Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirecting Me Logs


  • This topic is locked This topic is locked
40 replies to this topic

#1 rcfun92

rcfun92

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 17 July 2012 - 02:34 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Raghav Chawla at 14:01:22 on 2012-07-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3832.2291 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Raghav Chawla\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Raghav Chawla\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Raghav Chawla\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Raghav Chawla\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Raghav Chawla\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Raghav Chawla\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Raghav Chawla\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Raghav Chawla\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Users\Raghav Chawla\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://isearch.avg.com/?cid={45BAD14B-9348-44F4-9A66-B6F88C5FD8A5}&mid=4a35d3a56efb47d19010016ecebdd277-a048a777c104ac0e2d34ab0475188e4ae1559794&lang=en&ds=st011&pr=sa&d=2012-07-12 21:11:36&v=11.1.0.12&sap=hp
uDefault_Page_URL = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
uInternet Settings,ProxyOverride = local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Google Update] "C:\Users\Raghav Chawla\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
mRun: [<NO NAME>]
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
StartupFolder: C:\Users\RAGHAV~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 167.206.245.129 167.206.245.130
TCP: Interfaces\{27CEAABF-8777-4A55-B381-441FEBC30E70} : NameServer = 10.35.40.1
TCP: Interfaces\{BACA001A-B724-4048-ADCE-CB0FB5744A5F} : DhcpNameServer = 167.206.245.130 167.206.245.129
TCP: Interfaces\{D0D7C8FC-6890-45AD-94FE-41720BF91092} : DhcpNameServer = 167.206.245.129 167.206.245.130
TCP: Interfaces\{D0D7C8FC-6890-45AD-94FE-41720BF91092}\9402B4E4F4750295F455250294E402D4950294E4455425E4544512 : DhcpNameServer = 167.206.245.130 167.206.245.129
TCP: Interfaces\{D0D7C8FC-6890-45AD-94FE-41720BF91092}\C696E6B6379737 : DhcpNameServer = 167.206.245.130 167.206.245.129
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [(Default)]
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Raghav Chawla\AppData\Roaming\Mozilla\Firefox\Profiles\rlvuiv2a.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Raghav Chawla\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\system32\drivers\ahcix64s.sys --> C:\Windows\system32\drivers\ahcix64s.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 SMR210;Symantec SMR Utility Service 2.1.0;C:\Windows\system32\drivers\SMR210.SYS --> C:\Windows\system32\drivers\SMR210.SYS [?]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\system32\DRIVERS\hssdrv6.sys --> C:\Windows\system32\DRIVERS\hssdrv6.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-6-26 468848]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2012-6-19 384880]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-4-6 244624]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-16 655944]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-3-24 2886528]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ekrn;ESET Service;"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe" --> C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-4 257224]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 113120]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\rtl8187.sys --> C:\Windows\system32\DRIVERS\rtl8187.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 USBTINSP;TI-Nspire™ Handheld or TI Network Bridge Device Driver;C:\Windows\system32\DRIVERS\tinspusb.sys --> C:\Windows\system32\DRIVERS\tinspusb.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-17 01:12:15 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-17 01:12:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-17 00:21:01 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-07-16 03:20:05 -------- d-----w- C:\Users\Raghav Chawla\AppData\Roaming\ESET
2012-07-16 03:20:05 -------- d-----w- C:\Users\Raghav Chawla\AppData\Local\ESET
2012-07-16 03:13:23 -------- d-----w- C:\Program Files\ESET
2012-07-15 20:39:47 -------- d-----w- C:\Windows\en
2012-07-15 20:39:20 -------- d-----w- C:\Windows\fr
2012-07-15 20:38:20 19736 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-15 20:36:34 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\862dcf381cd62c904\DSETUP.dll
2012-07-15 20:36:34 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\862dcf381cd62c904\DXSETUP.exe
2012-07-15 20:36:34 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\862dcf381cd62c904\dsetup32.dll
2012-07-15 20:36:34 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\86504bda1cd62c905\MeshBetaRemover.exe
2012-07-15 20:35:34 -------- d-----w- C:\Users\Raghav Chawla\AppData\Local\{4DD46672-4C6F-46A5-8E22-083D119BF6E3}
2012-07-15 20:35:23 -------- d-----w- C:\Users\Raghav Chawla\AppData\Local\{9F77235E-9A74-495F-BA00-DB132E3B4DA9}
2012-07-15 20:35:13 -------- d-----w- C:\Users\Raghav Chawla\AppData\Local\{ACFD21E2-E7DE-4CA1-87BD-3ACA681F909D}
2012-07-15 20:35:02 -------- d-----w- C:\Users\Raghav Chawla\AppData\Local\{185038F3-776C-4A52-8C9D-51A2611EC2F5}
2012-07-15 20:34:52 -------- d-----w- C:\Users\Raghav Chawla\AppData\Local\{8F90C19A-4875-4242-98A7-53D7E6B95650}
2012-07-15 20:34:30 -------- d-----w- C:\Users\Raghav Chawla\AppData\Local\{333A3DB4-3984-4D7E-8693-4669931B5E33}
2012-07-15 20:19:49 -------- d-----w- C:\Users\Raghav Chawla\AppData\Local\{8D9FF431-4320-43B3-9C4D-DA18712BB5D0}
2012-07-15 04:40:21 -------- d-----w- C:\ProgramData\HitmanPro
2012-07-15 03:45:38 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-14 23:02:06 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EA7C3427-5267-44AA-9BC9-19E50C0235DE}\mpengine.dll
2012-07-14 20:58:52 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-13 01:15:06 -------- d-----w- C:\Users\Raghav Chawla\AppData\Roaming\PowerISO
2012-07-13 01:10:55 126944 ----a-w- C:\Windows\System32\drivers\scdemu.sys
2012-07-13 01:10:55 -------- d-----w- C:\Program Files (x86)\PowerISO
2012-07-12 23:16:40 -------- d-----w- C:\Users\Raghav Chawla\AppData\Roaming\Malwarebytes
2012-07-12 23:16:11 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-11 07:02:44 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-10 02:53:50 -------- d-----w- C:\ProgramData\hssff
2012-07-09 00:43:33 -------- d-----w- C:\Program Files (x86)\Intelore
2012-07-07 16:14:26 -------- d-----w- C:\Users\Raghav Chawla\AppData\Local\{15FC015F-39F1-4DAC-A42A-05AD56BB3AE3}
2012-07-06 18:36:59 -------- d-----w- C:\ProgramData\YTD Video Downloader
2012-07-04 02:54:36 -------- d-----w- C:\Program Files (x86)\WinSCP
