Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ransomware in my windows7 laptop


  • This topic is locked This topic is locked
69 replies to this topic

#1 karthik007

karthik007

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:46 PM

Posted 06 June 2013 - 01:15 PM

I have a laptop with windows 7 installed on it..Recently it has been infected by some malware or spyware i guess..i have thoroughly scanned for a virus but havent found any...i am not able to install any anti-malware or spyware..i installed hijackthis by running in safe mode..and got the following log....Please diagnose...Thanks in advance....

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 22:26:55, on 06-06-2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16470)
CHROME: 28.0.1500.37
 
Boot mode: Safe mode
 
Running processes:
F:\software\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://indiasearcher.in/r.asp#
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
O4 - HKCU\..\Run: [6c4] C:\Users\Aadi\AppData\Roaming\7a5\6c4.js
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: 3b0.js
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{109B7E55-B87F-47A9-8A45-7FD652B05C34}: NameServer = 202.148.200.3 202.148.202.4
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: DCDhcpService - Atheros Communication Inc. - C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: VAIO Care Performance Service (SampleCollector) - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCPerfService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
O23 - Service: VAIO Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: VAIO Entertainment Common Service (SpfService) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: VCService - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 10999 bytes
 

 



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:16 PM

Posted 06 June 2013 - 01:45 PM

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:16 PM

Posted 10 June 2013 - 03:41 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

 

Mod Edit: Topic re-opened at request of OP.  Thank you TB-Psychotic.


Edited by Platypus, 11 June 2013 - 04:25 PM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:16 PM

Posted 12 June 2013 - 01:43 AM

Hi there and welcome back.

 

 

Please run the tool as instructed in my last replay and post the log.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 karthik007

karthik007
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:46 PM

Posted 12 June 2013 - 09:46 AM

yea sure !



#6 karthik007

karthik007
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:46 PM

Posted 12 June 2013 - 10:19 AM

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2013 03
Ran by Aadi (administrator) on 12-06-2013 20:40:15
Running from C:\Users\Aadi\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\WScript.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Google Inc.) C:\Users\Aadi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Aadi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Aadi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Aadi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Aadi\AppData\Local\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
(Google Inc.) C:\Users\Aadi\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4  [2277992 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2531624 2011-06-25] (Synaptics Incorporated)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1436736 2011-06-15] (Microsoft Corporation)
HKLM\...\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4  [2277992 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /DTSU2P  [2277992 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [13374568 2011-12-13] (Realtek Semiconductor)
HKCU\...\Run: [6c4] C:\Users\Aadi\AppData\Roaming\7a5\6c4.js [46698 2013-06-12] ()
MountPoints2: {0eae6fc7-110d-11e2-850c-f0bf9767f9c6} - I:\Startme.exe
MountPoints2: {32ca8953-7020-11e1-9a98-f0bf9767f9c6} - G:\Startme.exe
MountPoints2: {36a913a7-be77-11e2-8281-f0bf9767f9c6} - H:\setup_vmb_lite.exe /checkApplicationPresence
MountPoints2: {3caf5e16-2508-11e2-ba9d-f0bf9767f9c6} - H:\unlock.exe autoplay=true
MountPoints2: {43be80ef-dd3c-11e1-94f0-f0bf9767f9c6} - Iomega Encryption Utility.exe
MountPoints2: {559ef7f8-7f68-11e2-80e8-806e6f6e6963} - I:\AutoRun.exe
MountPoints2: {56a999d1-7f54-11e2-8282-f0bf9767f9c6} - H:\AutoRun.exe
MountPoints2: {6615dd70-8bf7-11e2-b1ba-ccaf78c716a8} - H:\AutoRun.exe
MountPoints2: {696fc432-8e25-11e1-a7e9-f0bf9767f9c6} - G:\AutoRun.exe
MountPoints2: {696fc440-8e25-11e1-a7e9-f0bf9767f9c6} - G:\AutoRun.exe
MountPoints2: {91a3bc36-377d-11e1-8c81-f0bf9767f9c6} - G:\setup.exe
MountPoints2: {aa8a28f2-acd6-11e2-94e5-f0bf9767f9c6} - H:\.\autorun.exe
MountPoints2: {bfa51cf0-18d2-11e2-b007-f0bf9767f9c6} - H:\Setup.exe /Auto
MountPoints2: {c8652ebb-1862-11e2-a2d4-f0bf9767f9c6} - I:\AutoRun.exe
MountPoints2: {c8652ec6-1862-11e2-a2d4-f0bf9767f9c6} - H:\AutoRun.exe
MountPoints2: {e26bb689-a6b7-11e2-a6d7-f0bf9767f9c6} - H:\AutoRun.exe
MountPoints2: {e26bb6ad-a6b7-11e2-a6d7-f0bf9767f9c6} - H:\AutoRun.exe
MountPoints2: {e7457c56-be28-11e2-b882-f0bf9767f9c6} - H:\setup_vmb_lite.exe /checkApplicationPresence
MountPoints2: {e7457c5d-be28-11e2-b882-f0bf9767f9c6} - H:\setup_vmb_lite.exe /checkApplicationPresence
MountPoints2: {f076daa7-22c9-11e2-b865-f0bf9767f9c6} - I:\unlock.exe autoplay=true
MountPoints2: {f7581a05-8ed2-11e1-bc92-f0bf9767f9c6} - G:\AutoRun.exe
MountPoints2: {f7581a3d-8ed2-11e1-bc92-f0bf9767f9c6} - G:\AutoRun.exe
MountPoints2: {fa05da09-8bf5-11e2-aa51-f0bf9767f9c6} - H:\AutoRun.exe
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-06-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart [500736 2011-05-03] (Dolby Laboratories Inc.)
IMEO\magic-i visual effects.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\pmbbrowser.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\pmblauncher.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\pmbmapview.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\utility.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\uwebcam.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\vsnclient.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\win7ui.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://indiasearcher.in/r.asp#
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony.msn.com
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{109B7E55-B87F-47A9-8A45-7FD652B05C34}: [NameServer]202.148.200.3 202.148.202.4
 
Chrome: 
=======
CHR HomePage: hxxp://indiasearcher.in/r.asp#
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Aadi\AppData\Local\Google\Chrome\Application\28.0.1500.37\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Aadi\AppData\Local\Google\Chrome\Application\28.0.1500.37\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Aadi\AppData\Local\Google\Chrome\Application\28.0.1500.37\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Aadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Media Go Detector) - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Aadi\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (Ultimate YouTube Downloader) - C:\Users\Aadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfkpkealncpcbfklpgnggcgjjdkbljop\1.0.2.1_0
CHR Extension: (YouTube) - C:\Users\Aadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Aadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Photo Zoom for Facebook) - C:\Users\Aadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0
CHR Extension: (Skype Click to Call) - C:\Users\Aadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0
CHR Extension: (Gmail) - C:\Users\Aadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
 
