Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Pendrive in another computer shows virus


  • Please log in to reply
54 replies to this topic

#1 Newbie1011

Newbie1011

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 25 October 2013 - 06:55 AM

Hi

 

I had put my pendrive in another computer running Kaspersky antivirus to transfer some files

That computer said that my pendrive contains rootkit viruses

I did not get details of the suspected viruses as the pendrive was removed immediately

 

Please advise how to proceed

 

Thanks for helping

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16720  BrowserJavaVersion: 10.45.2
Run by Shravan at 17:18:34 on 2013-10-25
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8190.6003 [GMT 5.5:30]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\SysWOW64\AstSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\Shravan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Users\Shravan\AppData\Local\Viber\Viber.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://netbanking.hdfcbank.com/netbanking/
mWinlogon: Userinit = userinit.exe
BHO: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [SkyDrive] "C:\Users\Shravan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [Viber] "C:\Users\Shravan\AppData\Local\Viber\Viber.exe" StartMinimized
uRun: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: Interfaces\{2BE50405-7707-4913-8488-C5774ABE191E} : NameServer = 125.22.47.125,202.56.250.5
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Shravan\AppData\Roaming\Mozilla\Firefox\Profiles\d46u3ncj.default-1376014017535\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: 2013-10-25 10:55; iobitapps@mybrowserbar.com; C:\Program Files (x86)\IObit Apps Toolbar\FF
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-20 28600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-20 240640]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-11-28 440392]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-11-28 440392]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 Ast Service;Ast Service;C:\Windows\System32\\AstSrv.exe --> C:\Windows\System32\\AstSrv.exe [?]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-20 105856]
R2 KSS;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-12-7 202328]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-11-28 5087584]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-1-22 77824]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-1-22 180224]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-3-17 401696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-11-27 46136]
S3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2013-8-7 44928]
S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2013-1-31 28160]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-5-20 36720]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-28 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-28 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-28 1255736]
.
=============== Created Last 30 ================
.
2013-10-25 00:44:04 -------- d-----w- C:\ProgramData\Kaspersky Lab
2013-10-25 00:44:04 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2013-10-24 10:57:27 -------- d-----w- C:\Program Files (x86)\ESET
2013-10-24 00:39:19 -------- d-----w- C:\Users\Shravan\AppData\Roaming\Malwarebytes
2013-10-24 00:38:56 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-10-24 00:38:56 -------- d-----w- C:\ProgramData\Malwarebytes
2013-10-24 00:38:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-20 00:27:31 9728 ----a-w- C:\ExcelLogin.exe
2013-10-20 00:27:31 60273 ----a-w- C:\pthreadGC2.dll
2013-10-20 00:27:31 60273 ----a-w- C:\pthread.dll
2013-10-20 00:27:31 116907 ----a-w- C:\asc2ms.exe
2013-10-20 00:27:31 -------- d-----w- C:\sharekhan
2013-10-20 00:27:31 -------- d-----w- C:\odin
2013-10-20 00:27:31 -------- d-----w- C:\nest-now
2013-10-20 00:27:31 -------- d-----w- C:\myshubhalabha
2013-10-16 00:41:51 -------- d-----w- C:\ProgramData\Oracle
2013-10-16 00:41:32 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-11 00:17:14 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2013-10-10 11:58:13 327168 ----a-w- C:\Windows\IsUninst.exe
2013-10-10 11:56:53 -------- d-----w- C:\MS11
2013-10-09 02:40:43 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-10-09 02:38:40 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-10-09 02:38:39 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-10-09 02:38:39 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-10-09 02:38:39 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-10-09 02:38:39 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-10-09 02:38:39 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-10-09 02:38:39 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-10-09 02:38:38 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
.
==================== Find3M  ====================
.
2013-10-09 04:40:22 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 04:40:22 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-01 10:07:14 83160 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2013-10-01 10:07:14 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2013-10-01 10:07:14 105856 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 17:19:21.38 ===============
 
 
 


BC AdBot (Login to Remove)

 


#2 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:11:02 PM

Posted 26 October 2013 - 11:18 PM

:welcome:   to BC forums!

Please do the following...

 

:step1:  To stop the Autorun feature, download and run the following:

Microsoft Fix It 50471:

http://support.microsoft.com/kb/967715

 

Scroll down to: How to disable or enable all Autorun features in Windows 7 and other operating systems

Click Run in the File Download dialog box, and follow the steps of the wizard.

 

Note: There is an option to enable Autorun automatically. You can do so later, if you wish.

Reboot the system after applying the Microsoft FixIt.

 

 

:step2:  Please click on the Windows 7 Start button and then on Control Panel

In Control Panel, select the Folder Options link.

Click on the View tab in the Folder Options window.

In the Advanced settings area, locate the Hidden files and folders category.

Check: Show hidden files, folders, and drives

Uncheck: Hide protected operating system files (Recommended)

Click Apply and OK at the bottom of the Folder Options window.

 

 

:step3:  Next, download UsbFix:

http://www.usbfix.net/

Press the green Download button.

Save to the Desktop.

 

In the next step, a window requesting the connection of removable drives appears. Please connect the problem USB drive when requested!

 

Right-click the downloaded USBFix file and select: Run as Administrator

Press: Research

This option scans the connected drives, and reports its infected Files and Folders

When done, the program closes on its own, and a report appears.

(The report file is also found at C:\UsbFix.txt)

 

>> Please post the UsbFix.txt (Research) report in your reply.

 

 

:step4:  Once again, run USBFix as Administrator, but, this time, press: Listing

It creates a report of all the Folders and Files found at the root of every hard drive, partition, or removable drive connected.

