 03:16 PM

Hi, only today I think I've got a virus where randoms ads and commercials will start playing in the background of my computer. When I go to sound control I see something titled 'Name not available' which is causing this. Using google chrome when I go to google i get this message 'The site's security certificate is signed using a weak signature algorithm!' and i get redirected sometimes to google.com/webhp and also other websites. Tried using AVG to do a full computer scan but nothing got reported. Any help would be appreciated.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:27 PM

Posted 16 June 2012 - 11:28 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Imran786

Imran786
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 17 June 2012 - 06:27 AM

This is the contents of checkup.txt

Results of screen317's Security Check version 0.99.41
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Norton 360
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 31
Java version out of date!
Adobe Flash Player 10 Flash Player out of date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (3.6.3) Firefox out of Date!
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 6%
````````````````````End of Log``````````````````````

#4 Imran786

Imran786
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 17 June 2012 - 06:29 AM

And these are the logs from DDS




.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Imran at 12:26:09 on 2012-06-17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4093.2072 [GMT 1:00]
.
AV: Norton 360 *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Prevx\prevx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\lxebcoms.exe
C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe
C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVESched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe
C:\Program Files\Prevx\prevx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Packard Bell\Packard Bell Touch Suite\TouchPortal.exe
C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
C:\Program Files (x86)\Packard Bell\Packard Bell Touch Suite\TouchMusic.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Packard Bell\Packard Bell Touch Suite\TouchMemo.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Imran\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
C:\Program Files (x86)\CyberLink\TV Enhance\TVEService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Imran\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Packard Bell\Packard Bell Touch Suite\SNSAgent.exe
C:\Users\Imran\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Imran\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Imran\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Imran\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Users\Imran\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\Imran\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Imran\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Packard Bell\Packard Bell Touch Suite\MusicAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Imran\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=onetwo_l5710&r=173604100400p0437y145y44n1153s
uDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=onetwo_l5710&r=173604100400p0437y145y44n1153s
mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=onetwo_l5710&r=173604100400p0437y145y44n1153s
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=onetwo_l5710&r=173604100400p0437y145y44n1153s
mURLSearchHooks: Miniclip Toolbar: {1c68c940-1b2f-46eb-bd8c-2e1612ff6a58} - C:\Program Files (x86)\Miniclip\prxtbMini.dll
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Miniclip Toolbar: {1c68c940-1b2f-46eb-bd8c-2e1612ff6a58} - C:\Program Files (x86)\Miniclip\prxtbMini.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: IE5BarLauncherBHO Class: {78f3a323-798e-4aea-9a57-88f4b05fd5dd} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coIEPlg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
TB: VShareToolBar: {7ac3e13b-3bca-4158-b330-f66dbb03c1b5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll
TB: Miniclip Toolbar: {1c68c940-1b2f-46eb-bd8c-2e1612ff6a58} - C:\Program Files (x86)\Miniclip\prxtbMini.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [PhotoGadgetFirstRun] 0 (0x0)
uRun: [MusicGadget] "C:\Program Files (x86)\Packard Bell\Packard Bell Touch Suite\TouchMusic.exe"
uRun: [PhotoGadget] 0 (0x0)
uRun: [TouchMemo] "C:\Program Files (x86)\Packard Bell\Packard Bell Touch Suite\TouchMemo.exe"
uRun: [PhotoGadgetFirstRun_Portal] 0 (0x0)
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "C:\Users\Imran\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
mRun: [YouCam Mirror Tray icon] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
mRun: [TVEService] "C:\Program Files (x86)\CyberLink\TV Enhance\TVEService.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {971FC730-55F1-461F-83FD-B3BF5E1F039E} - hxxp://192.168.0.10/AVC_AX_742.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{7965DD4E-BFDB-4AE9-AA0C-305544C70EA4} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{90C6BA1B-7B1E-441B-99F3-6D1EDB343EAE} : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Miniclip Toolbar: {1c68c940-1b2f-46eb-bd8c-2e1612ff6a58} - C:\Program Files (x86)\Miniclip\prxtbMini.dll
BHO-X64: Miniclip - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: IE5BarLauncherBHO Class: {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coIEPlg.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
TB-X64: VShareToolBar: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll
TB-X64: Miniclip Toolbar: {1c68c940-1b2f-46eb-bd8c-2e1612ff6a58} - C:\Program Files (x86)\Miniclip\prxtbMini.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
mRun-x64: [YouCam Mirror Tray icon] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
mRun-x64: [TVEService] "C:\Program Files (x86)\CyberLink\TV Enhance\TVEService.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Imran\AppData\Roaming\Mozilla\Firefox\Profiles\46zzx3qa.default\
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\Program Files (x86)\Autograph 3.3\WebPlayer\npagraph.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Imran\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 pxscan;pxscan;C:\Windows\system32\drivers\pxscan.sys --> C:\Windows\system32\drivers\pxscan.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110419.001\BHDrvx64.sys [2011-4-19 1127032]
R1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys --> C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110419.002\IDSviA64.sys [2011-4-20 476792]
R1 pxrts;pxrts;C:\Windows\system32\drivers\pxrts.sys --> C:\Windows\system32\drivers\pxrts.sys [?]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [?]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS --> C:\Windows\system32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 CSIScanner;CSIScanner;C:\Program Files\Prevx\prevx.exe [2012-6-16 6746280]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 lxeb_device;lxeb_device;C:\Windows\system32\lxebcoms.exe -service --> C:\Windows\system32\lxebcoms.exe -service [?]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccsvchst.exe [2011-10-13 126400]
R2 OberonGameConsoleService;Oberon Media Game Console service;C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe [2009-11-27 44312]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-10-9 583640]
R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe [2010-1-11 386400]
R2 TVESched;TVEnhance Task Scheduler (TTS));C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVESched.exe [2010-1-11 202080]
R2 Updater Service;Updater Service;C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-11-27 240160]
R3 AVerPola;AVerMedia USB Polaris Series Capture Service;C:\Windows\system32\DRIVERS\AVerPola.sys --> C:\Windows\system32\DRIVERS\AVerPola.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-5-27 132656]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 pxkbf;pxkbf;C:\Windows\system32\drivers\pxkbf.sys --> C:\Windows\system32\drivers\pxkbf.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-19 135664]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-8 169312]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-16 257224]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-19 135664]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-16 18:11:11 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-06-16 18:11:11 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2012-06-16 17:46:25 -------- d-----w- C:\Users\Imran\AppData\Local\AVG Secure Search
2012-06-16 17:46:13 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-06-16 17:46:12 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-06-16 17:46:11 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-06-16 17:45:25 -------- d--h--w- C:\ProgramData\Common Files
2012-06-16 17:43:25 -------- d--h--w- C:\$AVG
2012-06-16 17:43:25 -------- d-----w- C:\ProgramData\AVG2012
2012-06-16 17:42:19 -------- d-----w- C:\Program Files (x86)\AVG
2012-06-16 17:41:18 62976 ----a-w- C:\Windows\SysWow64\PxSecure.dll
2012-06-16 17:41:17 65736 ----a-w- C:\Windows\System32\drivers\pxrts.sys
2012-06-16 17:41:17 36384 ----a-w- C:\Windows\System32\drivers\pxscan.sys
2012-06-16 17:41:17 24024 ----a-w- C:\Windows\System32\drivers\pxkbf.sys
2012-06-16 17:41:17 -------- d-----w- C:\Program Files\Prevx
2012-06-16 17:41:03 -------- d-----w- C:\ProgramData\PrevxCSI
2012-06-16 17:32:57 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-16 17:32:57 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-16 17:32:07 -------- d-----w- C:\ProgramData\MFAData
2012-06-16 17:23:18 2 --shatr- C:\Windows\winstart.bat
2012-06-16 17:23:12 -------- d-----w- C:\Program Files (x86)\UnHackMe
2012-06-16 16:25:46 -------- d-----we C:\Windows\system64
2012-06-15 18:53:38 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{367A9D8E-DF52-40FC-ACA0-E8715F8597E3}\mpengine.dll
2012-06-13 22:25:39 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-07 01:35:03 -------- d-----w- C:\Program Files (x86)\Uniblue
2012-06-02 18:17:24 -------- d-----w- C:\Program Files (x86)\AnvSoft
2012-06-01 18:38:35 -------- d-----w- C:\Program Files (x86)\H.264 & JPEG PlayLite
2012-06-01 18:37:24 -------- d-----w- C:\Program Files (x86)\VideoLAN
2012-05-22 19:16:04 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2012-05-22 19:15:48 129144 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
2012-05-21 09:09:46 163048 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
.
==================== Find3M ====================
.
2012-05-22 19:15:39 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-05-22 19:15:39 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:20 3144192 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 10:52:22 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:08:16 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08:15 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-02 05:32:43 208896 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:50:40 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:34:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:28:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:59:45 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:59:45 1460224 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 05:59:45 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 04:47:04 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:47:04 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-24 04:47:03 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-17 14:15:10 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-07 12:18:36 3213824 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:34:37 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-03-30 11:09:53 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 12:26:49.50 ===============







And this is from Attach.txt




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 19/04/2010 11:59:55
System Uptime: 17/06/2012 12:08:48 (0 hours ago)
.
Motherboard: Packard Bell | | ONETWO L5710
Processor: Intel® Core™2 Quad CPU Q8200 @ 2.33GHz | LGA 775 | 2327/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 460 GiB total, 369.475 GiB free.
D: is FIXED (NTFS) - 460 GiB total, 459.601 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP221: 08/06/2012 11:04:33 - Windows Update
RP222: 12/06/2012 09:21:29 - Windows Update
RP223: 14/06/2012 00:55:59 - Windows Update
RP224: 15/06/2012 19:53:16 - Windows Update
RP225: 16/06/2012 18:24:49 - RegRun Virus Scan
RP226: 16/06/2012 18:42:03 - Installed AVG 2012
RP227: 16/06/2012 18:42:29 - Installed AVG 2012
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
ABBYY FineReader 6.0 Sprint
AC3Filter (remove only)
Acrobat.com
Activstudio Student Edition v3.6
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Photoshop Elements 7.0
Adobe Reader 9.3
Adobe Shockwave Player 11.6
Advertising Center
AIO_Scan
Airport Mania First Flight
Alice Greenfingers
Amazonia
Any Video Converter 3.3.9
Apple Application Support
Apple Software Update
Autograph 3.3
BlackBerry Desktop Software 6.1
BlackBerry Device Software Updater
BufferChm
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chicken Invaders 2
Compatibility Pack for the 2007 Office system
Copy
CyberLink PowerCinema
CyberLink TV Enhance
CyberLink YouCam
Dairy Dash
Destinations
DeviceDiscovery
DivX Setup
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
Dream Day First Home
eBay Worldwide
F2100
F2100_Help
Farm Frenzy 2
FIFA 11 Demo
FIFA 12 DEMO
First Class Flurry
Galapago
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
Granny In Paradise
Gutterball 3D
Heroes of Hellas
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Identity Card
ImagXpress
ITECIR
IZArc 4.1.2
Java Auto Updater
Java™ 6 Update 31
JMicron Flash Media Controller Driver
Junk Mail filter update
Lexmark Printable Web
Lexmark Toolbar
Lexmark Tools for Office
MarketResearch
Merriam Websters Spell Jam
Messenger Plus! Live
Metaboli
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Touch Pack for Windows 7
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft XNA Framework Redistributable 3.0
Miniclip Toolbar
Mozilla Firefox (3.6.3)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
Norton 360
Norton Online Backup
Norton Security Scan
Packard Bell GameZone Console
Packard Bell InfoCentre
Packard Bell Recovery Management
Packard Bell Registration
Packard Bell ScreenSaver
Packard Bell Software Suite SE
Packard Bell Touch Suite
Packard Bell Updater
PlayerLiteHJ 1.0.4.3.LHJ
PowerCinema Movie
Pro Evolution Soccer 2011 DEMO
Pro Evolution Soccer 2012 DEMO2
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
RealUpgrade 1.1
Registry Mechanic 10.0
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype Click to Call
Skype™ 5.8
SkyPlayer for Windows Media Center
SmartWebPrinting
SolutionCenter
SopCast 3.2.9
Status
Toolbox
TouchSettings
TrayApp
Tumble Bees To Go
UKCAT Practice Tests
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
Veetle TV
Visual Studio 2008 x64 Redistributables
VLC media player 2.0.1
vShare.tv plugin 1.3
WebReg
Welcome Center
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
Yahoo! Detect
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
17/06/2012 12:15:47, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
17/06/2012 12:10:20, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
17/06/2012 12:10:00, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
17/06/2012 12:09:53, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
17/06/2012 01:43:20, Error: Tcpip [4199] - The system detected an address conflict for IP address 0.0.0.0 with the system having network hardware address 78-DD-08-C7-7B-D4. Network operations on this system may be disrupted as a result.
16/06/2012 19:43:18, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WdiSystemHost service.
16/06/2012 18:51:01, Error: Service Control Manager [7000] - The CSIScanner service failed to start due to the following error: The pipe has been ended.
16/06/2012 18:50:48, Error: Service Control Manager [7031] - The CSIScanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
16/06/2012 09:36:51, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000094, 0xfffff8800509b98f, 0xfffff8800319a8c8, 0xfffff8800319a130). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 061612-23509-01.
15/06/2012 17:34:48, Error: Tcpip [4199] - The system detected an address conflict for IP address 0.0.0.0 with the system having network hardware address 04-54-53-E9-F8-AD. Network operations on this system may be disrupted as a result.
14/06/2012 17:28:00, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
14/06/2012 13:22:19, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Oberon Media Game Console service service to connect.
14/06/2012 13:22:19, Error: Service Control Manager [7000] - The Oberon Media Game Console service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:27 PM

Posted 17 June 2012 - 09:08 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Imran786

Imran786
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 17 June 2012 - 10:20 AM

Here is the log from Combofix




ComboFix 12-06-16.02 - Imran 17/06/2012 15:17:11.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4093.2816 [GMT 1:00]
Running from: c:\users\Imran\Downloads\ComboFix.exe
AV: Norton 360 *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\packardbell.ico
c:\programdata\FullRemove.exe
c:\windows\system32\consrv.dll
c:\windows\System64
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-17 to 2012-06-17 )))))))))))))))))))))))))))))))
.
.
2012-06-17 14:26 . 2012-06-17 14:26 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2012-06-17 14:26 . 2012-06-17 14:26 -------- d-----w- c:\users\Seymina\AppData\Local\temp
2012-06-17 14:26 . 2012-06-17 14:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-17 14:26 . 2012-06-17 14:26 -------- d-----w- c:\users\Dilawar\AppData\Local\temp
2012-06-16 18:11 . 2012-06-16 18:11 -------- d-----w- c:\programdata\Kaspersky Lab
2012-06-16 18:11 . 2012-06-16 18:11 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-06-16 17:46 . 2012-06-16 17:46 -------- d-----w- c:\users\Imran\AppData\Local\AVG Secure Search
2012-06-16 17:46 . 2012-06-16 17:46 -------- d-----w- c:\programdata\AVG Secure Search
2012-06-16 17:46 . 2012-06-17 20:05 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-06-16 17:46 . 2012-06-17 20:05 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-06-16 17:45 . 2012-06-16 17:45 -------- d--h--w- c:\programdata\Common Files
2012-06-16 17:43 . 2012-06-16 18:04 -------- d-----w- c:\programdata\AVG2012
2012-06-16 17:43 . 2012-06-16 17:43 -------- d-----w- C:\$AVG
2012-06-16 17:42 . 2012-06-17 20:02 -------- d-----w- c:\program files (x86)\AVG
2012-06-16 17:41 . 2012-06-16 17:41 62976 ----a-w- c:\windows\SysWow64\PxSecure.dll
2012-06-16 17:41 . 2012-06-17 20:05 -------- d-----w- c:\program files\Prevx
2012-06-16 17:41 . 2012-06-16 17:41 65736 ----a-w- c:\windows\system32\drivers\pxrts.sys
2012-06-16 17:41 . 2012-06-16 17:41 36384 ----a-w- c:\windows\system32\drivers\pxscan.sys
2012-06-16 17:41 . 2012-06-16 17:41 24024 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2012-06-16 17:41 . 2012-06-17 11:20 -------- d-----w- c:\programdata\PrevxCSI
2012-06-16 17:32 . 2012-06-16 17:32 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-16 17:32 . 2012-06-16 17:32 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-16 17:32 . 2012-06-17 20:02 -------- d-----w- c:\programdata\MFAData
2012-06-16 17:23 . 2012-06-16 17:23 2 --shatr- c:\windows\winstart.bat
2012-06-16 17:23 . 2012-06-16 17:32 -------- d-----w- c:\program files (x86)\UnHackMe
2012-06-16 16:26 . 2012-06-17 20:03 -------- d-----w- c:\windows\system32\Macromed
2012-06-13 22:25 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-07 01:35 . 2012-06-16 17:37 -------- d-----w- c:\program files (x86)\Uniblue
2012-06-02 18:17 . 2012-06-02 18:17 -------- d-----w- c:\users\Seymina\AppData\Roaming\AnvSoft
2012-06-02 18:17 . 2012-06-17 20:02 -------- d-----w- c:\program files (x86)\AnvSoft
2012-06-01 18:38 . 2012-06-17 20:02 -------- d-----w- c:\program files (x86)\H.264 & JPEG PlayLite
2012-06-01 18:37 . 2012-06-17 20:02 -------- d-----w- c:\program files (x86)\VideoLAN
2012-05-22 19:16 . 2012-06-17 20:02 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-05-22 19:15 . 2012-05-22 19:15 129144 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
2012-05-21 09:09 . 2012-05-21 09:09 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-22 19:15 . 2011-12-16 20:11 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-05-22 19:15 . 2011-12-16 20:11 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-05-08 17:02 . 2012-06-15 18:53 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{367A9D8E-DF52-40FC-ACA0-E8715F8597E3}\mpengine.dll
2012-04-25 10:03 . 2012-04-25 10:03 53248 ----a-r- c:\users\Imran\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
2012-04-17 14:15 . 2010-05-02 17:22 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-30 11:09 . 2012-05-11 11:17 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1c68c940-1b2f-46eb-bd8c-2e1612ff6a58}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Miniclip\prxtbMini.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{1c68c940-1b2f-46eb-bd8c-2e1612ff6a58}"= "c:\program files (x86)\Miniclip\prxtbMini.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{1c68c940-1b2f-46eb-bd8c-2e1612ff6a58}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoGadgetFirstRun"="0 (0x0)" [X]
"PhotoGadget"="0 (0x0)" [X]
"PhotoGadgetFirstRun_Portal"="0 (0x0)" [X]
"MusicGadget"="c:\program files (x86)\Packard Bell\Packard Bell Touch Suite\TouchMusic.exe" [2009-08-25 416256]
"TouchMemo"="c:\program files (x86)\Packard Bell\Packard Bell Touch Suite\TouchMemo.exe" [2009-08-25 380928]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-27 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-25 98304]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files (x86)\CyberLink\YouCam\YouCamTray.exe" [2009-09-14 167008]
"TVEService"="c:\program files (x86)\CyberLink\TV Enhance\TVEService.exe" [2009-06-24 230632]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-08-05 104408]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-05-22 296056]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-19 135664]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-08 169312]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 257224]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-19 135664]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110419.001\BHDrvx64.sys [2011-04-15 1127032]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110419.002\IDSvia64.sys [2011-03-14 476792]
S1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [x]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2012-06-16 6746280]
S2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe [2009-07-29 1054888]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe [2011-08-04 126400]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe [2009-08-29 44312]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-08-05 583640]
S2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files (x86)\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe [2009-06-24 386400]
S2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files (x86)\CyberLink\TV Enhance\Kernel\TV\TVESched.exe [2009-06-24 202080]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-07-04 240160]
S3 AVerPola;AVerMedia USB Polaris Series Capture Service;c:\windows\system32\DRIVERS\AVerPola.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-27 132656]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 17:32]
.