==================== Services (Whitelisted) =================
 
S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S4 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-07-06] (Atheros)
S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [104096 2011-07-19] (Atheros Communication Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2011-04-27] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [288272 2011-04-27] (Microsoft Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259512 2011-07-23] (Sony Corporation)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-14] (Microsoft Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2123584 2011-12-14] (TuneUp Software)
S4 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-24] (ArcSoft, Inc.)
S4 HWDeviceService64.exe; "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service [x]
 
==================== Drivers (Whitelisted) ====================
 
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-27] (ArcSoft, Inc.)
S3 bthathfax; C:\Windows\System32\DRIVERS\bthathfax.sys [75424 2011-07-06] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2012-01-05] (DT Soft Ltd)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [189440 2011-04-18] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [84864 2011-04-27] (Microsoft Corporation)
R2 risdsnpe; C:\Windows\system32\drivers\risdsnxc64.sys [98816 2011-06-25] (REDC)
S3 s1039bus; C:\Windows\System32\DRIVERS\s1039bus.sys [127600 2010-03-15] (MCCI Corporation)
S3 s1039mdfl; C:\Windows\System32\DRIVERS\s1039mdfl.sys [19568 2010-03-15] (MCCI Corporation)
S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [161904 2010-03-15] (MCCI Corporation)
S3 s1039mgmt; C:\Windows\System32\DRIVERS\s1039mgmt.sys [141424 2010-03-15] (MCCI Corporation)
S3 s1039nd5; C:\Windows\System32\DRIVERS\s1039nd5.sys [34416 2010-03-15] (MCCI Corporation)
S3 s1039obex; C:\Windows\System32\DRIVERS\s1039obex.sys [137328 2010-03-15] (MCCI Corporation)
S3 s1039unic; C:\Windows\System32\DRIVERS\s1039unic.sys [158320 2010-03-15] (MCCI Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-12-12] (TuneUp Software)
S3 vodafone_zte_cdc_acm; C:\Windows\System32\DRIVERS\vodafone_zte_cdc_acm.sys [79872 2011-05-20] (Vodafone)
S3 vodafone_zte_cdc_ecm; C:\Windows\System32\DRIVERS\vodafone_zte_cdc_ecm.sys [58880 2011-05-20] (Vodafone)
S3 vodafone_zte_cpo; C:\Windows\System32\DRIVERS\vodafone_zte_cpo.sys [14336 2011-05-20] (Vodafone)
S3 vodafone_zte_ecm_enum; C:\Windows\System32\DRIVERS\vodafone_zte_ecm_enum.sys [56320 2011-05-20] (Vodafone)
S3 vodafone_zte_ecm_enum_filter; C:\Windows\System32\DRIVERS\vodafone_zte_ecm_enum_filter.sys [56320 2011-05-20] (Vodafone)
S3 ztemtusbser; C:\Windows\System32\DRIVERS\CT_ZTEMT_U_USBSER.sys [120704 2011-10-27] (ZTEMT Incorporated)
S3 ZTEusbwwan; C:\Windows\System32\DRIVERS\ZTEusbwwan.sys [235520 2010-06-14] (ZTE Incorporated)
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [x]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [x]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [x]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [x]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-06-12 20:39 - 2013-06-12 20:39 - 00000000 ____D C:\FRST
2013-06-12 20:38 - 2013-06-12 20:39 - 01920250 ____A (Farbar) C:\Users\Aadi\Downloads\FRST64.exe
2013-06-12 20:37 - 2013-06-12 20:38 - 01359115 ____A (Farbar) C:\Users\Aadi\Downloads\FRST.exe
2013-06-11 23:17 - 2013-06-11 23:26 - 100223884 ____A C:\Users\Aadi\Downloads\Aashiqui 2 [2013-MP3-VBR-320Kbps] [www.Mp3HunGama.IN].zip
2013-06-06 22:52 - 2013-06-06 22:53 - 16409960 ____A (Safer Networking Limited                                    ) C:\Users\Aadi\Downloads\spybotsd162.exe
2013-06-06 22:29 - 2013-06-06 22:29 - 00011001 ____A C:\Users\Aadi\Desktop\hijackthis.log
2013-06-06 22:09 - 2013-06-06 22:09 - 00000000 ____D C:\Users\Aadi\Downloads\delcwssk (1)
2013-06-06 22:06 - 2013-06-06 22:06 - 00052461 ____A C:\Users\Aadi\Downloads\delcwssk.zip
2013-06-06 21:49 - 2013-06-06 21:49 - 00388608 ____A (Trend Micro Inc.) C:\Users\Aadi\Downloads\HijackThis (1).exe
2013-06-06 21:48 - 2013-06-06 21:49 - 00388608 ____A (Trend Micro Inc.) C:\Users\Aadi\Downloads\_HijackThis.exe
2013-06-01 13:56 - 2013-06-01 13:57 - 00791488 ____A C:\Users\Aadi\Downloads\ZipOpenerSetup.exe
2013-06-01 13:46 - 2013-06-01 13:47 - 00052358 ____A C:\Users\Aadi\Downloads\friends-with-benefits_english-484897.zip
2013-06-01 13:44 - 2013-06-01 13:46 - 10161056 ____A (Sony Corporation) C:\Users\Aadi\Downloads\EP0000279142.exe
2013-05-28 19:06 - 2013-05-28 19:06 - 00001232 ____A C:\Users\Aadi\Desktop\Update Service.lnk
2013-05-28 19:05 - 2013-05-28 19:05 - 00000000 ____D C:\Program Files (x86)\Sony Mobile
2013-05-28 19:01 - 2013-05-28 19:04 - 39487760 ____A C:\Users\Aadi\Downloads\Update_Service_Setup-2.13.6.201305161305.exe
2013-05-28 18:41 - 2013-05-28 18:41 - 04167680 ____A C:\Program Files (x86)\GUTA308.tmp
2013-05-28 18:41 - 2013-05-28 18:41 - 00000000 ____D C:\Program Files (x86)\GUMA307.tmp
2013-05-28 17:14 - 2013-05-28 17:15 - 00000000 ___RD C:\Users\Aadi\Documents\Notes
2013-05-25 16:43 - 2013-05-25 16:43 - 00000656 ____A C:\Users\Aadi\Desktop\Image- Material -2013 - Shortcut.lnk
2013-05-25 15:03 - 2013-05-25 15:03 - 00000000 ____D C:\Users\Aadi\Desktop\Latha
2013-05-22 22:17 - 2013-06-12 19:49 - 00011218 ____A C:\Windows\setupact.log
2013-05-17 04:07 - 2013-05-17 04:07 - 00000000 ____D C:\Users\Aadi\AppData\Roaming\FLEXnet
2013-05-17 02:16 - 2013-05-17 02:16 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_vodafone_zte_cdc_ecm_01009.Wdf
2013-05-17 02:15 - 2013-05-17 02:15 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_vodafone_zte_ecm_enum_01009.Wdf
2013-05-17 02:15 - 2013-05-17 02:15 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_vodafone_zte_cdc_acm_01009.Wdf
2013-05-17 02:14 - 2013-05-17 02:14 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf
2013-05-17 02:12 - 2013-05-17 02:12 - 00000000 ____D C:\Users\Aadi\AppData\Local\{B9614B49-C7A3-4D75-A779-03E5B77C119F}
 