 

>> Also post the UsbFix.txt (Listing) report in your reply.

 

Note 1: If USBFix does not run in normal Windows, please run in Safe Mode:

Restart your computer.

When the computer starts, tap the F8 key on the keyboard repeatedly until presented with the Advanced Boot Options menu

Using the arrow keys, select: Safe Mode

Press the Enter key on your keyboard to boot into the selected mode.

 

Note 2: If your AntiVirus program detects USB as malware, either let the AV program allow USBFix to run, or, temporarily disable your AntiVirus program:

Info - http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

When done with USBFix, re-enable your AV program.

 

 

:step5:   Last, please download the Farbar Recovery Scan Tool

Download: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

Select the version that applies to your system.

Save it to your Desktop.

Double-click the downloaded file to run it.

When the tool opens click Yes to the disclaimer.

 

Press the Scan button.

 

The tool makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).

>> Please provide the FRST.txt in your reply.

 

The first time the tool is run, it also makes another log: Addition.txt

>> Also post the Addition.txt in your reply.

 

 

 


Edited by Aaflac, 26 October 2013 - 11:22 PM.

Old duck...


#3 Newbie1011

Newbie1011
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 26 October 2013 - 11:52 PM

############################## | UsbFix V 7.145 | [Research]
 
User: Shravan (Administrator) # SHRAVAN-PC
Updated 17/10/2013 by El Desaparecido - Team SosVirus
Started at 10:07:51 | 27/10/2013
 
 
PC: ASUSTeK Computer INC. (Crosshair IV Formula)
CPU: AMD Athlon™ II X4 620 Processor
RAM -> [Total : 8190 | Free : 6206]
Bios: American Megatrends Inc.
Boot: Normal boot
 
OS: Microsoft Windows 7 Ultimate  (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16721
 
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Avira Desktop [Enabled | Updated]
FW: Windows FireWall Service [Enabled]
 
C:\ (%systemdrive%) -> Fixed drive # 270 Gb (198 Mb free - 73%) [New Volume] # NTFS
D:\ -> Fixed drive # 195 Gb (187 Mb free - 96%) [New Volume] # NTFS
F:\ -> Fixed drive # 233 Gb (89 Mb free - 38%) [New Volume] # NTFS
 
################## | Active Processes |
 
C:\Windows\system32\csrss.exe (ID 388 |ParentID 380)
C:\Windows\system32\wininit.exe (ID 460 |ParentID 380)
C:\Windows\system32\csrss.exe (ID 496 |ParentID 476)
C:\Windows\system32\services.exe (ID 520 |ParentID 460)
C:\Windows\system32\lsass.exe (ID 540 |ParentID 460)
C:\Windows\system32\lsm.exe (ID 548 |ParentID 460)
C:\Windows\system32\winlogon.exe (ID 624 |ParentID 476)
C:\Windows\system32\svchost.exe (ID 704 |ParentID 520)
C:\Windows\system32\svchost.exe (ID 792 |ParentID 520)
C:\Windows\system32\atiesrxx.exe (ID 852 |ParentID 520)
C:\Windows\System32\svchost.exe (ID 920 |ParentID 520)
C:\Windows\System32\svchost.exe (ID 964 |ParentID 520)
C:\Windows\system32\svchost.exe (ID 1008 |ParentID 520)
C:\Windows\system32\svchost.exe (ID 264 |ParentID 520)
C:\Windows\system32\svchost.exe (ID 808 |ParentID 520)
C:\Windows\system32\atieclxx.exe (ID 1072 |ParentID 852)
C:\Windows\system32\svchost.exe (ID 1116 |ParentID 520)
C:\Windows\System32\spoolsv.exe (ID 1272 |ParentID 520)
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (ID 1304 |ParentID 520)
C:\Windows\system32\svchost.exe (ID 1364 |ParentID 520)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID 1440 |ParentID 520)
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (ID 1484 |ParentID 520)
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (ID 1512 |ParentID 520)
C:\Windows\SysWOW64\AstSrv.exe (ID 1540 |ParentID 520)
C:\Windows\system32\svchost.exe (ID 1584 |ParentID 520)
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (ID 1676 |ParentID 520)
C:\Windows\system32\taskhost.exe (ID 1724 |ParentID 520)
C:\Windows\system32\Dwm.exe (ID 1796 |ParentID 964)
C:\Windows\Explorer.EXE (ID 1820 |ParentID 1764)
C:\Program Files\Microsoft LifeCam\MSCamS64.exe (ID 1340 |ParentID 520)
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (ID 2080 |ParentID 520)
C:\Program Files (x86)\Google\Drive\googledrivesync.exe (ID 2168 |ParentID 1820)
C:\Users\Shravan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (ID 2176 |ParentID 1820)
C:\Users\Shravan\AppData\Local\Viber\Viber.exe (ID 2188 |ParentID 1820)
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (ID 2248 |ParentID 2204)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 2268 |ParentID 1820)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID 2284 |ParentID 2204)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID 2412 |ParentID 520)
C:\Program Files (x86)\Google\Drive\googledrivesync.exe (ID 2488 |ParentID 2168)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID 2524 |ParentID 2412)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 2796 |ParentID 2268)
C:\Windows\system32\wbem\wmiprvse.exe (ID 2948 |ParentID 704)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 2132 |ParentID 2268)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 2332 |ParentID 2268)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 1592 |ParentID 2268)
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (ID 3940 |ParentID 1512)
C:\Windows\sysWOW64\wbem\wmiprvse.exe (ID 4044 |ParentID 704)
C:\Windows\system32\SearchIndexer.exe (ID 3912 |ParentID 520)
C:\Windows\system32\svchost.exe (ID 2912 |ParentID 520)
C:\Windows\system32\wbem\wmiprvse.exe (ID 2328 |ParentID 704)
C:\Windows\system32\sppsvc.exe (ID 2432 |ParentID 520)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID 3996 |ParentID 520)
C:\UsbFix\Go.exe (ID 4380 |ParentID 4320)
C:\Windows\system32\wbem\WmiApSrv.exe (ID 4564 |ParentID 520)
C:\Windows\system32\SearchProtocolHost.exe (ID 4848 |ParentID 3912)
C:\Windows\system32\SearchFilterHost.exe (ID 4868 |ParentID 3912)
C:\Windows\system32\SearchProtocolHost.exe (ID 4912 |ParentID 3912)
 
