Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus.Win64.ZAccess.a Removal Help


  • This topic is locked This topic is locked
30 replies to this topic

#1 SaurabhD

SaurabhD

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 05 December 2012 - 08:47 PM

Hi,,

I followed the process as mentioned by you in the previous post and am giving below the FRST.TXT and Search.TXT log files.

FRST.TXT
______________________

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-12-2012
Ran by SYSTEM at 06-12-2012 06:44:28
Running from H:\
Windows 7 Home Basic (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [7938080 2009-07-23] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] "C:\Program Files\Realtek\Audio\HDA\Skytel.exe" [1833504 2009-07-23] (Realtek Semiconductor Corp.)
HKLM\...\Run: [IgfxTray] "C:\Windows\system32\igfxtray.exe" [165912 2009-08-04] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe" [387608 2009-08-04] (Intel Corporation)
HKLM\...\Run: [Persistence] "C:\Windows\system32\igfxpers.exe" [365592 2009-08-04] (Intel Corporation)
HKLM\...\Run: [Apoint] %ProgramFiles%\Apoint\Apoint.exe [x]
HKLM\...\Run: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [186904 2009-06-04] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [317288 2009-05-26] (Sony Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [592744 2009-06-10] (Symantec Corporation)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot [296056 2012-06-02] (RealNetworks, Inc.)
HKLM-x32\...\Run: [OliveDcService] "C:\Program Files (x86)\TATA Photon+\Olive\VME101\Drivers\OliveDcService.exe" [x]
HKLM-x32\...\Run: [ISTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI [2717816 2012-11-01] (PC Tools)
HKLM-x32\...\Run: [SpySweeper] C:\Program Files (x86)\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray [5414256 2009-06-02] (Webroot Software, Inc.)
HKU\Sony\...\Run: [GetBooks] "C:\Users\Sony\AppData\Local\GetBooks\GetBooks.exe" c2ad2384130ec2bd4599ea5f50250a5b [2930340 2012-11-20] ()
HKU\Sony\...\Run: [Free Download Manager] "C:\Users\Sony\AppData\Roaming\Free Download Manager\fdm.exe" -autorun [x]
HKU\Sony\...\Run: [WideSearch] "C:\Users\Sony\AppData\Local\WideSearch\wsearch.exe" [1327104 2012-11-30] ()
HKLM-x32\...\runonceex: [Flags] 128
HKLM-x32\...\runonceex: [Title] UnHackMe Rootkit Check
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Services (Whitelisted) ===================

3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-17] (ArcSoft Inc.)
2 Browser Defender Update Service; "C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe" [580728 2012-10-23] (Threat Expert Ltd.)
3 Roxio UPnP Renderer 10; "C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe" [313840 2009-06-26] (Sonic Solutions)
2 Roxio Upnp Server 10; "C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe" [362992 2009-06-26] (Sonic Solutions)
2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [189984 2009-07-23] (Realtek Semiconductor)
2 sdAuxService; C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [403416 2012-10-30] (PC Tools)
2 sdCoreService; C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe [1162360 2012-11-01] (PC Tools)
3 SOHDBSvr; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe" [70952 2009-07-27] (Sony Corporation)
3 SOHPlMgr; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe" [91432 2009-07-27] (Sony Corporation)
2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
3 VAIO Entertainment TV Device Arbitration Service; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe" [69632 2009-07-23] (Sony Corporation)
3 Vcsw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -RunBySCM [313264 2009-07-23] (Sony Corporation)
2 VzCdbSvc; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe" [206336 2009-07-23] (Sony Corporation)
2 WebrootSpySweeperService; "C:\Program Files (x86)\Webroot\Spy Sweeper\SpySweeper.exe" [4114472 2009-06-02] (Webroot Software, Inc. (www.webroot.com))