2012-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-19 11:06]
.
2012-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-19 11:06]
.
2012-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-185977872-1003299966-832884761-1001Core.job
- c:\users\Imran\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-19 11:05]
.
2012-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-185977872-1003299966-832884761-1001UA.job
- c:\users\Imran\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-19 11:05]
.
2012-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-185977872-1003299966-832884761-1003Core.job
- c:\users\Seymina\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-07 11:11]
.
2012-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-185977872-1003299966-832884761-1003UA.job
- c:\users\Seymina\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-07 11:11]
.
2012-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-185977872-1003299966-832884761-1004Core.job
- c:\users\Dilawar\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-19 11:11]
.
2012-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-185977872-1003299966-832884761-1004UA.job
- c:\users\Dilawar\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-19 11:11]
.
2012-06-15 c:\windows\Tasks\Norton Security Scan for Imran.job
- c:\program files (x86)\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-08-23 09:06]
.
2012-06-15 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\Registry Mechanic\RegMech.exe [2010-10-09 07:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TouchPortal"="c:\program files (x86)\Packard Bell\Packard Bell Touch Suite\TouchPortal.exe" [2009-10-24 4940800]
"TouchORB"="c:\program files (x86)\TouchSettings\TouchPortalOBR.exe" [2009-10-23 151368]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-23 7981600]
"lxebmon.exe"="c:\program files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe" [2009-08-10 766632]
"EzPrint"="c:\program files (x86)\Lexmark Pro200-S500 Series\ezprint.exe" [2009-08-10 139944]
"combofix"="c:\combofix\CF13237.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=onetwo_l5710&r=173604100400p0437y145y44n1153s
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=onetwo_l5710&r=173604100400p0437y145y44n1153s
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
DPF: {971FC730-55F1-461F-83FD-B3BF5E1F039E} - hxxp://192.168.0.10/AVC_AX_742.cab
FF - ProfilePath - c:\users\Imran\AppData\Roaming\Mozilla\Firefox\Profiles\46zzx3qa.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
Toolbar-Locked - (no file)
WebBrowser-{1C68C940-1B2F-46EB-BD8C-2E1612FF6A58} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2012-06-17 15:44:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-17 14:44
.
Pre-Run: 396,638,474,240 bytes free
Post-Run: 404,491,018,240 bytes free
.
- - End Of File - - B95243583ED88F2C58485BD08FE7B28A


Having run combofix I'm not having anymore of the random audio ads and redirection and the weak signal algorithm message at the moment although I don't know if its permanently gone.

Edited by Imran786, 17 June 2012 - 10:54 AM.


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:27 PM

Posted 17 June 2012 - 11:39 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Imran786

Imran786
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 17 June 2012 - 04:00 PM

TDDS log




21:38:43.0448 7856 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
21:38:43.0650 7856 ============================================================
21:38:43.0650 7856 Current date / time: 2012/06/17 21:38:43.0650
21:38:43.0650 7856 SystemInfo:
21:38:43.0650 7856
21:38:43.0650 7856 OS Version: 6.1.7600 ServicePack: 0.0
21:38:43.0650 7856 Product type: Workstation
21:38:43.0650 7856 ComputerName: IMRAN-PC
21:38:43.0650 7856 UserName: Imran
21:38:43.0650 7856 Windows directory: C:\Windows
21:38:43.0650 7856 System windows directory: C:\Windows
21:38:43.0650 7856 Running under WOW64
21:38:43.0650 7856 Processor architecture: Intel x64
21:38:43.0650 7856 Number of processors: 4
21:38:43.0650 7856 Page size: 0x1000
21:38:43.0650 7856 Boot type: Normal boot
21:38:43.0650 7856 ============================================================
21:38:47.0170 7856 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:38:47.0170 7856 ============================================================
21:38:47.0170 7856 \Device\Harddisk0\DR0:
21:38:47.0170 7856 MBR partitions:
21:38:47.0170 7856 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1800800, BlocksNum 0x32000
21:38:47.0170 7856 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1832800, BlocksNum 0x39769800
21:38:47.0170 7856 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3AF9C000, BlocksNum 0x3976A000
21:38:47.0170 7856 ============================================================
21:38:47.0186 7856 C: <-> \Device\Harddisk0\DR0\Partition1
21:38:47.0232 7856 D: <-> \Device\Harddisk0\DR0\Partition2
21:38:47.0232 7856 ============================================================
21:38:47.0232 7856 Initialize success
21:38:47.0232 7856 ============================================================
21:38:50.0655 5800 ============================================================
21:38:50.0655 5800 Scan started
21:38:50.0655 5800 Mode: Manual;
21:38:50.0655 5800 ============================================================
21:38:51.0106 5800 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
21:38:51.0108 5800 1394ohci - ok
21:38:51.0135 5800 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
21:38:51.0138 5800 ACPI - ok
21:38:51.0147 5800 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
21:38:51.0148 5800 AcpiPmi - ok
21:38:51.0261 5800 AdobeActiveFileMonitor7.0 (6d9fc1e7ea3c548f4d3455f0c3feef8c) c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
21:38:51.0263 5800 AdobeActiveFileMonitor7.0 - ok
21:38:51.0373 5800 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:38:51.0376 5800 AdobeFlashPlayerUpdateSvc - ok
21:38:51.0421 5800 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:38:51.0426 5800 adp94xx - ok
21:38:51.0478 5800 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:38:51.0482 5800 adpahci - ok
21:38:51.0502 5800 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:38:51.0504 5800 adpu320 - ok
21:38:51.0525 5800 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:38:51.0526 5800 AeLookupSvc - ok
21:38:51.0587 5800 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
21:38:51.0592 5800 AFD - ok
21:38:51.0620 5800 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
21:38:51.0621 5800 agp440 - ok
21:38:51.0628 5800 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:38:51.0628 5800 ALG - ok
21:38:51.0644 5800 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
21:38:51.0644 5800 aliide - ok
21:38:51.0675 5800 AMD External Events Utility (9a5495edebe7d6b3f7e9a86ebe5ea248) C:\Windows\system32\atiesrxx.exe
21:38:51.0675 5800 AMD External Events Utility - ok
21:38:51.0691 5800 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
21:38:51.0691 5800 amdide - ok
21:38:51.0706 5800 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:38:51.0706 5800 AmdK8 - ok
21:38:51.0722 5800 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:38:51.0722 5800 AmdPPM - ok
21:38:51.0769 5800 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
21:38:51.0769 5800 amdsata - ok
21:38:51.0800 5800 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:38:51.0800 5800 amdsbs - ok
21:38:51.0831 5800 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
21:38:51.0831 5800 amdxata - ok
21:38:51.0862 5800 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
21:38:51.0862 5800 AppID - ok
21:38:51.0893 5800 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:38:51.0893 5800 AppIDSvc - ok
21:38:51.0925 5800 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
21:38:51.0925 5800 Appinfo - ok
21:38:52.0018 5800 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:38:52.0018 5800 Apple Mobile Device - ok
21:38:52.0065 5800 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:38:52.0065 5800 arc - ok
21:38:52.0081 5800 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:38:52.0081 5800 arcsas - ok
21:38:52.0112 5800 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:38:52.0112 5800 AsyncMac - ok
21:38:52.0127 5800 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
21:38:52.0127 5800 atapi - ok
21:38:52.0339 5800 atikmdag (a08339ae90972e268b9622c668f450e8) C:\Windows\system32\DRIVERS\atikmdag.sys
21:38:52.0453 5800 atikmdag - ok
21:38:52.0617 5800 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
21:38:52.0640 5800 AudioEndpointBuilder - ok
21:38:52.0646 5800 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
21:38:52.0650 5800 AudioSrv - ok
21:38:52.0716 5800 AVerPola (44327da6a9c742cf4fa2b79fdb1bd1d3) C:\Windows\system32\DRIVERS\AVerPola.sys
21:38:52.0720 5800 AVerPola - ok
21:38:52.0747 5800 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
21:38:52.0749 5800 AxInstSV - ok
21:38:52.0815 5800 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:38:52.0820 5800 b06bdrv - ok
21:38:52.0867 5800 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:38:52.0870 5800 b57nd60a - ok
21:38:52.0902 5800 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:38:52.0904 5800 BDESVC - ok
21:38:52.0918 5800 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:38:52.0918 5800 Beep - ok
21:38:52.0970 5800 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
21:38:52.0990 5800 BFE - ok
21:38:53.0182 5800 BHDrvx64 (3b9b31981894123f78c4ef0d97184319) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110419.001\BHDrvx64.sys
21:38:53.0182 5800 BHDrvx64 - ok
21:38:53.0322 5800 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
21:38:53.0354 5800 BITS - ok
21:38:53.0400 5800 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:38:53.0400 5800 blbdrive - ok
21:38:53.0510 5800 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
21:38:53.0510 5800 Bonjour Service - ok
21:38:53.0572 5800 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
21:38:53.0588 5800 bowser - ok
21:38:53.0619 5800 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:38:53.0619 5800 BrFiltLo - ok
21:38:53.0634 5800 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:38:53.0634 5800 BrFiltUp - ok
21:38:53.0681 5800 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:38:53.0681 5800 BridgeMP - ok
21:38:53.0697 5800 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
21:38:53.0697 5800 Browser - ok
21:38:53.0728 5800 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:38:53.0728 5800 Brserid - ok
21:38:53.0774 5800 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:38:53.0775 5800 BrSerWdm - ok
21:38:53.0779 5800 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:38:53.0780 5800 BrUsbMdm - ok
21:38:53.0791 5800 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:38:53.0792 5800 BrUsbSer - ok
21:38:53.0838 5800 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
21:38:53.0839 5800 BthEnum - ok
21:38:53.0851 5800 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:38:53.0853 5800 BTHMODEM - ok
21:38:53.0870 5800 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
21:38:53.0872 5800 BthPan - ok
21:38:53.0919 5800 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
21:38:53.0934 5800 BTHPORT - ok
21:38:53.0957 5800 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:38:53.0959 5800 bthserv - ok
21:38:53.0984 5800 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
21:38:53.0985 5800 BTHUSB - ok
21:38:54.0015 5800 catchme - ok
21:38:54.0112 5800 ccHP (37f1baec39b505b3b51893a35c8337ea) C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys
21:38:54.0126 5800 ccHP - ok
21:38:54.0157 5800 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:38:54.0159 5800 cdfs - ok
21:38:54.0189 5800 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
21:38:54.0191 5800 cdrom - ok
21:38:54.0233 5800 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
21:38:54.0234 5800 CertPropSvc - ok
21:38:54.0261 5800 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:38:54.0262 5800 circlass - ok
21:38:54.0285 5800 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:38:54.0289 5800 CLFS - ok
21:38:54.0346 5800 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:38:54.0347 5800 clr_optimization_v2.0.50727_32 - ok
21:38:54.0401 5800 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:38:54.0402 5800 clr_optimization_v2.0.50727_64 - ok
21:38:54.0472 5800 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:38:54.0474 5800 clr_optimization_v4.0.30319_32 - ok
21:38:54.0502 5800 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:38:54.0504 5800 clr_optimization_v4.0.30319_64 - ok
21:38:54.0527 5800 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:38:54.0528 5800 CmBatt - ok
21:38:54.0542 5800 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
21:38:54.0543 5800 cmdide - ok
21:38:54.0590 5800 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
21:38:54.0595 5800 CNG - ok
21:38:54.0605 5800 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:38:54.0606 5800 Compbatt - ok
21:38:54.0619 5800 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:38:54.0620 5800 CompositeBus - ok
21:38:54.0628 5800 COMSysApp - ok
21:38:54.0634 5800 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:38:54.0635 5800 crcdisk - ok
21:38:54.0679 5800 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
21:38:54.0682 5800 CryptSvc - ok
21:38:54.0938 5800 CSIScanner (5131d2469b6b19dc20b446ebe43ebb79) C:\Program Files\Prevx\prevx.exe
21:38:55.0079 5800 CSIScanner - ok
21:38:55.0188 5800 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
21:38:55.0204 5800 DcomLaunch - ok
21:38:55.0282 5800 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:38:55.0282 5800 defragsvc - ok
21:38:55.0325 5800 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
21:38:55.0326 5800 DfsC - ok
21:38:55.0363 5800 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
21:38:55.0366 5800 Dhcp - ok
21:38:55.0382 5800 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:38:55.0383 5800 discache - ok
21:38:55.0396 5800 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:38:55.0397 5800 Disk - ok
21:38:55.0439 5800 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
21:38:55.0441 5800 Dnscache - ok
21:38:55.0464 5800 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
21:38:55.0467 5800 dot3svc - ok
21:38:55.0511 5800 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
21:38:55.0513 5800 Dot4 - ok
21:38:55.0532 5800 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
21:38:55.0533 5800 Dot4Print - ok
21:38:55.0557 5800 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
21:38:55.0558 5800 dot4usb - ok
21:38:55.0576 5800 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
21:38:55.0578 5800 DPS - ok
21:38:55.0617 5800 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:38:55.0618 5800 drmkaud - ok
21:38:55.0689 5800 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
21:38:55.0713 5800 DXGKrnl - ok
21:38:55.0739 5800 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:38:55.0741 5800 EapHost - ok
21:38:55.0874 5800 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:38:55.0937 5800 ebdrv - ok
21:38:56.0030 5800 eeCtrl (066108ae4c35835081598827a1a7d08d) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
21:38:56.0035 5800 eeCtrl - ok
21:38:56.0138 5800 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
21:38:56.0140 5800 EFS - ok
21:38:56.0213 5800 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
21:38:56.0234 5800 ehRecvr - ok
21:38:56.0265 5800 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:38:56.0266 5800 ehSched - ok
21:38:56.0326 5800 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:38:56.0341 5800 elxstor - ok
21:38:56.0395 5800 EraserUtilRebootDrv (12866876e3851f1e5d462b2a83e25578) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:38:56.0397 5800 EraserUtilRebootDrv - ok
21:38:56.0416 5800 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
21:38:56.0417 5800 ErrDev - ok
21:38:56.0481 5800 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:38:56.0486 5800 EventSystem - ok
21:38:56.0511 5800 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:38:56.0513 5800 exfat - ok
21:38:56.0540 5800 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:38:56.0542 5800 fastfat - ok
21:38:56.0595 5800 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
21:38:56.0617 5800 Fax - ok
21:38:56.0642 5800 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:38:56.0643 5800 fdc - ok
21:38:56.0666 5800 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:38:56.0667 5800 fdPHost - ok
21:38:56.0678 5800 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:38:56.0679 5800 FDResPub - ok
21:38:56.0693 5800 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:38:56.0694 5800 FileInfo - ok
21:38:56.0712 5800 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:38:56.0713 5800 Filetrace - ok
21:38:56.0825 5800 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:38:56.0848 5800 FLEXnet Licensing Service - ok
21:38:56.0861 5800 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:38:56.0862 5800 flpydisk - ok
21:38:56.0885 5800 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
21:38:56.0888 5800 FltMgr - ok
21:38:56.0958 5800 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
21:38:56.0988 5800 FontCache - ok
21:38:57.0049 5800 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:38:57.0050 5800 FontCache3.0.0.0 - ok
21:38:57.0063 5800 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:38:57.0064 5800 FsDepends - ok
21:38:57.0090 5800 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
21:38:57.0091 5800 Fs_Rec - ok
21:38:57.0141 5800 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:38:57.0143 5800 fvevol - ok
21:38:57.0157 5800 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:38:57.0158 5800 gagp30kx - ok
21:38:57.0190 5800 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:38:57.0191 5800 GEARAspiWDM - ok
21:38:57.0239 5800 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
21:38:57.0258 5800 gpsvc - ok
21:38:57.0373 5800 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
21:38:57.0392 5800 Greg_Service - ok
21:38:57.0467 5800 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:38:57.0468 5800 gupdate - ok
21:38:57.0518 5800 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:38:57.0519 5800 gupdatem - ok
21:38:57.0542 5800 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:38:57.0544 5800 gusvc - ok
21:38:57.0702 5800 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:38:57.0703 5800 hcw85cir - ok
21:38:57.0739 5800 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
21:38:57.0743 5800 HdAudAddService - ok
21:38:57.0759 5800 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:38:57.0761 5800 HDAudBus - ok
21:38:57.0785 5800 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:38:57.0786 5800 HidBatt - ok
21:38:57.0805 5800 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:38:57.0807 5800 HidBth - ok
21:38:57.0822 5800 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:38:57.0824 5800 HidIr - ok
21:38:57.0849 5800 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
21:38:57.0850 5800 hidserv - ok
21:38:57.0888 5800 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
21:38:57.0889 5800 HidUsb - ok
21:38:57.0904 5800 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
21:38:57.0906 5800 hkmsvc - ok
21:38:57.0941 5800 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
21:38:57.0945 5800 HomeGroupListener - ok
21:38:57.0986 5800 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
21:38:57.0990 5800 HomeGroupProvider - ok
21:38:58.0109 5800 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
21:38:58.0109 5800 hpqcxs08 - ok
21:38:58.0140 5800 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
21:38:58.0140 5800 hpqddsvc - ok
21:38:58.0156 5800 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
21:38:58.0156 5800 HpSAMD - ok
21:38:58.0203 5800 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
21:38:58.0234 5800 HTTP - ok
21:38:58.0265 5800 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
21:38:58.0265 5800 hwpolicy - ok
21:38:58.0296 5800 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:38:58.0296 5800 i8042prt - ok
21:38:58.0327 5800 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