2012-07-03 20:58:51 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8AD5EAAC-96B2-4034-89BD-75B40A110FCC}\gapaengine.dll
2012-07-03 01:45:46 -------- d-----w- C:\Users\Raghav Chawla\AppData\Local\{078EEB97-B4B0-4DA7-BFDF-2F4E40D48C17}
2012-07-02 18:54:38 562032 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor13.dll
2012-07-02 18:54:01 -------- d-----w- C:\ProgramData\Hotspot Shield
2012-07-02 18:53:28 -------- d-----w- C:\Program Files (x86)\Hotspot Shield
2012-06-30 03:26:14 -------- d-----w- C:\Users\Raghav Chawla\Calibre Library
2012-06-28 23:02:41 -------- d-----w- C:\Program Files\iPod
2012-06-28 23:02:40 -------- d-----w- C:\Program Files\iTunes
2012-06-28 23:02:40 -------- d-----w- C:\Program Files (x86)\iTunes
2012-06-22 10:27:33 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-22 10:27:16 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-22 10:27:08 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-22 10:27:08 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-19 17:09:56 180224 ----a-w- C:\Windows\System32\ac3filter.cpl
2012-06-18 23:42:47 -------- d-----w- C:\Users\Raghav Chawla\AppData\Local\MicroVision Applications
2012-06-18 23:42:31 487424 ----a-w- C:\Windows\SysWow64\msvcp70.dll
2012-06-18 23:42:31 344064 ----a-w- C:\Windows\SysWow64\msvcr70.dll
2012-06-18 23:42:30 -------- d-----w- C:\Program Files (x86)\Common Files\SureThing Shared
2012-06-18 22:56:01 -------- d--h--w- C:\ProgramData\CanonIJScan
.
==================== Find3M ====================
.
2012-07-15 03:52:25 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-15 03:52:25 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-06-01 21:18:34 41224 ----a-w- C:\Windows\System32\drivers\hssdrv6.sys
2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-20 03:45:41 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-04-20 03:16:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-19 00:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 14:02:13.36 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/9/2011 3:55:42 PM
System Uptime: 7/17/2012 1:57:24 PM (1 hours ago)
.
Motherboard: Acer | | Aspire M3410
Processor: AMD Athlon™ II X4 645 Processor | CPU 1 | 3100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 918 GiB total, 851.442 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standard PS/2 Keyboard
Device ID: ACPI\PNP0303\4&5CA6142&0
Manufacturer: (Standard keyboards)
Name: Standard PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&5CA6142&0
Service: i8042prt
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&5CA6142&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&5CA6142&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP189: 7/14/2012 4:58:25 PM - Windows Update
RP190: 7/15/2012 4:36:33 PM - Windows Live Essentials
RP191: 7/15/2012 4:37:03 PM - Installed DirectX
RP192: 7/15/2012 4:37:19 PM - Installed DirectX
RP193: 7/15/2012 4:37:53 PM - WLSetup
RP194: 7/16/2012 8:59:03 PM - C
.
==== Installed Programs ======================
.
.
µTorrent
Acer eRecovery Management
Acer Registration
Acer Updater
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Photoshop CS5.1
Adobe Reader 9.1 MUI
AMD DnD V1.0.20
Apple Application Support
Apple Software Update
Applian FLV and Media Player 3.1.1.12
calibre
CamStudio OSS Desktop Recorder
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon MG5300 series On-screen Manual
Canon MG5300 series User Registration
Canon MP Navigator 3.0
Canon MP Navigator EX 5.0
Canon My Printer
Canon Solution Menu EX
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Contrôle ActiveX Windows Live Mesh pour connexions à distance
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Galerie de photos Windows Live
Google Chrome
Google Earth Plug-in
Google Update Helper
Hotkey Utility
Hotspot Shield 2.55
Identity Card
Java Auto Updater
Java™ 6 Update 31
Junk Mail filter update
Logitech Touch Mouse Server 1.0
Malwarebytes Anti-Malware version 1.62.0.1300
Mesh Runtime
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10
Nero Express 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Notepad++
PDF Settings CS5
PowerISO
QuickTime
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Shredder
TeamViewer 7
TI-Nspire™ Student Software
TI Connect 1.6
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
VC80CRTRedist - 8.0.50727.6195
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinSCP 4.3.8
WordpressThemeGen
YTD Video Downloader 3.9
.
==== Event Viewer Messages From Past Week ========
.
7/17/2012 1:59:06 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/17/2012 1:58:13 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
7/17/2012 1:58:13 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
7/17/2012 1:57:44 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
7/17/2012 1:57:44 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
7/17/2012 1:57:44 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
7/17/2012 1:57:44 PM, Error: Service Control Manager [7000] - The ESET Service service failed to start due to the following error: The system cannot find the file specified.
7/17/2012 1:57:42 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000109 (0xa3a039d89ef2853a, 0xb3b7465ef170be58, 0xfffff80000baa82c, 0x0000000000000001). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071712-17487-01.
7/16/2012 9:56:10 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000109 (0xa3a039d89976855a, 0xb3b7465eebf4be88, 0xfffff80000baa82c, 0x0000000000000001). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071612-22042-01.
7/16/2012 8:13:44 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000109 (0xa3a039d895f7e881, 0xb3b7465ee876219f, 0xfffff80000bc782c, 0x0000000000000001). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071612-22089-01.
7/16/2012 11:19:55 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000109 (0xa3a039d895a41662, 0xb3b7465ee8224f80, 0xfffff80000bd482c, 0x0000000000000001). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071612-18345-01.
7/16/2012 10:58:02 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000109 (0xa3a039d895b535e0, 0xb3b7465ee8336efe, 0xfffff80000ba582c, 0x0000000000000001). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071612-20373-01.
7/15/2012 12:50:11 AM, Error: Service Control Manager [7024] - The HitmanPro 3.6 Crusader (Boot) service terminated with service-specific error The operation completed successfully..
7/15/2012 11:18:30 PM, Error: Service Control Manager [7030] - The Eset install launcher (3629) service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/15/2012 11:13:27 PM, Error: Service Control Manager [7030] - The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/14/2012 12:14:27 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
7/12/2012 7:31:02 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
.
==== End Of File ===========================