==================== Drivers (Whitelisted) =====================

3 ArcSoftKsUFilter; C:\Windows\System32\Drivers\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
3 PCTBD; C:\Windows\System32\Drivers\PCTBD64.sys [77144 2012-10-23] (PC Tools)
0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [413448 2012-10-22] (PC Tools)
0 pctDS; C:\Windows\System32\drivers\pctDS64.sys [453896 2012-02-27] (PC Tools)
0 pctEFA; C:\Windows\System32\drivers\pctEFA64.sys [1096176 2012-02-27] (PC Tools)
1 pctgntdi; \??\C:\Windows\System32\drivers\pctgntdi64.sys [347016 2012-10-31] (PC Tools)
3 pctplsm; \??\C:\Windows\System32\drivers\pctplsm64.sys [87968 2012-11-01] (PC Tools)
1 PCTSD; C:\Windows\System32\Drivers\PCTSD64.sys [253256 2012-11-01] (PC Tools)
2 risdptsk; C:\Windows\system32\DRIVERS\risdsn64.sys [76288 2009-07-31] (REDC)
0 ssfs0bbc; C:\Windows\System32\Drivers\ssfs0bbc.sys [37864 2009-04-21] (Webroot Software, Inc. (www.webroot.com))
0 ssidrv; C:\Windows\System32\Drivers\ssidrv.sys [136184 2009-04-21] (Webroot Software, Inc. (www.webroot.com))
3 wirelessusbser; C:\Windows\System32\DRIVERS\3GDatausbser64.sys [119680 2009-04-08] (QUALCOMM Incorporated)
0 Partizan; C:\Windows\System32\drivers\Partizan.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-12-04 17:21 - 2012-12-04 17:21 - 00280096 ____A C:\Windows\Minidump\120512-32011-01.dmp
2012-12-04 16:53 - 2012-12-04 16:53 - 00123712 ____A C:\Users\Sony\AppData\Local\GDIPFONTCACHEV1.DAT
2012-12-04 16:16 - 2012-12-04 17:16 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-12-04 16:11 - 2012-12-05 17:08 - 00000246 ____A C:\Windows\SysWOW64\PARTIZAN.TXT
2012-12-04 16:11 - 2012-12-04 16:11 - 00275960 ____A C:\Windows\Minidump\120512-38875-01.dmp
2012-12-04 16:10 - 2012-12-04 16:10 - 00039184 ____A (Greatis Software) C:\Windows\System32\Partizan.exe
2012-12-04 16:03 - 2012-12-04 16:50 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2012-12-04 16:03 - 2012-12-04 16:06 - 00000000 ____D C:\Users\Sony\Documents\RegRun2
2012-12-04 16:03 - 2012-12-04 16:03 - 00000002 RASHOT C:\Windows\winstart.bat
2012-12-04 16:03 - 2012-12-04 16:03 - 00000002 RASHOT C:\Windows\SysWOW64\CONFIG.NT
2012-12-04 16:03 - 2012-12-04 16:03 - 00000002 RASHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2012-12-04 16:02 - 2012-12-04 16:02 - 12564642 ____A C:\Users\Sony\Downloads\unhackme.zip
2012-12-04 11:36 - 2012-10-23 04:10 - 02280568 ____A (Threat Expert Ltd.) C:\Windows\PCTBDCore.dll
2012-12-04 11:36 - 2012-10-23 04:10 - 01690744 ____A (Threat Expert Ltd.) C:\Windows\PCTBDRes.dll
2012-12-04 11:36 - 2012-10-23 04:10 - 00769144 ____A C:\Windows\BDTSupport.dll
2012-12-04 11:36 - 2012-10-23 04:10 - 00150648 ____A (PC Tools) C:\Windows\SGDetectionTool.dll
2012-12-04 11:36 - 2012-10-23 04:10 - 00077144 ____A (PC Tools) C:\Windows\System32\Drivers\PCTBD64.sys
2012-12-04 11:36 - 2012-10-23 03:00 - 00003488 ____A C:\Windows\UDB.zip
2012-12-04 11:36 - 2012-10-23 03:00 - 00000882 ____A C:\Windows\RegSDImport.xml
2012-12-04 11:36 - 2012-10-23 03:00 - 00000879 ____A C:\Windows\RegISSImport.xml
2012-12-04 11:36 - 2012-10-23 03:00 - 00000131 ____A C:\Windows\IDB.zip
2012-12-04 11:34 - 2012-12-04 11:34 - 00002241 ____A C:\Users\Public\Desktop\PC Tools Spyware Doctor.lnk
2012-12-04 11:34 - 2012-12-04 11:34 - 00000000 ____D C:\Program Files (x86)\PC Tools
2012-12-04 11:34 - 2012-11-01 02:05 - 00093600 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsg64.sys
2012-12-04 11:34 - 2012-11-01 02:05 - 00087968 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsm64.sys
2012-12-04 11:34 - 2012-11-01 02:05 - 00016392 ____A (PC Tools) C:\Windows\System32\Drivers\pctBTFix64.sys
2012-12-04 11:34 - 2012-10-31 00:51 - 00347016 ____A (PC Tools) C:\Windows\System32\Drivers\pctgntdi64.sys
2012-12-04 11:34 - 2012-10-31 00:51 - 00258424 ____A (PC Tools) C:\Windows\System32\Drivers\pctwfpfilter64.sys
2012-12-04 11:31 - 2012-12-04 11:34 - 00000000 ____D C:\Users\All Users\PC Tools
2012-12-04 11:31 - 2012-12-04 11:33 - 02011015 ____A C:\Windows\System32\Drivers\Cat.DB
2012-12-04 11:31 - 2012-12-04 11:31 - 00000000 ____D C:\Users\Sony\AppData\Roaming\TestApp
2012-12-04 11:31 - 2012-11-01 02:05 - 00253256 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys
2012-12-04 11:31 - 2012-10-22 03:08 - 00413448 ____A (PC Tools) C:\Windows\System32\Drivers\PCTCore64.sys
2012-12-04 11:31 - 2012-02-27 22:13 - 01096176 ____A (PC Tools) C:\Windows\System32\Drivers\pctEFA64.sys
2012-12-04 11:31 - 2012-02-27 22:13 - 00453896 ____A (PC Tools) C:\Windows\System32\Drivers\pctDS64.sys
2012-12-04 11:30 - 2012-12-04 11:30 - 04125336 ____A (PC Tools) C:\Users\Sony\Desktop\work.exe
2012-12-04 11:29 - 2012-12-04 11:29 - 04125336 ____A (PC Tools) C:\Users\Sony\Downloads\PCTools_Safe_Install_SD (1).exe
2012-12-04 11:28 - 2012-12-04 11:28 - 04125336 ____A (PC Tools) C:\Users\Sony\Downloads\PCTools_Safe_Install_SD.exe
2012-12-02 21:46 - 2012-12-02 21:46 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-12-02 21:36 - 2012-12-04 11:03 - 00000000 ____D C:\Users\Sony\AppData\Roaming\Free Download Manager
2012-12-02 21:36 - 2012-12-02 21:36 - 00000000 ____D C:\Users\Sony\AppData\Local\WideSearch
2012-12-02 21:35 - 2012-12-02 21:36 - 02932896 ____A C:\Users\Sony\Downloads\Baby Proof (1).exe
2012-12-02 21:34 - 2012-12-02 21:34 - 02932896 ____A C:\Users\Sony\Downloads\Baby Proof.exe
2012-12-01 13:38 - 2012-12-04 17:21 - 293701440 ____A C:\Windows\MEMORY.DMP
2012-12-01 13:38 - 2012-12-01 13:38 - 00275960 ____A C:\Windows\Minidump\120212-21387-01.dmp
2012-11-30 07:58 - 2012-11-30 07:58 - 00000018 ____A C:\Users\Sony\Desktop\no.txt
2012-11-28 17:01 - 2012-11-28 17:11 - 00000000 ____D C:\Users\Sony\Downloads\{ www.SceneTime.com } -The Hangover 2
2012-11-28 17:01 - 2012-11-28 17:01 - 00094921 ____A C:\Users\Sony\Downloads\[kat.ph]the.hangover.2.torrent
2012-11-28 16:19 - 2012-11-28 16:21 - 00000000 ____D C:\Users\Sony\Downloads\Argo.2012.WEBRip.READNFO.XviD-RESiSTANCE
2012-11-28 16:18 - 2012-11-28 16:18 - 00017553 ____A C:\Users\Sony\Downloads\[kat.ph]argo.2012.webrip.readnfo.xvid.resistance.torrent
2012-11-28 16:15 - 2012-11-28 16:15 - 00050050 ____A C:\Users\Sony\Downloads\799C1E0214F7A2E850B6C2AB6FB42D4BB052D3A6.torrent
2012-11-28 15:55 - 2012-11-28 16:21 - 00000000 ____D C:\Users\Sony\Downloads\Hangover_2_TS-iluvtoshare[KAT](1337x)
2012-11-28 15:55 - 2012-11-28 15:55 - 00030884 ____A C:\Users\Sony\Downloads\[isoHunt] 4984015.torrent
2012-11-28 15:52 - 2012-11-28 15:52 - 00028635 ____A C:\Users\Sony\Downloads\[isoHunt] Hangover_2_TS-iluvtoshare[KAT](1337x).torrent
2012-11-28 15:50 - 2012-11-28 15:54 - 00000000 ____D C:\Users\Sony\Downloads\[ UsaBit.com ] - Chronicle.DC.BDRip.XviD-DoNE