################## | Regedit Run |
 
HKLM\SOFTWARE | Run : [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE\wow6432Node | Run : [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | RunOnce : [] - 
HKLM\SOFTWARE\wow6432Node | RunOnce : [] - 
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-950273752-2326613030-74709175-1000\SOFTWARE | Run : [GoogleDriveSync] - "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-950273752-2326613030-74709175-1000\SOFTWARE | Run : [SkyDrive] - "C:\Users\Shravan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
HKU\S-1-5-21-950273752-2326613030-74709175-1000\SOFTWARE | Run : [Viber] - "C:\Users\Shravan\AppData\Local\Viber\Viber.exe" StartMinimized
HKU\S-1-5-21-950273752-2326613030-74709175-1000\SOFTWARE | Run : [KSS] - "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
 
################## | Files # Infected Folders |
 
 
################## | Registry |
 
 
 
################## | Vaccin |
 
(!) This computer is not vaccinated!
 
################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |
 
############################## | UsbFix V 7.145 | [Listing]
 
User: Shravan (Administrator) # SHRAVAN-PC
Updated 17/10/2013 by El Desaparecido - Team SosVirus
Started at 10:14:46 | 27/10/2013
 
 
PC: ASUSTeK Computer INC. (Crosshair IV Formula)
CPU: AMD Athlon™ II X4 620 Processor
RAM -> [Total : 8190 | Free : 5984]
Bios: American Megatrends Inc.
Boot: Normal boot
 
OS: Microsoft Windows 7 Ultimate  (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16721
 
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Avira Desktop [Enabled | Updated]
FW: Windows FireWall Service [Enabled]
 
C:\ (%systemdrive%) -> Fixed drive # 270 Gb (198 Mb free - 73%) [New Volume] # NTFS
D:\ -> Fixed drive # 195 Gb (187 Mb free - 96%) [New Volume] # NTFS
E:\ -> Removable drive # 952 Mb (950 Mb free - 100%) [KINGSTON] # FAT32
F:\ -> Fixed drive # 233 Gb (89 Mb free - 38%) [New Volume] # NTFS
 