21:38:58.0327 5800 iaStor - ok
21:38:58.0381 5800 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
21:38:58.0385 5800 iaStorV - ok
21:38:58.0484 5800 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:38:58.0494 5800 idsvc - ok
21:38:58.0621 5800 IDSVia64 (8f9faa4583e634a1505bad8d0c04c5c9) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110419.002\IDSvia64.sys
21:38:58.0624 5800 IDSVia64 - ok
21:38:58.0687 5800 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:38:58.0689 5800 iirsp - ok
21:38:58.0753 5800 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
21:38:58.0794 5800 IKEEXT - ok
21:38:58.0873 5800 int15.sys (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\System32\OEM\Factory\int15.sys
21:38:58.0875 5800 int15.sys - ok
21:38:58.0969 5800 IntcAzAudAddService (1a6241b70453a6629a83db942aa6b08c) C:\Windows\system32\drivers\RTKVHD64.sys
21:38:59.0020 5800 IntcAzAudAddService - ok
21:38:59.0073 5800 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
21:38:59.0074 5800 intelide - ok
21:38:59.0104 5800 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:38:59.0105 5800 intelppm - ok
21:38:59.0120 5800 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:38:59.0123 5800 IPBusEnum - ok
21:38:59.0142 5800 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:38:59.0143 5800 IpFilterDriver - ok
21:38:59.0180 5800 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
21:38:59.0194 5800 iphlpsvc - ok
21:38:59.0215 5800 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:38:59.0217 5800 IPMIDRV - ok
21:38:59.0240 5800 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:38:59.0242 5800 IPNAT - ok
21:38:59.0363 5800 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
21:38:59.0378 5800 iPod Service - ok
21:38:59.0401 5800 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:38:59.0402 5800 IRENUM - ok
21:38:59.0428 5800 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
21:38:59.0430 5800 isapnp - ok
21:38:59.0455 5800 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
21:38:59.0458 5800 iScsiPrt - ok
21:38:59.0475 5800 itecir (357f61a9f84d39dd7d9b4f783772baf2) C:\Windows\system32\DRIVERS\itecir.sys
21:38:59.0477 5800 itecir - ok
21:38:59.0509 5800 JMCR (db917b998cbc15a153c00dd6efc34c13) C:\Windows\system32\DRIVERS\jmcr.sys
21:38:59.0511 5800 JMCR - ok
21:38:59.0543 5800 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:38:59.0545 5800 kbdclass - ok
21:38:59.0558 5800 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
21:38:59.0560 5800 kbdhid - ok
21:38:59.0583 5800 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:38:59.0585 5800 KeyIso - ok
21:38:59.0620 5800 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
21:38:59.0623 5800 KSecDD - ok
21:38:59.0658 5800 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
21:38:59.0661 5800 KSecPkg - ok
21:38:59.0672 5800 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:38:59.0673 5800 ksthunk - ok
21:38:59.0733 5800 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:38:59.0739 5800 KtmRm - ok
21:38:59.0781 5800 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
21:38:59.0785 5800 LanmanServer - ok
21:38:59.0819 5800 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
21:38:59.0822 5800 LanmanWorkstation - ok
21:38:59.0849 5800 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:38:59.0850 5800 lltdio - ok
21:38:59.0896 5800 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:38:59.0900 5800 lltdsvc - ok
21:38:59.0918 5800 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:38:59.0920 5800 lmhosts - ok
21:38:59.0951 5800 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:38:59.0953 5800 LSI_FC - ok
21:38:59.0963 5800 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:38:59.0965 5800 LSI_SAS - ok
21:38:59.0980 5800 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:38:59.0981 5800 LSI_SAS2 - ok
21:38:59.0995 5800 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:38:59.0997 5800 LSI_SCSI - ok
21:39:00.0026 5800 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:39:00.0028 5800 luafv - ok
21:39:00.0054 5800 lxeb_device - ok
21:39:00.0077 5800 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
21:39:00.0080 5800 Mcx2Svc - ok
21:39:00.0093 5800 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:39:00.0095 5800 megasas - ok
21:39:00.0121 5800 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:39:00.0125 5800 MegaSR - ok
21:39:00.0149 5800 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:39:00.0151 5800 MMCSS - ok
21:39:00.0160 5800 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:39:00.0161 5800 Modem - ok
21:39:00.0180 5800 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:39:00.0181 5800 monitor - ok
21:39:00.0197 5800 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:39:00.0199 5800 mouclass - ok
21:39:00.0231 5800 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:39:00.0232 5800 mouhid - ok
21:39:00.0243 5800 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
21:39:00.0245 5800 mountmgr - ok
21:39:00.0261 5800 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
21:39:00.0264 5800 mpio - ok
21:39:00.0298 5800 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:39:00.0300 5800 mpsdrv - ok
21:39:00.0353 5800 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
21:39:00.0371 5800 MpsSvc - ok
21:39:00.0393 5800 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
21:39:00.0395 5800 MRxDAV - ok
21:39:00.0424 5800 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:39:00.0426 5800 mrxsmb - ok
21:39:00.0466 5800 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:39:00.0470 5800 mrxsmb10 - ok
21:39:00.0489 5800 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:39:00.0491 5800 mrxsmb20 - ok
21:39:00.0513 5800 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
21:39:00.0514 5800 msahci - ok
21:39:00.0538 5800 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
21:39:00.0540 5800 msdsm - ok
21:39:00.0561 5800 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:39:00.0564 5800 MSDTC - ok
21:39:00.0591 5800 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:39:00.0592 5800 Msfs - ok
21:39:00.0606 5800 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:39:00.0607 5800 mshidkmdf - ok
21:39:00.0622 5800 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
21:39:00.0623 5800 msisadrv - ok
21:39:00.0669 5800 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:39:00.0672 5800 MSiSCSI - ok
21:39:00.0675 5800 msiserver - ok
21:39:00.0696 5800 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:39:00.0697 5800 MSKSSRV - ok
21:39:00.0708 5800 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:39:00.0709 5800 MSPCLOCK - ok
21:39:00.0721 5800 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:39:00.0722 5800 MSPQM - ok
21:39:00.0743 5800 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
21:39:00.0748 5800 MsRPC - ok
21:39:00.0783 5800 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:39:00.0784 5800 mssmbios - ok
21:39:00.0794 5800 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:39:00.0795 5800 MSTEE - ok
21:39:00.0809 5800 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:39:00.0810 5800 MTConfig - ok
21:39:00.0824 5800 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:39:00.0826 5800 Mup - ok
21:39:00.0926 5800 N360 (b4187346f54e362daffe647b25a58d50) C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe
21:39:00.0928 5800 N360 - ok
21:39:00.0976 5800 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
21:39:00.0983 5800 napagent - ok
21:39:01.0026 5800 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:39:01.0030 5800 NativeWifiP - ok
21:39:01.0132 5800 NAVENG (ba3d1e520fccc1783282f43b8adfc4ca) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110420.002\ENG64.SYS
21:39:01.0132 5800 NAVENG - ok
21:39:01.0241 5800 NAVEX15 (9f602385a74e30d13fb9083213cddc87) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110420.002\EX64.SYS
21:39:01.0241 5800 NAVEX15 - ok
21:39:01.0431 5800 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
21:39:01.0445 5800 NDIS - ok
21:39:01.0459 5800 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:39:01.0460 5800 NdisCap - ok
21:39:01.0483 5800 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:39:01.0484 5800 NdisTapi - ok
21:39:01.0495 5800 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
21:39:01.0496 5800 Ndisuio - ok
21:39:01.0517 5800 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:39:01.0519 5800 NdisWan - ok
21:39:01.0538 5800 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
21:39:01.0539 5800 NDProxy - ok
21:39:01.0652 5800 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
21:39:01.0667 5800 Nero BackItUp Scheduler 4.0 - ok
21:39:01.0700 5800 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
21:39:01.0701 5800 Net Driver HPZ12 - ok
21:39:01.0711 5800 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:39:01.0712 5800 NetBIOS - ok
21:39:01.0731 5800 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
21:39:01.0734 5800 NetBT - ok
21:39:01.0761 5800 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:39:01.0762 5800 Netlogon - ok
21:39:01.0800 5800 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:39:01.0805 5800 Netman - ok
21:39:01.0846 5800 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:39:01.0852 5800 netprofm - ok
21:39:01.0919 5800 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:39:01.0921 5800 NetTcpPortSharing - ok
21:39:01.0932 5800 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:39:01.0934 5800 nfrd960 - ok
21:39:01.0958 5800 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
21:39:01.0963 5800 NlaSvc - ok
21:39:01.0981 5800 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:39:01.0982 5800 Npfs - ok
21:39:01.0992 5800 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:39:01.0994 5800 nsi - ok
21:39:02.0004 5800 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:39:02.0004 5800 nsiproxy - ok
21:39:02.0087 5800 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
21:39:02.0104 5800 Ntfs - ok
21:39:02.0172 5800 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:39:02.0173 5800 Null - ok
21:39:02.0196 5800 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
21:39:02.0198 5800 nvraid - ok
21:39:02.0222 5800 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
21:39:02.0224 5800 nvstor - ok
21:39:02.0247 5800 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
21:39:02.0248 5800 nv_agp - ok
21:39:02.0321 5800 OberonGameConsoleService (3cdd83c8d838c04009b3871274b97d36) C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe
21:39:02.0322 5800 OberonGameConsoleService - ok
21:39:02.0405 5800 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:39:02.0405 5800 odserv - ok
21:39:02.0421 5800 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
21:39:02.0421 5800 ohci1394 - ok
21:39:02.0452 5800 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:39:02.0452 5800 ose - ok
21:39:02.0483 5800 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:39:02.0499 5800 p2pimsvc - ok
21:39:02.0530 5800 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:39:02.0530 5800 p2psvc - ok
21:39:02.0561 5800 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:39:02.0561 5800 Parport - ok
21:39:02.0577 5800 Partizan - ok
21:39:02.0608 5800 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
21:39:02.0608 5800 partmgr - ok
21:39:02.0623 5800 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:39:02.0623 5800 PcaSvc - ok
21:39:02.0639 5800 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
21:39:02.0655 5800 pci - ok
21:39:02.0670 5800 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
21:39:02.0670 5800 pciide - ok
21:39:02.0701 5800 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:39:02.0701 5800 pcmcia - ok
21:39:02.0779 5800 PCToolsSSDMonitorSvc (e6e503845208a148a9e3e7faa63b97a4) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
21:39:02.0795 5800 PCToolsSSDMonitorSvc - ok
21:39:02.0811 5800 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:39:02.0811 5800 pcw - ok
21:39:02.0842 5800 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:39:02.0873 5800 PEAUTH - ok
21:39:02.0966 5800 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:39:02.0968 5800 PerfHost - ok
21:39:03.0087 5800 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
21:39:03.0121 5800 pla - ok
21:39:03.0210 5800 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
21:39:03.0215 5800 PlugPlay - ok
21:39:03.0279 5800 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
21:39:03.0280 5800 Pml Driver HPZ12 - ok
21:39:03.0303 5800 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:39:03.0305 5800 PNRPAutoReg - ok
21:39:03.0330 5800 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:39:03.0333 5800 PNRPsvc - ok
21:39:03.0383 5800 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
21:39:03.0387 5800 PolicyAgent - ok
21:39:03.0433 5800 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:39:03.0436 5800 Power - ok
21:39:03.0486 5800 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
21:39:03.0488 5800 PptpMiniport - ok
21:39:03.0505 5800 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:39:03.0506 5800 Processor - ok
21:39:03.0541 5800 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
21:39:03.0545 5800 ProfSvc - ok
21:39:03.0572 5800 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:39:03.0573 5800 ProtectedStorage - ok
21:39:03.0594 5800 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
21:39:03.0595 5800 Psched - ok
21:39:03.0637 5800 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
21:39:03.0638 5800 PxHlpa64 - ok
21:39:03.0661 5800 pxkbf (ba5f7c107eace67973b4b798832a74c7) C:\Windows\system32\drivers\pxkbf.sys
21:39:03.0662 5800 pxkbf - ok
21:39:03.0679 5800 pxrts (007e57428802f587d0d6737ae7a9d989) C:\Windows\system32\drivers\pxrts.sys
21:39:03.0680 5800 pxrts - ok
21:39:03.0689 5800 pxscan (66d4d00c8908888a68b749d91f1e6789) C:\Windows\system32\drivers\pxscan.sys
21:39:03.0690 5800 pxscan - ok
21:39:03.0754 5800 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:39:03.0774 5800 ql2300 - ok
21:39:03.0841 5800 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:39:03.0843 5800 ql40xx - ok
21:39:03.0877 5800 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:39:03.0881 5800 QWAVE - ok
21:39:03.0894 5800 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:39:03.0895 5800 QWAVEdrv - ok
21:39:03.0908 5800 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:39:03.0909 5800 RasAcd - ok
21:39:03.0943 5800 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:39:03.0943 5800 RasAgileVpn - ok
21:39:03.0959 5800 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:39:03.0959 5800 RasAuto - ok
21:39:03.0974 5800 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:39:03.0974 5800 Rasl2tp - ok
21:39:04.0005 5800 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
21:39:04.0005 5800 RasMan - ok
21:39:04.0021 5800 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:39:04.0021 5800 RasPppoe - ok
21:39:04.0037 5800 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:39:04.0037 5800 RasSstp - ok
21:39:04.0052 5800 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
21:39:04.0052 5800 rdbss - ok
21:39:04.0083 5800 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:39:04.0083 5800 rdpbus - ok
21:39:04.0083 5800 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:39:04.0083 5800 RDPCDD - ok
21:39:04.0130 5800 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:39:04.0130 5800 RDPENCDD - ok
21:39:04.0146 5800 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:39:04.0146 5800 RDPREFMP - ok
21:39:04.0177 5800 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
21:39:04.0177 5800 RDPWD - ok
21:39:04.0193 5800 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
21:39:04.0208 5800 rdyboost - ok
21:39:04.0239 5800 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:39:04.0239 5800 RemoteAccess - ok
21:39:04.0255 5800 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:39:04.0255 5800 RemoteRegistry - ok
21:39:04.0302 5800 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
21:39:04.0302 5800 RFCOMM - ok
21:39:04.0411 5800 RichVideo (737cddb4e2287e3ee9d3d124250ebe64) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
21:39:04.0411 5800 RichVideo - ok
21:39:04.0473 5800 RimUsb (ad42432d22940b4215177be113e4919c) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
21:39:04.0473 5800 RimUsb - ok
21:39:04.0511 5800 RimVSerPort (4aafffa67ac4dfa3d9985d78573887e2) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
21:39:04.0512 5800 RimVSerPort - ok
21:39:04.0536 5800 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
21:39:04.0537 5800 ROOTMODEM - ok
21:39:04.0556 5800 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:39:04.0558 5800 RpcEptMapper - ok
21:39:04.0577 5800 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:39:04.0579 5800 RpcLocator - ok
21:39:04.0614 5800 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
21:39:04.0618 5800 RpcSs - ok
21:39:04.0656 5800 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:39:04.0657 5800 rspndr - ok
21:39:04.0687 5800 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:39:04.0690 5800 RTL8167 - ok
21:39:04.0757 5800 rtl8192se (54a8a541db7dd16a95059ea25be4dd14) C:\Windows\system32\DRIVERS\rtl8192se.sys
21:39:04.0772 5800 rtl8192se - ok
21:39:04.0806 5800 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:39:04.0807 5800 SamSs - ok
21:39:04.0824 5800 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
21:39:04.0825 5800 sbp2port - ok
21:39:04.0848 5800 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:39:04.0851 5800 SCardSvr - ok
21:39:04.0860 5800 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
21:39:04.0861 5800 scfilter - ok
21:39:04.0922 5800 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
21:39:04.0935 5800 Schedule - ok
21:39:04.0966 5800 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
21:39:04.0967 5800 SCPolicySvc - ok
21:39:04.0990 5800 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
21:39:04.0991 5800 sdbus - ok
21:39:05.0015 5800 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
21:39:05.0018 5800 SDRSVC - ok
21:39:05.0044 5800 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:39:05.0045 5800 secdrv - ok
21:39:05.0065 5800 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
21:39:05.0067 5800 seclogon - ok
21:39:05.0079 5800 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
21:39:05.0082 5800 SENS - ok
21:39:05.0097 5800 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:39:05.0099 5800 SensrSvc - ok
21:39:05.0131 5800 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:39:05.0132 5800 Serenum - ok
21:39:05.0148 5800 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:39:05.0150 5800 Serial - ok
21:39:05.0165 5800 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:39:05.0166 5800 sermouse - ok
21:39:05.0189 5800 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
21:39:05.0192 5800 SessionEnv - ok
21:39:05.0199 5800 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
21:39:05.0200 5800 sffdisk - ok
21:39:05.0206 5800 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:39:05.0207 5800 sffp_mmc - ok
21:39:05.0216 5800 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:39:05.0217 5800 sffp_sd - ok
21:39:05.0222 5800 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:39:05.0223 5800 sfloppy - ok
21:39:05.0283 5800 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:39:05.0288 5800 SharedAccess - ok
21:39:05.0322 5800 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
21:39:05.0327 5800 ShellHWDetection - ok
21:39:05.0341 5800 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:39:05.0342 5800 SiSRaid2 - ok
21:39:05.0359 5800 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:39:05.0361 5800 SiSRaid4 - ok
21:39:05.0453 5800 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
21:39:05.0455 5800 SkypeUpdate - ok
21:39:05.0471 5800 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:39:05.0472 5800 Smb - ok
21:39:05.0497 5800 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:39:05.0497 5800 SNMPTRAP - ok
21:39:05.0497 5800 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:39:05.0512 5800 spldr - ok
21:39:05.0559 5800 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
21:39:05.0575 5800 Spooler - ok