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-17 15:08:50
Windows 6.1.7601 Service Pack 1
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Raghav Chawla\Desktop\Folders\TI Calculators\TI-SmartView\x2122 (Trial) with CRACK\TI-SmartView\Setup.exe 1
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Raghav Chawla\Desktop\Folders\TI Calculators\TI-SmartView\x2122 (Trial) with CRACK\TI-SmartView\data\Calculator Software\Emulator_installer\TI-SmartViewWinInstaller.exe 1

---- Files - GMER 1.0.15 ----

File C:\Users\Raghav Chawla\AppData\Roaming\Microsoft\Windows\Cookies\9T8FZV35.txt 0 bytes

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 rcfun92

rcfun92
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 17 July 2012 - 06:19 PM

Anyone?

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:50 PM

Posted 18 July 2012 - 02:32 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 rcfun92

rcfun92
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 18 July 2012 - 10:13 PM

Hello thank you for you reply. My computer gets the BSOD (STOP: 0x00000109) as seen in the picture below. Google is still redirecting. Hopefully with your assistance the virus will go away. I ran ComboFix and it says C:\Windows\regedit.exe is missing

Here are the Logs:


Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 11.2.202.228 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 13.0.1 Firefox out of Date!
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:50 PM

Posted 18 July 2012 - 10:29 PM

did combofix give a report



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 rcfun92

rcfun92
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 18 July 2012 - 10:31 PM

No it says "C:\Windows\regedit.exe is missing"

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:50 PM

Posted 18 July 2012 - 11:18 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 rcfun92

rcfun92
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 19 July 2012 - 01:24 PM

Scan result of Farbar Recovery Scan Tool Version: 16-07-2012 02
Ran by SYSTEM at 19-07-2012 14:21:16
Running from L:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2779024 2011-03-14] (CANON INC.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup [336992 2012-05-30] (Power Software Ltd)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKU\Raghav Chawla\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Raghav Chawla\...\Run: [Google Update] "C:\Users\Raghav Chawla\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-12-09] (Google Inc.)
HKU\Raghav Chawla\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.)
HKU\Raghav Chawla\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [1022352 2012-07-16] (BitTorrent, Inc.)
Tcpip\Parameters: [DhcpNameServer] 167.206.245.129 167.206.245.130
Tcpip\..\Interfaces\{27CEAABF-8777-4A55-B381-441FEBC30E70}: [NameServer]10.31.24.1
Startup: C:\Users\Raghav Chawla\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ======

2 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [471408 2012-07-12] ()
3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78072 2012-07-09] ()
2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [385392 2012-07-09] ()
2 Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [244624 2011-01-31] (Acer Incorporated)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)