2012-11-28 15:48 - 2012-11-28 15:48 - 00029356 ____A C:\Users\Sony\Downloads\[isoHunt] [ UsaBit.com ] - Chronicle.DC.BDRip.XviD-DoNE.torrent
2012-11-27 09:52 - 2012-11-27 09:52 - 00275960 ____A C:\Windows\Minidump\112712-24507-01.dmp
2012-11-26 19:51 - 2012-11-26 19:53 - 00000419 ____A C:\Users\Sony\Desktop\anti ageining cream content.txt
2012-11-26 18:26 - 2012-11-26 18:26 - 00822296 ____A C:\Users\Sony\Downloads\image (2).jpeg
2012-11-26 18:26 - 2012-11-26 18:26 - 00811175 ____A C:\Users\Sony\Downloads\image (3).jpeg
2012-11-25 07:53 - 2012-11-25 07:53 - 23359324 ____A C:\Users\Sony\Downloads\NY Trip.zip
2012-11-20 13:53 - 2012-11-20 13:53 - 02930351 ____A C:\Users\Sony\Downloads\Love the one you are with.exe
2012-11-20 13:52 - 2012-11-20 13:52 - 00000000 ____D C:\Users\Sony\AppData\Local\GetBooks
2012-11-20 10:09 - 2012-11-20 10:10 - 00000000 ____D C:\Users\Sony\Downloads\Something Borrowed[2011]BRRip XviD-ExtraTorrentRG
2012-11-20 10:09 - 2012-11-20 10:09 - 00015819 ____A C:\Users\Sony\Downloads\0B44340AAB723FABB8F87BCCCE0D11702102D88C.torrent
2012-11-19 13:17 - 2012-11-19 13:24 - 00000000 ____D C:\Users\Sony\Downloads\Greys.Anatomy.S9.HDTVRip
2012-11-16 16:00 - 2012-11-16 16:00 - 00015128 ____A C:\Users\Sony\Downloads\AA0149895D4A29D390D2965F3B95FDF9F111FD9E.torrent
2012-11-16 15:58 - 2012-11-16 15:58 - 00230824 ____A C:\Users\Sony\Downloads\Gangs_Of_Wasseypur_2_2012_Hindi_DvDrip_720p_x264_Hon3y.exe
2012-11-15 15:23 - 2012-11-15 20:04 - 00000106 ____A C:\Users\Sony\Desktop\black friday shopping.txt
2012-11-14 13:41 - 2012-07-25 20:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2012-11-14 13:41 - 2012-07-25 20:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2012-11-14 13:41 - 2012-07-25 18:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2012-11-14 13:41 - 2012-06-02 06:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2012-11-14 13:34 - 2012-10-08 04:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-11-14 13:34 - 2012-10-08 03:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-11-14 13:34 - 2012-10-08 03:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-11-14 13:34 - 2012-10-08 03:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-14 13:34 - 2012-10-08 03:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-14 13:34 - 2012-10-08 03:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-11-14 13:34 - 2012-10-08 03:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-11-14 13:34 - 2012-10-08 03:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-11-14 13:34 - 2012-10-08 03:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-11-14 13:34 - 2012-10-08 03:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-11-14 13:34 - 2012-10-08 03:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-11-14 13:34 - 2012-10-08 03:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-14 13:34 - 2012-10-08 03:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-11-14 13:34 - 2012-10-08 03:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-11-14 13:34 - 2012-10-08 03:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-11-14 13:34 - 2012-10-08 03:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-11-14 13:34 - 2012-10-08 00:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-11-14 13:34 - 2012-10-08 00:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-11-14 13:34 - 2012-10-07 23:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-11-14 13:34 - 2012-10-07 23:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-11-14 13:34 - 2012-10-07 23:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-11-14 13:34 - 2012-10-07 23:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-11-14 13:34 - 2012-10-07 23:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-11-14 13:34 - 2012-10-07 23:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-11-14 13:34 - 2012-10-07 23:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-11-14 13:34 - 2012-10-07 23:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-11-14 13:34 - 2012-10-07 23:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-11-14 13:34 - 2012-10-07 23:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-11-14 13:34 - 2012-10-07 23:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-11-14 13:34 - 2012-10-07 23:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-11-14 13:34 - 2012-10-07 23:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-11-14 13:34 - 2012-10-07 23:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-11-14 13:32 - 2012-07-25 19:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2012-11-14 13:32 - 2012-07-25 19:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2012-11-14 13:32 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-11-14 13:32 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-11-14 13:32 - 2012-07-25 19:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2012-11-14 13:32 - 2012-07-25 18:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2012-11-14 13:32 - 2012-07-25 18:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2012-11-14 13:32 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2012-11-14 08:41 - 2012-10-18 10:18 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-14 08:41 - 2012-09-25 14:39 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2012-11-14 08:41 - 2012-09-25 13:55 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2012-11-13 08:24 - 2012-11-13 08:29 - 00000000 ____D C:\Users\Sony\Downloads\Duffy - Rockferry [2008]
2012-11-13 08:23 - 2012-11-13 08:33 - 00000000 ____D C:\Users\Sony\Downloads\VA.-.Now.Thats.What.I.Call.Music.25.Years.3CDs.(2008).WwW.Mixermusic.net
2012-11-12 05:59 - 2012-11-12 05:59 - 03462646 ____A C:\Users\Sony\Downloads\IMG_0246.MOV
2012-11-12 05:59 - 2012-11-12 05:59 - 03462646 ____A C:\Users\Sony\Downloads\IMG_0246 (1).MOV
2012-11-11 16:39 - 2012-11-11 16:39 - 00699131 ____A C:\Users\Sony\Downloads\image (1).jpeg
2012-11-11 16:39 - 2012-11-11 16:39 - 00629192 ____A C:\Users\Sony\Downloads\image.jpeg
2012-11-10 07:16 - 2012-11-10 07:16 - 03425096 ____A (Conduit) C:\Users\Sony\Downloads\onlinetracks_cidNP_1049 (3).exe
2012-11-10 07:15 - 2012-11-10 07:15 - 03425096 ____A (Conduit) C:\Users\Sony\Downloads\onlinetracks_cidNP_1049.exe
2012-11-10 07:15 - 2012-11-10 07:15 - 03425096 ____A (Conduit) C:\Users\Sony\Downloads\onlinetracks_cidNP_1049 (2).exe
2012-11-10 07:15 - 2012-11-10 07:15 - 03425096 ____A (Conduit) C:\Users\Sony\Downloads\onlinetracks_cidNP_1049 (1).exe
2012-11-10 07:08 - 2012-11-10 07:56 - 91331905 ____A C:\Users\Sony\Downloads\Aa Ante Amalapuram Hazel Item Maximum - x264 720p Direct HD.mp4