21:39:05.0715 5800 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
21:39:05.0777 5800 sppsvc - ok
21:39:05.0887 5800 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:39:05.0887 5800 sppuinotify - ok
21:39:05.0980 5800 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) C:\Windows\System32\Drivers\N360x64\0404000.00C\SRTSP64.SYS
21:39:05.0980 5800 SRTSP - ok
21:39:05.0996 5800 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) C:\Windows\system32\drivers\N360x64\0404000.00C\SRTSPX64.SYS
21:39:05.0996 5800 SRTSPX - ok
21:39:06.0027 5800 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
21:39:06.0043 5800 srv - ok
21:39:06.0080 5800 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
21:39:06.0085 5800 srv2 - ok
21:39:06.0121 5800 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
21:39:06.0124 5800 srvnet - ok
21:39:06.0142 5800 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:39:06.0145 5800 SSDPSRV - ok
21:39:06.0164 5800 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:39:06.0166 5800 SstpSvc - ok
21:39:06.0199 5800 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:39:06.0200 5800 stexstor - ok
21:39:06.0255 5800 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
21:39:06.0268 5800 stisvc - ok
21:39:06.0282 5800 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:39:06.0283 5800 swenum - ok
21:39:06.0313 5800 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:39:06.0329 5800 swprv - ok
21:39:06.0390 5800 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\Windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS
21:39:06.0394 5800 SymDS - ok
21:39:06.0439 5800 SymEFA (9f5783a4a03d0091cdbdaa858b566926) C:\Windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS
21:39:06.0442 5800 SymEFA - ok
21:39:06.0482 5800 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
21:39:06.0484 5800 SymEvent - ok
21:39:06.0507 5800 SymIRON (f57588546e738db1583981d8f44e9bc2) C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS
21:39:06.0509 5800 SymIRON - ok
21:39:06.0556 5800 SYMTDIv (3adfb72f0797ae3832509fe030755e21) C:\Windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS
21:39:06.0561 5800 SYMTDIv - ok
21:39:06.0655 5800 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
21:39:06.0689 5800 SysMain - ok
21:39:06.0781 5800 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
21:39:06.0784 5800 TabletInputService - ok
21:39:06.0806 5800 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
21:39:06.0811 5800 TapiSrv - ok
21:39:06.0830 5800 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:39:06.0833 5800 TBS - ok
21:39:06.0952 5800 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
21:39:06.0972 5800 Tcpip - ok
21:39:07.0082 5800 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
21:39:07.0097 5800 TCPIP6 - ok
21:39:07.0144 5800 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
21:39:07.0144 5800 tcpipreg - ok
21:39:07.0160 5800 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:39:07.0160 5800 TDPIPE - ok
21:39:07.0175 5800 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
21:39:07.0191 5800 TDTCP - ok
21:39:07.0206 5800 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
21:39:07.0206 5800 tdx - ok
21:39:07.0222 5800 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
21:39:07.0222 5800 TermDD - ok
21:39:07.0253 5800 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
21:39:07.0269 5800 TermService - ok
21:39:07.0284 5800 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:39:07.0284 5800 Themes - ok
21:39:07.0316 5800 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:39:07.0316 5800 THREADORDER - ok
21:39:07.0331 5800 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:39:07.0331 5800 TrkWks - ok
21:39:07.0362 5800 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
21:39:07.0362 5800 TrustedInstaller - ok
21:39:07.0394 5800 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:39:07.0394 5800 tssecsrv - ok
21:39:07.0425 5800 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
21:39:07.0440 5800 tunnel - ok
21:39:07.0565 5800 TVECapSvc (9ee31fd6ccee39b090ac4708c95bb912) C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe
21:39:07.0565 5800 TVECapSvc - ok
21:39:07.0596 5800 TVESched (3d8f4e98a53865ba9a53616d5cf08f58) C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVESched.exe
21:39:07.0596 5800 TVESched - ok
21:39:07.0616 5800 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:39:07.0618 5800 uagp35 - ok
21:39:07.0643 5800 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
21:39:07.0646 5800 udfs - ok
21:39:07.0661 5800 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:39:07.0663 5800 UI0Detect - ok
21:39:07.0675 5800 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
21:39:07.0676 5800 uliagpkx - ok
21:39:07.0698 5800 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
21:39:07.0699 5800 umbus - ok
21:39:07.0727 5800 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:39:07.0728 5800 UmPass - ok
21:39:07.0786 5800 Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
21:39:07.0788 5800 Updater Service - ok
21:39:07.0821 5800 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:39:07.0826 5800 upnphost - ok
21:39:07.0862 5800 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
21:39:07.0863 5800 USBAAPL64 - ok
21:39:07.0888 5800 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
21:39:07.0890 5800 usbccgp - ok
21:39:07.0916 5800 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
21:39:07.0917 5800 usbcir - ok
21:39:07.0946 5800 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
21:39:07.0947 5800 usbehci - ok
21:39:07.0995 5800 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
21:39:07.0999 5800 usbhub - ok
21:39:08.0034 5800 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
21:39:08.0036 5800 usbohci - ok
21:39:08.0070 5800 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:39:08.0071 5800 usbprint - ok
21:39:08.0114 5800 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:39:08.0116 5800 usbscan - ok
21:39:08.0142 5800 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:39:08.0143 5800 USBSTOR - ok
21:39:08.0160 5800 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:39:08.0161 5800 usbuhci - ok
21:39:08.0206 5800 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
21:39:08.0208 5800 usbvideo - ok
21:39:08.0230 5800 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:39:08.0233 5800 UxSms - ok
21:39:08.0250 5800 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:39:08.0251 5800 VaultSvc - ok
21:39:08.0271 5800 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
21:39:08.0272 5800 vdrvroot - ok
21:39:08.0308 5800 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
21:39:08.0324 5800 vds - ok
21:39:08.0348 5800 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:39:08.0349 5800 vga - ok
21:39:08.0354 5800 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:39:08.0355 5800 VgaSave - ok
21:39:08.0374 5800 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
21:39:08.0376 5800 vhdmp - ok
21:39:08.0392 5800 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
21:39:08.0393 5800 viaide - ok
21:39:08.0405 5800 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
21:39:08.0407 5800 volmgr - ok
21:39:08.0434 5800 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
21:39:08.0438 5800 volmgrx - ok
21:39:08.0460 5800 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
21:39:08.0463 5800 volsnap - ok
21:39:08.0495 5800 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:39:08.0498 5800 vsmraid - ok
21:39:08.0575 5800 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
21:39:08.0590 5800 VSS - ok
21:39:08.0682 5800 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:39:08.0682 5800 vwifibus - ok
21:39:08.0713 5800 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:39:08.0713 5800 vwififlt - ok
21:39:08.0729 5800 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:39:08.0744 5800 W32Time - ok
21:39:08.0760 5800 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:39:08.0760 5800 WacomPen - ok
21:39:08.0776 5800 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:39:08.0776 5800 WANARP - ok
21:39:08.0776 5800 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:39:08.0791 5800 Wanarpv6 - ok
21:39:08.0885 5800 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:39:08.0900 5800 WatAdminSvc - ok
21:39:08.0978 5800 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
21:39:08.0994 5800 wbengine - ok
21:39:09.0041 5800 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:39:09.0041 5800 WbioSrvc - ok
21:39:09.0088 5800 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
21:39:09.0088 5800 wcncsvc - ok
21:39:09.0103 5800 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:39:09.0103 5800 WcsPlugInService - ok
21:39:09.0150 5800 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:39:09.0150 5800 Wd - ok
21:39:09.0199 5800 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:39:09.0211 5800 Wdf01000 - ok
21:39:09.0238 5800 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:39:09.0241 5800 WdiServiceHost - ok
21:39:09.0244 5800 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:39:09.0247 5800 WdiSystemHost - ok
21:39:09.0280 5800 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
21:39:09.0285 5800 WebClient - ok
21:39:09.0310 5800 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:39:09.0315 5800 Wecsvc - ok
21:39:09.0333 5800 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:39:09.0336 5800 wercplsupport - ok
21:39:09.0352 5800 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:39:09.0355 5800 WerSvc - ok
21:39:09.0387 5800 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:39:09.0388 5800 WfpLwf - ok
21:39:09.0411 5800 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:39:09.0412 5800 WIMMount - ok
21:39:09.0477 5800 WinDefend - ok
21:39:09.0485 5800 WinHttpAutoProxySvc - ok
21:39:09.0549 5800 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:39:09.0552 5800 Winmgmt - ok
21:39:09.0637 5800 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
21:39:09.0658 5800 WinRM - ok
21:39:09.0774 5800 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
21:39:09.0775 5800 WinUsb - ok
21:39:09.0824 5800 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:39:09.0840 5800 Wlansvc - ok
21:39:09.0881 5800 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:39:09.0882 5800 WmiAcpi - ok
21:39:09.0910 5800 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:39:09.0912 5800 wmiApSrv - ok
21:39:09.0916 5800 WMPNetworkSvc - ok
21:39:09.0939 5800 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:39:09.0942 5800 WPCSvc - ok
21:39:09.0962 5800 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
21:39:09.0965 5800 WPDBusEnum - ok
21:39:09.0981 5800 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:39:09.0982 5800 ws2ifsl - ok
21:39:10.0016 5800 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
21:39:10.0019 5800 wscsvc - ok
21:39:10.0022 5800 WSearch - ok
21:39:10.0132 5800 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
21:39:10.0189 5800 wuauserv - ok
21:39:10.0298 5800 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
21:39:10.0298 5800 WudfPf - ok
21:39:10.0345 5800 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:39:10.0345 5800 WUDFRd - ok
21:39:10.0360 5800 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
21:39:10.0360 5800 wudfsvc - ok
21:39:10.0392 5800 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:39:10.0392 5800 WwanSvc - ok
21:39:10.0438 5800 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:39:10.0594 5800 \Device\Harddisk0\DR0 - ok
21:39:10.0594 5800 Boot (0x1200) (79fd0626a7574bc43b2bd706bdf702c2) \Device\Harddisk0\DR0\Partition0
21:39:10.0594 5800 \Device\Harddisk0\DR0\Partition0 - ok
21:39:10.0610 5800 Boot (0x1200) (3e9fdd6dea1398f74ff25bcc3f0127bb) \Device\Harddisk0\DR0\Partition1
21:39:10.0610 5800 \Device\Harddisk0\DR0\Partition1 - ok
21:39:10.0626 5800 Boot (0x1200) (1e60c399e5ea2659f61931f816ae116e) \Device\Harddisk0\DR0\Partition2
21:39:10.0626 5800 \Device\Harddisk0\DR0\Partition2 - ok
21:39:10.0626 5800 ============================================================
21:39:10.0626 5800 Scan finished
21:39:10.0626 5800 ============================================================
21:39:10.0641 7232 Detected object count: 0
21:39:10.0641 7232 Actual detected object count: 0





Here is log from aswMBR



swMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-17 21:40:24
-----------------------------
21:40:24.545 OS Version: Windows x64 6.1.7600
21:40:24.545 Number of processors: 4 586 0x170A
21:40:24.545 ComputerName: IMRAN-PC UserName: Imran
21:40:28.411 Initialize success
21:42:54.110 AVAST engine defs: 12061700
21:43:25.223 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:43:25.223 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 3
21:43:25.239 Disk 0 MBR read successfully
21:43:25.239 Disk 0 MBR scan
21:43:25.239 Disk 0 Windows 7 default MBR code
21:43:25.255 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12288 MB offset 2048
21:43:25.255 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 25167872
21:43:25.286 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 470739 MB offset 25372672
21:43:25.301 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 470740 MB offset 989446144
21:43:25.317 Disk 0 scanning C:\Windows\system32\drivers
21:43:32.436 Service scanning
21:43:50.429 Modules scanning
21:43:50.429 Disk 0 trace - called modules:
21:43:50.461 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:43:50.461 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80052f4060]
21:43:50.476 3 CLASSPNP.SYS[fffff88001af843f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004c8b050]
21:43:51.428 AVAST engine scan C:\Windows
21:43:54.033 AVAST engine scan C:\Windows\system32
21:45:17.220 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
21:45:19.233 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
21:46:23.275 File: C:\Windows\assembly\temp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
21:46:23.306 File: C:\Windows\assembly\temp\U\80000064.@ **INFECTED** Win32:Malware-gen
21:46:23.884 AVAST engine scan C:\Windows\system32\drivers
21:46:33.203 AVAST engine scan C:\Users\Imran
21:49:53.847 AVAST engine scan C:\ProgramData
21:52:32.807 Scan finished successfully
21:59:12.757 Disk 0 MBR has been saved successfully to "C:\Users\Imran\Desktop\MBR.dat"
21:59:12.757 The log file has been saved successfully to "C:\Users\Imran\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:27 PM

Posted 17 June 2012 - 06:02 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Imran786

Imran786
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 17 June 2012 - 06:33 PM

Scan result of Farbar Recovery Scan Tool Version: 17-06-2012 04
Ran by SYSTEM at 18-06-2012 00:29:32
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [TouchPortal] C:\Program Files (x86)\Packard Bell\Packard Bell Touch Suite\TouchPortal.exe [4940800 2009-10-23] (Acer Corp.)
HKLM\...\Run: [TouchORB] C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe [151368 2009-10-22] (Acer Corp.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981600 2009-07-23] (Realtek Semiconductor)
HKLM\...\Run: [lxebmon.exe] "C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe" [766632 2009-08-10] ()
HKLM\...\Run: [EzPrint] "C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe" [139944 2009-08-10] ()
HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [588648 2009-07-24] (Symantec Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-06-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s [167008 2009-09-14] (CyberLink Corp.)
HKLM-x32\...\Run: [TVEService] "C:\Program Files (x86)\CyberLink\TV Enhance\TVEService.exe" [230632 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2009-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [948672 2009-12-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [104408 2010-08-04] (PC Tools)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-09-01] (Research In Motion Limited)
HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [296056 2012-05-22] (RealNetworks, Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKU\Dilawar\...\Run: [PhotoGadgetFirstRun] 0 [x]
HKU\Dilawar\...\Run: [PhotoGadgetFirstRun_Portal] 0 [x]
HKU\Dilawar\...\Run: [TouchMemo] "C:\Program Files (x86)\Packard Bell\Packard Bell Touch Suite\TouchMemo.exe" [380928 2009-08-24] (Acer Inc.)
HKU\Dilawar\...\Run: [MusicGadget] "C:\Program Files (x86)\Packard Bell\Packard Bell Touch Suite\TouchMusic.exe" [416256 2009-08-24] ()
HKU\Dilawar\...\Run: [PhotoGadget] "C:\Program Files (x86)\Packard Bell\Packard Bell Touch Suite\TouchPhotoShow.exe" [382976 2009-08-24] (acer)
HKU\Dilawar\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-11-26] (Google Inc.)
HKU\Dilawar\...\Run: [Google Update] "C:\Users\Dilawar\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-04-19] (Google Inc.)
HKU\Dilawar\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3883856 2009-07-26] (Microsoft Corporation)
HKU\Imran\...\Run: [PhotoGadgetFirstRun] 0 [x]
HKU\Imran\...\Run: [MusicGadget] "C:\Program Files (x86)\Packard Bell\Packard Bell Touch Suite\TouchMusic.exe" [416256 2009-08-24] ()
HKU\Imran\...\Run: [PhotoGadget] 0 [x]
HKU\Imran\...\Run: [TouchMemo] "C:\Program Files (x86)\Packard Bell\Packard Bell Touch Suite\TouchMemo.exe" [380928 2009-08-24] (Acer Inc.)
HKU\Imran\...\Run: [PhotoGadgetFirstRun_Portal] 0 [x]
HKU\Imran\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-11-26] (Google Inc.)
HKU\Seymina\...\Run: [PhotoGadgetFirstRun] 0 [x]
HKU\Seymina\...\Run: [MusicGadget] 0 [x]
HKU\Seymina\...\Run: [TouchMemo] 0 [x]
HKU\Seymina\...\Run: [PhotoGadgetFirstRun_Portal] 0 [x]
HKU\Seymina\...\Run: [PhotoGadget] 0 [x]
HKU\Seymina\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-11-26] (Google Inc.)
HKU\Seymina\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3883856 2009-07-26] (Microsoft Corporation)
HKU\Seymina\...\Run: [Google Update] "C:\Users\Seymina\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-04-19] (Google Inc.)
HKU\Seymina\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17148552 2012-02-28] (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Seymina\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ======

3 AdobeActiveFileMonitor7.0; C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-12-08] (Adobe Systems Incorporated)
2 CSIScanner; "C:\Program Files\Prevx\prevx.exe" /service [6746280 2012-06-16] (Prevx)
3 FLEXnet Licensing Service; "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [651720 2010-01-11] (Macrovision Europe Ltd.)
2 Greg_Service; C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
2 lxeb_device; C:\Windows\system32\lxebcoms.exe -service [1054888 2009-07-29] ( )
2 lxeb_device; C:\Windows\SysWow64\lxebcoms.exe -service [602792 2009-07-29] ( )
2 N360; "C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\diMaster.dll" /prefetch:1 [135032 2010-04-29] (Symantec Corporation)
2 OberonGameConsoleService; "C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe" [44312 2009-08-28] ()
2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [583640 2010-08-04] (PC Tools)
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247088 2009-06-24] ()
2 TVECapSvc; "C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe" [386400 2009-06-24] ()
2 TVESched; "C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVESched.exe" [202080 2009-06-24] ()
2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [240160 2009-07-03] (Acer)

========================== Drivers (Whitelisted) =============

3 AVerPola; C:\Windows\System32\Drivers\AVerPola.sys [364800 2009-08-12] (AVerMedia TECHNOLOGIES, Inc.)
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110419.001\BHDrvx64.sys [1127032 2011-04-15] (Symantec Corporation)
1 ccHP; C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [593544 2011-08-03] (Symantec Corporation)
3 Dot4Print; C:\Windows\System32\DRIVERS\Dot4Prt.sys [19968 2009-07-13] (Microsoft Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2010-05-27] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [132656 2010-05-27] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110419.002\IDSvia64.sys [476792 2011-03-14] (Symantec Corporation)
3 int15.sys; \??\C:\Windows\System32\OEM\Factory\int15.sys [17952 2008-03-28] (Acer, Inc.)