========================== Drivers (Whitelisted) =============

1 DhaHelper; C:\Windows\SysWow64\Drivers\DhaHelper.sys [7168 2011-12-14] (MPlayer <http://svn.mplayerhq.hu/mplayer/trunk/vidix/dhahelperwin/>)
1 HssDRV6; C:\Windows\System32\Drivers\HssDRV6.sys [41704 2012-07-09] (AnchorFree Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
0 SMR210; C:\Windows\System32\Drivers\SMR210.sys [96376 2012-01-06] (Symantec Corporation)
3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [142848 2011-12-23] (Texas Instruments)
3 lmimirr; C:\Windows\System32\DRIVERS\lmimirr.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-19 14:20 - 2012-07-19 14:21 - 00000000 ____D C:\FRST
2012-07-19 10:07 - 2012-07-19 10:07 - 00275064 ____A C:\Windows\Minidump\071912-24336-01.dmp
2012-07-18 19:08 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-07-18 19:08 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-07-18 19:08 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-07-18 19:08 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-07-18 19:08 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-07-18 19:08 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-07-18 19:08 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-07-18 19:08 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-07-18 19:07 - 2012-07-18 19:07 - 04582182 ____R (Swearware) C:\Users\Raghav Chawla\Desktop\ComboFix.exe
2012-07-18 19:07 - 2012-07-18 19:07 - 00000000 ____D C:\Windows\erdnt
2012-07-18 19:07 - 2012-07-18 19:07 - 00000000 ____D C:\Qoobox
2012-07-18 19:03 - 2012-07-18 19:03 - 00881486 ____A C:\Users\Raghav Chawla\Desktop\SecurityCheck.exe
2012-07-18 18:54 - 2012-07-18 18:54 - 00275064 ____A C:\Windows\Minidump\071812-23400-01.dmp
2012-07-18 15:07 - 2012-07-18 15:09 - 00054059 ____A C:\Users\Raghav Chawla\Desktop\~ESETUninstaller.log
2012-07-18 15:05 - 2012-07-18 15:05 - 00638976 ____A (ESET) C:\Users\Raghav Chawla\Desktop\ESETUninstaller (1).exe
2012-07-18 14:52 - 2012-07-18 14:52 - 00638976 ____A (ESET) C:\Users\Raghav Chawla\Desktop\ESETUninstaller.exe
2012-07-18 14:47 - 2012-07-18 14:50 - 62664192 ____A C:\Users\Raghav Chawla\Desktop\ess_nt64_enu (1).msi
2012-07-18 14:29 - 2012-07-18 14:35 - 62664192 ____A C:\Users\Raghav Chawla\Desktop\ess_nt64_enu.msi
2012-07-18 14:18 - 2012-07-18 14:19 - 00920096 ____A C:\Users\Raghav Chawla\Desktop\Norton_Removal_Tool.exe
2012-07-18 14:10 - 2012-07-18 14:11 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2012-07-17 19:24 - 2012-07-17 19:24 - 00007942 ____A C:\Windows\DPINST.LOG
2012-07-17 19:24 - 2012-07-17 19:24 - 00001341 ____A C:\Users\Public\Desktop\TI Connect.lnk
2012-07-17 19:24 - 2012-07-17 19:24 - 00000000 ____D C:\Users\Raghav Chawla\Documents\MyTIData
2012-07-17 19:22 - 2012-07-17 19:22 - 15858856 ____A C:\Users\Raghav Chawla\Desktop\ticonnect_eng.exe
2012-07-17 18:45 - 2012-07-17 19:04 - 00015841 ____A C:\Users\Raghav Chawla\.tilp.log
2012-07-17 18:45 - 2012-07-17 18:55 - 00000000 ____D C:\Users\Raghav Chawla\.ticables
2012-07-17 18:42 - 2012-07-17 19:05 - 00000000 ____D C:\Program Files (x86)\TiLP
2012-07-17 18:42 - 2011-12-14 17:11 - 00007168 ____A (MPlayer <http://svn.mplayerhq.hu/mplayer/trunk/vidix/dhahelperwin/>) C:\Windows\SysWOW64\Drivers\dhahelper.sys
2012-07-17 18:42 - 2011-07-23 17:22 - 00067680 ____A (http://libusb-win32.sourceforge.net) C:\Windows\SysWOW64\libusb0_x86.dll
2012-07-17 18:42 - 2011-07-23 17:22 - 00067680 ____A (http://libusb-win32.sourceforge.net) C:\Windows\SysWOW64\libusb0.dll
2012-07-17 18:41 - 2012-07-17 18:42 - 02006821 ____A C:\Users\Raghav Chawla\Desktop\tilp.zip
2012-07-17 18:34 - 2012-07-17 18:34 - 00022353 ____A C:\Users\Raghav Chawla\Desktop\DoodleJump4nSpire.zip
2012-07-17 18:31 - 2012-07-17 18:31 - 00004754 ____A C:\Users\Raghav Chawla\Desktop\Aliens.zip
2012-07-17 18:27 - 2012-07-17 18:27 - 00006599 ____A C:\Users\Raghav Chawla\Desktop\cuberunner.zip
2012-07-17 15:41 - 2012-07-18 14:19 - 00000000 ____D C:\Users\All Users\Norton
2012-07-17 15:34 - 2012-07-17 15:34 - 00275064 ____A C:\Windows\Minidump\071712-18969-01.dmp
2012-07-17 13:07 - 2012-07-17 13:07 - 00275064 ____A C:\Windows\Minidump\071712-18252-01.dmp
2012-07-17 11:45 - 2012-07-17 11:45 - 00275064 ____A C:\Windows\Minidump\071712-18532-01.dmp
2012-07-17 11:29 - 2012-07-17 11:29 - 00275064 ____A C:\Windows\Minidump\071712-17534-01.dmp
2012-07-17 11:08 - 2012-07-17 11:12 - 00001101 ____A C:\Users\Raghav Chawla\Desktop\v.log
2012-07-17 10:50 - 2012-07-17 10:50 - 00294216 ____A C:\Users\Raghav Chawla\Desktop\gmer (1).zip
2012-07-17 10:45 - 2012-07-17 10:45 - 00275064 ____A C:\Windows\Minidump\071712-18860-01.dmp
2012-07-17 10:23 - 2012-07-17 10:23 - 00294216 ____A C:\Users\Raghav Chawla\Desktop\gmer.zip
2012-07-17 10:23 - 2012-07-17 10:23 - 00000000 ____D C:\Users\Raghav Chawla\Desktop\gmer
2012-07-17 10:02 - 2012-07-17 10:02 - 00028228 ____A C:\Users\Raghav Chawla\Desktop\DDS.txt
2012-07-17 10:02 - 2012-07-17 10:02 - 00011172 ____A C:\Users\Raghav Chawla\Desktop\Attach.txt
2012-07-17 10:01 - 2012-07-17 10:01 - 00607260 ____R (Swearware) C:\Users\Raghav Chawla\Desktop\dds.com
2012-07-17 09:59 - 2012-07-17 09:59 - 00050477 ____A C:\Users\Raghav Chawla\Desktop\Defogger.exe
2012-07-17 09:59 - 2012-07-17 09:59 - 00000488 ____A C:\Users\Raghav Chawla\Desktop\defogger_disable.log
2012-07-17 09:59 - 2012-07-17 09:59 - 00000000 ____A C:\Users\Raghav Chawla\defogger_reenable
2012-07-17 09:57 - 2012-07-17 09:57 - 00275064 ____A C:\Windows\Minidump\071712-17487-01.dmp
2012-07-16 20:03 - 2012-07-16 20:03 - 00002238 ____A C:\Users\Raghav Chawla\Desktop\aswMBR.txt
2012-07-16 19:39 - 2012-07-16 20:03 - 00000512 ____A C:\Users\Raghav Chawla\Desktop\MBR.dat
2012-07-16 19:19 - 2012-07-16 19:19 - 00275064 ____A C:\Windows\Minidump\071612-18345-01.dmp
2012-07-16 19:09 - 2012-07-02 23:13 - 57442464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-07-16 18:57 - 2012-07-16 18:58 - 00275064 ____A C:\Windows\Minidump\071612-20373-01.dmp
2012-07-16 18:00 - 2012-07-16 18:00 - 04731392 ____A (AVAST Software) C:\Users\Raghav Chawla\Desktop\aswMBR.exe
2012-07-16 17:56 - 2012-07-16 17:56 - 00275064 ____A C:\Windows\Minidump\071612-22042-01.dmp
2012-07-16 17:12 - 2012-07-16 17:12 - 00001077 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-16 17:12 - 2012-07-16 17:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-16 17:12 - 2012-07-03 09:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-16 17:11 - 2012-07-16 17:11 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Raghav Chawla\Desktop\mbam-setup-1.62.0.1300.exe
2012-07-16 17:08 - 2012-07-19 10:07 - 00003124 ____A C:\Windows\setupact.log