==================== One Month Modified Files and Folders =======

2012-12-06 06:44 - 2012-12-06 06:44 - 00000000 ____D C:\FRST
2012-12-05 17:08 - 2012-12-04 16:11 - 00000246 ____A C:\Windows\SysWOW64\PARTIZAN.TXT
2012-12-05 17:08 - 2012-06-15 06:19 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-12-05 17:08 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-05 17:08 - 2009-07-13 20:51 - 00048364 ____A C:\Windows\setupact.log
2012-12-05 00:01 - 2012-06-15 06:19 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-12-05 00:01 - 2012-06-15 06:18 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-12-04 17:29 - 2009-07-13 20:45 - 00009888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-04 17:29 - 2009-07-13 20:45 - 00009888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-04 17:21 - 2012-12-04 17:21 - 00280096 ____A C:\Windows\Minidump\120512-32011-01.dmp
2012-12-04 17:21 - 2012-12-01 13:38 - 293701440 ____A C:\Windows\MEMORY.DMP
2012-12-04 17:21 - 2012-08-04 21:17 - 00000000 ____D C:\Windows\Minidump
2012-12-04 17:16 - 2012-12-04 16:16 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-12-04 16:53 - 2012-12-04 16:53 - 00123712 ____A C:\Users\Sony\AppData\Local\GDIPFONTCACHEV1.DAT
2012-12-04 16:50 - 2012-12-04 16:03 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2012-12-04 16:13 - 2012-05-31 02:32 - 00000000 ____D C:\Users\Sony\AppData\Local\VirtualStore
2012-12-04 16:11 - 2012-12-04 16:11 - 00275960 ____A C:\Windows\Minidump\120512-38875-01.dmp
2012-12-04 16:10 - 2012-12-04 16:10 - 00039184 ____A (Greatis Software) C:\Windows\System32\Partizan.exe
2012-12-04 16:06 - 2012-12-04 16:03 - 00000000 ____D C:\Users\Sony\Documents\RegRun2
2012-12-04 16:03 - 2012-12-04 16:03 - 00000002 RASHOT C:\Windows\winstart.bat
2012-12-04 16:03 - 2012-12-04 16:03 - 00000002 RASHOT C:\Windows\SysWOW64\CONFIG.NT
2012-12-04 16:03 - 2012-12-04 16:03 - 00000002 RASHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2012-12-04 16:02 - 2012-12-04 16:02 - 12564642 ____A C:\Users\Sony\Downloads\unhackme.zip
2012-12-04 11:34 - 2012-12-04 11:34 - 00002241 ____A C:\Users\Public\Desktop\PC Tools Spyware Doctor.lnk
2012-12-04 11:34 - 2012-12-04 11:34 - 00000000 ____D C:\Program Files (x86)\PC Tools
2012-12-04 11:34 - 2012-12-04 11:31 - 00000000 ____D C:\Users\All Users\PC Tools
2012-12-04 11:34 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-12-04 11:33 - 2012-12-04 11:31 - 02011015 ____A C:\Windows\System32\Drivers\Cat.DB
2012-12-04 11:31 - 2012-12-04 11:31 - 00000000 ____D C:\Users\Sony\AppData\Roaming\TestApp
2012-12-04 11:30 - 2012-12-04 11:30 - 04125336 ____A (PC Tools) C:\Users\Sony\Desktop\work.exe
2012-12-04 11:29 - 2012-12-04 11:29 - 04125336 ____A (PC Tools) C:\Users\Sony\Downloads\PCTools_Safe_Install_SD (1).exe
2012-12-04 11:28 - 2012-12-04 11:28 - 04125336 ____A (PC Tools) C:\Users\Sony\Downloads\PCTools_Safe_Install_SD.exe
2012-12-04 11:04 - 2012-07-10 07:31 - 00000000 ____D C:\Users\Sony\AppData\Local\Conduit
2012-12-04 11:04 - 2012-06-09 09:32 - 00000000 ____D C:\Users\Sony\AppData\Local\Google
2012-12-04 11:04 - 2012-06-09 09:31 - 00000000 ____D C:\Program Files (x86)\Google
2012-12-04 11:03 - 2012-12-02 21:36 - 00000000 ____D C:\Users\Sony\AppData\Roaming\Free Download Manager
2012-12-03 17:54 - 2009-07-13 21:13 - 00798020 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-03 17:51 - 2012-05-31 14:12 - 02063720 ____A C:\Windows\WindowsUpdate.log
2012-12-02 21:46 - 2012-12-02 21:46 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-12-02 21:36 - 2012-12-02 21:36 - 00000000 ____D C:\Users\Sony\AppData\Local\WideSearch
2012-12-02 21:36 - 2012-12-02 21:35 - 02932896 ____A C:\Users\Sony\Downloads\Baby Proof (1).exe
2012-12-02 21:34 - 2012-12-02 21:34 - 02932896 ____A C:\Users\Sony\Downloads\Baby Proof.exe
2012-12-01 13:38 - 2012-12-01 13:38 - 00275960 ____A C:\Windows\Minidump\120212-21387-01.dmp
2012-12-01 13:36 - 2012-07-10 07:30 - 00000000 ____D C:\Users\Sony\AppData\Roaming\BitTorrent
2012-11-30 07:58 - 2012-11-30 07:58 - 00000018 ____A C:\Users\Sony\Desktop\no.txt
2012-11-28 17:11 - 2012-11-28 17:01 - 00000000 ____D C:\Users\Sony\Downloads\{ www.SceneTime.com } -The Hangover 2
2012-11-28 17:01 - 2012-11-28 17:01 - 00094921 ____A C:\Users\Sony\Downloads\[kat.ph]the.hangover.2.torrent
2012-11-28 16:21 - 2012-11-28 16:19 - 00000000 ____D C:\Users\Sony\Downloads\Argo.2012.WEBRip.READNFO.XviD-RESiSTANCE
2012-11-28 16:21 - 2012-11-28 15:55 - 00000000 ____D C:\Users\Sony\Downloads\Hangover_2_TS-iluvtoshare[KAT](1337x)
2012-11-28 16:18 - 2012-11-28 16:18 - 00017553 ____A C:\Users\Sony\Downloads\[kat.ph]argo.2012.webrip.readnfo.xvid.resistance.torrent
2012-11-28 16:15 - 2012-11-28 16:15 - 00050050 ____A C:\Users\Sony\Downloads\799C1E0214F7A2E850B6C2AB6FB42D4BB052D3A6.torrent
2012-11-28 15:55 - 2012-11-28 15:55 - 00030884 ____A C:\Users\Sony\Downloads\[isoHunt] 4984015.torrent
2012-11-28 15:54 - 2012-11-28 15:50 - 00000000 ____D C:\Users\Sony\Downloads\[ UsaBit.com ] - Chronicle.DC.BDRip.XviD-DoNE
2012-11-28 15:52 - 2012-11-28 15:52 - 00028635 ____A C:\Users\Sony\Downloads\[isoHunt] Hangover_2_TS-iluvtoshare[KAT](1337x).torrent
2012-11-28 15:48 - 2012-11-28 15:48 - 00029356 ____A C:\Users\Sony\Downloads\[isoHunt] [ UsaBit.com ] - Chronicle.DC.BDRip.XviD-DoNE.torrent
2012-11-27 09:52 - 2012-11-27 09:52 - 00275960 ____A C:\Windows\Minidump\112712-24507-01.dmp
2012-11-27 09:30 - 2012-06-09 07:59 - 00000000 ____D C:\Users\Sony\AppData\Roaming\Skype
2012-11-27 04:26 - 2012-06-09 07:58 - 00000000 ____D C:\Users\All Users\Skype
2012-11-26 19:53 - 2012-11-26 19:51 - 00000419 ____A C:\Users\Sony\Desktop\anti ageining cream content.txt
2012-11-26 18:26 - 2012-11-26 18:26 - 00822296 ____A C:\Users\Sony\Downloads\image (2).jpeg
2012-11-26 18:26 - 2012-11-26 18:26 - 00811175 ____A C:\Users\Sony\Downloads\image (3).jpeg
2012-11-26 05:04 - 2012-06-09 07:59 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-11-26 05:04 - 2012-06-09 07:59 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-11-25 07:53 - 2012-11-25 07:53 - 23359324 ____A C:\Users\Sony\Downloads\NY Trip.zip
2012-11-20 13:53 - 2012-11-20 13:53 - 02930351 ____A C:\Users\Sony\Downloads\Love the one you are with.exe
2012-11-20 13:52 - 2012-11-20 13:52 - 00000000 ____D C:\Users\Sony\AppData\Local\GetBooks
2012-11-20 10:10 - 2012-11-20 10:09 - 00000000 ____D C:\Users\Sony\Downloads\Something Borrowed[2011]BRRip XviD-ExtraTorrentRG
2012-11-20 10:09 - 2012-11-20 10:09 - 00015819 ____A C:\Users\Sony\Downloads\0B44340AAB723FABB8F87BCCCE0D11702102D88C.torrent
2012-11-19 13:24 - 2012-11-19 13:17 - 00000000 ____D C:\Users\Sony\Downloads\Greys.Anatomy.S9.HDTVRip
2012-11-16 16:00 - 2012-11-16 16:00 - 00015128 ____A C:\Users\Sony\Downloads\AA0149895D4A29D390D2965F3B95FDF9F111FD9E.torrent
2012-11-16 15:58 - 2012-11-16 15:58 - 00230824 ____A C:\Users\Sony\Downloads\Gangs_Of_Wasseypur_2_2012_Hindi_DvDrip_720p_x264_Hon3y.exe
2012-11-15 20:04 - 2012-11-15 15:23 - 00000106 ____A C:\Users\Sony\Desktop\black friday shopping.txt
2012-11-15 08:32 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-11-14 14:04 - 2009-07-13 20:45 - 00456736 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-14 13:46 - 2012-05-31 14:39 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-11-14 13:31 - 2009-07-13 18:34 - 00000510 ____A C:\Windows\win.ini
2012-11-13 08:33 - 2012-11-13 08:23 - 00000000 ____D C:\Users\Sony\Downloads\VA.-.Now.Thats.What.I.Call.Music.25.Years.3CDs.(2008).WwW.Mixermusic.net
2012-11-13 08:29 - 2012-11-13 08:24 - 00000000 ____D C:\Users\Sony\Downloads\Duffy - Rockferry [2008]
2012-11-12 05:59 - 2012-11-12 05:59 - 03462646 ____A C:\Users\Sony\Downloads\IMG_0246.MOV
2012-11-12 05:59 - 2012-11-12 05:59 - 03462646 ____A C:\Users\Sony\Downloads\IMG_0246 (1).MOV
2012-11-11 16:39 - 2012-11-11 16:39 - 00699131 ____A C:\Users\Sony\Downloads\image (1).jpeg
2012-11-11 16:39 - 2012-11-11 16:39 - 00629192 ____A C:\Users\Sony\Downloads\image.jpeg
2012-11-10 10:58 - 2012-11-01 10:39 - 00000000 ____D C:\Users\Sony\Downloads\DDD
2012-11-10 07:56 - 2012-11-10 07:08 - 91331905 ____A C:\Users\Sony\Downloads\Aa Ante Amalapuram Hazel Item Maximum - x264 720p Direct HD.mp4
2012-11-10 07:16 - 2012-11-10 07:16 - 03425096 ____A (Conduit) C:\Users\Sony\Downloads\onlinetracks_cidNP_1049 (3).exe
2012-11-10 07:15 - 2012-11-10 07:15 - 03425096 ____A (Conduit) C:\Users\Sony\Downloads\onlinetracks_cidNP_1049.exe
2012-11-10 07:15 - 2012-11-10 07:15 - 03425096 ____A (Conduit) C:\Users\Sony\Downloads\onlinetracks_cidNP_1049 (2).exe
2012-11-10 07:15 - 2012-11-10 07:15 - 03425096 ____A (Conduit) C:\Users\Sony\Downloads\onlinetracks_cidNP_1049 (1).exe
2012-11-09 16:26 - 2012-05-30 14:07 - 00000000 ____D C:\Users\Sony\AppData\Local\Microsoft Help
2012-11-09 06:14 - 2012-09-21 21:18 - 00000000 ____D C:\Users\Sony\Downloads\Student Of The Year (2012) - [DDR]