==================== One Month Modified Files and Folders =======
 
2013-06-12 20:39 - 2013-06-12 20:39 - 00000000 ____D C:\FRST
2013-06-12 20:39 - 2013-06-12 20:38 - 01920250 ____A (Farbar) C:\Users\Aadi\Downloads\FRST64.exe
2013-06-12 20:38 - 2013-06-12 20:37 - 01359115 ____A (Farbar) C:\Users\Aadi\Downloads\FRST.exe
2013-06-12 20:30 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\tracing
2013-06-12 19:57 - 2009-07-14 10:15 - 00020928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-12 19:57 - 2009-07-14 10:15 - 00020928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-12 19:56 - 2012-01-02 12:55 - 01438872 ____A C:\Windows\WindowsUpdate.log
2013-06-12 19:49 - 2013-05-22 22:17 - 00011218 ____A C:\Windows\setupact.log
2013-06-12 19:49 - 2012-08-07 21:02 - 00065536 _____ C:\Windows\System32\Ikeext.etl
2013-06-12 19:49 - 2009-07-14 10:38 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-11 23:29 - 2009-07-14 10:43 - 00006494 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-11 23:26 - 2013-06-11 23:17 - 100223884 ____A C:\Users\Aadi\Downloads\Aashiqui 2 [2013-MP3-VBR-320Kbps] [www.Mp3HunGama.IN].zip
2013-06-11 21:46 - 2012-01-16 11:51 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3625858516-2434763445-3860897287-1000UA.job
2013-06-11 20:18 - 2012-01-16 11:51 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3625858516-2434763445-3860897287-1000Core.job
2013-06-06 22:53 - 2013-06-06 22:52 - 16409960 ____A (Safer Networking Limited                                    ) C:\Users\Aadi\Downloads\spybotsd162.exe
2013-06-06 22:29 - 2013-06-06 22:29 - 00011001 ____A C:\Users\Aadi\Desktop\hijackthis.log
2013-06-06 22:09 - 2013-06-06 22:09 - 00000000 ____D C:\Users\Aadi\Downloads\delcwssk (1)
2013-06-06 22:06 - 2013-06-06 22:06 - 00052461 ____A C:\Users\Aadi\Downloads\delcwssk.zip
2013-06-06 21:49 - 2013-06-06 21:49 - 00388608 ____A (Trend Micro Inc.) C:\Users\Aadi\Downloads\HijackThis (1).exe
2013-06-06 21:49 - 2013-06-06 21:48 - 00388608 ____A (Trend Micro Inc.) C:\Users\Aadi\Downloads\_HijackThis.exe
2013-06-04 11:25 - 2012-01-14 11:35 - 00000000 ____D C:\Users\Aadi\AppData\Roaming\vlc
2013-06-01 13:57 - 2013-06-01 13:56 - 00791488 ____A C:\Users\Aadi\Downloads\ZipOpenerSetup.exe
2013-06-01 13:47 - 2013-06-01 13:46 - 00052358 ____A C:\Users\Aadi\Downloads\friends-with-benefits_english-484897.zip
2013-06-01 13:46 - 2013-06-01 13:44 - 10161056 ____A (Sony Corporation) C:\Users\Aadi\Downloads\EP0000279142.exe
2013-05-28 19:06 - 2013-05-28 19:06 - 00001232 ____A C:\Users\Aadi\Desktop\Update Service.lnk
2013-05-28 19:05 - 2013-05-28 19:05 - 00000000 ____D C:\Program Files (x86)\Sony Mobile
2013-05-28 19:04 - 2013-05-28 19:01 - 39487760 ____A C:\Users\Aadi\Downloads\Update_Service_Setup-2.13.6.201305161305.exe
2013-05-28 18:41 - 2013-05-28 18:41 - 04167680 ____A C:\Program Files (x86)\GUTA308.tmp
2013-05-28 18:41 - 2013-05-28 18:41 - 00000000 ____D C:\Program Files (x86)\GUMA307.tmp
2013-05-28 17:15 - 2013-05-28 17:14 - 00000000 ___RD C:\Users\Aadi\Documents\Notes
2013-05-28 17:09 - 2012-12-13 19:31 - 00000000 ____D C:\ProgramData\Sony Ericsson
2013-05-28 17:08 - 2012-12-13 19:31 - 00000000 ____D C:\Program Files (x86)\Sony Ericsson
2013-05-25 16:43 - 2013-05-25 16:43 - 00000656 ____A C:\Users\Aadi\Desktop\Image- Material -2013 - Shortcut.lnk
2013-05-25 15:03 - 2013-05-25 15:03 - 00000000 ____D C:\Users\Aadi\Desktop\Latha
2013-05-24 20:22 - 2012-01-01 01:57 - 00072440 ____A C:\Users\Aadi\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-24 20:22 - 2009-07-14 10:15 - 00324432 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-22 21:40 - 2012-10-18 08:53 - 00000000 ____D C:\Users\Aadi\AppData\Roaming\ZTEEVDO
2013-05-18 22:38 - 2012-01-05 17:07 - 00000000 ____D C:\Users\Aadi\AppData\Local\CrashDumps
2013-05-17 04:07 - 2013-05-17 04:07 - 00000000 ____D C:\Users\Aadi\AppData\Roaming\FLEXnet
2013-05-17 03:53 - 2009-07-14 10:38 - 00032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-17 02:16 - 2013-05-17 02:16 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_vodafone_zte_cdc_ecm_01009.Wdf
2013-05-17 02:15 - 2013-05-17 02:15 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_vodafone_zte_ecm_enum_01009.Wdf
2013-05-17 02:15 - 2013-05-17 02:15 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_vodafone_zte_cdc_acm_01009.Wdf
2013-05-17 02:14 - 2013-05-17 02:14 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf
2013-05-17 02:13 - 2012-11-17 11:11 - 00000000 ____D C:\ProgramData\Vodafone
2013-05-17 02:12 - 2013-05-17 02:12 - 00000000 ____D C:\Users\Aadi\AppData\Local\{B9614B49-C7A3-4D75-A779-03E5B77C119F}
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-01-20 13:57
 