################## | Listing |
 
[01/03/2013 - 05:00:33 | SHD ] C:\$Recycle.Bin
[03/05/2013 - 13:47:24 | D ] C:\ACCOUNTING 2000
[03/01/2009 - 05:29:12 | A | 238060032] C:\Age Of Empires 2 & The Conquerors Expansion - Full Game - [HUSSEY].rar
[25/03/2012 - 04:53:50 | D ] C:\AMD
[20/10/2013 - 05:56:11 | A | 116907] C:\asc2ms.exe
[11/10/2013 - 06:26:33 | A | 0] C:\asc_rdflag
[27/11/2012 - 22:04:04 | A | 178] C:\bberror1.sbl
[07/10/2012 - 07:34:21 | D ] C:\BS1sb20122
[19/06/2013 - 15:35:41 | D ] C:\data
[14/07/2009 - 10:38:56 | SHD ] C:\Documents and Settings
[05/05/2012 - 15:30:26 | D ] C:\Downloads
[20/10/2013 - 05:56:08 | A | 9728] C:\ExcelLogin.exe
[27/10/2013 - 10:02:12 | ASH | 6441013248] C:\hiberfil.sys
[14/10/2013 - 07:23:50 | D ] C:\MetaStock Data
[10/10/2013 - 17:26:58 | D ] C:\MS11
[20/10/2013 - 05:57:31 | D ] C:\myshubhalabha
[20/10/2013 - 05:57:31 | D ] C:\nest-now
[24/06/2012 - 09:52:59 | D ] C:\New folder
[20/10/2013 - 05:57:31 | D ] C:\odin
[19/06/2013 - 15:37:31 | D ] C:\oraclexe
[27/10/2013 - 10:02:14 | ASH | 8588021760] C:\pagefile.sys
[28/05/2013 - 17:19:50 | D ] C:\pds
[14/07/2009 - 08:50:08 | D ] C:\PerfLogs
[27/05/2012 - 14:20:15 | D ] C:\PIB2MS
[09/08/2013 - 06:24:36 | RD ] C:\Program Files
[25/10/2013 - 06:14:04 | RD ] C:\Program Files (x86)
[25/10/2013 - 06:14:04 | HD ] C:\ProgramData
[20/10/2013 - 05:56:05 | A | 60273] C:\pthread.dll
[20/10/2013 - 05:56:07 | A | 60273] C:\pthreadGC2.dll
[27/11/2012 - 21:28:15 | SHD ] C:\Recovery
[22/03/2012 - 11:26:29 | SHD ] C:\RECYCLER
[20/10/2013 - 05:57:31 | D ] C:\sharekhan
[20/10/2013 - 05:56:10 | A | 130672] C:\sharekhantoami.xlsm
[20/10/2013 - 05:56:07 | A | 129832] C:\shubhaodin.xlsm
[18/11/2012 - 08:32:44 | D ] C:\SIERRA
[02/09/2013 - 07:24:01 | HD ] C:\SkyDriveTemp
[27/10/2013 - 10:00:52 | SHD ] C:\System Volume Information
[05/10/2012 - 21:44:45 | D ] C:\Tally
[24/06/2012 - 09:52:16 | D ] C:\Tom Clancys Rainbow Six 3 Raven Shield - FLT
[27/10/2013 - 10:14:48 | D ] C:\UsbFix
[27/10/2013 - 10:14:48 | A | 3180] C:\UsbFix [Listing 1 ] SHRAVAN-PC.txt
[27/10/2013 - 10:13:11 | A | 6972] C:\UsbFix [Scan 1] SHRAVAN-PC.txt
[27/11/2012 - 21:28:22 | RD ] C:\Users
[25/10/2013 - 06:07:19 | AD ] C:\Windows
[25/01/2013 - 17:47:09 | D ] C:\Windows.old
[01/03/2013 - 05:00:33 | SHD ] D:\$Recycle.Bin
[28/11/2012 - 10:23:11 | D ] D:\$WINDOWS.~BT
[28/11/2012 - 10:28:55 | D ] D:\$WINDOWS.~LS
[03/01/2009 - 05:29:12 | A | 238060032] D:\Age Of Empires 2 & The Conquerors Expansion - Full Game - [HUSSEY].rar
[24/06/2012 - 16:42:29 | D ] D:\Age of Empires 2 - Orginal 2.0a Update and Crack
[24/03/2012 - 17:48:38 | A | 33] D:\bberror1.sbl
[28/11/2012 - 05:00:56 | SHD ] D:\Boot
[20/11/2010 - 18:10:07 | RASH | 383786] D:\bootmgr
[28/11/2012 - 10:38:11 | RASH | 8192] D:\BOOTSECT.BAK
[12/08/2013 - 09:41:00 | SHD ] D:\Config.Msi
[14/07/2009 - 10:38:56 | SHD ] D:\Documents and Settings
[14/07/2009 - 08:50:08 | D ] D:\PerfLogs
[14/07/2009 - 13:16:55 | RD ] D:\Program Files
[14/07/2009 - 10:27:06 | RD ] D:\Program Files (x86)
[14/07/2009 - 10:38:56 | HD ] D:\ProgramData
[22/03/2012 - 11:26:29 | SHD ] D:\RECYCLER
[17/03/2013 - 19:34:48 | SHD ] D:\System Volume Information
[29/10/2012 - 06:09:05 | D ] D:\Temp
[14/07/2009 - 10:38:59 | RD ] D:\Users
[28/11/2012 - 10:29:06 | D ] D:\Windows
[28/11/2012 - 10:23:11 | ASH | 536870912] D:\WinPEpge.sys
[28/08/2013 - 06:12:48 | D ] E:\Printing due
[27/06/2002 - 00:02:32 | RSHD ] E:\balerina
[22/10/2013 - 16:04:08 | A | 28672] E:\Dandiya Nite notice.doc
[30/06/2012 - 14:36:28 | RSHD ] E:\obala_je_stvarno
[27/08/2013 - 06:19:52 | A | 154942] E:\13027755077-ALTxxxxx9M-G4.pdf
[27/08/2013 - 06:57:52 | A | 154868] E:\13027783358-APZxxxxx1A-G4.pdf
[27/08/2013 - 06:58:44 | A | 154905] E:\13027783359-AAPxxxxx1D-G4.pdf
[28/08/2013 - 06:12:18 | A | 154200] E:\13027783646-AFNxxxxx0D-G4.pdf
[21/08/2013 - 15:27:08 | A | 48515] E:\MRS NEERJA KEYAL 2013-14 car insurance policy.pdf
[22/10/2013 - 13:06:22 | A | 40960] E:\Dandia Nite 3rd coupon 2013.xls
[22/10/2013 - 13:05:30 | A | 40960] E:\Dandia Nite 2nd coupon 2013.xls
[22/10/2013 - 13:01:50 | A | 40960] E:\Dandia Nite 1st coupon 2013.xls
[21/10/2013 - 06:14:39 | SHD ] F:\$RECYCLE.BIN
[30/07/2013 - 04:47:18 | D ] F:\2013 Return files
[27/10/2013 - 05:52:34 | RD ] F:\Documents
[12/03/2013 - 10:30:55 | D ] F:\email 12th march2013
[15/05/2013 - 06:37:43 | D ] F:\Email Backup 15th May 2013
[24/06/2013 - 07:02:14 | D ] F:\Email backup 24th june 2013
[29/09/2013 - 07:06:11 | D ] F:\Email backup 30th sep2013
[30/07/2013 - 04:40:25 | A | 7169665] F:\Final Uploaded returns 2013.zip
[25/05/2013 - 06:43:31 | A | 8344576] F:\HUF IT File 2012-13.xls
[29/05/2013 - 17:44:49 | A | 4883968] F:\HUF ITR 2 2013.xls
[27/10/2013 - 05:49:01 | D ] F:\HUF Scrutiny Printing papers
[27/10/2013 - 05:47:32 | D ] F:\Income Tax 2010-11 ITR-2 & 4 uploaded .xls & xml files
[27/10/2013 - 05:47:30 | D ] F:\Income Tax 2010-11 ITR-2 .xls & xml files
[29/03/2013 - 05:57:30 | A | 266752] F:\IT File-SK-2012-2013-Shares trxn.xls
[15/10/2013 - 17:29:22 | A | 248320] F:\IT File-SK-2013-2014-Shares trxn.xls
[27/10/2013 - 05:46:34 | D ] F:\IT Files 2008-2009
[27/10/2013 - 05:46:41 | D ] F:\IT Files 2009-2010
[27/10/2013 - 05:46:42 | D ] F:\IT Files 2010-11
[27/10/2013 - 05:46:42 | D ] F:\IT Files 2010-11 9th June 2011
[27/10/2013 - 05:46:47 | D ] F:\IT Files 2010-2011
[27/10/2013 - 05:46:51 | D ] F:\IT Files 2010-2011 23rd sep 2011
[07/06/2013 - 17:46:55 | D ] F:\IT Files 2011-12
[27/10/2013 - 05:46:51 | D ] F:\IT files 2012-13
[31/05/2013 - 13:38:38 | D ] F:\IT Files 2013-2014
[27/10/2013 - 05:46:51 | D ] F:\IT Papers 2007-2008
[27/10/2013 - 05:46:32 | D ] F:\IT papers-2006-2007
[11/03/2013 - 04:30:20 | RA | 528] F:\MediaID.bin
[28/05/2013 - 08:21:46 | A | 510876] F:\Neerja IT File 2012-13.xlsm
[15/06/2013 - 16:07:42 | A | 9816064] F:\Neerja ITR 4 2013.xls
[25/05/2013 - 09:58:53 | A | 4522496] F:\Rahul IT File 2012-13.xls
[03/06/2013 - 09:48:13 | A | 4892160] F:\RAHUL ITR2 2013.xls
[19/10/2013 - 18:04:24 | A | 441344] F:\Rk shares status.xls
[16/09/2013 - 10:26:36 | A | 530944] F:\Sell-Holding Chart.xls
[17/03/2013 - 19:36:43 | RD ] F:\SHRAVAN-PC
[26/05/2013 - 09:52:15 | A | 6768640] F:\SK IT File 2012-13 10am 26.12 3.5k difference.xls
[26/05/2013 - 07:51:21 | A | 6767616] F:\SK IT File 2012-13 prov 8am 26.12.xls
[29/05/2013 - 17:38:43 | A | 4888064] F:\SK ITR2 2013.xls
[17/03/2013 - 20:11:21 | SHD ] F:\System Volume Information
[15/03/2013 - 07:59:25 | D ] F:\Users
[11/03/2013 - 04:42:40 | D ] F:\WindowsImageBackup
 