2012-07-16 17:06 - 2012-07-16 17:06 - 00036905 ____A C:\Users\Raghav Chawla\Desktop\helping.txt
2012-07-16 17:05 - 2012-07-16 17:05 - 00032036 ____A C:\Users\Raghav Chawla\Desktop\Result.txt
2012-07-16 17:03 - 2012-07-16 17:03 - 00688663 ____A (Farbar) C:\Users\Raghav Chawla\Desktop\FSS.exe
2012-07-16 17:03 - 2012-07-16 17:03 - 00003789 ____A C:\Users\Raghav Chawla\Desktop\FSS.txt
2012-07-16 16:21 - 2012-07-16 16:56 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-07-16 16:14 - 2012-07-16 16:14 - 00000911 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-07-16 16:13 - 2012-07-19 10:07 - 447708858 ____A C:\Windows\MEMORY.DMP
2012-07-16 16:13 - 2012-07-16 16:13 - 00275064 ____A C:\Windows\Minidump\071612-22089-01.dmp
2012-07-16 16:13 - 2012-07-16 16:13 - 00000000 ____A C:\Windows\SysWOW64\cd.dat
2012-07-15 19:20 - 2012-07-15 19:20 - 00000000 ____D C:\Users\Raghav Chawla\AppData\Roaming\ESET
2012-07-15 19:20 - 2012-07-15 19:20 - 00000000 ____D C:\Users\Raghav Chawla\AppData\Local\ESET
2012-07-15 19:19 - 2012-07-18 14:37 - 01617772 ____A C:\Windows\PFRO.log
2012-07-15 12:39 - 2012-07-15 12:39 - 00000000 ____D C:\Windows\fr
2012-07-15 12:39 - 2012-07-15 12:39 - 00000000 ____D C:\Windows\en
2012-07-15 12:35 - 2012-07-15 12:35 - 00000000 ____D C:\Users\Raghav Chawla\AppData\Local\{ACFD21E2-E7DE-4CA1-87BD-3ACA681F909D}
2012-07-15 12:35 - 2012-07-15 12:35 - 00000000 ____D C:\Users\Raghav Chawla\AppData\Local\{9F77235E-9A74-495F-BA00-DB132E3B4DA9}
2012-07-15 12:35 - 2012-07-15 12:35 - 00000000 ____D C:\Users\Raghav Chawla\AppData\Local\{4DD46672-4C6F-46A5-8E22-083D119BF6E3}
2012-07-15 12:35 - 2012-07-15 12:35 - 00000000 ____D C:\Users\Raghav Chawla\AppData\Local\{185038F3-776C-4A52-8C9D-51A2611EC2F5}
2012-07-15 12:34 - 2012-07-15 12:35 - 00000000 ____D C:\Users\Raghav Chawla\AppData\Local\{8F90C19A-4875-4242-98A7-53D7E6B95650}
2012-07-15 12:34 - 2012-07-15 12:34 - 00000000 ____D C:\Users\Raghav Chawla\AppData\Local\{333A3DB4-3984-4D7E-8693-4669931B5E33}
2012-07-15 12:19 - 2012-07-15 12:19 - 00000000 ____D C:\Users\Raghav Chawla\AppData\Local\{8D9FF431-4320-43B3-9C4D-DA18712BB5D0}
2012-07-14 20:50 - 2012-07-14 20:50 - 00000000 ____A C:\Windows\setuperr.log
2012-07-14 20:49 - 2012-07-18 14:15 - 05076248 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-14 20:48 - 2012-07-14 20:48 - 00002416 ____A C:\Windows\System32\.crusader
2012-07-14 20:40 - 2012-07-14 20:48 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-07-14 19:45 - 2012-07-14 19:45 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-14 08:01 - 2012-07-18 15:07 - 00137304 ____A C:\Users\Raghav Chawla\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-12 17:15 - 2012-07-12 17:15 - 00000000 ____D C:\Users\Raghav Chawla\AppData\Roaming\PowerISO
2012-07-12 17:10 - 2012-07-12 17:11 - 00000000 ____D C:\Program Files (x86)\PowerISO
2012-07-12 17:10 - 2012-05-30 20:10 - 00126944 ____A (Power Software Ltd) C:\Windows\System32\Drivers\scdemu.sys
2012-07-12 15:16 - 2012-07-12 15:16 - 00000000 ____D C:\Users\Raghav Chawla\AppData\Roaming\Malwarebytes
2012-07-12 15:16 - 2012-07-12 15:16 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-10 23:02 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-10 21:56 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 21:56 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 21:56 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 21:56 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 21:56 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-10 21:56 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 21:56 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 21:56 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-10 21:56 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 21:56 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 21:56 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 21:56 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 21:56 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 21:56 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 21:56 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 21:56 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 21:56 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-10 21:56 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-10 21:56 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-09 18:53 - 2012-07-09 18:53 - 00000000 ____D C:\Users\All Users\hssff
2012-07-09 18:48 - 2012-07-09 18:48 - 00041704 ____A (AnchorFree Inc.) C:\Windows\System32\Drivers\hssdrv6.sys
2012-07-08 16:43 - 2012-07-08 16:43 - 00000000 ____D C:\Program Files (x86)\Intelore
2012-07-07 08:14 - 2012-07-07 08:14 - 00000000 ____D C:\Users\Raghav Chawla\AppData\Local\{15FC015F-39F1-4DAC-A42A-05AD56BB3AE3}
2012-07-06 20:29 - 2012-07-06 20:29 - 00000407 ____A C:\Windows\SysWOW64\You are gay program.txt
2012-07-06 10:36 - 2012-07-06 10:36 - 00000000 ____D C:\Users\All Users\YTD Video Downloader
2012-07-03 18:54 - 2012-07-15 17:58 - 00000600 ____A C:\Users\Raghav Chawla\AppData\Roaming\winscp.rnd
2012-07-03 18:54 - 2012-07-03 18:54 - 00000000 ____D C:\Program Files (x86)\WinSCP
2012-07-02 17:45 - 2012-07-02 17:46 - 00000000 ____D C:\Users\Raghav Chawla\AppData\Local\{078EEB97-B4B0-4DA7-BFDF-2F4E40D48C17}
2012-07-02 10:54 - 2012-07-02 10:54 - 00000000 ____D C:\Users\All Users\Hotspot Shield
2012-07-02 10:53 - 2012-07-18 14:09 - 00000000 ____D C:\Program Files (x86)\Hotspot Shield
2012-06-29 19:26 - 2012-06-29 19:57 - 00000000 ____D C:\Users\Raghav Chawla\Calibre Library
2012-06-28 15:02 - 2012-06-28 15:03 - 00000000 ____D C:\Program Files\iTunes
2012-06-28 15:02 - 2012-06-28 15:03 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-06-28 15:02 - 2012-06-28 15:02 - 00000000 ____D C:\Program Files\iPod
2012-06-22 02:27 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-22 02:27 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-22 02:27 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-22 02:27 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-22 02:27 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-22 02:27 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-22 02:27 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-22 02:27 - 2012-06-02 11:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-22 02:27 - 2012-06-02 11:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-21 16:52 - 2012-06-21 16:52 - 00000120 ____A C:\Users\Raghav Chawla\Documents\Kaplan Flash Cards Link.txt
2012-06-19 09:09 - 2003-08-18 23:20 - 00180224 ____A () C:\Windows\System32\ac3filter.cpl