3 itecir; C:\Windows\System32\Drivers\itecir.sys [60416 2009-06-11] (ITE Tech. Inc. )
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110420.002\ENG64.SYS [117880 2011-03-31] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110420.002\EX64.SYS [1828984 2011-03-31] (Symantec Corporation)
3 pxkbf; C:\Windows\System32\Drivers\pxkbf.sys [24024 2012-06-16] (Prevx)
1 pxrts; C:\Windows\System32\Drivers\pxrts.sys [65736 2012-06-16] (Prevx)
0 pxscan; C:\Windows\System32\Drivers\pxscan.sys [36384 2012-06-16] (Prevx)
3 SRTSP; C:\Windows\System32\Drivers\N360x64\0404000.00C\SRTSP64.SYS [505392 2010-04-21] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\N360x64\0404000.00C\SRTSPX64.SYS [32304 2010-04-21] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\N360x64\0404000.00C\SYMDS64.SYS [433200 2009-10-14] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [221304 2011-08-21] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173104 2010-04-19] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [150064 2010-04-28] (Symantec Corporation)
1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [451704 2011-08-21] (Symantec Corporation)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
0 Partizan; C:\Windows\System32\drivers\Partizan.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-18 00:29 - 2012-06-18 00:29 - 00000000 ____D C:\FRST
2012-06-17 12:59 - 2012-06-17 12:59 - 00002384 ____A C:\Users\Imran\Desktop\aswMBR.txt
2012-06-17 12:59 - 2012-06-17 12:59 - 00000512 ____A C:\Users\Imran\Desktop\MBR.dat
2012-06-17 12:40 - 2012-06-17 12:40 - 04731392 ____A (AVAST Software) C:\Users\Imran\Downloads\aswMBR.exe
2012-06-17 12:38 - 2012-06-17 13:01 - 00133568 ____A C:\TDSSKiller.2.7.40.0_17.06.2012_21.38.43_log.txt
2012-06-17 12:37 - 2012-06-17 12:38 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\Imran\Desktop\tdsskiller.exe
2012-06-17 06:44 - 2012-06-17 06:44 - 00021909 ____A C:\ComboFix.txt
2012-06-17 06:35 - 2012-06-17 06:35 - 00000000 __SHD C:\$RECYCLE.BIN
2012-06-17 06:27 - 2012-06-17 06:27 - 00000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-06-17 06:27 - 2012-06-17 06:27 - 00000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-06-17 06:27 - 2012-06-17 06:27 - 00000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-06-17 06:27 - 2012-06-17 06:27 - 00000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-06-17 06:27 - 2012-06-17 06:27 - 00000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-06-17 06:27 - 2012-06-17 06:27 - 00000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-06-17 06:27 - 2012-06-17 06:27 - 00000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-06-17 06:27 - 2012-06-17 06:27 - 00000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-06-17 06:27 - 2012-06-17 06:27 - 00000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-06-17 06:27 - 2012-06-17 06:27 - 00000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-06-17 06:13 - 2012-06-17 06:44 - 00000000 ___AD C:\Qoobox
2012-06-17 06:13 - 2012-06-17 06:41 - 00000000 ____D C:\Windows\erdnt
2012-06-17 06:13 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-06-17 06:13 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-06-17 06:13 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-06-17 06:13 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-06-17 06:13 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-06-17 06:13 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-06-17 06:13 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-06-17 06:13 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-06-17 06:12 - 2012-06-17 06:12 - 04560591 ___RA (Swearware) C:\Users\Imran\Desktop\ComboFix.exe
2012-06-17 03:29 - 2012-06-17 03:29 - 00011702 ____A C:\Users\Imran\Documents\Attach.txt
2012-06-17 03:27 - 2012-06-17 03:27 - 00033191 ____A C:\Users\Imran\Documents\DDS.txt
2012-06-17 03:26 - 2012-06-17 03:26 - 00001250 ____A C:\Users\Imran\Documents\checkup.txt
2012-06-17 03:19 - 2012-06-17 03:19 - 00000472 ____A C:\Users\Imran\Desktop\defogger_disable.log
2012-06-17 03:19 - 2012-06-17 03:19 - 00000000 ____A C:\Users\Imran\defogger_reenable
2012-06-17 03:18 - 2012-06-17 03:18 - 00853862 ____A C:\Users\Imran\Desktop\SecurityCheck.exe
2012-06-17 03:18 - 2012-06-17 03:18 - 00607260 ____R (Swearware) C:\Users\Imran\Desktop\dds.com
2012-06-17 03:17 - 2012-06-17 03:17 - 00050477 ____A C:\Users\Imran\Desktop\Defogger.exe
2012-06-16 10:11 - 2012-06-16 10:11 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
2012-06-16 10:11 - 2012-06-16 10:11 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2012-06-16 09:46 - 2012-06-17 12:05 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-06-16 09:46 - 2012-06-16 09:46 - 00000000 ____D C:\Users\Imran\AppData\Local\AVG Secure Search
2012-06-16 09:46 - 2012-06-16 09:46 - 00000000 ____D C:\Users\All Users\AVG Secure Search
2012-06-16 09:43 - 2012-06-16 10:04 - 00000000 ____D C:\Users\All Users\AVG2012
2012-06-16 09:43 - 2012-06-16 09:43 - 00000000 ____D C:\$AVG
2012-06-16 09:42 - 2012-06-17 12:02 - 00000000 ____D C:\Program Files (x86)\AVG
2012-06-16 09:41 - 2012-06-17 12:05 - 00000000 ____D C:\Program Files\Prevx
2012-06-16 09:41 - 2012-06-17 03:20 - 00000000 ____D C:\Users\All Users\PrevxCSI
2012-06-16 09:41 - 2012-06-16 09:41 - 00065736 ____A (Prevx) C:\Windows\System32\Drivers\pxrts.sys
2012-06-16 09:41 - 2012-06-16 09:41 - 00062976 ____A (Prevx) C:\Windows\SysWOW64\PxSecure.dll
2012-06-16 09:41 - 2012-06-16 09:41 - 00036384 ____A (Prevx) C:\Windows\System32\Drivers\pxscan.sys
2012-06-16 09:41 - 2012-06-16 09:41 - 00024024 ____A (Prevx) C:\Windows\System32\Drivers\pxkbf.sys
2012-06-16 09:40 - 2012-06-16 09:41 - 00945272 ____A (Prevx) C:\Users\Imran\Downloads\prevxcsifree.exe
2012-06-16 09:32 - 2012-06-17 15:13 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-16 09:32 - 2012-06-17 12:02 - 00000000 ____D C:\Users\All Users\MFAData
2012-06-16 09:32 - 2012-06-16 09:32 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-16 09:32 - 2012-06-16 09:32 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-16 09:31 - 2012-06-16 09:32 - 03879304 ____A (AVG Technologies) C:\Users\Imran\Downloads\avg_free_stb_all_2012_2180_cnet.exe
2012-06-16 09:23 - 2012-06-16 09:32 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2012-06-16 09:23 - 2012-06-16 09:24 - 00000000 ____D C:\Users\Imran\Documents\RegRun2
2012-06-16 09:23 - 2012-06-16 09:23 - 00000002 RASHOT C:\Windows\winstart.bat
2012-06-16 09:23 - 2012-06-16 09:23 - 00000002 RASHOT C:\Windows\SysWOW64\CONFIG.NT
2012-06-16 09:23 - 2012-06-16 09:23 - 00000002 RASHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2012-06-16 09:22 - 2012-06-16 09:23 - 11347294 ____A C:\Users\Imran\Downloads\unhackme.zip
2012-06-16 08:26 - 2012-06-17 12:03 - 00000000 ____D C:\Windows\System32\Macromed
2012-06-16 00:36 - 2012-06-16 00:36 - 00275144 ____A C:\Windows\Minidump\061612-23509-01.dmp
2012-06-14 04:41 - 2012-06-14 04:41 - 00056131 ____A C:\Users\Imran\Downloads\C4 June 2012.PDF
2012-06-13 15:56 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-13 15:56 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-13 15:56 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-13 15:56 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-13 15:56 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-13 15:56 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-13 15:56 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-13 15:56 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-13 15:56 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-13 15:56 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-13 15:56 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-13 15:56 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-13 15:56 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-13 15:56 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-13 15:56 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-13 15:56 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-13 15:56 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-13 15:56 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-13 15:56 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-13 15:56 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-13 15:56 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-13 15:56 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-13 15:56 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-13 15:56 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-13 15:56 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-13 15:56 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-13 15:56 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-13 15:56 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-13 14:25 - 2012-05-14 17:32 - 03144192 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 14:25 - 2012-05-04 02:52 - 05505392 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-13 14:25 - 2012-05-04 02:08 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-13 14:25 - 2012-05-04 02:08 - 03902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-13 14:25 - 2012-05-01 21:32 - 00208896 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-13 14:25 - 2012-04-27 19:50 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 14:25 - 2012-04-25 21:34 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-13 14:25 - 2012-04-25 21:34 - 00076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-13 14:25 - 2012-04-25 21:28 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-13 14:25 - 2012-04-23 21:59 - 01460224 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 14:25 - 2012-04-23 21:59 - 00182272 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 14:25 - 2012-04-23 21:59 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 14:25 - 2012-04-23 20:47 - 01156608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-13 14:25 - 2012-04-23 20:47 - 00139264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-13 14:25 - 2012-04-23 20:47 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-13 14:25 - 2012-04-07 04:18 - 03213824 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-13 14:25 - 2012-04-07 03:34 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-07 10:03 - 2012-06-07 10:04 - 07943461 ____A C:\Users\Seymina\Downloads\Jaane Kyun full song high quality from Dostana.mp3
2012-06-07 09:55 - 2012-06-07 09:56 - 10560470 ____A C:\Users\Seymina\Downloads\Ta Ra Ra Ra Rum Tararumpum (Eng Sub) [Full Song] (HD) With Lyrics - Ta Ra Rum Pum.mp3
2012-06-06 17:35 - 2012-06-16 09:37 - 00000000 ____D C:\Program Files (x86)\Uniblue
2012-06-06 17:30 - 2012-06-06 17:30 - 00933256 ____A (DivX, LLC) C:\Users\Imran\Downloads\DivXInstaller.exe
2012-06-06 16:24 - 2012-06-06 16:27 - 22857907 ____A C:\Users\Seymina\Documents\Seymina Dhanji Janmohamed.mp4
2012-06-05 08:04 - 2012-06-05 08:05 - 17863310 ____A C:\Users\Seymina\Downloads\Wedding Invite FINAL.wmv
2012-06-02 17:40 - 2012-06-02 17:41 - 24223272 ____A C:\Users\Seymina\Documents\me longer youtube.wmv
2012-06-02 17:23 - 2012-06-02 17:25 - 39311022 ____A C:\Users\Seymina\Documents\Me YouTube.wmv
2012-06-02 17:16 - 2012-06-02 17:16 - 02291224 ____A C:\Users\Seymina\Downloads\Wada Karo Nahi Chodoge Tum (Full Song) - Anuradha Paudwal, Abhijeet Bhattacharya.mp3
2012-06-02 16:35 - 2012-06-02 16:35 - 11430224 ____A C:\Users\Seymina\Documents\me final standard.wmv
2012-06-02 15:08 - 2012-06-02 15:08 - 10830222 ____A C:\Users\Seymina\Documents\me final try 2.wmv
2012-06-02 14:56 - 2012-06-02 14:57 - 10830222 ____A C:\Users\Seymina\Documents\me final try.wmv
2012-06-02 10:56 - 2012-06-02 10:56 - 26382803 ____A C:\Users\Seymina\Documents\Sisterly Love iPhone.mp4
2012-06-02 10:29 - 2012-06-02 10:29 - 18728010 ____A C:\Users\Seymina\Documents\ME SHORT_x264.mp4
2012-06-02 10:27 - 2012-06-02 10:27 - 13373994 ____A C:\Users\Seymina\Documents\ME SHORT.wmv
2012-06-02 10:20 - 2012-06-02 10:20 - 54980131 ____A C:\Users\Seymina\Documents\Me Movie iPhone.mp4
2012-06-02 10:17 - 2012-06-17 12:02 - 00000000 ____D C:\Program Files (x86)\AnvSoft
2012-06-02 10:17 - 2012-06-02 10:58 - 00000000 ____D C:\Users\Seymina\Documents\Any Video Converter
2012-06-02 10:17 - 2012-06-02 10:17 - 00001248 ____A C:\Users\Seymina\Desktop\Any Video Converter.lnk
2012-06-02 10:17 - 2012-06-02 10:17 - 00000000 ____D C:\Users\Seymina\AppData\Roaming\AnvSoft
2012-06-02 10:14 - 2012-06-02 10:16 - 29533072 ____A (Any-Video-Converter.com ) C:\Users\Seymina\Downloads\avc-free.exe
2012-06-02 08:09 - 2012-06-02 08:10 - 24023050 ____A C:\Users\Seymina\Documents\me final movie.wmv
2012-06-02 08:06 - 2012-06-02 14:55 - 00024001 ____A C:\Users\Seymina\Documents\me final.wlmp
2012-06-02 07:45 - 2012-06-02 08:06 - 00029209 ____A C:\Users\Seymina\Documents\me.wlmp
2012-06-01 11:31 - 2012-06-01 11:33 - 22638200 ____A C:\Users\Seymina\Downloads\Sisterly Lowe.wmv
2012-06-01 11:22 - 2012-06-01 11:24 - 22638200 ____A C:\Users\Seymina\Documents\Sisterly Lowe.wmv
2012-06-01 11:19 - 2012-06-01 11:22 - 34118200 ____A C:\Users\Seymina\Documents\Sisters Heart.wmv
2012-06-01 11:10 - 2012-06-01 11:14 - 13166188 ____A C:\Users\Seymina\Documents\Sisters.wmv
2012-06-01 10:39 - 2012-06-01 10:39 - 02427335 ____A C:\Users\Seymina\Downloads\PLAYER (1).DAT
2012-06-01 10:39 - 2012-06-01 10:39 - 00688548 ____A (AVTECH ) C:\Users\Seymina\Downloads\PLAYER (1).EXE
2012-06-01 10:38 - 2012-06-17 12:02 - 00000000 ____D C:\Program Files (x86)\H.264 & JPEG PlayLite
2012-06-01 10:38 - 2012-06-01 10:38 - 02427335 ____A C:\Users\Seymina\Downloads\PLAYER.DAT
2012-06-01 10:38 - 2012-06-01 10:38 - 00688548 ____A (AVTECH ) C:\Users\Seymina\Downloads\PLAYER.EXE
2012-06-01 10:38 - 2012-06-01 10:38 - 00001132 ____A C:\Users\Public\Desktop\PlayerLiteHJ.lnk
2012-06-01 10:37 - 2012-06-17 12:02 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2012-06-01 10:37 - 2012-06-01 10:37 - 00001078 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-06-01 10:34 - 2012-06-01 10:37 - 22259528 ____A C:\Users\Seymina\Downloads\vlc-2.0.1-win32.exe
2012-06-01 10:19 - 2012-06-01 10:20 - 03633215 ____A C:\Users\Seymina\Downloads\Ek Hazaaron Mein Meri Behna Hai title song.mp3
2012-06-01 08:45 - 2012-06-01 08:45 - 00380641 ____A C:\Users\Seymina\Downloads\saks wedding , mombasa hols.htm
2012-06-01 08:45 - 2012-06-01 08:45 - 00000000 ____D C:\Users\Seymina\Downloads\saks wedding , mombasa hols_files
2012-06-01 08:40 - 2012-06-01 08:40 - 00344766 ____A C:\Users\Seymina\Downloads\private saks weding fotos.htm
2012-06-01 08:40 - 2012-06-01 08:40 - 00000000 ____D C:\Users\Seymina\Downloads\private saks weding fotos_files
2012-06-01 08:39 - 2012-06-01 08:39 - 00362441 ____A C:\Users\Seymina\Downloads\FATSS.htm
2012-06-01 08:39 - 2012-06-01 08:39 - 00000000 ____D C:\Users\Seymina\Downloads\FATSS_files
2012-05-31 04:28 - 2012-05-31 04:28 - 00000022 ____A C:\DebugTraceAP.log
2012-05-29 13:48 - 2012-05-29 13:48 - 00033280 ____A C:\Users\Seymina\Downloads\UMRA LIST FORM FILLED UP but incomplete.doc
2012-05-27 13:37 - 2012-05-29 13:47 - 00033280 ____A C:\Users\Seymina\Downloads\UMRA LIST FORM FILLED UP.doc
2012-05-27 13:19 - 2012-05-27 13:19 - 00030208 ____A C:\Users\Seymina\Downloads\UMRA VISA LIST.doc
2012-05-27 08:16 - 2012-05-27 08:16 - 05264806 ____A C:\Users\Seymina\Downloads\IMG_1320.MOV
2012-05-27 08:10 - 2012-05-27 08:10 - 00021724 ____A C:\Users\Seymina\Downloads\FATAFATSHADI.COM PLAY SCRIPT.docx
2012-05-27 08:04 - 2012-05-27 08:09 - 00021968 ____A C:\Users\Seymina\Downloads\PLAY SCRIPT.FATAFATSHADI.COM.docx
2012-05-24 08:01 - 2012-05-24 08:01 - 03493888 ____A C:\Users\Seymina\Downloads\5, Globalisation and migration, Elites.ppt
2012-05-24 05:50 - 2012-05-24 05:50 - 01603251 ____A C:\Users\Imran\Documents\Ronaldo_Workout_en_GB.pdf
2012-05-23 12:46 - 2012-05-23 13:27 - 00021719 ____A C:\Users\Seymina\Downloads\SHAHISTA PARTY PLAY SHADI .COM.docx
2012-05-23 12:46 - 2012-05-23 12:46 - 00019431 ____A C:\Users\Seymina\Downloads\SHAHISTA PARTY PLAY SHADI .COM (1).docx
2012-05-22 11:16 - 2012-05-22 11:16 - 00001042 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2012-05-22 11:13 - 2012-05-22 11:13 - 00684288 ____A (RealNetworks, Inc.) C:\Users\Seymina\Downloads\RealPlayer.exe
2012-05-20 07:50 - 2012-05-20 07:52 - 08416602 ____A C:\Users\Seymina\Documents\Ruhaina Dance.wmv

============ 3 Months Modified Files and Folders =============

2012-06-18 00:29 - 2012-06-18 00:29 - 00000000 ____D C:\FRST
2012-06-17 15:24 - 2010-01-11 11:16 - 01944841 ____A C:\Windows\WindowsUpdate.log
2012-06-17 15:13 - 2012-06-16 09:32 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-17 15:13 - 2010-05-07 13:56 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-185977872-1003299966-832884761-1003UA.job
2012-06-17 15:13 - 2010-04-19 12:33 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-185977872-1003299966-832884761-1004UA.job
2012-06-17 15:13 - 2010-04-19 03:06 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-17 15:13 - 2010-04-19 03:05 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-185977872-1003299966-832884761-1001UA.job
2012-06-17 13:01 - 2012-06-17 12:38 - 00133568 ____A C:\TDSSKiller.2.7.40.0_17.06.2012_21.38.43_log.txt
2012-06-17 12:59 - 2012-06-17 12:59 - 00002384 ____A C:\Users\Imran\Desktop\aswMBR.txt
2012-06-17 12:59 - 2012-06-17 12:59 - 00000512 ____A C:\Users\Imran\Desktop\MBR.dat
2012-06-17 12:40 - 2012-06-17 12:40 - 04731392 ____A (AVAST Software) C:\Users\Imran\Downloads\aswMBR.exe
2012-06-17 12:38 - 2012-06-17 12:37 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\Imran\Desktop\tdsskiller.exe
2012-06-17 12:07 - 2010-04-19 12:22 - 00000000 ____D C:\users\Dilawar
2012-06-17 12:07 - 2010-04-19 05:57 - 00000000 ____D C:\users\Seymina
2012-06-17 12:07 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2012-06-17 12:07 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2012-06-17 12:06 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Speech