==================== End Of Log ============================


Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-06-2013 03
Ran by Aadi at 2013-06-12 20:43:56 Run:
Running from C:\Users\Aadi\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
 Update for Microsoft Office 2007 (KB2508958)
???? ??? Windows Live (Version: 15.4.3502.0922)
???? Windows Live (Version: 15.4.3502.0922)
µTorrent (Version: 2.0.1)
Adobe Flash Player 10 ActiveX (Version: 10.3.181.26)
Adobe Flash Player 11 Plugin (Version: 11.6.602.180)
Adobe Reader X (10.1.6) MUI (Version: 10.1.6)
AMD APP SDK Runtime (Version: 2.4.595.10)
Any Video Converter 3.3.1
ArcSoft Magic-i Visual Effects 2 (Version: 2.0.149)
ArcSoft WebCam Companion 4 (Version: 4.0.444)
Assassin's Creed (Version: 1.00)
Atheros WiFi Driver Installation (Version: 3.0)
ATI Catalyst Install Manager (Version: 3.0.825.0)
Bluetooth Win7 Suite (64) (Version: 7.04.000.82)
calibre (Version: 0.8.35)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2011.0630.809.12749)
Catalyst Control Center Graphics Previews Common (Version: 2011.0630.809.12749)
Catalyst Control Center InstallProxy (Version: 2011.0630.809.12749)
Catalyst Control Center Localization All (Version: 2011.0630.809.12749)
Catalyst Control Center Profiles Mobile (Version: 2011.0630.809.12749)
CCC Help Chinese Standard (Version: 2011.0630.0808.12749)
CCC Help Chinese Traditional (Version: 2011.0630.0808.12749)
CCC Help Czech (Version: 2011.0630.0808.12749)
CCC Help Danish (Version: 2011.0630.0808.12749)
CCC Help Dutch (Version: 2011.0630.0808.12749)
CCC Help English (Version: 2011.0630.0808.12749)
CCC Help Finnish (Version: 2011.0630.0808.12749)
CCC Help French (Version: 2011.0630.0808.12749)
CCC Help German (Version: 2011.0630.0808.12749)
CCC Help Greek (Version: 2011.0630.0808.12749)
CCC Help Hungarian (Version: 2011.0630.0808.12749)
CCC Help Italian (Version: 2011.0630.0808.12749)
CCC Help Japanese (Version: 2011.0630.0808.12749)
CCC Help Korean (Version: 2011.0630.0808.12749)
CCC Help Norwegian (Version: 2011.0630.0808.12749)
CCC Help Polish (Version: 2011.0630.0808.12749)
CCC Help Portuguese (Version: 2011.0630.0808.12749)
CCC Help Russian (Version: 2011.0630.0808.12749)
CCC Help Spanish (Version: 2011.0630.0808.12749)
CCC Help Swedish (Version: 2011.0630.0808.12749)
CCC Help Thai (Version: 2011.0630.0808.12749)
CCC Help Turkish (Version: 2011.0630.0808.12749)
ccc-utility64 (Version: 2011.0630.809.12749)
Counter-Strike 1.6
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.40.2.0131)
Ðiê`u khiê?n ActiveX Windows Live Mesh da`nh cho kê´t nô´i tu` xa (Version: 15.4.5722.2)
Dolby Home Theater v4 (Version: 7.2.7000.6)
Dropbox (Version: 2.0.0)
Evernote v. 4.4 (Version: 4.4.0.4848)
ffdshow [rev 3154] [2009-12-09] (Version: 1.0)
Google Chrome (Version: 28.0.1500.37)
HI-TECH C51-lite V9.60PL0 (Version: 9.60)
HI-TECH PICC lite V9.60PL0 (Version: 9.60)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Display Audio Driver (Version: 6.14.00.3074)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Rapid Storage Technology (Version: 10.5.0.1026)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (64-bit) (Version: 6.0.260)
Java™ 6 Update 26 (Version: 6.0.260)
Junk Mail filter update (Version: 15.4.3502.0922)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MATLAB R2009b (Version: 7.9)
Media Gallery (Version: 1.5.0.17250)
Media Go (Version: 1.7.254)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE (Version: 3.0.86.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.0.17.0)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Standard 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1)
ModelSim SE 6.2c
MSVC80_x64_v2 (Version: 1.0.3.0)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x64 (Version: 1.0.1.2)
MSVC90_x86 (Version: 1.0.1.2)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
MSXML4 Parser (Version: 1.0.0)
PC Connectivity Solution (Version: 11.5.13.0)
PlayStation®Network Downloader (Version: 2.05.00710)
PlayStation®Store (Version: 4.1.8.11883)
PMB (Version: 5.6.01.03300)
PMB VAIO Edition Plug-in (Version: 1.5.10.05300)
PMB VAIO Edition Plug-in (Version: 1.6.00.06010)
PMB VAIO Edition Plug-in (Version: 1.6.00.06140)
PX Profile Update (Version: 1.00.1.)
Qualcomm Atheros Direct Connect (Version: 3.0)
Quick Web Access (Version: 1.4.6.10)
Realtek High Definition Audio Driver (Version: 6.0.1.6526)
Remote Keyboard (Version: 1.1.1.07060)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.32.0)
Skype Click to Call (Version: 6.5.11422)
Skype™ 5.5 (Version: 5.5.124)
Sony Corporation (Version: 1.0.0)
Sony Ericsson Update Engine (Version: 2.13.6.201305161305)
Sony Mobile Update Service (Version: 2.13.6.201305161305)
Sony PC Companion 2.10.155 (Version: 2.10.155)
SSLx64 (Version: 1.0.0)
SSLx86 (Version: 1.0.0)
Synaptics Pointing Device Driver (Version: 15.2.6.0)
TuneUp Utilities 2012 (Version: 12.0.2160.13)
TuneUp Utilities Language Pack (en-US) (Version: 12.0.2160.13)
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VAIO - Media Gallery (Version: 1.5.0.18100)
VAIO - PMB VAIO Edition Guide (Version: 1.6.00.06030)
VAIO - PMB VAIO Edition Plug-in (Version: 1.6.10.11160)
VAIO - Remote Keyboard (Version: 1.1.0.07060)
VAIO Care (Version: 7.0.1.08040)
VAIO Control Center (Version: 5.0.0.07070)
VAIO Data Restore Tool (Version: 1.7.0.05270)
VAIO Easy Connect (Version: 1.1.2.01120)
VAIO Gate (Version: 2.4.1.09230)
VAIO Gate Default (Version: 2.5.0.07080)
VAIO Improvement (Version: 1.1.0.06030)
VAIO Manual (Version: 1.4.0.05310)
VAIO Sample Contents (Version: 1.4.1.09010)
VAIO Smart Network (Version: 3.8.0.08120)
VAIO Transfer Support (Version: 1.4.0.14230)
VAIO Update (Version: 5.5.0.06290)
VAIO Update Merge Module x64 (Version: 5.5.06290)
VCCx64 (Version: 1.0.0)
VCCx86 (Version: 1.0.0)
VHD (Version: 1.0.0)
VIx64 (Version: 1.0.0)
VIx86 (Version: 1.0.0)
VLC media player 1.1.9 (Version: 1.1.9)
VPMx64 (Version: 1.0.0)
VSNx64 (Version: 1.0.0)
VSNx86 (Version: 1.0.0)
VWSTx86 (Version: 1.0.0)
Windows Live ??? (Version: 15.4.3502.0922)
Windows Live ??? (Version: 15.4.3508.1109)
Windows Live ???? (Version: 15.4.3502.0922)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR archiver
 