################## | E.O.F |
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-10-2013 01
Ran by Shravan (administrator) on SHRAVAN-PC on 27-10-2013 10:16:19
Running from C:\Users\Shravan\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\AstSrv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Users\Shravan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
() C:\Users\Shravan\AppData\Local\Viber\Viber.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\sysWOW64\wbem\wmiprvse.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwsc.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM-x32\...\Runonce: [] -  [x]
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20133824 2013-09-25] (Google)
HKCU\...\Run: [SkyDrive] - C:\Users\Shravan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-14] (Microsoft Corporation)
HKCU\...\Run: [Viber] - C:\Users\Shravan\AppData\Local\Viber\Viber.exe [912904 2013-08-01] ()
HKCU\...\Run: [KSS] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://netbanking.hdfcbank.com/netbanking/
SearchScopes: HKCU - {5964C5B5-D9AF-42AC-80AE-45D46E05FD3B} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10549
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -  No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\..\Interfaces\{2BE50405-7707-4913-8488-C5774ABE191E}: [NameServer]125.22.47.125,202.56.250.5
 
FireFox:
========
FF ProfilePath: C:\Users\Shravan\AppData\Roaming\Mozilla\Firefox\Profiles\d46u3ncj.default-1376014017535
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
 
Chrome: 
=======
CHR HomePage: about:blank
CHR RestoreOnStartup: "hxxp://start.search.us.com/v/2/?guid={6EA72897-786B-4D97-8AFD-8DC74558B118}&serpv=5"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Extension: (Google Drive) - C:\Users\Shravan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Shravan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Shravan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Skype Click to Call) - C:\Users\Shravan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Shravan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\Shravan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440392 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 Ast Service; C:\Windows\SysWow64\\AstSrv.exe [57344 2008-01-07] (Nalpeiron Ltd.)
R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
 