ZeroAccess:
C:\Windows\Installer\{9426d80f-9f77-ccc5-9e59-561d681387ed}
C:\Windows\Installer\{9426d80f-9f77-ccc5-9e59-561d681387ed}\@
C:\Windows\Installer\{9426d80f-9f77-ccc5-9e59-561d681387ed}\L
C:\Windows\Installer\{9426d80f-9f77-ccc5-9e59-561d681387ed}\U
C:\Windows\Installer\{9426d80f-9f77-ccc5-9e59-561d681387ed}\L\00000004.@
C:\Windows\Installer\{9426d80f-9f77-ccc5-9e59-561d681387ed}\L\201d3dde
C:\Windows\Installer\{9426d80f-9f77-ccc5-9e59-561d681387ed}\L\4cce1f70
C:\Windows\Installer\{9426d80f-9f77-ccc5-9e59-561d681387ed}\L\55490ac4
C:\Windows\Installer\{9426d80f-9f77-ccc5-9e59-561d681387ed}\U\00000004.@
C:\Windows\Installer\{9426d80f-9f77-ccc5-9e59-561d681387ed}\U\00000008.@
C:\Windows\Installer\{9426d80f-9f77-ccc5-9e59-561d681387ed}\U\000000cb.@
C:\Windows\Installer\{9426d80f-9f77-ccc5-9e59-561d681387ed}\U\80000000.@
C:\Windows\Installer\{9426d80f-9f77-ccc5-9e59-561d681387ed}\U\80000032.@
C:\Windows\Installer\{9426d80f-9f77-ccc5-9e59-561d681387ed}\U\80000064.@

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-11-27 04:30:56
Restore point made on: 2012-11-28 13:30:36
Restore point made on: 2012-12-04 16:07:33

==================== Memory info ===========================

Percentage of memory in use: 28%
Total physical RAM: 1915.02 MB
Available physical RAM: 1361.52 MB
Total Pagefile: 1915.02 MB
Available Pagefile: 1347.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:110.93 GB) (Free:33.8 GB) NTFS
2 Drive d: (New Volume) (Fixed) (Total:109.83 GB) (Free:55.62 GB) NTFS
3 Drive f: (Recovery) (Fixed) (Total:12.02 GB) (Free:0.81 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive h: (HP v165w) (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 1024 KB
Disk 1 Online 3824 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 12 GB 1024 KB
Partition 2 Primary 100 MB 12 GB
Partition 3 Primary 110 GB 12 GB
Partition 0 Extended 109 GB 123 GB
Partition 4 Logical 109 GB 123 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F Recovery NTFS Partition 12 GB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 110 GB Healthy

=========================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D New Volume NTFS Partition 109 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3823 MB 572 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H HP v165w FAT32 Removable 3823 MB Healthy

=========================================================

Last Boot: 2012-12-04 11:01

==================== End Of Log =============================


SEARCH.TXT
_________________________

Farbar Recovery Scan Tool (x64) Version: 02-12-2012
Ran by SYSTEM at 2012-12-06 06:46:15
Running from H:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

====== End Of Search ======

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:28 PM

Posted 05 December 2012 - 08:57 PM

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
C:\Windows\Installer\{9426d80f-9f77-ccc5-9e59-561d681387ed}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.


NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 SaurabhD

SaurabhD
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 05 December 2012 - 09:12 PM

Hi,

Fixlog.TXT
_______________


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-12-2012
Ran by SYSTEM at 2012-12-06 07:37:34 Run:1
Running from H:\

==============================================

C:\Windows\Installer\{9426d80f-9f77-ccc5-9e59-561d681387ed} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

#4 SaurabhD

SaurabhD
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 05 December 2012 - 09:49 PM

ComboFix 12-12-04.01 - Sony 06-12-2012 7:48.1.2 - x64
Microsoft Windows 7 Home Basic 6.1.7600.0.1252.91.1033.18.1915.794 [GMT 5.5:30]
Running from: c:\users\Sony\Desktop\ComboFix.exe
SP: Webroot Spy Sweeper *Disabled/Updated* {8162D2B6-63C7-5812-E5F7-165FDC222080}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sony\AppData\Local\WideSearch
c:\users\Sony\AppData\Local\WideSearch\wsearch.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-06 to 2012-12-06 )))))))))))))))))))))))))))))))
.
.
2012-12-06 14:44 . 2012-12-06 14:44 -------- d-----w- C:\FRST
2012-12-06 02:34 . 2012-12-06 02:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-05 00:16 . 2012-12-05 01:16 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-05 00:10 . 2012-12-05 00:10 39184 ----a-w- c:\windows\system32\Partizan.exe
2012-12-05 00:03 . 2012-12-05 00:03 2 --shatr- c:\windows\winstart.bat
2012-12-05 00:03 . 2012-12-05 00:50 -------- d-----w- c:\program files (x86)\UnHackMe
2012-12-04 19:36 . 2012-10-23 12:10 77144 ----a-w- c:\windows\system32\drivers\PCTBD64.sys
2012-12-04 19:36 . 2012-10-23 12:10 150648 ----a-w- c:\windows\SGDetectionTool.dll
2012-12-04 19:36 . 2012-10-23 12:10 769144 ----a-w- c:\windows\BDTSupport.dll
2012-12-04 19:31 . 2012-12-04 19:34 -------- d-----w- c:\programdata\PC Tools
2012-12-04 19:31 . 2012-12-04 19:31 -------- d-----w- c:\users\Sony\AppData\Roaming\TestApp
2012-12-03 05:46 . 2012-12-03 05:46 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-12-03 05:36 . 2012-12-04 19:03 -------- d-----w- c:\users\Sony\AppData\Roaming\Free Download Manager
2012-12-02 01:39 . 2012-12-02 01:39 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B675A92F-DF51-4E51-B2EB-1FA4BB6A124D}\offreg.dll
2012-11-30 13:27 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B675A92F-DF51-4E51-B2EB-1FA4BB6A124D}\mpengine.dll
2012-11-26 13:04 . 2012-11-26 13:04 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-11-20 21:52 . 2012-11-20 21:52 -------- d-----w- c:\users\Sony\AppData\Local\GetBooks
2012-11-14 21:41 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-14 21:41 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-14 21:41 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-14 21:41 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-14 21:32 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-14 21:32 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-14 21:32 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-14 21:32 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-14 21:32 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-14 21:32 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-14 21:32 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-14 16:41 . 2012-10-18 18:18 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-11-14 16:41 . 2012-09-25 22:39 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 16:41 . 2012-09-25 21:55 78336 ----a-w- c:\windows\SysWow64\synceng.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-23 11:00 . 2012-12-04 19:36 3488 ----a-w- c:\windows\UDB.zip
2012-10-23 11:00 . 2012-12-04 19:36 131 ----a-w- c:\windows\IDB.zip
2012-10-16 21:20 . 2012-11-28 15:52 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 21:20 . 2012-11-28 15:52 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 20:34 . 2012-11-28 15:52 559104 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-10 17:51 . 2012-06-15 14:18 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-10 17:51 . 2012-06-15 14:18 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-14 19:23 . 2012-10-10 13:15 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:30 . 2012-10-10 13:15 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GetBooks"="c:\users\Sony\AppData\Local\GetBooks\GetBooks.exe" [2012-11-20 2930340]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-05-26 317288]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-10 592744]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-06-02 296056]
"SpySweeper"="c:\program files (x86)\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-06-02 5414256]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-07-01 18:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-06-26 362992]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-08 169312]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-30 35104]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-08-05 139264]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [2012-10-23 77144]
R3 pctplsm;pctplsm;c:\windows\System32\drivers\pctplsm64.sys [2012-11-01 87968]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-06-26 313840]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-10-31 403416]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-07-27 120104]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-07-27 70952]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-07-27 427304]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-07-27 75048]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-07-27 91432]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-06-26 468264]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-06-26 357672]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-06-18 110888]
R3 wirelessusbser;Wireless USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\3GDatausbser64.sys [2009-04-09 119680]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2012-10-22 413448]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2012-02-28 453896]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2012-02-28 1096176]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-05-20 55280]
S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2009-04-22 37864]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [2012-10-31 347016]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-11-01 253256]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-10-23 580728]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-07-24 189984]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-11-22 3290304]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-08-22 411496]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-07-22 642920]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2009-08-13 522240]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-07-31 292864]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2009-06-11 11392]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-07-31 393216]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-15 17:51]
.
2012-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-15 14:18]
.
2012-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-15 14:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-24 7938080]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-24 1833504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-05 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-05 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-05 365592]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://xfinity.comcast.net/?cid=insDate10242012
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Free Download Manager - c:\users\Sony\AppData\Roaming\Free Download Manager\fdm.exe
Wow6432Node-HKLM-Run-OliveDcService - c:\program files (x86)\TATA Photon+\Olive\VME101\Drivers\OliveDcService.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files (x86)\Webroot\Spy Sweeper\SpySweeper.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
.
**************************************************************************
.
Completion time: 2012-12-06 08:16:30 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-06 02:46
.
Pre-Run: 40,633,925,632 bytes free
Post-Run: 44,681,146,368 bytes free
.
- - End Of File - - 797F024C1F2F0FF09CF4D7A3A1DCA9AA

#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:28 PM

Posted 05 December 2012 - 10:02 PM

Please run the following:

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message


NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply


NEXT
Please download Malwarebytes Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.




NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 SaurabhD

SaurabhD
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 05 December 2012 - 10:19 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.8.9 (12.05.2012:5)
OS: Windows 7 Home Basic x64
Ran by Sony on 06-12-2012 at 8:35:43.85
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\conduit"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\pricegong"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\smartbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\conduit"
Successfully deleted: [Registry Key] "hkey_local_machine\software\conduit"
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Sony\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Sony\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Sony\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06-12-2012 at 8:48:03.36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#7 SaurabhD

SaurabhD
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 05 December 2012 - 10:25 PM

# AdwCleaner v2.011 - Logfile created 12/06/2012 at 08:52:05
# Updated 02/12/2012 by Xplode
# Operating system : Windows 7 Home Basic (64 bits)
# User : Sony - SONY-VAIO
# Boot Mode : Normal
# Running from : C:\Users\Sony\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [553 octets] - [06/12/2012 08:52:05]

########## EOF - C:\AdwCleaner[S1].txt - [612 octets] ##########

#8 SaurabhD

SaurabhD
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 05 December 2012 - 10:33 PM

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.06.02

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Sony :: SONY-VAIO [administrator]

Protection: Enabled

06-12-2012 08:57:55
mbam-log-2012-12-06 (08-57-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226995
Time elapsed: 4 minute(s), 1 second(s)

Memory Processes Detected: 2
C:\Users\Sony\AppData\Local\GetBooks\GetBooks.exe (Trojan.Agent) -> 2924 -> Delete on reboot.
C:\Users\Sony\AppData\Local\GetBooks\GetBooks.exe (PUP.Adware.Downloader) -> 2924 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|GetBooks (Trojan.Agent) -> Data: "C:\Users\Sony\AppData\Local\GetBooks\GetBooks.exe" c2ad2384130ec2bd4599ea5f50250a5b -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|GetBooks (PUP.Adware.Downloader) -> Data: "C:\Users\Sony\AppData\Local\GetBooks\GetBooks.exe" c2ad2384130ec2bd4599ea5f50250a5b -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Users\Sony\AppData\Local\GetBooks\GetBooks.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Sony\Downloads\Baby Proof (1).exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Sony\Downloads\Baby Proof.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Sony\Downloads\Love the one you are with.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Sony\Downloads\SaveAs.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Users\Sony\AppData\Local\GetBooks\GetBooks.exe (PUP.Adware.Downloader) -> Delete on reboot.

(end)

#9 SaurabhD

SaurabhD
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 06 December 2012 - 12:22 AM

ESETSCAAN Log:
C:\FRST\Quarantine\services.exe Win64/Patched.A.Gen trojan
C:\FRST\Quarantine\{9426d80f-9f77-ccc5-9e59-561d681387ed}\U\00000004.@ Win64/Conedex.C trojan
C:\FRST\Quarantine\{9426d80f-9f77-ccc5-9e59-561d681387ed}\U\00000008.@ Win64/Agent.BA trojan
C:\FRST\Quarantine\{9426d80f-9f77-ccc5-9e59-561d681387ed}\U\000000cb.@ Win64/Conedex.B trojan
C:\FRST\Quarantine\{9426d80f-9f77-ccc5-9e59-561d681387ed}\U\80000000.@ Win64/Sirefef.AW trojan
C:\FRST\Quarantine\{9426d80f-9f77-ccc5-9e59-561d681387ed}\U\80000032.@ probably a variant of Win32/Sirefef.FD trojan
C:\FRST\Quarantine\{9426d80f-9f77-ccc5-9e59-561d681387ed}\U\80000064.@ a variant of Win64/Sirefef.AN trojan
C:\Qoobox\Quarantine\C\Users\Sony\AppData\Local\WideSearch\wsearch.exe.vir probably a variant of Win32/TrojanDownloader.Delf.RKU trojan
C:\TDSSKiller_Quarantine\05.12.2012_05.45.22\zasubsys0000\file0000\tsk0000.dta Win64/Patched.A.Gen trojan
C:\TDSSKiller_Quarantine\05.12.2012_05.45.22\zasubsys0000\zafs0000\tsk0000.dta Win32/Sirefef.EZ trojan
C:\TDSSKiller_Quarantine\05.12.2012_05.45.22\zasubsys0000\zafs0000\tsk0001.dta Win64/Sirefef.W trojan
C:\TDSSKiller_Quarantine\05.12.2012_05.45.22\zasubsys0000\zafs0000\tsk0007.dta Win64/Conedex.C trojan
C:\TDSSKiller_Quarantine\05.12.2012_05.45.22\zasubsys0000\zafs0000\tsk0008.dta Win64/Agent.BA trojan
C:\TDSSKiller_Quarantine\05.12.2012_05.45.22\zasubsys0000\zafs0000\tsk0009.dta Win64/Conedex.B trojan
C:\TDSSKiller_Quarantine\05.12.2012_05.45.22\zasubsys0000\zafs0000\tsk0010.dta Win64/Sirefef.AW trojan
C:\TDSSKiller_Quarantine\05.12.2012_05.45.22\zasubsys0000\zafs0000\tsk0011.dta probably a variant of Win32/Sirefef.FD trojan
C:\TDSSKiller_Quarantine\05.12.2012_05.45.22\zasubsys0000\zafs0000\tsk0012.dta a variant of Win64/Sirefef.AN trojan
C:\TDSSKiller_Quarantine\05.12.2012_05.45.22\zasubsys0001\file0000\tsk0000.dta Win64/Patched.A.Gen trojan
C:\TDSSKiller_Quarantine\05.12.2012_05.45.22\zasubsys0001\zafs0000\tsk0000.dta Win32/Sirefef.EZ trojan
C:\TDSSKiller_Quarantine\05.12.2012_05.45.22\zasubsys0001\zafs0000\tsk0001.dta Win64/Sirefef.W trojan
C:\TDSSKiller_Quarantine\05.12.2012_05.45.22\zasubsys0001\zafs0000\tsk0007.dta Win64/Conedex.C trojan
C:\TDSSKiller_Quarantine\05.12.2012_05.45.22\zasubsys0001\zafs0000\tsk0008.dta Win64/Agent.BA trojan
C:\TDSSKiller_Quarantine\05.12.2012_05.45.22\zasubsys0001\zafs0000\tsk0009.dta Win64/Conedex.B trojan
C:\TDSSKiller_Quarantine\05.12.2012_05.45.22\zasubsys0001\zafs0000\tsk0010.dta Win64/Sirefef.AW trojan
C:\TDSSKiller_Quarantine\05.12.2012_05.45.22\zasubsys0001\zafs0000\tsk0011.dta probably a variant of Win32/Sirefef.FD trojan
C:\TDSSKiller_Quarantine\05.12.2012_05.45.22\zasubsys0001\zafs0000\tsk0012.dta a variant of Win64/Sirefef.AN trojan
C:\TDSSKiller_Quarantine\05.12.2012_05.45.22\zasubsys0002\file0000\tsk0000.dta Win64/Patched.A.Gen trojan
C:\TDSSKiller_Quarantine\05.12.2012_05.45.22\zasubsys0002\zafs0000\tsk0000.dta Win32/Sirefef.EZ trojan
C:\TDSSKiller_Quarantine\05.12.2012_05.45.22\zasubsys0002\zafs0000\tsk0001.dta Win64/Sirefef.W trojan
C:\TDSSKiller_Quarantine\05.12.2012_05.45.22\zasubsys0002\zafs0000\tsk0007.dta Win64/Conedex.C trojan
C:\TDSSKiller_Quarantine\05.12.2012_05.45.22\zasubsys0002\zafs0000\tsk0008.dta Win64/Agent.BA trojan
C:\TDSSKiller_Quarantine\05.12.2012_05.45.22\zasubsys0002\zafs0000\tsk0009.dta Win64/Conedex.B trojan
C:\TDSSKiller_Quarantine\05.12.2012_05.45.22\zasubsys0002\zafs0000\tsk0010.dta Win64/Sirefef.AW trojan
C:\TDSSKiller_Quarantine\05.12.2012_05.45.22\zasubsys0002\zafs0000\tsk0011.dta probably a variant of Win32/Sirefef.FD trojan
C:\TDSSKiller_Quarantine\05.12.2012_05.45.22\zasubsys0002\zafs0000\tsk0012.dta a variant of Win64/Sirefef.AN trojan
C:\TDSSKiller_Quarantine\05.12.2012_06.45.24\zasubsys0000\file0000\tsk0000.dta Win64/Patched.A.Gen trojan
C:\TDSSKiller_Quarantine\05.12.2012_06.45.24\zasubsys0000\zafs0000\tsk0000.dta Win32/Sirefef.EZ trojan
C:\TDSSKiller_Quarantine\05.12.2012_06.45.24\zasubsys0000\zafs0000\tsk0001.dta Win64/Sirefef.W trojan
C:\TDSSKiller_Quarantine\05.12.2012_06.45.24\zasubsys0000\zafs0000\tsk0007.dta Win64/Conedex.C trojan
C:\TDSSKiller_Quarantine\05.12.2012_06.45.24\zasubsys0000\zafs0000\tsk0008.dta Win64/Agent.BA trojan
C:\TDSSKiller_Quarantine\05.12.2012_06.45.24\zasubsys0000\zafs0000\tsk0009.dta Win64/Conedex.B trojan
C:\TDSSKiller_Quarantine\05.12.2012_06.45.24\zasubsys0000\zafs0000\tsk0010.dta Win64/Sirefef.AW trojan
C:\TDSSKiller_Quarantine\05.12.2012_06.45.24\zasubsys0000\zafs0000\tsk0011.dta probably a variant of Win32/Sirefef.FD trojan
C:\TDSSKiller_Quarantine\05.12.2012_06.45.24\zasubsys0000\zafs0000\tsk0012.dta a variant of Win64/Sirefef.AN trojan
C:\Users\Sony\Downloads\Gangs_Of_Wasseypur_2_2012_Hindi_DvDrip_720p_x264_Hon3y.exe multiple threats