==================== Restore Points  =========================
 
09-06-2013 11:48:19 Windows Update
11-06-2013 17:57:31 Microsoft Antimalware Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/12/2013 08:37:01 PM) (Source: Application Error) (User: )
Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: SHELL32.dll, version: 6.1.7601.17859, time stamp: 0x4fd2dfec
Exception code: 0xc0000005
Fault offset: 0x00000000000eecf0
Faulting process id: 0x1a28
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
 
Error: (06/12/2013 08:27:13 PM) (Source: Application Error) (User: )
Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: SHELL32.dll, version: 6.1.7601.17859, time stamp: 0x4fd2dfec
Exception code: 0xc0000005
Fault offset: 0x00000000000eecf0
Faulting process id: 0x18e0
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
 
Error: (06/12/2013 08:21:21 PM) (Source: Application Error) (User: )
Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: SHELL32.dll, version: 6.1.7601.17859, time stamp: 0x4fd2dfec
Exception code: 0xc0000005
Fault offset: 0x00000000000eecf0
Faulting process id: 0x1540
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
 
Error: (06/12/2013 08:20:35 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: SHELL32.dll, version: 6.1.7601.17859, time stamp: 0x4fd2dfec
Exception code: 0xc0000005
Fault offset: 0x00000000000eecf0
Faulting process id: 0x9e4
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (06/12/2013 07:51:28 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/12/2013 08:41:45 AM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to post message to CCC
 
Error: (06/12/2013 08:26:48 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/11/2013 11:44:25 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to post message to CCC
 
Error: (06/11/2013 11:44:25 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to post message to CCC
 
Error: (06/11/2013 11:44:25 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to post message to CCC
 
 
System errors:
=============
Error: (06/12/2013 07:50:19 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.
 
Error: (06/12/2013 07:50:04 PM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.
 
Feature: %%835
 
Error Code: 0x80004005
 
Error description: Unspecified error 
 
Reason: %%842
 
Error: (06/12/2013 07:49:45 PM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service terminated with service-specific error %%13.
 
Error: (06/12/2013 08:42:06 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (06/12/2013 08:25:23 AM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.
 
Feature: %%835
 
Error Code: 0x80004005
 
Error description: Unspecified error 
 
Reason: %%842
 
Error: (06/12/2013 08:25:08 AM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service terminated with service-specific error %%13.
 
Error: (06/11/2013 11:44:28 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (06/11/2013 11:25:11 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (06/11/2013 11:25:10 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (06/11/2013 11:25:10 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2013-04-25 21:52:15.759
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\CT_ZTEMT_U_USBSER.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-04-25 21:52:15.740
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\CT_ZTEMT_U_USBSER.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-04-25 21:52:15.719
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\CT_ZTEMT_U_USBSER.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-04-25 21:52:15.700
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\CT_ZTEMT_U_USBSER.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-04-25 21:52:15.673
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\CT_ZTEMT_U_USBSER.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-04-25 21:52:15.651
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\CT_ZTEMT_U_USBSER.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-04-25 21:52:15.627
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\CT_ZTEMT_U_USBSER.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-04-25 21:52:15.604
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\CT_ZTEMT_U_USBSER.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-04-25 21:52:15.579
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\CT_ZTEMT_U_USBSER.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-04-25 21:52:15.556
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\CT_ZTEMT_U_USBSER.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 56%
Total physical RAM: 4007.14 MB
Available physical RAM: 1734.53 MB
Total Pagefile: 8012.46 MB
Available Pagefile: 5045.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:45.66 GB) (Free:2.56 GB) NTFS (Disk=0 Partition=3)
Drive e: (New Volume) (Fixed) (Total:203.98 GB) (Free:21.43 GB) NTFS (Disk=0 Partition=4)
Drive f: (New Volume) (Fixed) (Total:203.98 GB) (Free:38.46 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: D716C4D1)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=46 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=408 GB) - (Type=OF Extended)
 
==================== End Of Log ============================


#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:16 PM

Posted 12 June 2013 - 10:28 AM

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 karthik007

karthik007
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:46 PM

Posted 13 June 2013 - 11:07 AM

Did as u had asked me to.

The following is the content of ark.txt

 

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-06-13 21:33:39
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.MC00 465.76GB
Running: zkhl2hr6.exe; Driver: C:\Users\Aadi\AppData\Local\Temp\kxliypod.sys
 
 
---- Threads - GMER 2.1 ----
 
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [2808:1660]                                   000007fefb3c2a7c
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [2808:2860]                                   000007fef58fd618
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [2808:2464]                                   000007fefa795124
 