==================== Drivers (Whitelisted) ====================
 
R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2012-12-27] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105856 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2012-12-27] ()
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-10-27 10:16 - 2013-10-27 10:16 - 00000000 ____D C:\FRST
2013-10-27 10:15 - 2013-10-27 10:15 - 01956160 _____ (Farbar) C:\Users\Shravan\Downloads\FRST64.exe
2013-10-27 10:15 - 2013-10-27 10:15 - 00007891 _____ C:\Users\Shravan\Desktop\UsbFix [Listing 1 ] SHRAVAN-PC.txt
2013-10-27 10:14 - 2013-10-27 10:14 - 00007891 _____ C:\UsbFix [Listing 1 ] SHRAVAN-PC.txt
2013-10-27 10:13 - 2013-10-27 10:13 - 00006972 _____ C:\Users\Shravan\Desktop\UsbFix [Scan 1] SHRAVAN-PC.txt
2013-10-27 10:13 - 2013-10-27 10:13 - 00002116 _____ C:\Users\Shravan\Desktop\SosVirus On Facebook.lnk
2013-10-27 10:13 - 2013-10-27 10:13 - 00002108 _____ C:\Users\Shravan\Desktop\UsbFix Faire un Don.lnk
2013-10-27 10:13 - 2013-10-27 10:13 - 00002092 _____ C:\Users\Shravan\Desktop\SosVirus Forum.lnk
2013-10-27 10:07 - 2013-10-27 10:13 - 00006972 _____ C:\UsbFix [Scan 1] SHRAVAN-PC.txt
2013-10-27 10:06 - 2013-10-27 10:14 - 00000000 ____D C:\UsbFix
2013-10-27 10:06 - 2013-10-27 10:06 - 01542361 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\Shravan\Downloads\UsbFix.exe
2013-10-27 10:00 - 2013-10-27 10:00 - 00655360 _____ C:\Users\Shravan\Downloads\MicrosoftFixit50471.msi
2013-10-25 17:28 - 2013-10-25 17:28 - 00278018 _____ C:\Users\Shravan\Downloads\fo25OCT2013bhav.csv.zip
2013-10-25 17:19 - 2013-10-25 17:19 - 00016512 _____ C:\Users\Shravan\Desktop\dds.txt
2013-10-25 17:19 - 2013-10-25 17:19 - 00007546 _____ C:\Users\Shravan\Desktop\attach.txt
2013-10-25 17:18 - 2013-10-25 17:18 - 00688992 ____R (Swearware) C:\Users\Shravan\Downloads\dds.com
2013-10-25 07:04 - 2013-10-25 07:04 - 00024576 _____ C:\Users\Shravan\Downloads\fii_stats_24-Oct-2013.xls
2013-10-25 06:14 - 2013-10-25 06:14 - 00001087 _____ C:\Users\Shravan\Desktop\Kaspersky Security Scan.lnk
2013-10-25 06:14 - 2013-10-25 06:14 - 00000000 ____D C:\Users\Shravan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2013-10-25 06:14 - 2013-10-25 06:14 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-10-25 06:14 - 2013-10-25 06:14 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-10-25 06:09 - 2013-10-25 06:09 - 00185256 _____ (Лаборатория Касперского) C:\Users\Shravan\Downloads\kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_4300.exe
2013-10-25 06:07 - 2013-10-27 10:02 - 00000448 _____ C:\Windows\setupact.log
2013-10-25 06:07 - 2013-10-25 06:07 - 00002026 _____ C:\Windows\PFRO.log
2013-10-25 06:07 - 2013-10-25 06:07 - 00000000 _____ C:\Windows\setuperr.log
2013-10-25 05:05 - 2013-10-25 05:05 - 00760937 _____ (Farbar) C:\Users\Shravan\Downloads\MiniToolBox (1).exe
2013-10-24 17:53 - 2013-10-24 17:53 - 00278611 _____ C:\Users\Shravan\Downloads\fo24OCT2013bhav.csv.zip
2013-10-24 16:27 - 2013-10-24 16:27 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-24 16:23 - 2013-10-24 16:24 - 00002966 _____ C:\Users\Shravan\Desktop\Rkill.txt
2013-10-24 16:23 - 2013-10-24 16:23 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Shravan\Downloads\rkill.exe
2013-10-24 16:23 - 2013-10-24 16:23 - 00000000 ____D C:\Users\Shravan\Desktop\rkill
2013-10-24 06:47 - 2013-10-24 06:47 - 00024576 _____ C:\Users\Shravan\Downloads\fii_stats_23-Oct-2013.xls
2013-10-24 06:09 - 2013-10-24 06:09 - 00000000 ____D C:\Users\Shravan\AppData\Roaming\Malwarebytes
2013-10-24 06:08 - 2013-10-24 06:08 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-24 06:08 - 2013-10-24 06:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-24 06:08 - 2013-10-24 06:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-24 06:08 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-24 06:07 - 2013-10-24 06:08 - 10284816 _____ (Malwarebytes Corporation                                    ) C:\Users\Shravan\Downloads\mbam-setup.exe
2013-10-24 06:06 - 2013-10-25 05:07 - 00023070 _____ C:\Users\Shravan\Downloads\Result.txt
2013-10-24 06:05 - 2013-10-24 06:05 - 00760937 _____ (Farbar) C:\Users\Shravan\Downloads\MiniToolBox.exe
2013-10-24 06:02 - 2013-10-24 06:02 - 00891167 _____ C:\Users\Shravan\Downloads\SecurityCheck.exe
2013-10-23 17:59 - 2013-10-23 17:59 - 00277176 _____ C:\Users\Shravan\Downloads\fo23OCT2013bhav.csv.zip
2013-10-23 07:28 - 2013-10-23 07:28 - 00024576 _____ C:\Users\Shravan\Downloads\fii_stats_22-Oct-2013.xls
2013-10-23 05:54 - 2013-10-24 06:16 - 00000000 ____D C:\Users\Shravan\Desktop\Bleeping computer
2013-10-23 05:54 - 2013-10-23 05:55 - 04745728 _____ (AVAST Software) C:\Users\Shravan\Downloads\aswmbr.exe
2013-10-23 05:52 - 2013-10-23 05:52 - 00688992 ____R (Swearware) C:\Users\Shravan\Downloads\dds.scr
2013-10-22 17:24 - 2013-10-22 17:24 - 00274596 _____ C:\Users\Shravan\Downloads\fo22OCT2013bhav.csv.zip