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:28 PM

Posted 06 December 2012 - 05:10 PM

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Press the WinKey + R to open a run box, type Notepad > click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Users\Sony\Downloads\Gangs_Of_Wasseypur_2_2012_Hindi_DvDrip_720p_x264_Hon3y.exe

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT



  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List installed programs.

Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.

NEXT


Please download Farbar Service Scanner to your desktop and run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

NEXT

Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 SaurabhD

SaurabhD
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 06 December 2012 - 05:37 PM

ComboFix 12-12-04.01 - Sony 07-12-2012 3:47.2.2 - x64
Microsoft Windows 7 Home Basic 6.1.7600.0.1252.91.1033.18.1915.816 [GMT 5.5:30]
Running from: c:\users\Sony\Desktop\ComboFix.exe
Command switches used :: c:\users\Sony\Desktop\CFScript.txt
SP: Webroot Spy Sweeper *Disabled/Updated* {8162D2B6-63C7-5812-E5F7-165FDC222080}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Sony\Downloads\Gangs_Of_Wasseypur_2_2012_Hindi_DvDrip_720p_x264_Hon3y.exe"
.
.
((((((((((((((((((((((((( Files Created from 2012-11-06 to 2012-12-06 )))))))))))))))))))))))))))))))
.
.
2012-12-06 22:32 . 2012-12-06 22:32 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-12-06 22:32 . 2012-12-06 22:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-06 22:32 . 2012-12-06 22:32 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-12-06 22:25 . 2012-12-06 22:25 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CC9997DA-B61B-40DA-B140-349818140A47}\offreg.dll
2012-12-06 14:44 . 2012-12-06 14:44 -------- d-----w- C:\FRST
2012-12-06 03:38 . 2012-12-06 03:38 -------- d-----w- c:\program files (x86)\ESET
2012-12-06 03:26 . 2012-12-06 03:26 -------- d-----w- c:\users\Sony\AppData\Roaming\Malwarebytes
2012-12-06 03:26 . 2012-12-06 03:26 -------- d-----w- c:\programdata\Malwarebytes
2012-12-06 03:26 . 2012-12-06 03:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-06 03:26 . 2012-09-29 14:24 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-06 03:05 . 2012-12-06 03:05 -------- d-----w- c:\windows\ERUNT
2012-12-06 03:05 . 2012-12-06 03:05 -------- d-----w- C:\JRT
2012-12-06 02:45 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CC9997DA-B61B-40DA-B140-349818140A47}\mpengine.dll
2012-12-05 00:16 . 2012-12-05 01:16 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-05 00:10 . 2012-12-05 00:10 39184 ----a-w- c:\windows\system32\Partizan.exe
2012-12-05 00:03 . 2012-12-05 00:03 2 --shatr- c:\windows\winstart.bat
2012-12-05 00:03 . 2012-12-05 00:50 -------- d-----w- c:\program files (x86)\UnHackMe
2012-12-04 19:36 . 2012-10-23 12:10 77144 ----a-w- c:\windows\system32\drivers\PCTBD64.sys
2012-12-04 19:36 . 2012-10-23 12:10 150648 ----a-w- c:\windows\SGDetectionTool.dll
2012-12-04 19:36 . 2012-10-23 12:10 769144 ----a-w- c:\windows\BDTSupport.dll
2012-12-04 19:31 . 2012-12-04 19:34 -------- d-----w- c:\programdata\PC Tools
2012-12-04 19:31 . 2012-12-04 19:31 -------- d-----w- c:\users\Sony\AppData\Roaming\TestApp
2012-12-03 05:46 . 2012-12-03 05:46 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-12-03 05:36 . 2012-12-04 19:03 -------- d-----w- c:\users\Sony\AppData\Roaming\Free Download Manager
2012-11-26 13:04 . 2012-11-26 13:04 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-11-20 21:52 . 2012-12-06 03:34 -------- d-----w- c:\users\Sony\AppData\Local\GetBooks
2012-11-14 21:41 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-14 21:41 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-14 21:41 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-14 21:41 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-14 21:32 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-14 21:32 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-14 21:32 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-14 21:32 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-14 21:32 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-14 21:32 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-14 21:32 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-14 16:41 . 2012-10-18 18:18 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-11-14 16:41 . 2012-09-25 22:39 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 16:41 . 2012-09-25 21:55 78336 ----a-w- c:\windows\SysWow64\synceng.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-23 11:00 . 2012-12-04 19:36 3488 ----a-w- c:\windows\UDB.zip
2012-10-23 11:00 . 2012-12-04 19:36 131 ----a-w- c:\windows\IDB.zip
2012-10-16 21:20 . 2012-11-28 15:52 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 21:20 . 2012-11-28 15:52 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 20:34 . 2012-11-28 15:52 559104 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-10 17:51 . 2012-06-15 14:18 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-10 17:51 . 2012-06-15 14:18 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-14 19:23 . 2012-10-10 13:15 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:30 . 2012-10-10 13:15 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-05-26 317288]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-10 592744]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-06-02 296056]
"SpySweeper"="c:\program files (x86)\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-06-02 5414256]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-07-01 18:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-06-26 362992]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-11-22 3290304]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-08 169312]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-30 35104]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-08-05 139264]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 pctplsm;pctplsm;c:\windows\System32\drivers\pctplsm64.sys [2012-11-01 87968]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-06-26 313840]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-10-31 403416]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-07-27 120104]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-07-27 70952]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-07-27 427304]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-07-27 75048]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-07-27 91432]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-06-26 468264]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-06-26 357672]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-06-18 110888]
R3 wirelessusbser;Wireless USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\3GDatausbser64.sys [2009-04-09 119680]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2012-10-22 413448]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2012-02-28 453896]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2012-02-28 1096176]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-05-20 55280]
S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2009-04-22 37864]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [2012-10-31 347016]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-11-01 253256]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-10-23 580728]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-07-24 189984]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-08-22 411496]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-07-22 642920]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2009-08-13 522240]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-07-31 292864]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [2012-10-23 77144]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2009-06-11 11392]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-07-31 393216]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-15 17:51]
.
2012-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-15 14:18]
.
2012-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-15 14:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-24 7938080]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-24 1833504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-05 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-05 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-05 365592]
"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://xfinity.comcast.net/?cid=insDate10242012
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-07 04:06:36
ComboFix-quarantined-files.txt 2012-12-06 22:36
ComboFix2.txt 2012-12-06 02:46
.
Pre-Run: 45,252,845,568 bytes free
Post-Run: 44,827,500,544 bytes free
.
- - End Of File - - 81134D5EB931F778AA3698444B53B31A