---- Registry - GMER 2.1 ----
 
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78b00e76                      
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78c716a8                      
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78c716a8@00247e850387         0x6B 0xFE 0x4D 0xB4 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78c716a8@402ba13c132d         0xD0 0xFC 0x2C 0x22 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78c716a8@d488903dcadc         0x2F 0x03 0x2A 0xEC ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78c716a8@d0c1b1441ea5         0x42 0x8C 0xF0 0xA1 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78c716a8@0021fcc1f60a         0x1C 0x79 0x89 0x4C ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78c716a8@0026cc05e2c7         0x5E 0x56 0x4E 0x96 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78c716a8@b8f9342e0182         0xC6 0x7A 0xE8 0x7B ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78c716a8@945103ca757e         0xAF 0x32 0x14 0x36 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78c716a8@ec9b5b57d24f         0x01 0x71 0xA8 0x32 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78c716a8@44f459e642ef         0xB7 0x70 0x8D 0x74 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78c716a8@f49f5474d5a3         0x6A 0xFE 0xEE 0x9A ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78c716a8@04180f79a64a         0xDC 0x00 0xD9 0xD7 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78c716a8@ac7289d157b2         0x4B 0x04 0xD9 0x86 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78c716a8@1c659d5166a4         0x30 0x1F 0x11 0x1E ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78c716a8@74f06ddfdf0a         0x97 0x96 0x94 0xEC ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78c716a8@d051625a03fb         0xC9 0x80 0x9C 0x50 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78c716a8@3cf72aa6f462         0x4B 0xC1 0x32 0xB9 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78c716a8@6036dd61a462         0x6C 0x89 0xB0 0xD4 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78c716a8@84a6c824845b         0x66 0x33 0xFC 0xDB ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\VSNService@Start                                          2
Reg     HKLM\SYSTEM\CurrentControlSet\services\VSNService                                                
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78b00e76 (not active ControlSet)  
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78c716a8 (not active ControlSet)  
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78c716a8@00247e850387             0x6B 0xFE 0x4D 0xB4 ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78c716a8@402ba13c132d             0xD0 0xFC 0x2C 0x22 ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78c716a8@d488903dcadc             0x2F 0x03 0x2A 0xEC ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78c716a8@d0c1b1441ea5             0x42 0x8C 0xF0 0xA1 ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78c716a8@0021fcc1f60a             0x1C 0x79 0x89 0x4C ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78c716a8@0026cc05e2c7             0x5E 0x56 0x4E 0x96 ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78c716a8@b8f9342e0182             0xC6 0x7A 0xE8 0x7B ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78c716a8@945103ca757e             0xAF 0x32 0x14 0x36 ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78c716a8@ec9b5b57d24f             0x01 0x71 0xA8 0x32 ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78c716a8@44f459e642ef             0xB7 0x70 0x8D 0x74 ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78c716a8@f49f5474d5a3             0x6A 0xFE 0xEE 0x9A ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78c716a8@04180f79a64a             0xDC 0x00 0xD9 0xD7 ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78c716a8@ac7289d157b2             0x4B 0x04 0xD9 0x86 ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78c716a8@1c659d5166a4             0x30 0x1F 0x11 0x1E ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78c716a8@74f06ddfdf0a             0x97 0x96 0x94 0xEC ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78c716a8@d051625a03fb             0xC9 0x80 0x9C 0x50 ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78c716a8@3cf72aa6f462             0x4B 0xC1 0x32 0xB9 ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78c716a8@6036dd61a462             0x6C 0x89 0xB0 0xD4 ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78c716a8@84a6c824845b             0x66 0x33 0xFC 0xDB ...
 
---- Disk sectors - GMER 2.1 ----
 
Disk    \Device\Harddisk0\DR0                                                                            unknown MBR code
 
---- EOF - GMER 2.1 ----


#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:16 PM

Posted 14 June 2013 - 01:44 AM

Fix with FRST

  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
  • Save it to the same direction as frst.exe (or frst64.exe) as fixlist.txt.

    HKCU\...\Run: [6c4] C:\Users\Aadi\AppData\Roaming\7a5\6c4.js [46698 2013-06-12] ()
    
    MountPoints2: {0eae6fc7-110d-11e2-850c-f0bf9767f9c6} - I:\Startme.exe
    MountPoints2: {32ca8953-7020-11e1-9a98-f0bf9767f9c6} - G:\Startme.exe
    MountPoints2: {36a913a7-be77-11e2-8281-f0bf9767f9c6} - H:\setup_vmb_lite.exe /checkApplicationPresence
    MountPoints2: {3caf5e16-2508-11e2-ba9d-f0bf9767f9c6} - H:\unlock.exe autoplay=true
    MountPoints2: {43be80ef-dd3c-11e1-94f0-f0bf9767f9c6} - Iomega Encryption Utility.exe
    MountPoints2: {559ef7f8-7f68-11e2-80e8-806e6f6e6963} - I:\AutoRun.exe
    MountPoints2: {56a999d1-7f54-11e2-8282-f0bf9767f9c6} - H:\AutoRun.exe
    MountPoints2: {6615dd70-8bf7-11e2-b1ba-ccaf78c716a8} - H:\AutoRun.exe
    MountPoints2: {696fc432-8e25-11e1-a7e9-f0bf9767f9c6} - G:\AutoRun.exe
    MountPoints2: {696fc440-8e25-11e1-a7e9-f0bf9767f9c6} - G:\AutoRun.exe
    MountPoints2: {91a3bc36-377d-11e1-8c81-f0bf9767f9c6} - G:\setup.exe
    MountPoints2: {aa8a28f2-acd6-11e2-94e5-f0bf9767f9c6} - H:\.\autorun.exe
    MountPoints2: {bfa51cf0-18d2-11e2-b007-f0bf9767f9c6} - H:\Setup.exe /Auto
    MountPoints2: {c8652ebb-1862-11e2-a2d4-f0bf9767f9c6} - I:\AutoRun.exe
    MountPoints2: {c8652ec6-1862-11e2-a2d4-f0bf9767f9c6} - H:\AutoRun.exe
    MountPoints2: {e26bb689-a6b7-11e2-a6d7-f0bf9767f9c6} - H:\AutoRun.exe
    MountPoints2: {e26bb6ad-a6b7-11e2-a6d7-f0bf9767f9c6} - H:\AutoRun.exe
    MountPoints2: {e7457c56-be28-11e2-b882-f0bf9767f9c6} - H:\setup_vmb_lite.exe /checkApplicationPresence
    MountPoints2: {e7457c5d-be28-11e2-b882-f0bf9767f9c6} - H:\setup_vmb_lite.exe /checkApplicationPresence
    MountPoints2: {f076daa7-22c9-11e2-b865-f0bf9767f9c6} - I:\unlock.exe autoplay=true
    MountPoints2: {f7581a05-8ed2-11e1-bc92-f0bf9767f9c6} - G:\AutoRun.exe
    MountPoints2: {f7581a3d-8ed2-11e1-bc92-f0bf9767f9c6} - G:\AutoRun.exe
    MountPoints2: {fa05da09-8bf5-11e2-aa51-f0bf9767f9c6} - H:\AutoRun.exe
    
    C:\Users\Aadi\AppData\Roaming\7a5
     
     
    
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 karthik007

karthik007
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:46 PM

Posted 14 June 2013 - 10:09 AM

well, i could understand that u wanted me to save fixlist.txt in the same directory as FRST.txt;
Then, once i started Farbar, a message opened up saying that FRST64.exe was outdated and i should update to a more recent one.I cancelled the update and continued with the original version i had.