============ 3 Months Modified Files ========================

2012-07-19 10:17 - 2012-04-04 12:17 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-19 10:16 - 2011-09-21 23:38 - 01461011 ____A C:\Windows\WindowsUpdate.log
2012-07-19 10:13 - 2009-07-13 21:13 - 00723326 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-19 10:13 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-19 10:13 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-19 10:08 - 2012-01-11 19:34 - 00000266 ____A C:\Windows\Tasks\AutoKMS.job
2012-07-19 10:08 - 2011-12-23 21:35 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-19 10:07 - 2012-07-19 10:07 - 00275064 ____A C:\Windows\Minidump\071912-24336-01.dmp
2012-07-19 10:07 - 2012-07-16 17:08 - 00003124 ____A C:\Windows\setupact.log
2012-07-19 10:07 - 2012-07-16 16:13 - 447708858 ____A C:\Windows\MEMORY.DMP
2012-07-19 10:07 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-18 19:23 - 2011-12-09 13:00 - 00000940 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1266400069-2777560320-1542665438-1001UA.job
2012-07-18 19:07 - 2012-07-18 19:07 - 04582182 ____R (Swearware) C:\Users\Raghav Chawla\Desktop\ComboFix.exe
2012-07-18 19:03 - 2012-07-18 19:03 - 00881486 ____A C:\Users\Raghav Chawla\Desktop\SecurityCheck.exe
2012-07-18 18:54 - 2012-07-18 18:54 - 00275064 ____A C:\Windows\Minidump\071812-23400-01.dmp
2012-07-18 15:11 - 2011-09-21 23:34 - 00002707 ____A C:\Windows\System32\RaCoInst.log
2012-07-18 15:09 - 2012-07-18 15:07 - 00054059 ____A C:\Users\Raghav Chawla\Desktop\~ESETUninstaller.log
2012-07-18 15:07 - 2012-07-14 08:01 - 00137304 ____A C:\Users\Raghav Chawla\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-18 15:05 - 2012-07-18 15:05 - 00638976 ____A (ESET) C:\Users\Raghav Chawla\Desktop\ESETUninstaller (1).exe
2012-07-18 14:52 - 2012-07-18 14:52 - 00638976 ____A (ESET) C:\Users\Raghav Chawla\Desktop\ESETUninstaller.exe
2012-07-18 14:50 - 2012-07-18 14:47 - 62664192 ____A C:\Users\Raghav Chawla\Desktop\ess_nt64_enu (1).msi
2012-07-18 14:37 - 2012-07-15 19:19 - 01617772 ____A C:\Windows\PFRO.log
2012-07-18 14:35 - 2012-07-18 14:29 - 62664192 ____A C:\Users\Raghav Chawla\Desktop\ess_nt64_enu.msi
2012-07-18 14:19 - 2012-07-18 14:18 - 00920096 ____A C:\Users\Raghav Chawla\Desktop\Norton_Removal_Tool.exe
2012-07-18 14:15 - 2012-07-14 20:49 - 05076248 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-18 13:58 - 2011-12-23 21:35 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-18 10:23 - 2011-12-09 13:00 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1266400069-2777560320-1542665438-1001Core.job
2012-07-17 19:24 - 2012-07-17 19:24 - 00007942 ____A C:\Windows\DPINST.LOG
2012-07-17 19:24 - 2012-07-17 19:24 - 00001341 ____A C:\Users\Public\Desktop\TI Connect.lnk
2012-07-17 19:22 - 2012-07-17 19:22 - 15858856 ____A C:\Users\Raghav Chawla\Desktop\ticonnect_eng.exe
2012-07-17 19:04 - 2012-07-17 18:45 - 00015841 ____A C:\Users\Raghav Chawla\.tilp.log
2012-07-17 18:43 - 2011-12-14 17:29 - 00004573 ____A C:\Users\Raghav Chawla\Desktop\Readme_Win32.txt
2012-07-17 18:43 - 2011-12-14 17:29 - 00004135 ____A C:\Users\Raghav Chawla\Desktop\ReadMe.txt
2012-07-17 18:43 - 2011-12-14 17:29 - 00002933 ____A C:\Users\Raghav Chawla\Desktop\Release.txt
2012-07-17 18:43 - 2011-12-14 17:13 - 02024831 ____A (The TiLP Team ) C:\Users\Raghav Chawla\Desktop\setup.exe
2012-07-17 18:42 - 2012-07-17 18:41 - 02006821 ____A C:\Users\Raghav Chawla\Desktop\tilp.zip
2012-07-17 18:34 - 2012-07-17 18:34 - 00022353 ____A C:\Users\Raghav Chawla\Desktop\DoodleJump4nSpire.zip
2012-07-17 18:31 - 2012-07-17 18:31 - 00004754 ____A C:\Users\Raghav Chawla\Desktop\Aliens.zip
2012-07-17 18:27 - 2012-07-17 18:27 - 00006599 ____A C:\Users\Raghav Chawla\Desktop\cuberunner.zip
2012-07-17 15:41 - 2012-01-09 13:38 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-17 15:34 - 2012-07-17 15:34 - 00275064 ____A C:\Windows\Minidump\071712-18969-01.dmp
2012-07-17 13:07 - 2012-07-17 13:07 - 00275064 ____A C:\Windows\Minidump\071712-18252-01.dmp
2012-07-17 11:45 - 2012-07-17 11:45 - 00275064 ____A C:\Windows\Minidump\071712-18532-01.dmp
2012-07-17 11:29 - 2012-07-17 11:29 - 00275064 ____A C:\Windows\Minidump\071712-17534-01.dmp
2012-07-17 11:12 - 2012-07-17 11:08 - 00001101 ____A C:\Users\Raghav Chawla\Desktop\v.log
2012-07-17 10:50 - 2012-07-17 10:50 - 00294216 ____A C:\Users\Raghav Chawla\Desktop\gmer (1).zip
2012-07-17 10:50 - 2011-07-16 18:21 - 00302592 ____A C:\Users\Raghav Chawla\Desktop\gmer.exe
2012-07-17 10:45 - 2012-07-17 10:45 - 00275064 ____A C:\Windows\Minidump\071712-18860-01.dmp
2012-07-17 10:23 - 2012-07-17 10:23 - 00294216 ____A C:\Users\Raghav Chawla\Desktop\gmer.zip
2012-07-17 10:02 - 2012-07-17 10:02 - 00028228 ____A C:\Users\Raghav Chawla\Desktop\DDS.txt
2012-07-17 10:02 - 2012-07-17 10:02 - 00011172 ____A C:\Users\Raghav Chawla\Desktop\Attach.txt
2012-07-17 10:01 - 2012-07-17 10:01 - 00607260 ____R (Swearware) C:\Users\Raghav Chawla\Desktop\dds.com
2012-07-17 09:59 - 2012-07-17 09:59 - 00050477 ____A C:\Users\Raghav Chawla\Desktop\Defogger.exe
2012-07-17 09:59 - 2012-07-17 09:59 - 00000488 ____A C:\Users\Raghav Chawla\Desktop\defogger_disable.log
2012-07-17 09:59 - 2012-07-17 09:59 - 00000000 ____A C:\Users\Raghav Chawla\defogger_reenable
2012-07-17 09:57 - 2012-07-17 09:57 - 00275064 ____A C:\Windows\Minidump\071712-17487-01.dmp
2012-07-16 20:03 - 2012-07-16 20:03 - 00002238 ____A C:\Users\Raghav Chawla\Desktop\aswMBR.txt
2012-07-16 20:03 - 2012-07-16 19:39 - 00000512 ____A C:\Users\Raghav Chawla\Desktop\MBR.dat
2012-07-16 19:19 - 2012-07-16 19:19 - 00275064 ____A C:\Windows\Minidump\071612-18345-01.dmp
2012-07-16 18:58 - 2012-07-16 18:57 - 00275064 ____A C:\Windows\Minidump\071612-20373-01.dmp
2012-07-16 18:00 - 2012-07-16 18:00 - 04731392 ____A (AVAST Software) C:\Users\Raghav Chawla\Desktop\aswMBR.exe
2012-07-16 17:56 - 2012-07-16 17:56 - 00275064 ____A C:\Windows\Minidump\071612-22042-01.dmp