#12 SaurabhD

SaurabhD
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 06 December 2012 - 05:39 PM

MiniToolBox by Farbar Version: 25-11-2012
Ran by Sony (administrator) on 07-12-2012 at 04:09:18
Running from "C:\Users\Sony\Desktop"
Windows 7 Home Basic (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

127.0.0.1 localhost


=========================== Installed Programs ============================

2007 Microsoft Office system (Version: 12.0.6612.1000)
Activate Norton Online Backup (Version: 1.2.15.0)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Photoshop Elements 7.0 (Version: 7.0.1)
Adobe Premiere Elements 7.0 (Version: 7.0.1)
Adobe Premiere Elements 7.0 Templates (Version: 7.0.0)
Adobe Reader 9.1.2 (Version: 9.1.2)
Alps Pointing-device for VAIO
ArcSoft Magic-i Visual Effects 2 (Version: 2.0.1.85)
ArcSoft WebCam Companion 3 (Version: 3.0.21.390)
BitTorrent (Version: 7.6.1)
Browser Guard 4.0 (Version: 4.0.0.1884)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1)
Click to Disc (Version: 1.2.70.06160)
Click to Disc Editor (Version: 2.0.02)
D3DX10 (Version: 15.4.2368.0902)
ESET Online Scanner v3
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3230.2052)
Google Update Helper (Version: 1.3.21.123)
HDAUDIO SoftV92 Data Fax Modem with SmartCP (Version: 7.80.4.50)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java™ 6 Update 14 (64-bit) (Version: 6.0.140)
Java™ 6 Update 14 (Version: 6.0.140)
Junk Mail filter update (Version: 16.4.3503.0728)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2003 Web Components (Version: 11.0.8173.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Search Enhancement Pack (Version: 1.2.123.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Movie Maker (Version: 16.4.3503.0728)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1108.0727)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Music Transfer (Version: 1.3.01.13160)
PC Tools Spyware Doctor 9.1 (Version: 9.1)
Photo Common (Version: 16.4.3503.0728)
Photo Gallery (Version: 16.4.3503.0728)
Picasa 3 (Version: 3.8)
Primo (Version: 1.00.0000)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.4)
Realtek High Definition Audio Driver (Version: 6.0.1.5886)
RealUpgrade 1.1 (Version: 1.1.0)
Roxio Central Audio (Version: 3.8.0)
Roxio Central Copy (Version: 3.8.0)
Roxio Central Core (Version: 3.8.0)
Roxio Central Data (Version: 3.8.0)
Roxio Central Tools (Version: 3.8.0)
Roxio Easy Media Creator 10 LJ (Version: 10.3)
Roxio Easy Media Creator Home (Version: 10.3.121)
Runtime (Version: 1.00.0000)
Setting Utility Series (Version: 5.0.0.07300)
Skype Click to Call (Version: 6.4.11328)
Skype™ 6.0 (Version: 6.0.126)
SmartSound Quicktracks for Premiere Elements (Version: 3.11.3090)
Sony Home Network Library (Version: 2.0.0.07280)
Sony Picture Utility (Version: 4.2.12.16210)
Spy Sweeper (Version: 5.8)
Spy Sweeper Core (Version: 4.4.1.25)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VAIO Content Metadata Intelligent Analyzing Manager (Version: 3.5.0.06261)
VAIO Content Metadata Intelligent Network Service Manager (Version: 3.5.0.06260)
VAIO Content Metadata Manager Settings (Version: 3.5.0.06260)
VAIO Content Metadata XML Interface Library (Version: 3.5.0.06180)
VAIO Content Monitoring Settings (Version: 2.4.0.06120)
VAIO Control Center (Version: 4.0.0.06120)
VAIO Data Restore Tool (Version: 1.1.01.06290)
VAIO DVD Menu Data Basic (Version: 1.0.00.08130)
VAIO Entertainment Platform (Version: 3.5.0.07230)
VAIO Event Service (Version: 5.0.0.07010)
VAIO Gate (Version: 1.0.0.08050)
VAIO Manual (Version: 3.0.0.14130)
VAIO Media plus (Version: 2.0.0.07280)
VAIO Media plus Opening Movie (Version: 2.0.0.07030)
VAIO Movie Story (Version: 1.5.00.06191)
VAIO Movie Story Template Data (Version: 1.5.00.06010)
VAIO Original Function Settings (Version: 2.0.0.07010)
VAIO Power Management (Version: 4.0.0.08240)
VAIO Presentation Support (Version: 2.0.0.05270)
VAIO Quick Web Access (Version: 1.1.2.4)
VAIO Smart Network (Version: 3.0.0.08120)
VAIO Transfer Support (Version: 1.0.0.07290)
VAIO Update 4 (Version: 4.2.0.07300)
VAIO Wallpaper Contents (Version: 2.0.0.06010)
VLC media player 0.9.9 (Version: 0.9.9)
WIDCOMM Bluetooth Software (Version: 6.2.0.9600)
Windows Live Communications Platform (Version: 16.4.3503.0728)
Windows Live Essentials (Version: 16.4.3503.0728)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3503.0728)
Windows Live Mail (Version: 16.4.3503.0728)
Windows Live Messenger (Version: 16.4.3503.0728)
Windows Live MIME IFilter (Version: 16.4.3503.0728)
Windows Live Photo Common (Version: 16.4.3503.0728)
Windows Live PIMT Platform (Version: 16.4.3503.0728)
Windows Live SOXE (Version: 16.4.3503.0728)
Windows Live SOXE Definitions (Version: 16.4.3503.0728)
Windows Live Sync (Version: 14.0.8064.206)
Windows Live UX Platform (Version: 16.4.3503.0728)
Windows Live UX Platform Language Pack (Version: 16.4.3503.0728)
Windows Live Writer (Version: 16.4.3503.0728)
Windows Live Writer Resources (Version: 16.4.3503.0728)
WinDVD for VAIO (Version: 8.0.20.79)

**** End of log ****

#13 SaurabhD

SaurabhD
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 06 December 2012 - 05:43 PM

Farbar Service Scanner Version: 04-12-2012
Ran by Sony (administrator) on 07-12-2012 at 04:11:43
Running from "C:\Users\Sony\Desktop"
Windows 7 Home Basic (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-06-02 19:40] - [2011-12-28 09:29] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-06-02 19:29] - [2012-03-30 16:39] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-10-10 18:41] - [2012-06-02 10:55] - 0182272 ____A (Microsoft Corporation) BAF19B633933A9FB4883D27D66C39E9A

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:28 PM

Posted 06 December 2012 - 05:49 PM

Visit ADOBE and download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click on "Do I have Java"
  • It will check your current version and then offer to update to the latest version
  • Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if there are - remove them.


NEXT



Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 SaurabhD

SaurabhD
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 06 December 2012 - 06:00 PM

latest PC Scan says that there are 173 infections ... have finished installing adobe ...

1. Application.trackingcookies - 1 infections
2. Advert.Advertising - 2 infections
3. Trojan.Generic - 164 infections
4. Application.NirCmd - 6 infections

What to do now??




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users