2012-06-17 12:05 - 2012-06-16 09:46 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-06-17 12:05 - 2012-06-16 09:41 - 00000000 ____D C:\Program Files\Prevx
2012-06-17 12:05 - 2012-01-22 09:22 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-06-17 12:05 - 2011-11-03 07:17 - 00000000 ____D C:\Program Files (x86)\Bonjour
2012-06-17 12:05 - 2011-10-02 07:02 - 00000000 ____D C:\Program Files (x86)\Lexmark Pro200-S500 Series
2012-06-17 12:05 - 2010-11-07 10:06 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-06-17 12:05 - 2010-10-09 12:31 - 00000000 ____D C:\Program Files (x86)\Registry Mechanic
2012-06-17 12:05 - 2010-08-23 03:39 - 00000000 ____D C:\Program Files (x86)\DivX
2012-06-17 12:05 - 2010-04-19 03:02 - 00000000 ____D C:\Users\Imran\AppData\Roaming\TouchGadget
2012-06-17 12:05 - 2010-04-19 03:01 - 00000000 ____D C:\Users\Imran\AppData\Local\TVEnhance
2012-06-17 12:05 - 2009-11-26 21:03 - 00000000 ____D C:\Users\All Users\Norton
2012-06-17 12:05 - 2009-11-26 21:01 - 00000000 ____D C:\Program Files (x86)\TouchSettings
2012-06-17 12:05 - 2009-07-13 19:20 - 00000000 ___RD C:\Program Files (x86)
2012-06-17 12:05 - 2009-07-13 19:20 - 00000000 ___RD C:\Program Files
2012-06-17 12:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2012-06-17 12:03 - 2012-06-16 08:26 - 00000000 ____D C:\Windows\System32\Macromed
2012-06-17 12:03 - 2010-08-23 06:40 - 00000000 ____D C:\Windows\System32\Drivers\NSSx64
2012-06-17 12:03 - 2010-04-19 05:20 - 00000000 ____D C:\Windows\System32\Drivers\N360x64
2012-06-17 12:03 - 2010-04-19 03:12 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2012-06-17 12:03 - 2010-01-11 19:10 - 00000000 ____D C:\Windows\NAPP_Dism_Log
2012-06-17 12:03 - 2009-11-26 21:01 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2012-06-17 12:03 - 2009-11-26 20:52 - 00000000 ____D C:\Windows\oem
2012-06-17 12:03 - 2009-11-26 20:40 - 00000000 ____D C:\Windows\OOBEOffer
2012-06-17 12:03 - 2009-11-26 20:14 - 00000000 ____D C:\Windows\SysWOW64\OEM
2012-06-17 12:03 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\SysWOW64\winrm
2012-06-17 12:03 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\SysWOW64\WCN
2012-06-17 12:03 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2012-06-17 12:03 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2012-06-17 12:03 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\System32\winrm
2012-06-17 12:03 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\System32\WCN
2012-06-17 12:03 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\System32\slmgr
2012-06-17 12:03 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2012-06-17 12:03 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
2012-06-17 12:03 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\WindowsPowerShell
2012-06-17 12:03 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\WinBioPlugIns
2012-06-17 12:03 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Performance
2012-06-17 12:03 - 2009-07-13 20:45 - 00000000 ____D C:\Windows\Setup
2012-06-17 12:03 - 2009-07-13 20:45 - 00000000 ____D C:\Windows\ServiceProfiles
2012-06-17 12:03 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media
2012-06-17 12:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Web
2012-06-17 12:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Vss
2012-06-17 12:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\spp
2012-06-17 12:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Speech
2012-06-17 12:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2012-06-17 12:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2012-06-17 12:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\InstallShield
2012-06-17 12:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\IME
2012-06-17 12:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2012-06-17 12:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\com
2012-06-17 12:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sysprep
2012-06-17 12:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\spp
2012-06-17 12:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\spool
2012-06-17 12:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\SMI
2012-06-17 12:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\oobe
2012-06-17 12:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\MUI
2012-06-17 12:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\migwiz
2012-06-17 12:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\IME
2012-06-17 12:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Dism
2012-06-17 12:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\com
2012-06-17 12:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Speech
2012-06-17 12:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2012-06-17 12:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\security
2012-06-17 12:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\schemas
2012-06-17 12:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Resources
2012-06-17 12:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-06-17 12:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PLA
2012-06-17 12:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\IME
2012-06-17 12:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help
2012-06-17 12:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Globalization
2012-06-17 12:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Branding
2012-06-17 12:02 - 2012-06-16 09:42 - 00000000 ____D C:\Program Files (x86)\AVG
2012-06-17 12:02 - 2012-06-16 09:32 - 00000000 ____D C:\Users\All Users\MFAData
2012-06-17 12:02 - 2012-06-02 10:17 - 00000000 ____D C:\Program Files (x86)\AnvSoft
2012-06-17 12:02 - 2012-06-01 10:38 - 00000000 ____D C:\Program Files (x86)\H.264 & JPEG PlayLite
2012-06-17 12:02 - 2012-06-01 10:37 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2012-06-17 12:02 - 2012-04-25 02:00 - 00000000 ____D C:\Users\Imran\AppData\Local\Downloaded Installations
2012-06-17 12:02 - 2012-04-25 01:54 - 00000000 ____D C:\Program Files (x86)\Research In Motion
2012-06-17 12:02 - 2012-01-31 16:31 - 00000000 ____D C:\Program Files (x86)\Activ Software
2012-06-17 12:02 - 2012-01-22 09:22 - 00000000 ____D C:\Program Files\iTunes
2012-06-17 12:02 - 2012-01-22 09:22 - 00000000 ____D C:\Program Files\iPod
2012-06-17 12:02 - 2012-01-22 09:17 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-06-17 12:02 - 2012-01-19 10:51 - 00000000 ____D C:\Program Files (x86)\Conduit
2012-06-17 12:02 - 2011-12-23 09:03 - 00000000 ____D C:\Users\Imran\Downloads\fifa12_demo_install_eu
2012-06-17 12:02 - 2011-11-25 10:34 - 00000000 ____D C:\Users\Imran\AppData\Roaming\Real
2012-06-17 12:02 - 2011-11-21 15:51 - 00000000 ____D C:\Users\All Users\Real
2012-06-17 12:02 - 2011-11-21 15:51 - 00000000 ____D C:\Program Files (x86)\Real
2012-06-17 12:02 - 2011-11-03 07:17 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2012-06-17 12:02 - 2011-10-02 07:04 - 00000000 ____D C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint
2012-06-17 12:02 - 2011-10-02 07:03 - 00000000 ____D C:\Program Files\Lexmark
2012-06-17 12:02 - 2011-10-02 07:03 - 00000000 ____D C:\Program Files (x86)\Lexmark Toolbar
2012-06-17 12:02 - 2011-10-02 07:01 - 00000000 ____D C:\Program Files\Lexmark Pro200-S500 Series
2012-06-17 12:02 - 2011-08-22 05:18 - 00000000 ____D C:\Users\Imran\AppData\Local\Pearson VUE
2012-06-17 12:02 - 2011-07-19 12:50 - 00000000 ____D C:\Users\Imran\Documents\Fax
2012-06-17 12:02 - 2011-01-20 15:32 - 00000000 ____D C:\Program Files (x86)\Autograph 3.3
2012-06-17 12:02 - 2011-01-13 11:25 - 00000000 ____D C:\Users\Imran\AppData\Roaming\Research In Motion
2012-06-17 12:02 - 2010-11-07 10:06 - 00000000 ____D C:\Users\All Users\Skype
2012-06-17 12:02 - 2010-10-09 12:33 - 00000000 ____D C:\Program Files (x86)\Shockwave.com
2012-06-17 12:02 - 2010-09-17 12:57 - 00000000 ____D C:\Program Files (x86)\KONAMI
2012-06-17 12:02 - 2010-09-16 09:36 - 00000000 ____D C:\Program Files (x86)\EA Sports
2012-06-17 12:02 - 2010-09-15 13:20 - 00000000 ____D C:\Program Files (x86)\IZArc
2012-06-17 12:02 - 2010-08-29 05:39 - 00000000 ____D C:\Users\Imran\Mum iPhone
2012-06-17 12:02 - 2010-08-23 06:40 - 00000000 ____D C:\Program Files (x86)\Norton Security Scan
2012-06-17 12:02 - 2010-08-23 03:41 - 00000000 ____D C:\Program Files\DivX
2012-06-17 12:02 - 2010-08-23 03:39 - 00000000 ____D C:\Users\All Users\DivX
2012-06-17 12:02 - 2010-08-04 15:35 - 00000000 ____D C:\Users\All Users\Apple Computer
2012-06-17 12:02 - 2010-08-04 15:34 - 00000000 ____D C:\Users\All Users\Apple
2012-06-17 12:02 - 2010-08-04 15:34 - 00000000 ____D C:\Program Files\Common Files\Apple
2012-06-17 12:02 - 2010-06-28 14:13 - 00000000 ____D C:\Users\All Users\Hewlett-Packard
2012-06-17 12:02 - 2010-06-28 14:10 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2012-06-17 12:02 - 2010-06-28 14:08 - 00000000 ____D C:\Program Files (x86)\HP
2012-06-17 12:02 - 2010-06-28 14:06 - 00000000 ____D C:\Users\All Users\HP
2012-06-17 12:02 - 2010-05-05 12:07 - 00000000 ____D C:\BJPrinter
2012-06-17 12:02 - 2010-05-05 12:05 - 00000000 ____D C:\Program Files\Common Files\Canon
2012-06-17 12:02 - 2010-05-03 11:04 - 00000000 ____D C:\Program Files (x86)\SopCast
2012-06-17 12:02 - 2010-05-03 10:57 - 00000000 ____D C:\Users\Imran\AppData\Roaming\Mozilla
2012-06-17 12:02 - 2010-05-03 10:57 - 00000000 ____D C:\Users\Imran\AppData\Local\Mozilla
2012-06-17 12:02 - 2010-05-03 10:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-06-17 12:02 - 2010-05-02 09:22 - 00000000 ____D C:\Program Files (x86)\Java
2012-06-17 12:02 - 2010-04-25 06:16 - 00000000 ____D C:\Program Files (x86)\Veetle
2012-06-17 12:02 - 2010-04-19 05:20 - 00000000 ____D C:\Program Files (x86)\Norton 360
2012-06-17 12:02 - 2010-04-19 03:50 - 00000000 ____D C:\Users\Public\CyberLink
2012-06-17 12:02 - 2010-04-19 03:48 - 00000000 ____D C:\Program Files (x86)\Messenger Plus! Live
2012-06-17 12:02 - 2010-04-19 03:42 - 00000000 ____D C:\Users\Imran\AppData\Local\PowerCinema
2012-06-17 12:02 - 2010-04-19 03:42 - 00000000 ____D C:\Users\Imran\AppData\Local\Cyberlink
2012-06-17 12:02 - 2010-04-19 03:11 - 00000000 ____D C:\Users\Imran\AppData\Local\Adobe
2012-06-17 12:02 - 2010-04-19 03:05 - 00000000 ____D C:\Users\Imran\AppData\Local\Apps\2.0
2012-06-17 12:02 - 2010-04-19 03:04 - 00000000 ____D C:\Users\Imran\AppData\Local\Google
2012-06-17 12:02 - 2010-04-19 03:00 - 00000000 ____D C:\Program Files (x86)\OEM
2012-06-17 12:02 - 2010-01-11 11:40 - 00000000 ____D C:\Users\All Users\CyberLink
2012-06-17 12:02 - 2010-01-11 11:37 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-06-17 12:02 - 2010-01-11 11:34 - 00000000 ____D C:\Program Files (x86)\Windows Live
2012-06-17 12:02 - 2010-01-11 11:28 - 00000000 ____D C:\Program Files (x86)\CyberLink
2012-06-17 12:02 - 2010-01-11 11:23 - 00000000 ____D C:\Program Files (x86)\ITE
2012-06-17 12:02 - 2010-01-11 11:17 - 00000000 ____D C:\Program Files\Realtek
2012-06-17 12:02 - 2010-01-11 11:15 - 00000000 ____D C:\Program Files\ATI
2012-06-17 12:02 - 2010-01-11 11:15 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2012-06-17 12:02 - 2010-01-11 11:13 - 00000000 __SHD C:\System Volume Information
2012-06-17 12:02 - 2009-11-26 21:06 - 00000000 ____D C:\Users\All Users\Symantec
2012-06-17 12:02 - 2009-11-26 21:06 - 00000000 ____D C:\Program Files (x86)\Symantec
2012-06-17 12:02 - 2009-11-26 21:05 - 00000000 ____D C:\Users\All Users\OEM
2012-06-17 12:02 - 2009-11-26 21:03 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2012-06-17 12:02 - 2009-11-26 21:01 - 00000000 ____D C:\Users\All Users\Adobe
2012-06-17 12:02 - 2009-11-26 21:01 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-06-17 12:02 - 2009-11-26 20:56 - 00000000 ____D C:\Users\All Users\Nero
2012-06-17 12:02 - 2009-11-26 20:56 - 00000000 ____D C:\Users\All Users\Google
2012-06-17 12:02 - 2009-11-26 20:56 - 00000000 ____D C:\Program Files\Google
2012-06-17 12:02 - 2009-11-26 20:56 - 00000000 ____D C:\Program Files (x86)\Nero
2012-06-17 12:02 - 2009-11-26 20:56 - 00000000 ____D C:\Program Files (x86)\Google
2012-06-17 12:02 - 2009-11-26 20:53 - 00000000 ____D C:\Users\All Users\Packard Bell
2012-06-17 12:02 - 2009-11-26 20:53 - 00000000 ____D C:\Program Files\Packard Bell
2012-06-17 12:02 - 2009-11-26 20:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-06-17 12:02 - 2009-11-26 20:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
2012-06-17 12:02 - 2009-11-26 20:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2012-06-17 12:02 - 2009-11-26 20:48 - 00000000 ____D C:\Program Files\Microsoft Office
2012-06-17 12:02 - 2009-11-26 20:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2012-06-17 12:02 - 2009-11-26 20:47 - 00000000 ____D C:\Program Files (x86)\Packard Bell
2012-06-17 12:02 - 2009-11-26 20:40 - 00000000 ____D C:\Program Files (x86)\Packard Bell GameZone
2012-06-17 12:02 - 2009-11-26 20:38 - 00000000 ____D C:\Users\All Users\Applications
2012-06-17 12:02 - 2009-11-26 20:38 - 00000000 ____D C:\Program Files (x86)\Virtual Earth 3D
2012-06-17 12:02 - 2009-11-26 20:38 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2012-06-17 12:02 - 2009-11-26 20:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Touch Pack for Windows 7
2012-06-17 12:02 - 2009-11-26 20:35 - 00000000 ____D C:\Program Files (x86)\JMicron
2012-06-17 12:02 - 2009-11-26 20:26 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-06-17 12:02 - 2009-11-26 20:26 - 00000000 ____D C:\Program Files (x86)\Realtek
2012-06-17 12:02 - 2009-11-26 20:12 - 00000000 ____D C:\OEM
2012-06-17 12:02 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2012-06-17 12:02 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2012-06-17 12:02 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2012-06-17 12:02 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Reference Assemblies
2012-06-17 12:02 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\MSBuild
2012-06-17 12:02 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Microsoft Games
2012-06-17 12:02 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker
2012-06-17 12:02 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-06-17 12:02 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-06-17 12:02 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2012-06-17 12:02 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2012-06-17 12:02 - 2009-07-13 19:20 - 00000000 ___RD C:\Users
2012-06-17 12:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2012-06-17 12:02 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Windows NT
2012-06-17 12:02 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2012-06-17 12:02 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2012-06-17 12:02 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-06-17 12:02 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files (x86)\Windows NT
2012-06-17 11:24 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-06-17 10:58 - 2010-04-19 03:06 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-17 10:14 - 2010-10-09 12:31 - 00000266 ____A C:\Windows\Tasks\RMSchedule.job
2012-06-17 10:14 - 2010-04-19 12:33 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-185977872-1003299966-832884761-1004Core.job
2012-06-17 07:00 - 2010-05-07 13:56 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-185977872-1003299966-832884761-1003Core.job
2012-06-17 06:46 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-17 06:46 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-17 06:44 - 2012-06-17 06:44 - 00021909 ____A C:\ComboFix.txt
2012-06-17 06:44 - 2012-06-17 06:13 - 00000000 ___AD C:\Qoobox
2012-06-17 06:44 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
2012-06-17 06:44 - 2007-07-11 17:48 - 00000000 ____D C:\Windows
2012-06-17 06:41 - 2012-06-17 06:13 - 00000000 ____D C:\Windows\erdnt
2012-06-17 06:35 - 2012-06-17 06:35 - 00000000 __SHD C:\$RECYCLE.BIN
2012-06-17 06:35 - 2011-10-02 07:05 - 00817958 ____A C:\Users\All Users\lxebscan.log
2012-06-17 06:35 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-06-17 06:35 - 2009-07-13 18:34 - 00000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-06-17 06:34 - 2010-01-11 11:13 - 4292263936 __ASH C:\pagefile.sys
2012-06-17 06:34 - 2010-01-11 11:13 - 3219197952 __ASH C:\hiberfil.sys
2012-06-17 06:34 - 2009-11-26 21:04 - 00286982 ____A C:\Windows\PFRO.log
2012-06-17 06:34 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-17 06:34 - 2009-07-13 20:51 - 00094396 ____A C:\Windows\setupact.log
2012-06-17 06:33 - 2009-07-13 18:34 - 75497472 ____A C:\Windows\System32\config\software.bak
2012-06-17 06:33 - 2009-07-13 18:34 - 16252928 ____A C:\Windows\System32\config\system.bak
2012-06-17 06:28 - 2009-07-13 18:34 - 00524288 ____A C:\Windows\System32\config\default.bak
2012-06-17 06:28 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\security.bak
2012-06-17 06:27 - 2012-06-17 06:27 - 00000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-06-17 06:27 - 2012-06-17 06:27 - 00000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-06-17 06:27 - 2012-06-17 06:27 - 00000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-06-17 06:27 - 2012-06-17 06:27 - 00000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-06-17 06:27 - 2012-06-17 06:27 - 00000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-06-17 06:27 - 2012-06-17 06:27 - 00000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-06-17 06:27 - 2012-06-17 06:27 - 00000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-06-17 06:27 - 2012-06-17 06:27 - 00000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-06-17 06:27 - 2012-06-17 06:27 - 00000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-06-17 06:27 - 2012-06-17 06:27 - 00000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-06-17 06:25 - 2009-07-13 19:20 - 00000000 ____D C:\ProgramData