 

fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-06-2013 03
Ran by Aadi at 2013-06-14 20:36:42 Run:1
Running from C:\Users\Aadi\Downloads
Boot Mode: Normal
==============================================
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\6c4 => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eae6fc7-110d-11e2-850c-f0bf9767f9c6} => Key deleted successfully.
HKCR\CLSID\{0eae6fc7-110d-11e2-850c-f0bf9767f9c6} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32ca8953-7020-11e1-9a98-f0bf9767f9c6} => Key deleted successfully.
HKCR\CLSID\{32ca8953-7020-11e1-9a98-f0bf9767f9c6} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{36a913a7-be77-11e2-8281-f0bf9767f9c6} => Key deleted successfully.
HKCR\CLSID\{36a913a7-be77-11e2-8281-f0bf9767f9c6} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3caf5e16-2508-11e2-ba9d-f0bf9767f9c6} => Key deleted successfully.
HKCR\CLSID\{3caf5e16-2508-11e2-ba9d-f0bf9767f9c6} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43be80ef-dd3c-11e1-94f0-f0bf9767f9c6} => Key deleted successfully.
HKCR\CLSID\{43be80ef-dd3c-11e1-94f0-f0bf9767f9c6} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{559ef7f8-7f68-11e2-80e8-806e6f6e6963} => Key deleted successfully.
HKCR\CLSID\{559ef7f8-7f68-11e2-80e8-806e6f6e6963} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{56a999d1-7f54-11e2-8282-f0bf9767f9c6} => Key deleted successfully.
HKCR\CLSID\{56a999d1-7f54-11e2-8282-f0bf9767f9c6} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6615dd70-8bf7-11e2-b1ba-ccaf78c716a8} => Key deleted successfully.
HKCR\CLSID\{6615dd70-8bf7-11e2-b1ba-ccaf78c716a8} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{696fc432-8e25-11e1-a7e9-f0bf9767f9c6} => Key deleted successfully.
HKCR\CLSID\{696fc432-8e25-11e1-a7e9-f0bf9767f9c6} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{696fc440-8e25-11e1-a7e9-f0bf9767f9c6} => Key deleted successfully.
HKCR\CLSID\{696fc440-8e25-11e1-a7e9-f0bf9767f9c6} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91a3bc36-377d-11e1-8c81-f0bf9767f9c6} => Key deleted successfully.
HKCR\CLSID\{91a3bc36-377d-11e1-8c81-f0bf9767f9c6} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa8a28f2-acd6-11e2-94e5-f0bf9767f9c6} => Key deleted successfully.
HKCR\CLSID\{aa8a28f2-acd6-11e2-94e5-f0bf9767f9c6} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bfa51cf0-18d2-11e2-b007-f0bf9767f9c6} => Key deleted successfully.
HKCR\CLSID\{bfa51cf0-18d2-11e2-b007-f0bf9767f9c6} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8652ebb-1862-11e2-a2d4-f0bf9767f9c6} => Key deleted successfully.
HKCR\CLSID\{c8652ebb-1862-11e2-a2d4-f0bf9767f9c6} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8652ec6-1862-11e2-a2d4-f0bf9767f9c6} => Key deleted successfully.
HKCR\CLSID\{c8652ec6-1862-11e2-a2d4-f0bf9767f9c6} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e26bb689-a6b7-11e2-a6d7-f0bf9767f9c6} => Key deleted successfully.
HKCR\CLSID\{e26bb689-a6b7-11e2-a6d7-f0bf9767f9c6} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e26bb6ad-a6b7-11e2-a6d7-f0bf9767f9c6} => Key deleted successfully.
HKCR\CLSID\{e26bb6ad-a6b7-11e2-a6d7-f0bf9767f9c6} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7457c56-be28-11e2-b882-f0bf9767f9c6} => Key deleted successfully.
HKCR\CLSID\{e7457c56-be28-11e2-b882-f0bf9767f9c6} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7457c5d-be28-11e2-b882-f0bf9767f9c6} => Key deleted successfully.
HKCR\CLSID\{e7457c5d-be28-11e2-b882-f0bf9767f9c6} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f076daa7-22c9-11e2-b865-f0bf9767f9c6} => Key deleted successfully.
HKCR\CLSID\{f076daa7-22c9-11e2-b865-f0bf9767f9c6} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7581a05-8ed2-11e1-bc92-f0bf9767f9c6} => Key deleted successfully.
HKCR\CLSID\{f7581a05-8ed2-11e1-bc92-f0bf9767f9c6} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7581a3d-8ed2-11e1-bc92-f0bf9767f9c6} => Key deleted successfully.
HKCR\CLSID\{f7581a3d-8ed2-11e1-bc92-f0bf9767f9c6} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa05da09-8bf5-11e2-aa51-f0bf9767f9c6} => Key deleted successfully.
HKCR\CLSID\{fa05da09-8bf5-11e2-aa51-f0bf9767f9c6} => Key not found.
C:\Users\Aadi\AppData\Roaming\7a5 => Moved successfully.
 
==== End of Fixlog ====


#11 karthik007

karthik007
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:46 PM

Posted 14 June 2013 - 10:22 AM

Secondly, adhering to ur instruction i tried downloading malwarebytes-antimalware using the link u had given.But the site is under maintenance.
Nextly, i already have Malwarebytes Antimalware .I tries running it, it didn't even start.No response.



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:16 PM

Posted 15 June 2013 - 06:11 AM

Start your computer in safe mode with networking:

 

 

 

 

Combofix


Combofix should only be run when adviced by a team member!


Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 karthik007

karthik007
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:46 PM

Posted 15 June 2013 - 10:45 AM

I have Microsoft Secirity Essentials installed in my computer.I had turned on my laptpop in safe mode with networking.When i opened Combofix it informed me that Microsoft Essentials was running.I did not how to know diasble it through GUI.So i opened task Manager and disabled the service and the process.I restarted Combofix but still got the same message.But i am sure the process wasnt running.So i ignored the message and went ahead with running Combofix.Please inform if i was wrong.The log generated is posted below
 