2013-10-22 10:26 - 2013-10-22 10:26 - 00893799 _____ C:\Users\Shravan\Desktop\scan0026.tif
2013-10-22 10:26 - 2013-10-22 10:26 - 00826562 _____ C:\Users\Shravan\Desktop\scan0025.tif
2013-10-22 06:55 - 2013-10-22 06:55 - 00024576 _____ C:\Users\Shravan\Downloads\fii_stats_21-Oct-2013.xls
2013-10-21 17:09 - 2013-10-21 17:09 - 00273826 _____ C:\Users\Shravan\Downloads\fo21OCT2013bhav.csv.zip
2013-10-20 17:58 - 2013-10-20 17:58 - 00017386 _____ C:\Users\Shravan\Downloads\19-06-2013-TO-20-10-2013NTPCALLN.csv
2013-10-20 10:25 - 2013-10-20 10:25 - 00000000 ____D C:\Users\Default\AppData\Roaming\IObit
2013-10-20 10:25 - 2013-10-20 10:25 - 00000000 ____D C:\Users\Default User\AppData\Roaming\IObit
2013-10-20 05:57 - 2013-10-20 05:57 - 00000000 ____D C:\sharekhan
2013-10-20 05:57 - 2013-10-20 05:57 - 00000000 ____D C:\odin
2013-10-20 05:57 - 2013-10-20 05:57 - 00000000 ____D C:\nest-now
2013-10-20 05:57 - 2013-10-20 05:57 - 00000000 ____D C:\myshubhalabha
2013-10-20 05:57 - 2013-10-20 05:56 - 00130672 _____ C:\sharekhantoami.xlsm
2013-10-20 05:57 - 2013-10-20 05:56 - 00129832 _____ C:\shubhaodin.xlsm
2013-10-20 05:57 - 2013-10-20 05:56 - 00116907 _____ C:\asc2ms.exe
2013-10-20 05:57 - 2013-10-20 05:56 - 00060273 _____ (Open Source Software community project) C:\pthreadGC2.dll
2013-10-20 05:57 - 2013-10-20 05:56 - 00060273 _____ (Open Source Software community project) C:\pthread.dll
2013-10-20 05:57 - 2013-10-20 05:56 - 00009728 _____ (mk) C:\ExcelLogin.exe
2013-10-20 05:56 - 2013-10-20 05:56 - 00000000 ____D C:\Users\Shravan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\shubhalabha
2013-10-20 05:55 - 2013-10-20 05:55 - 00429488 _____ () C:\Users\Shravan\Downloads\setup (1).exe
2013-10-19 07:01 - 2013-10-19 07:01 - 00024576 _____ C:\Users\Shravan\Downloads\fii_stats_18-Oct-2013.xls
2013-10-18 17:06 - 2013-10-18 17:06 - 00271754 _____ C:\Users\Shravan\Downloads\fo18OCT2013bhav.csv.zip
2013-10-18 16:29 - 2013-10-18 16:29 - 00024659 _____ C:\Users\Shravan\Downloads\FOSett_prce_18102013.csv
2013-10-18 15:56 - 2013-10-18 15:56 - 00106918 _____ C:\Users\Shravan\Downloads\19-10-2011-TO-17-10-2013ASIANPAINTALLN.csv
2013-10-18 07:07 - 2013-10-18 07:07 - 00024576 _____ C:\Users\Shravan\Downloads\fii_stats_17-Oct-2013.xls
2013-10-17 16:57 - 2013-10-17 16:57 - 00271067 _____ C:\Users\Shravan\Downloads\fo17OCT2013bhav.csv.zip
2013-10-16 07:29 - 2013-10-16 07:29 - 00024576 _____ C:\Users\Shravan\Downloads\fii_stats_15-Oct-2013.xls
2013-10-16 06:13 - 2013-10-16 06:13 - 00000000 ____D C:\Users\Shravan\AppData\Roaming\Oracle
2013-10-16 06:11 - 2013-10-16 06:11 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-16 06:11 - 2013-10-16 06:11 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-16 06:11 - 2013-10-16 06:11 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-16 06:11 - 2013-10-16 06:11 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-16 06:11 - 2013-10-16 06:11 - 00000000 ____D C:\ProgramData\Oracle
2013-10-15 17:02 - 2013-10-15 17:02 - 00272150 _____ C:\Users\Shravan\Downloads\fo15OCT2013bhav.csv.zip
2013-10-15 07:20 - 2013-10-15 07:20 - 00024576 _____ C:\Users\Shravan\Downloads\fii_stats_14-Oct-2013.xls
2013-10-14 17:06 - 2013-10-14 17:06 - 00289024 _____ C:\Users\Shravan\Downloads\fo26SEP2013bhav.csv.zip
2013-10-14 17:00 - 2013-10-14 17:01 - 00269706 _____ C:\Users\Shravan\Downloads\fo14OCT2013bhav.csv.zip
2013-10-14 15:13 - 2013-10-14 15:13 - 00100864 _____ C:\Users\Shravan\Downloads\Financial-Aid-Application.xls
2013-10-13 07:20 - 2013-10-13 07:20 - 01043968 _____ C:\Users\Shravan\Downloads\37_tax_audit__sec_44ab_ppt_.ppt
2013-10-12 07:20 - 2013-10-12 07:20 - 00024576 _____ C:\Users\Shravan\Downloads\fii_stats_11-Oct-2013.xls
2013-10-12 00:49 - 2013-10-12 00:49 - 00269242 _____ C:\Users\Shravan\Downloads\fo11OCT2013bhav.csv.zip
2013-10-11 07:46 - 2013-10-11 07:46 - 00053242 _____ C:\Users\Shravan\Downloads\11-10-2012-TO-10-10-2013HINDUNILVRALLN.csv
2013-10-11 06:26 - 2013-10-11 06:26 - 00000000 _____ C:\asc_rdflag
2013-10-11 06:04 - 2013-10-11 06:04 - 00024576 _____ C:\Users\Shravan\Downloads\fii_stats_10-Oct-2013.xls
2013-10-11 05:47 - 2013-10-11 05:47 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-10-10 17:35 - 2013-10-10 17:35 - 00001142 _____ C:\Users\Public\Desktop\The Downloader.lnk
2013-10-10 17:35 - 2013-10-10 17:35 - 00001107 _____ C:\Users\Public\Desktop\MetaStock Professional.lnk
2013-10-10 17:33 - 2013-10-10 17:33 - 00000000 ____D C:\Windows\OptionScope
2013-10-10 17:33 - 2013-10-10 17:33 - 00000000 ____D C:\Program Files (x86)\Equis
2013-10-10 17:33 - 2009-07-16 11:22 - 00671836 ____N (Equis International) C:\Windows\SysWOW64\OLVI11.dll
2013-10-10 17:33 - 2009-07-16 11:18 - 00036864 ____N (Equis International) C:\Windows\SysWOW64\EqCCWrapper.dll
2013-10-10 17:33 - 2009-07-16 11:15 - 00204873 ____N (Equis International) C:\Windows\SysWOW64\msfl11.dll