2012-06-17 06:12 - 2012-06-17 06:12 - 04560591 ___RA (Swearware) C:\Users\Imran\Desktop\ComboFix.exe
2012-06-17 06:10 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\sam.bak
2012-06-17 05:52 - 2010-04-19 03:05 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-185977872-1003299966-832884761-1001Core.job
2012-06-17 03:29 - 2012-06-17 03:29 - 00011702 ____A C:\Users\Imran\Documents\Attach.txt
2012-06-17 03:27 - 2012-06-17 03:27 - 00033191 ____A C:\Users\Imran\Documents\DDS.txt
2012-06-17 03:26 - 2012-06-17 03:26 - 00001250 ____A C:\Users\Imran\Documents\checkup.txt
2012-06-17 03:20 - 2012-06-16 09:41 - 00000000 ____D C:\Users\All Users\PrevxCSI
2012-06-17 03:19 - 2012-06-17 03:19 - 00000472 ____A C:\Users\Imran\Desktop\defogger_disable.log
2012-06-17 03:19 - 2012-06-17 03:19 - 00000000 ____A C:\Users\Imran\defogger_reenable
2012-06-17 03:19 - 2010-04-19 03:00 - 00000000 ____D C:\users\Imran
2012-06-17 03:18 - 2012-06-17 03:18 - 00853862 ____A C:\Users\Imran\Desktop\SecurityCheck.exe
2012-06-17 03:18 - 2012-06-17 03:18 - 00607260 ____R (Swearware) C:\Users\Imran\Desktop\dds.com
2012-06-17 03:17 - 2012-06-17 03:17 - 00050477 ____A C:\Users\Imran\Desktop\Defogger.exe
2012-06-17 03:15 - 2010-04-19 03:05 - 00000000 ____D C:\Users\Imran\Tracing
2012-06-17 03:09 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\config\TxR
2012-06-16 10:17 - 2010-06-28 14:08 - 00000000 ____D C:\Config.Msi
2012-06-16 10:11 - 2012-06-16 10:11 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
2012-06-16 10:11 - 2012-06-16 10:11 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2012-06-16 10:04 - 2012-06-16 09:43 - 00000000 ____D C:\Users\All Users\AVG2012
2012-06-16 09:46 - 2012-06-16 09:46 - 00000000 ____D C:\Users\Imran\AppData\Local\AVG Secure Search
2012-06-16 09:46 - 2012-06-16 09:46 - 00000000 ____D C:\Users\All Users\AVG Secure Search
2012-06-16 09:43 - 2012-06-16 09:43 - 00000000 ____D C:\$AVG
2012-06-16 09:41 - 2012-06-16 09:41 - 00065736 ____A (Prevx) C:\Windows\System32\Drivers\pxrts.sys
2012-06-16 09:41 - 2012-06-16 09:41 - 00062976 ____A (Prevx) C:\Windows\SysWOW64\PxSecure.dll
2012-06-16 09:41 - 2012-06-16 09:41 - 00036384 ____A (Prevx) C:\Windows\System32\Drivers\pxscan.sys
2012-06-16 09:41 - 2012-06-16 09:41 - 00024024 ____A (Prevx) C:\Windows\System32\Drivers\pxkbf.sys
2012-06-16 09:41 - 2012-06-16 09:40 - 00945272 ____A (Prevx) C:\Users\Imran\Downloads\prevxcsifree.exe
2012-06-16 09:41 - 2012-02-03 11:10 - 00000344 ____A C:\Windows\wininit.ini
2012-06-16 09:37 - 2012-06-06 17:35 - 00000000 ____D C:\Program Files (x86)\Uniblue
2012-06-16 09:32 - 2012-06-16 09:32 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-16 09:32 - 2012-06-16 09:32 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-16 09:32 - 2012-06-16 09:31 - 03879304 ____A (AVG Technologies) C:\Users\Imran\Downloads\avg_free_stb_all_2012_2180_cnet.exe
2012-06-16 09:32 - 2012-06-16 09:23 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2012-06-16 09:24 - 2012-06-16 09:23 - 00000000 ____D C:\Users\Imran\Documents\RegRun2
2012-06-16 09:23 - 2012-06-16 09:23 - 00000002 RASHOT C:\Windows\winstart.bat
2012-06-16 09:23 - 2012-06-16 09:23 - 00000002 RASHOT C:\Windows\SysWOW64\CONFIG.NT
2012-06-16 09:23 - 2012-06-16 09:23 - 00000002 RASHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2012-06-16 09:23 - 2012-06-16 09:22 - 11347294 ____A C:\Users\Imran\Downloads\unhackme.zip
2012-06-16 09:17 - 2011-01-03 14:44 - 00000000 ___RD C:\Users\Seymina\Dropbox
2012-06-16 09:17 - 2011-01-03 14:42 - 00000000 ____D C:\Users\Seymina\AppData\Roaming\Dropbox
2012-06-16 09:17 - 2010-11-07 10:06 - 00000000 ____D C:\Users\Seymina\AppData\Roaming\Skype
2012-06-16 09:17 - 2010-04-29 14:23 - 00000000 ____D C:\Users\Seymina\Tracing
2012-06-16 00:36 - 2012-06-16 00:36 - 00275144 ____A C:\Windows\Minidump\061612-23509-01.dmp
2012-06-16 00:36 - 2010-05-04 11:25 - 319629575 ____A C:\Windows\MEMORY.DMP
2012-06-16 00:36 - 2010-05-04 11:25 - 00000000 ____D C:\Windows\Minidump
2012-06-15 14:39 - 2010-08-23 06:40 - 00000498 ___AH C:\Windows\Tasks\Norton Security Scan for Imran.job
2012-06-14 04:41 - 2012-06-14 04:41 - 00056131 ____A C:\Users\Imran\Downloads\C4 June 2012.PDF
2012-06-14 04:21 - 2009-07-13 20:45 - 00352312 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-13 16:02 - 2009-07-13 21:13 - 00731722 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-12 04:23 - 2010-05-07 13:57 - 00002419 ____A C:\Users\Seymina\Desktop\Google Chrome.lnk
2012-06-12 00:53 - 2010-04-19 03:06 - 00002409 ____A C:\Users\Imran\Desktop\Google Chrome.lnk
2012-06-10 02:46 - 2011-01-03 14:44 - 00001035 ____A C:\Users\Seymina\Desktop\Dropbox.lnk
2012-06-09 00:26 - 2011-11-21 16:03 - 00004032 ____A C:\Windows\System32\Wada Karo Nahi Chodoge song from album DJ Hot Remix - Vol. 2 - DJ Hot Remix - Vol. 2 songs - Remix Music - Remix Songs, Soundtracks, Music, Lyrics, Videos and Trailers - DJ Hot Remix - Vol. 2 album.lnk
2012-06-07 10:04 - 2012-06-07 10:03 - 07943461 ____A C:\Users\Seymina\Downloads\Jaane Kyun full song high quality from Dostana.mp3
2012-06-07 09:56 - 2012-06-07 09:55 - 10560470 ____A C:\Users\Seymina\Downloads\Ta Ra Ra Ra Rum Tararumpum (Eng Sub) [Full Song] (HD) With Lyrics - Ta Ra Rum Pum.mp3
2012-06-06 17:36 - 2010-08-23 03:41 - 00001621 ____A C:\Users\Imran\Desktop\DivX Movies.lnk
2012-06-06 17:35 - 2010-08-23 03:41 - 00001124 ____A C:\Users\Public\Desktop\DivX Plus Player.lnk
2012-06-06 17:30 - 2012-06-06 17:30 - 00933256 ____A (DivX, LLC) C:\Users\Imran\Downloads\DivXInstaller.exe
2012-06-06 16:27 - 2012-06-06 16:24 - 22857907 ____A C:\Users\Seymina\Documents\Seymina Dhanji Janmohamed.mp4
2012-06-05 08:05 - 2012-06-05 08:04 - 17863310 ____A C:\Users\Seymina\Downloads\Wedding Invite FINAL.wmv
2012-06-02 17:41 - 2012-06-02 17:40 - 24223272 ____A C:\Users\Seymina\Documents\me longer youtube.wmv
2012-06-02 17:25 - 2012-06-02 17:23 - 39311022 ____A C:\Users\Seymina\Documents\Me YouTube.wmv
2012-06-02 17:16 - 2012-06-02 17:16 - 02291224 ____A C:\Users\Seymina\Downloads\Wada Karo Nahi Chodoge Tum (Full Song) - Anuradha Paudwal, Abhijeet Bhattacharya.mp3
2012-06-02 16:35 - 2012-06-02 16:35 - 11430224 ____A C:\Users\Seymina\Documents\me final standard.wmv
2012-06-02 15:08 - 2012-06-02 15:08 - 10830222 ____A C:\Users\Seymina\Documents\me final try 2.wmv
2012-06-02 14:57 - 2012-06-02 14:56 - 10830222 ____A C:\Users\Seymina\Documents\me final try.wmv
2012-06-02 14:55 - 2012-06-02 08:06 - 00024001 ____A C:\Users\Seymina\Documents\me final.wlmp
2012-06-02 10:58 - 2012-06-02 10:17 - 00000000 ____D C:\Users\Seymina\Documents\Any Video Converter
2012-06-02 10:56 - 2012-06-02 10:56 - 26382803 ____A C:\Users\Seymina\Documents\Sisterly Love iPhone.mp4
2012-06-02 10:29 - 2012-06-02 10:29 - 18728010 ____A C:\Users\Seymina\Documents\ME SHORT_x264.mp4
2012-06-02 10:27 - 2012-06-02 10:27 - 13373994 ____A C:\Users\Seymina\Documents\ME SHORT.wmv
2012-06-02 10:20 - 2012-06-02 10:20 - 54980131 ____A C:\Users\Seymina\Documents\Me Movie iPhone.mp4
2012-06-02 10:17 - 2012-06-02 10:17 - 00001248 ____A C:\Users\Seymina\Desktop\Any Video Converter.lnk
2012-06-02 10:17 - 2012-06-02 10:17 - 00000000 ____D C:\Users\Seymina\AppData\Roaming\AnvSoft
2012-06-02 10:16 - 2012-06-02 10:14 - 29533072 ____A (Any-Video-Converter.com ) C:\Users\Seymina\Downloads\avc-free.exe
2012-06-02 08:10 - 2012-06-02 08:09 - 24023050 ____A C:\Users\Seymina\Documents\me final movie.wmv
2012-06-02 08:06 - 2012-06-02 07:45 - 00029209 ____A C:\Users\Seymina\Documents\me.wlmp
2012-06-01 11:33 - 2012-06-01 11:31 - 22638200 ____A C:\Users\Seymina\Downloads\Sisterly Lowe.wmv
2012-06-01 11:24 - 2012-06-01 11:22 - 22638200 ____A C:\Users\Seymina\Documents\Sisterly Lowe.wmv
2012-06-01 11:22 - 2012-06-01 11:19 - 34118200 ____A C:\Users\Seymina\Documents\Sisters Heart.wmv
2012-06-01 11:14 - 2012-06-01 11:10 - 13166188 ____A C:\Users\Seymina\Documents\Sisters.wmv
2012-06-01 10:39 - 2012-06-01 10:39 - 02427335 ____A C:\Users\Seymina\Downloads\PLAYER (1).DAT
2012-06-01 10:39 - 2012-06-01 10:39 - 00688548 ____A (AVTECH ) C:\Users\Seymina\Downloads\PLAYER (1).EXE
2012-06-01 10:38 - 2012-06-01 10:38 - 02427335 ____A C:\Users\Seymina\Downloads\PLAYER.DAT
2012-06-01 10:38 - 2012-06-01 10:38 - 00688548 ____A (AVTECH ) C:\Users\Seymina\Downloads\PLAYER.EXE
2012-06-01 10:38 - 2012-06-01 10:38 - 00001132 ____A C:\Users\Public\Desktop\PlayerLiteHJ.lnk
2012-06-01 10:37 - 2012-06-01 10:37 - 00001078 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-06-01 10:37 - 2012-06-01 10:34 - 22259528 ____A C:\Users\Seymina\Downloads\vlc-2.0.1-win32.exe
2012-06-01 10:20 - 2012-06-01 10:19 - 03633215 ____A C:\Users\Seymina\Downloads\Ek Hazaaron Mein Meri Behna Hai title song.mp3
2012-06-01 08:45 - 2012-06-01 08:45 - 00380641 ____A C:\Users\Seymina\Downloads\saks wedding , mombasa hols.htm
2012-06-01 08:45 - 2012-06-01 08:45 - 00000000 ____D C:\Users\Seymina\Downloads\saks wedding , mombasa hols_files
2012-06-01 08:40 - 2012-06-01 08:40 - 00344766 ____A C:\Users\Seymina\Downloads\private saks weding fotos.htm
2012-06-01 08:40 - 2012-06-01 08:40 - 00000000 ____D C:\Users\Seymina\Downloads\private saks weding fotos_files
2012-06-01 08:39 - 2012-06-01 08:39 - 00362441 ____A C:\Users\Seymina\Downloads\FATSS.htm
2012-06-01 08:39 - 2012-06-01 08:39 - 00000000 ____D C:\Users\Seymina\Downloads\FATSS_files
2012-05-31 04:28 - 2012-05-31 04:28 - 00000022 ____A C:\DebugTraceAP.log
2012-05-31 04:28 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2012-05-29 13:48 - 2012-05-29 13:48 - 00033280 ____A C:\Users\Seymina\Downloads\UMRA LIST FORM FILLED UP but incomplete.doc
2012-05-29 13:47 - 2012-05-27 13:37 - 00033280 ____A C:\Users\Seymina\Downloads\UMRA LIST FORM FILLED UP.doc
2012-05-27 13:19 - 2012-05-27 13:19 - 00030208 ____A C:\Users\Seymina\Downloads\UMRA VISA LIST.doc
2012-05-27 08:16 - 2012-05-27 08:16 - 05264806 ____A C:\Users\Seymina\Downloads\IMG_1320.MOV
2012-05-27 08:10 - 2012-05-27 08:10 - 00021724 ____A C:\Users\Seymina\Downloads\FATAFATSHADI.COM PLAY SCRIPT.docx
2012-05-27 08:09 - 2012-05-27 08:04 - 00021968 ____A C:\Users\Seymina\Downloads\PLAY SCRIPT.FATAFATSHADI.COM.docx
2012-05-26 16:04 - 2010-04-24 04:40 - 00000000 ____D C:\Users\Imran\AppData\Local\CrashDumps
2012-05-26 03:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-05-24 08:01 - 2012-05-24 08:01 - 03493888 ____A C:\Users\Seymina\Downloads\5, Globalisation and migration, Elites.ppt
2012-05-24 07:09 - 2011-03-17 14:39 - 00000000 ____D C:\Users\Imran\AppData\Local\Microsoft Help
2012-05-24 05:50 - 2012-05-24 05:50 - 01603251 ____A C:\Users\Imran\Documents\Ronaldo_Workout_en_GB.pdf
2012-05-23 13:27 - 2012-05-23 12:46 - 00021719 ____A C:\Users\Seymina\Downloads\SHAHISTA PARTY PLAY SHADI .COM.docx
2012-05-23 12:46 - 2012-05-23 12:46 - 00019431 ____A C:\Users\Seymina\Downloads\SHAHISTA PARTY PLAY SHADI .COM (1).docx
2012-05-22 11:16 - 2012-05-22 11:16 - 00001042 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2012-05-22 11:16 - 2011-12-16 12:11 - 00001960 ____A C:\Users\Public\Desktop\Free Offers.lnk
2012-05-22 11:15 - 2011-12-16 12:11 - 00499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2012-05-22 11:15 - 2011-12-16 12:11 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-05-22 11:15 - 2011-12-16 12:11 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2012-05-22 11:15 - 2011-12-16 12:11 - 00198832 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2012-05-22 11:15 - 2011-12-16 12:11 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2012-05-22 11:15 - 2011-12-16 12:11 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2012-05-22 11:13 - 2012-05-22 11:13 - 00684288 ____A (RealNetworks, Inc.) C:\Users\Seymina\Downloads\RealPlayer.exe
2012-05-20 07:52 - 2012-05-20 07:50 - 08416602 ____A C:\Users\Seymina\Documents\Ruhaina Dance.wmv
2012-05-17 18:47 - 2012-06-13 15:56 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-13 15:56 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-13 15:56 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-13 15:56 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-13 15:56 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-13 15:56 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-13 15:56 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-13 15:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-13 15:56 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-13 15:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-13 15:56 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-13 15:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-13 15:56 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-13 15:56 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-13 15:56 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-13 15:56 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-13 15:56 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-13 15:56 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-13 15:56 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-13 15:56 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-13 15:56 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-13 15:56 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-13 15:56 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-13 15:56 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-13 15:56 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-13 15:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-13 15:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-13 15:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-14 17:32 - 2012-06-13 14:25 - 03144192 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-14 13:14 - 2012-05-14 13:14 - 00035793 ____A C:\Users\Seymina\Documents\My Movie.wlmp
2012-05-14 13:07 - 2012-05-14 12:58 - 21550314 ____A C:\Users\Seymina\Documents\Zara's Wedding.wmv
2012-05-14 12:21 - 2012-05-14 12:16 - 22054392 ____A C:\Users\Seymina\Documents\Zara's Reception.wmv
2012-05-12 14:42 - 2012-05-12 14:42 - 00028160 ____A C:\Users\Seymina\Downloads\jokes write up.doc
2012-05-12 14:39 - 2012-05-12 14:39 - 00020129 ____A C:\Users\Seymina\Downloads\jokes.docx
2012-05-11 17:30 - 2009-11-26 20:48 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-05-10 05:26 - 2011-06-26 04:05 - 00000000 ____D C:\Users\Seymina\Documents\Youcam
2012-05-09 08:32 - 2012-05-09 08:31 - 05512420 ____A C:\Users\Seymina\Downloads\IMG_1191.MOV
2012-05-08 14:53 - 2012-05-08 14:53 - 11654152 ____A C:\Users\Seymina\Downloads\gujarati theme zaras friends party.wmv
2012-05-08 14:45 - 2012-05-08 14:44 - 11654152 ____A C:\Users\Seymina\Documents\gujarati theme zaras friends party.wmv
2012-05-08 14:24 - 2012-05-08 14:23 - 14070608 ____A C:\Users\Seymina\Documents\Shanu's Engagement and Zara's Mandwo.wmv
2012-05-08 14:22 - 2012-05-08 14:21 - 12806608 ____A C:\Users\Seymina\Documents\Mandwo ne Engagement.wmv
2012-05-08 03:18 - 2010-11-07 10:06 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-05-08 03:01 - 2010-11-07 10:07 - 00000000 ____D C:\Users\Seymina\AppData\Roaming\skypePM
2012-05-07 10:45 - 2012-05-09 08:57 - 585594566 ____N C:\Users\Seymina\Downloads\IMG_1192.MOV
2012-05-07 08:17 - 2012-02-10 16:30 - 00000000 ____D C:\Users\Imran\Documents\Activstudio3
2012-05-04 02:52 - 2012-06-13 14:25 - 05505392 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:08 - 2012-06-13 14:25 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:08 - 2012-06-13 14:25 - 03902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-03 12:28 - 2010-04-19 03:51 - 00000000 ____D C:\Users\Imran\Documents\My Chat Logs
2012-05-03 11:24 - 2010-08-08 07:09 - 00000000 ____D C:\Users\Imran\AppData\Roaming\Apple Computer
2012-05-01 21:32 - 2012-06-13 14:25 - 00208896 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-30 11:43 - 2012-04-30 11:42 - 25546624 ____A C:\Users\Imran\Downloads\04-The_Ricky_Gervais_Guide_to..._Philosophy.mp3
2012-04-30 08:59 - 2012-04-30 08:57 - 25160883 ____A C:\Users\Imran\Downloads\07-The_Ricky_Gervais_Guide_to..._Law_and_Order.mp3
2012-04-29 14:30 - 2012-04-29 14:29 - 11750684 ____A C:\Users\Seymina\Documents\shahista engage.wmv
2012-04-29 14:01 - 2012-04-29 14:00 - 00020383 ____A C:\Users\Seymina\Documents\sha.wlmp
2012-04-27 19:50 - 2012-06-13 14:25 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-26 08:50 - 2012-04-26 08:50 - 00000077 ____A C:\Users\Seymina\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-04-26 08:50 - 2012-04-26 08:50 - 00000077 ____A C:\Users\Seymina\AppData\Roaming\Rim.Desktop.Exception.log
2012-04-26 08:50 - 2012-04-26 08:50 - 00000000 ____D C:\Users\Seymina\AppData\Roaming\Research In Motion
2012-04-26 08:50 - 2012-04-26 08:50 - 00000000 ____D C:\Users\Seymina\AppData\Local\Research In Motion
2012-04-26 08:48 - 2012-04-26 08:49 - 00012296 ____A C:\Users\Seymina\Downloads\Layla.gif
2012-04-26 08:47 - 2012-04-26 08:48 - 00105174 ____A C:\Users\Seymina\Downloads\Layla(Winx Club Layla.gif
2012-04-25 21:34 - 2012-06-13 14:25 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:34 - 2012-06-13 14:25 - 00076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:28 - 2012-06-13 14:25 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-25 02:36 - 2012-04-25 01:55 - 00000077 ____A C:\Users\Imran\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-04-25 02:36 - 2012-04-25 01:55 - 00000077 ____A C:\Users\Imran\AppData\Roaming\Rim.Desktop.Exception.log
2012-04-25 02:06 - 2012-04-25 02:06 - 02257500 ____A C:\Users\Imran\Documents\LoaderBackup-(2012-04-25).ipd
2012-04-25 01:56 - 2012-04-25 01:56 - 00000000 ____D C:\Users\Imran\Documents\BlackBerry
2012-04-25 01:55 - 2012-04-25 01:55 - 00002243 ____A C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
2012-04-25 01:55 - 2012-04-25 01:55 - 00001153 ____A C:\Users\Imran\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-04-25 01:55 - 2012-04-25 01:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