ComboFix 13-06-13.01 - Aadi 15-06-2013  20:59:24.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.91.1033.18.4007.3268 [GMT 5.5:30]
Running from: c:\users\Aadi\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\AMMYY
c:\programdata\AMMYY\hr
c:\programdata\AMMYY\hr3
c:\programdata\AMMYY\settings3.bin
c:\users\Aadi\AppData\Roaming\7a5
c:\users\Aadi\AppData\Roaming\7a5\6c4.js
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-15 to 2013-06-15  )))))))))))))))))))))))))))))))
.
.
2013-06-15 15:35 . 2013-06-15 15:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-15 15:03 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AB683588-0AD1-42AF-9A34-6CBDF507E738}\mpengine.dll
2013-06-15 14:52 . 2013-06-15 15:04 47516 ----a-w- c:\users\Aadi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\39.js
2013-06-12 15:09 . 2013-06-12 15:09 -------- d-----w- C:\FRST
2013-05-28 13:35 . 2013-05-28 13:35 -------- d-----w- c:\program files (x86)\Sony Mobile
2013-05-28 13:11 . 2013-05-28 13:11 4167680 ----a-w- c:\program files (x86)\GUTA308.tmp
2013-05-28 13:11 . 2013-05-28 13:11 -------- d-----w- c:\program files (x86)\GUMA307.tmp
2013-05-16 22:37 . 2013-05-16 22:37 -------- d-----w- c:\users\Aadi\AppData\Roaming\FLEXnet
2013-05-16 20:42 . 2013-05-16 20:42 -------- d-----w- c:\users\Aadi\AppData\Local\{B9614B49-C7A3-4D75-A779-03E5B77C119F}
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-28 17:40 . 2010-06-24 18:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-13 06:37 . 2012-03-18 10:53 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-10 12:25 . 2013-05-10 12:25 4167680 ----a-w- c:\program files (x86)\GUTC4EB.tmp
2013-05-02 15:29 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-20 09:22 . 2013-04-20 09:22 194 ----a-w- c:\windows\SysWow64\RBDELDRV.BAT
2013-04-16 17:09 . 2012-04-24 15:55 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2013-04-16 17:09 . 2012-04-24 15:55 1490656 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2013-04-04 09:20 . 2013-04-20 08:16 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-20 14:32 . 2013-03-20 14:32 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-20 14:32 . 2011-08-08 08:09 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 129272 ----a-w- c:\users\Aadi\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 129272 ----a-w- c:\users\Aadi\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 129272 ----a-w- c:\users\Aadi\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 129272 ----a-w- c:\users\Aadi\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"6c4"="c:\users\Aadi\AppData\Roaming\7a5\6c4.js" [X]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-04-30 284440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-30 336384]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-05-02 500736]
.
c:\users\Aadi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
39.js [2013-6-15 47516]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe"
"PMBVolumeWatcher"=c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe
.
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
R2 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [x]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
R2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
R2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\System32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 bthathfax;Bluetooth Fax Modem;c:\windows\system32\DRIVERS\bthathfax.sys;c:\windows\SYSNATIVE\DRIVERS\bthathfax.sys [x]
R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [x]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
R3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys;c:\windows\SYSNATIVE\DRIVERS\massfilter.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys;c:\windows\SYSNATIVE\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [x]
R3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\DRIVERS\s1039bus.sys;c:\windows\SYSNATIVE\DRIVERS\s1039bus.sys [x]
R3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1039mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s1039mdfl.sys [x]
R3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1039mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s1039mdm.sys [x]
R3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1039mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s1039mgmt.sys [x]
R3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1039nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s1039nd5.sys [x]
R3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1039obex.sys;c:\windows\SYSNATIVE\DRIVERS\s1039obex.sys [x]
R3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1039unic.sys;c:\windows\SYSNATIVE\DRIVERS\s1039unic.sys [x]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
R3 vodafone_zte_cdc_acm;Vodafone Vodafone ZTE CDC-ACM driver (ZTE);c:\windows\system32\DRIVERS\vodafone_zte_cdc_acm.sys;c:\windows\SYSNATIVE\DRIVERS\vodafone_zte_cdc_acm.sys [x]
R3 vodafone_zte_cdc_ecm;vodafone_zte_cdc_ecm;c:\windows\system32\DRIVERS\vodafone_zte_cdc_ecm.sys;c:\windows\SYSNATIVE\DRIVERS\vodafone_zte_cdc_ecm.sys [x]
R3 vodafone_zte_cpo;Vodafone Vodafone ZTE Install;c:\windows\system32\DRIVERS\vodafone_zte_cpo.sys;c:\windows\SYSNATIVE\DRIVERS\vodafone_zte_cpo.sys [x]
R3 vodafone_zte_ecm_enum;Vodafone Vodafone ZTE DC Enumerator (ZTE);c:\windows\system32\DRIVERS\vodafone_zte_ecm_enum.sys;c:\windows\SYSNATIVE\DRIVERS\vodafone_zte_ecm_enum.sys [x]
R3 vodafone_zte_ecm_enum_filter;vodafone_zte_ecm_enum_filter;c:\windows\system32\DRIVERS\vodafone_zte_ecm_enum_filter.sys;c:\windows\SYSNATIVE\DRIVERS\vodafone_zte_ecm_enum_filter.sys [x]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe;c:\program files\Sony\VAIO Update Common\VUAgent.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys;c:\windows\SYSNATIVE\DRIVERS\CT_ZTEMT_U_USBSER.sys [x]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys;c:\windows\SYSNATIVE\DRIVERS\ZTEusbvoice.sys [x]
R3 ZTEusbwwan;ZTE MBN Miniport;c:\windows\system32\DRIVERS\ZTEusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ZTEusbwwan.sys [x]
R4 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
R4 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
R4 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
R4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R4 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
R4 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys;c:\windows\SYSNATIVE\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsnxc64.sys;c:\windows\SYSNATIVE\drivers\risdsnxc64.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys;c:\windows\SYSNATIVE\drivers\SFEP.sys [x]
S3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys;c:\windows\SYSNATIVE\DRIVERS\vodafone_K3805-z_dc_enum.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3625858516-2434763445-3860897287-1000Core.job
- c:\users\Aadi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-16 06:21]
.
2013-06-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3625858516-2434763445-3860897287-1000UA.job
- c:\users\Aadi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-16 06:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 162552 ----a-w- c:\users\Aadi\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 162552 ----a-w- c:\users\Aadi\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 162552 ----a-w- c:\users\Aadi\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 162552 ----a-w- c:\users\Aadi\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-15 2277992]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-27 167704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-27 416024]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-15 2277992]
"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-15 2277992]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://indiasearcher.in/r.asp#
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{109B7E55-B87F-47A9-8A45-7FD652B05C34}: NameServer = 202.148.200.3 202.148.202.4
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&_\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 &_ Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0017\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0019\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-15  21:09:21
ComboFix-quarantined-files.txt  2013-06-15 15:39
.
Pre-Run: 4,238,848,000 bytes free
Post-Run: 5,322,149,888 bytes free
.
- - End Of File - - 24200DAF661895E964E5C1555E7D0485
D41D8CD98F00B204E9800998ECF8427E


#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:16 PM

Posted 16 June 2013 - 02:53 PM

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

 

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 karthik007

karthik007
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:46 PM

Posted 17 June 2013 - 11:48 AM

I could not find the required CFScript.txt Please excuse me for my ignorance.And I downloaded Malwarebytes' Anti-Malware from the given link and i tried installing it.But there was no response.I double-clicked mbam setup.exe but there was no response.I think the virus is blocking the installation of the setup.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users