2012-07-16 17:12 - 2012-07-16 17:12 - 00001077 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-16 17:11 - 2012-07-16 17:11 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Raghav Chawla\Desktop\mbam-setup-1.62.0.1300.exe
2012-07-16 17:06 - 2012-07-16 17:06 - 00036905 ____A C:\Users\Raghav Chawla\Desktop\helping.txt
2012-07-16 17:05 - 2012-07-16 17:05 - 00032036 ____A C:\Users\Raghav Chawla\Desktop\Result.txt
2012-07-16 17:03 - 2012-07-16 17:03 - 00688663 ____A (Farbar) C:\Users\Raghav Chawla\Desktop\FSS.exe
2012-07-16 17:03 - 2012-07-16 17:03 - 00003789 ____A C:\Users\Raghav Chawla\Desktop\FSS.txt
2012-07-16 16:56 - 2011-12-28 16:15 - 00001202 ____A C:\Windows\wininit.ini
2012-07-16 16:14 - 2012-07-16 16:14 - 00000911 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-07-16 16:13 - 2012-07-16 16:13 - 00275064 ____A C:\Windows\Minidump\071612-22089-01.dmp
2012-07-16 16:13 - 2012-07-16 16:13 - 00000000 ____A C:\Windows\SysWOW64\cd.dat
2012-07-15 17:58 - 2012-07-03 18:54 - 00000600 ____A C:\Users\Raghav Chawla\AppData\Roaming\winscp.rnd
2012-07-14 20:50 - 2012-07-14 20:50 - 00000000 ____A C:\Windows\setuperr.log
2012-07-14 20:48 - 2012-07-14 20:48 - 00002416 ____A C:\Windows\System32\.crusader
2012-07-14 19:52 - 2012-04-04 12:17 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-14 19:52 - 2011-12-09 18:35 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-10 23:00 - 2011-12-29 15:05 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-09 18:48 - 2012-07-09 18:48 - 00041704 ____A (AnchorFree Inc.) C:\Windows\System32\Drivers\hssdrv6.sys
2012-07-07 13:14 - 2011-12-29 18:17 - 00000132 ____A C:\Users\Raghav Chawla\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-07-06 20:29 - 2012-07-06 20:29 - 00000407 ____A C:\Windows\SysWOW64\You are gay program.txt
2012-07-03 16:22 - 2012-01-19 16:42 - 00223688 ___AH C:\Windows\SysWOW64\mlfcache.dat
2012-07-03 09:46 - 2012-07-16 17:12 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-02 23:13 - 2012-07-16 19:09 - 57442464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-06-26 10:12 - 2009-07-13 21:08 - 00032636 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-21 16:52 - 2012-06-21 16:52 - 00000120 ____A C:\Users\Raghav Chawla\Documents\Kaplan Flash Cards Link.txt
2012-06-11 19:08 - 2012-07-10 23:02 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-10 10:33 - 2012-06-10 10:33 - 00016378 ____H C:\Users\Raghav Chawla\Desktop\~WRL2988.tmp
2012-06-08 21:43 - 2012-07-10 21:56 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-10 21:56 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-10 21:56 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-10 21:56 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-10 21:56 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-10 21:56 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-10 21:56 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-10 21:56 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 14:19 - 2012-06-22 02:27 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-22 02:27 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-22 02:27 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-22 02:27 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-22 02:27 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-22 02:27 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-22 02:27 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-22 02:27 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-22 02:27 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 21:50 - 2012-07-10 21:56 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-10 21:56 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-10 21:56 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-10 21:56 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-10 21:56 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-10 21:56 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-10 21:56 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-10 21:56 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-10 21:56 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-31 08:25 - 2010-11-20 19:27 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-30 20:10 - 2012-07-12 17:10 - 00126944 ____A (Power Software Ltd) C:\Windows\System32\Drivers\scdemu.sys
2012-05-29 12:14 - 2012-05-29 12:14 - 00003584 ____A C:\Users\Raghav Chawla\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-14 20:01 - 2012-06-13 13:17 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-14 19:59 - 2012-06-13 13:17 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-14 19:03 - 2012-06-13 13:17 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-14 19:00 - 2012-06-13 13:17 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-04 03:06 - 2012-06-13 13:17 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-13 13:17 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 13:17 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-30 23:00 - 2012-01-09 13:29 - 00740420 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-04-30 21:40 - 2012-06-13 13:17 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:55 - 2012-06-13 13:17 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-06-13 13:17 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-13 13:17 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-13 13:17 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 21:37 - 2012-06-13 13:16 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-13 13:16 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-13 13:16 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-13 13:16 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-13 13:16 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-13 13:16 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll


ZeroAccess:
C:\Windows\Installer\{61d8a9be-a9c0-0bdf-ae7a-95d78b399620}
C:\Windows\Installer\{61d8a9be-a9c0-0bdf-ae7a-95d78b399620}\L
C:\Windows\Installer\{61d8a9be-a9c0-0bdf-ae7a-95d78b399620}\U

ZeroAccess:
C:\Users\Raghav Chawla\AppData\Local\{61d8a9be-a9c0-0bdf-ae7a-95d78b399620}
C:\Users\Raghav Chawla\AppData\Local\{61d8a9be-a9c0-0bdf-ae7a-95d78b399620}\@
C:\Users\Raghav Chawla\AppData\Local\{61d8a9be-a9c0-0bdf-ae7a-95d78b399620}\L
C:\Users\Raghav Chawla\AppData\Local\{61d8a9be-a9c0-0bdf-ae7a-95d78b399620}\U

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 18%
Total physical RAM: 3831.76 MB
Available physical RAM: 3135.83 MB
Total Pagefile: 3829.96 MB
Available Pagefile: 3121.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (Acer) (Fixed) (Total:918.35 GB) (Free:848.5 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:13 GB) (Free:1.64 GB) NTFS
5 Drive h: () (Removable) (Total:0.03 GB) (Free:0.03 GB) FAT
6 Drive i: () (Removable) (Total:3.76 GB) (Free:3.4 GB) FAT32
9 Drive l: (RISHAB USB) (Removable) (Total:14.9 GB) (Free:5.96 GB) FAT32
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
11 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 31 MB 0 B
Disk 3 Online 3860 MB 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 Online 14 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 13 GB 1024 KB
Partition 2 Primary 100 MB 13 GB
Partition 3 Primary 918 GB 13 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E PQSERVICE NTFS Partition 13 GB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Acer NTFS Partition 918 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 31 MB 17 KB

==================================================================================

Disk: 2
Partition 1
Type : 01
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT Removable 31 MB Healthy

==================================================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3856 MB 4096 KB

==================================================================================

Disk: 3
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 I FAT32 Removable 3856 MB Healthy

==================================================================================

Partitions of Disk 6:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 16 KB

==================================================================================

Disk: 6
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 9 L RISHAB USB FAT32 Removable 14 GB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-17 20:20

======================= End Of Log ==========================

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:50 PM

Posted 19 July 2012 - 03:41 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

C:\Windows\Installer\{61d8a9be-a9c0-0bdf-ae7a-95d78b399620}
C:\Users\Raghav Chawla\AppData\Local\{61d8a9be-a9c0-0bdf-ae7a-95d78b399620}
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\assembly\GAC_32\Desktop.ini


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 rcfun92

rcfun92
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 19 July 2012 - 05:05 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 16-07-2012 02
Ran by SYSTEM at 2012-07-19 18:02:00 Run:1
Running from L:\

==============================================

C:\Windows\Installer\{61d8a9be-a9c0-0bdf-ae7a-95d78b399620} moved successfully.
C:\Users\Raghav Chawla\AppData\Local\{61d8a9be-a9c0-0bdf-ae7a-95d78b399620} moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini not found.

==== End of Fixlog ====

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:50 PM

Posted 19 July 2012 - 06:12 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 rcfun92

rcfun92
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 19 July 2012 - 06:17 PM

Same error: "C:\Windows\regedit.exe is missing please copy one from another machine"

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:50 PM

Posted 19 July 2012 - 08:10 PM

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Link 1
Link 2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
regedit.*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 rcfun92

rcfun92
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 19 July 2012 - 08:24 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 21:23 on 19/07/2012 by Raghav Chawla
Administrator - Elevation successful

========== filefind ==========

Searching for "regedit.* "
C:\Windows\en-US\regedit.exe.mui --a---- 45056 bytes [07:06 21/11/2010] [07:06 21/11/2010] F3A500FB9C16DDF7AF12CF3EFF0716E2
C:\Windows\SysWOW64\regedit.exe --a---- 398336 bytes [23:17 13/07/2009] [01:14 14/07/2009] 8A4883F5E7AC37444F23279239553878
C:\Windows\SysWOW64\en-US\regedit.exe.mui --a---- 45056 bytes [07:06 21/11/2010] [07:06 21/11/2010] FE7C48519729358DFD80615B76BBEDB8
C:\Windows\winsxs\amd64_microsoft-windows-r..ry-editor.resources_31bf3856ad364e35_6.1.7600.16385_en-us_56c62ea31c70474f\regedit.exe.mui --a---- 45056 bytes [07:06 21/11/2010] [07:06 21/11/2010] F3A500FB9C16DDF7AF12CF3EFF0716E2
C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe --a---- 427008 bytes [23:27 13/07/2009] [01:39 14/07/2009] 2E2C937846A0B8789E5E91739284D17A
C:\Windows\winsxs\wow64_microsoft-windows-r..ry-editor.resources_31bf3856ad364e35_6.1.7600.16385_en-us_611ad8f550d1094a\regedit.exe.mui --a---- 45056 bytes [07:06 21/11/2010] [07:06 21/11/2010] FE7C48519729358DFD80615B76BBEDB8
C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe --a---- 398336 bytes [23:17 13/07/2009] [01:14 14/07/2009] 8A4883F5E7AC37444F23279239553878

-= EOF =-

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:50 PM

Posted 21 July 2012 - 02:54 PM

I sent you a PM



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users