2012-04-25 01:55 - 2012-04-25 01:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
2012-04-25 01:55 - 2012-04-25 01:55 - 00000000 ____D C:\Users\Imran\AppData\Local\Research In Motion
2012-04-25 01:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\ModemLogs
2012-04-25 01:54 - 2012-04-25 01:54 - 00000000 ____D C:\Users\All Users\Research In Motion
2012-04-25 01:53 - 2012-04-25 01:47 - 122601808 ____A C:\Users\Imran\Downloads\610_b038_multilanguage.exe
2012-04-23 21:59 - 2012-06-13 14:25 - 01460224 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:59 - 2012-06-13 14:25 - 00182272 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:59 - 2012-06-13 14:25 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:47 - 2012-06-13 14:25 - 01156608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:47 - 2012-06-13 14:25 - 00139264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:47 - 2012-06-13 14:25 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-21 03:03 - 2012-04-21 03:03 - 00697572 ____A C:\Users\Seymina\Downloads\questfinancialdoc (1).rtf
2012-04-21 02:59 - 2012-04-21 02:59 - 00699386 ____A C:\Users\Seymina\Downloads\questfinancialdoc.rtf
2012-04-17 06:15 - 2012-04-17 06:15 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-04-17 06:15 - 2012-04-17 06:15 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-04-17 06:15 - 2012-04-17 06:15 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-04-17 06:15 - 2010-05-02 09:22 - 00472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-04-17 02:32 - 2010-10-02 03:44 - 00000000 ____D C:\Users\Imran\Documents\KONAMI
2012-04-16 08:10 - 2011-07-25 15:16 - 00000000 ____D C:\Users\Seymina\Documents\KONAMI
2012-04-16 07:31 - 2012-04-16 07:29 - 00000000 ____D C:\Users\Seymina\Downloads\PES2012DEMO2
2012-04-16 07:11 - 2012-04-16 06:09 - 1474273267 ____A C:\Users\Seymina\Downloads\PES2012DEMO2.zip
2012-04-15 10:53 - 2010-04-19 05:58 - 00000000 ____D C:\Users\Seymina\AppData\Local\Google
2012-04-11 05:46 - 2012-04-11 05:46 - 00275088 ____A C:\Windows\Minidump\041112-23353-01.dmp
2012-04-07 04:18 - 2012-06-13 14:25 - 03213824 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 03:34 - 2012-06-13 14:25 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-04-03 05:51 - 2012-04-03 05:51 - 00283022 ____A C:\Users\Seymina\Downloads\Producing Human Insulin from Bacteria.docx
2012-04-01 13:45 - 2009-07-13 21:08 - 00032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-03-30 03:09 - 2012-05-11 03:17 - 01895280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-28 13:20 - 2012-03-28 13:20 - 00039936 ____A C:\Users\Seymina\Downloads\measurement form (1).doc
2012-03-28 13:08 - 2012-03-28 12:42 - 00039936 ____A C:\Users\Seymina\Downloads\measurement form.doc
2012-03-25 13:43 - 2012-03-25 13:43 - 00088743 ____A C:\Users\Seymina\Downloads\Summer Calendar ball yrbook letter 2012.mia.jpm.pdf
2012-03-21 12:49 - 2010-05-02 09:20 - 00000000 ____D C:\Program Files (x86)\WordBiz

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 18%
Total physical RAM: 4093.42 MB
Available physical RAM: 3346.86 MB
Total Pagefile: 4091.57 MB
Available Pagefile: 3335.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (Packard Bell) (Fixed) (Total:459.71 GB) (Free:373.56 GB) NTFS
2 Drive e: (DATA) (Fixed) (Total:459.71 GB) (Free:459.6 GB) NTFS
3 Drive f: (PQSERVICE) (Fixed) (Total:12 GB) (Free:2.32 GB) NTFS
5 Drive h: (IMRAN JAN) (Removable) (Total:0.92 GB) (Free:0.92 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 941 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 12 GB 1024 KB
Partition 2 Primary 100 MB 12 GB
Partition 3 Primary 459 GB 12 GB
Partition 4 Primary 459 GB 471 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F PQSERVICE NTFS Partition 12 GB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Packard Bel NTFS Partition 459 GB Healthy

======================================================================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E DATA NTFS Partition 459 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 940 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H IMRAN JAN FAT Removable 940 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-08 04:46

======================= End Of Log ==========================

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:27 PM

Posted 17 June 2012 - 06:48 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
C:\Windows\assembly\temp\U

File::
C:\Windows\assembly\GAC_32\Desktop.ini 
C:\Windows\assembly\GAC_64\Desktop.ini

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Imran786

Imran786
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 18 June 2012 - 05:08 AM

ComboFix 12-06-16.02 - Imran 18/06/2012 10:48:49.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4093.2370 [GMT 1:00]
Running from: c:\users\Imran\Desktop\ComboFix.exe
Command switches used :: c:\users\Imran\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\assembly\GAC_32\Desktop.ini"
"c:\windows\assembly\GAC_64\Desktop.ini"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\temp\U
c:\windows\assembly\temp\U\00000001.@
c:\windows\assembly\temp\U\00000002.@
c:\windows\assembly\temp\U\00000004.@
c:\windows\assembly\temp\U\000000c0.@
c:\windows\assembly\temp\U\000000cb.@
c:\windows\assembly\temp\U\000000cf.@
c:\windows\assembly\temp\U\80000000.@
c:\windows\assembly\temp\U\80000004.@
c:\windows\assembly\temp\U\80000032.@
c:\windows\assembly\temp\U\80000064.@
c:\windows\assembly\temp\U\800000c0.@
c:\windows\assembly\temp\U\800000cb.@
c:\windows\assembly\temp\U\800000cf.@
.
.
((((((((((((((((((((((((( Files Created from 2012-05-18 to 2012-06-18 )))))))))))))))))))))))))))))))
.
.
2012-06-18 09:58 . 2012-06-18 09:58 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2012-06-18 09:58 . 2012-06-18 09:58 -------- d-----w- c:\users\Seymina\AppData\Local\temp
2012-06-18 09:58 . 2012-06-18 09:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-18 09:58 . 2012-06-18 09:58 -------- d-----w- c:\users\Dilawar\AppData\Local\temp
2012-06-18 09:54 . 2012-06-18 09:54 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{367A9D8E-DF52-40FC-ACA0-E8715F8597E3}\offreg.dll
2012-06-18 08:29 . 2012-06-18 08:30 -------- d-----w- C:\FRST
2012-06-16 18:11 . 2012-06-16 18:11 -------- d-----w- c:\programdata\Kaspersky Lab
2012-06-16 18:11 . 2012-06-16 18:11 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-06-16 17:46 . 2012-06-16 17:46 -------- d-----w- c:\users\Imran\AppData\Local\AVG Secure Search
2012-06-16 17:46 . 2012-06-16 17:46 -------- d-----w- c:\programdata\AVG Secure Search
2012-06-16 17:46 . 2012-06-17 20:05 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-06-16 17:46 . 2012-06-17 20:05 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-06-16 17:45 . 2012-06-16 17:45 -------- d--h--w- c:\programdata\Common Files
2012-06-16 17:43 . 2012-06-16 18:04 -------- d-----w- c:\programdata\AVG2012
2012-06-16 17:43 . 2012-06-16 17:43 -------- d-----w- C:\$AVG
2012-06-16 17:42 . 2012-06-17 20:02 -------- d-----w- c:\program files (x86)\AVG
2012-06-16 17:41 . 2012-06-16 17:41 62976 ----a-w- c:\windows\SysWow64\PxSecure.dll
2012-06-16 17:41 . 2012-06-17 20:05 -------- d-----w- c:\program files\Prevx
2012-06-16 17:41 . 2012-06-16 17:41 65736 ----a-w- c:\windows\system32\drivers\pxrts.sys
2012-06-16 17:41 . 2012-06-16 17:41 36384 ----a-w- c:\windows\system32\drivers\pxscan.sys
2012-06-16 17:41 . 2012-06-16 17:41 24024 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2012-06-16 17:41 . 2012-06-17 11:20 -------- d-----w- c:\programdata\PrevxCSI
2012-06-16 17:32 . 2012-06-16 17:32 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-16 17:32 . 2012-06-16 17:32 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-16 17:32 . 2012-06-17 20:02 -------- d-----w- c:\programdata\MFAData
2012-06-16 17:23 . 2012-06-16 17:23 2 --shatr- c:\windows\winstart.bat
2012-06-16 17:23 . 2012-06-16 17:32 -------- d-----w- c:\program files (x86)\UnHackMe
2012-06-16 16:26 . 2012-06-17 20:03 -------- d-----w- c:\windows\system32\Macromed
2012-06-15 18:53 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{367A9D8E-DF52-40FC-ACA0-E8715F8597E3}\mpengine.dll
2012-06-13 22:25 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-07 01:35 . 2012-06-16 17:37 -------- d-----w- c:\program files (x86)\Uniblue
2012-06-02 18:17 . 2012-06-02 18:17 -------- d-----w- c:\users\Seymina\AppData\Roaming\AnvSoft
2012-06-02 18:17 . 2012-06-17 20:02 -------- d-----w- c:\program files (x86)\AnvSoft
2012-06-01 18:38 . 2012-06-17 20:02 -------- d-----w- c:\program files (x86)\H.264 & JPEG PlayLite
2012-06-01 18:37 . 2012-06-17 20:02 -------- d-----w- c:\program files (x86)\VideoLAN
2012-05-22 19:16 . 2012-06-17 20:02 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-05-22 19:15 . 2012-05-22 19:15 129144 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
2012-05-21 09:09 . 2012-05-21 09:09 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-22 19:15 . 2011-12-16 20:11 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-05-22 19:15 . 2011-12-16 20:11 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-04-25 10:03 . 2012-04-25 10:03 53248 ----a-r- c:\users\Imran\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
2012-04-17 14:15 . 2010-05-02 17:22 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-30 11:09 . 2012-05-11 11:17 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-17_14.35.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-27 04:25 . 2012-06-18 09:45 65546 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-18 09:45 33730 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-04-19 11:01 . 2012-06-18 09:45 17540 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-185977872-1003299966-832884761-1001_UserData.bin
- 2012-06-17 11:09 . 2012-06-17 14:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-18 09:43 . 2012-06-18 09:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-17 11:09 . 2012-06-17 14:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-18 09:43 . 2012-06-18 09:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-04-19 11:00 . 2012-06-17 23:13 356282 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 02:36 . 2012-06-18 09:50 628414 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-18 09:50 110598 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-06-17 00:45 328940 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-17 23:34 328940 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-11-27 05:14 . 2012-06-17 23:34 4973072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-03-24 23:52 . 2012-06-17 23:34 1089456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-185977872-1003299966-832884761-1001-8192.dat
- 2012-03-24 23:52 . 2012-06-17 00:45 1089456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-185977872-1003299966-832884761-1001-8192.dat
- 2009-07-14 02:34 . 2012-06-17 11:23 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-06-17 19:46 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1c68c940-1b2f-46eb-bd8c-2e1612ff6a58}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Miniclip\prxtbMini.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{1c68c940-1b2f-46eb-bd8c-2e1612ff6a58}"= "c:\program files (x86)\Miniclip\prxtbMini.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{1c68c940-1b2f-46eb-bd8c-2e1612ff6a58}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoGadgetFirstRun"="0 (0x0)" [X]
"PhotoGadget"="0 (0x0)" [X]
"PhotoGadgetFirstRun_Portal"="0 (0x0)" [X]
"MusicGadget"="c:\program files (x86)\Packard Bell\Packard Bell Touch Suite\TouchMusic.exe" [2009-08-25 416256]
"TouchMemo"="c:\program files (x86)\Packard Bell\Packard Bell Touch Suite\TouchMemo.exe" [2009-08-25 380928]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-27 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-25 98304]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files (x86)\CyberLink\YouCam\YouCamTray.exe" [2009-09-14 167008]
"TVEService"="c:\program files (x86)\CyberLink\TV Enhance\TVEService.exe" [2009-06-24 230632]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-08-05 104408]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-05-22 296056]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-19 135664]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-08 169312]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 257224]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-19 135664]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110419.001\BHDrvx64.sys [2011-04-15 1127032]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110419.002\IDSvia64.sys [2011-03-14 476792]
S1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [x]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2012-06-16 6746280]
S2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe [2009-07-29 1054888]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe [2011-08-04 126400]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe [2009-08-29 44312]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-08-05 583640]
S2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files (x86)\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe [2009-06-24 386400]
S2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files (x86)\CyberLink\TV Enhance\Kernel\TV\TVESched.exe [2009-06-24 202080]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-07-04 240160]
S3 AVerPola;AVerMedia USB Polaris Series Capture Service;c:\windows\system32\DRIVERS\AVerPola.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-27 132656]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 17:32]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-19 11:06]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-19 11:06]
.
2012-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-185977872-1003299966-832884761-1001Core.job
- c:\users\Imran\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-19 11:05]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-185977872-1003299966-832884761-1001UA.job
- c:\users\Imran\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-19 11:05]
.
2012-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-185977872-1003299966-832884761-1003Core.job
- c:\users\Seymina\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-07 11:11]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-185977872-1003299966-832884761-1003UA.job
- c:\users\Seymina\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-07 11:11]
.
2012-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-185977872-1003299966-832884761-1004Core.job
- c:\users\Dilawar\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-19 11:11]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-185977872-1003299966-832884761-1004UA.job
- c:\users\Dilawar\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-19 11:11]
.
2012-06-15 c:\windows\Tasks\Norton Security Scan for Imran.job
- c:\program files (x86)\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-08-23 09:06]
.
2012-06-17 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\Registry Mechanic\RegMech.exe [2010-10-09 07:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TouchPortal"="c:\program files (x86)\Packard Bell\Packard Bell Touch Suite\TouchPortal.exe" [2009-10-24 4940800]
"TouchORB"="c:\program files (x86)\TouchSettings\TouchPortalOBR.exe" [2009-10-23 151368]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-23 7981600]
"lxebmon.exe"="c:\program files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe" [2009-08-10 766632]
"EzPrint"="c:\program files (x86)\Lexmark Pro200-S500 Series\ezprint.exe" [2009-08-10 139944]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=onetwo_l5710&r=173604100400p0437y145y44n1153s
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=onetwo_l5710&r=173604100400p0437y145y44n1153s
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
DPF: {971FC730-55F1-461F-83FD-B3BF5E1F039E} - hxxp://192.168.0.10/AVC_AX_742.cab
FF - ProfilePath - c:\users\Imran\AppData\Roaming\Mozilla\Firefox\Profiles\46zzx3qa.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{1C68C940-1B2F-46EB-BD8C-2E1612FF6A58} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
.
**************************************************************************
.
Completion time: 2012-06-18 11:07:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-18 10:07
ComboFix2.txt 2012-06-17 14:44
.
Pre-Run: 405,668,311,040 bytes free
Post-Run: 405,295,747,072 bytes free
.
- - End Of File - - B835E825B188680B06C4AB3194BF154C



I haven't had any problems with the random audio ads, and google redirection etc having run the script

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:27 PM

Posted 18 June 2012 - 08:05 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 9.3
Java™ 6 Update 31
Messenger Plus! Live
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Imran786

Imran786
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 18 June 2012 - 11:58 AM

MBAM log

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.18.06

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Imran :: IMRAN-PC [administrator]

18/06/2012 17:50:00
mbam-log-2012-06-18 (17-50-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P

Objects scanned: 277394
Time elapsed: 2 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Seymina\Downloads\888poker.exe (PUP.Casino) -> Quarantined and deleted successfully.
C:\Users\Seymina\Downloads\SoftonicDownloader_for_veetle.exe (PUP.BundleOffer.Downloader.S) -> Quarantined and deleted successfully.

(end)



However when running Hijackthis the notepad opens but there is nothing in it. It is just a blank file.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:27 PM

Posted 18 June 2012 - 03:36 PM

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users