2013-10-10 17:33 - 2009-07-16 11:07 - 00217167 ____N (Equis International) C:\Windows\SysWOW64\EqNotify.dll
2013-10-10 17:33 - 2009-07-16 10:54 - 00207360 ____N (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LTKRN61N.DLL
2013-10-10 17:33 - 2009-07-16 10:54 - 00158720 ____N C:\Windows\SysWOW64\LFCMP61N.DLL
2013-10-10 17:33 - 2009-07-16 10:54 - 00110080 ____N C:\Windows\SysWOW64\Lfpng61n.dll
2013-10-10 17:33 - 2009-07-16 10:54 - 00043008 ____N C:\Windows\SysWOW64\LTFIL61N.DLL
2013-10-10 17:33 - 2008-01-07 11:04 - 00057344 ____N (Nalpeiron Ltd.) C:\Windows\SysWOW64\AstSrv.exe
2013-10-10 17:33 - 2005-12-06 16:51 - 00438341 ____N (eSignal, a division of Interactive Data Corporation) C:\Windows\SysWOW64\dbcapi.dll
2013-10-10 17:33 - 2004-02-26 12:39 - 00017920 ____N C:\Windows\SysWOW64\IMPLODE.DLL
2013-10-10 17:33 - 2002-02-28 03:03 - 02586112 ____N (Steema Software SL) C:\Windows\SysWOW64\TeeChart5.ocx
2013-10-10 17:33 - 2002-02-04 03:43 - 00082432 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msxml4r.dll
2013-10-10 17:33 - 2002-02-04 03:43 - 00044544 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msxml4a.dll
2013-10-10 17:33 - 1999-12-02 19:26 - 00030720 ____N (Forefront, Incorporated) C:\Windows\SysWOW64\ffJmpWeb.dll
2013-10-10 17:33 - 1998-12-17 10:30 - 00164864 ____N C:\Windows\SysWOW64\patchw32.dll
2013-10-10 17:33 - 1998-12-10 18:00 - 00519680 ____N (FarPoint Technologies, Inc.) C:\Windows\SysWOW64\SS32D25.DLL
2013-10-10 17:33 - 1998-05-07 15:01 - 00028160 ____N (Equis International) C:\Windows\SysWOW64\MetaStockShellExtension.dll
2013-10-10 17:33 - 1996-09-12 17:18 - 00017920 ____N C:\Windows\SysWOW64\MSWTHK32.DLL
2013-10-10 17:33 - 1996-09-12 17:18 - 00003360 ____N C:\Windows\SysWOW64\MSWTHK16.DLL
2013-10-10 17:28 - 1998-10-02 19:00 - 00327168 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2013-10-10 17:26 - 2013-10-10 17:26 - 00000000 ____D C:\MS11
2013-10-10 17:20 - 2013-10-10 17:26 - 215563091 _____ C:\Users\Shravan\Downloads\MS11.exe
2013-10-10 17:03 - 2013-10-10 17:03 - 00267247 _____ C:\Users\Shravan\Downloads\fo10OCT2013bhav.csv.zip
2013-10-09 11:04 - 2013-10-09 11:04 - 00003549 _____ C:\Users\Shravan\Downloads\16-09-2013-TO-08-10-2013RECLTDEQN.csv
2013-10-09 08:21 - 2013-09-23 04:58 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-09 08:21 - 2013-09-23 04:58 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-09 08:21 - 2013-09-23 04:57 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-09 08:21 - 2013-09-23 04:57 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-09 08:21 - 2013-09-23 04:57 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-09 08:21 - 2013-09-23 04:57 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-09 08:21 - 2013-09-23 04:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-09 08:21 - 2013-09-23 04:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-09 08:21 - 2013-09-23 04:57 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-09 08:21 - 2013-09-23 04:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-09 08:21 - 2013-09-23 04:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-09 08:21 - 2013-09-23 04:57 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-09 08:21 - 2013-09-23 04:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-09 08:21 - 2013-09-23 04:25 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-09 08:21 - 2013-09-23 04:25 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-09 08:21 - 2013-09-23 04:25 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-09 08:21 - 2013-09-23 04:24 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-09 08:21 - 2013-09-23 04:24 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-09 08:21 - 2013-09-23 04:24 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-09 08:21 - 2013-09-23 04:24 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-09 08:21 - 2013-09-23 04:24 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-09 08:21 - 2013-09-23 04:24 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-09 08:21 - 2013-09-23 04:24 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-09 08:21 - 2013-09-23 04:24 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-09 08:21 - 2013-09-23 04:24 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-09 08:21 - 2013-09-23 04:24 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-09 08:21 - 2013-09-23 04:24 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-09 08:21 - 2013-09-21 09:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-09 08:21 - 2013-09-21 09:00 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-09 08:21 - 2013-09-21 08:18 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-09 08:21 - 2013-09-21 08:09 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-09 08:10 - 2013-09-14 06:40 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-09 08:10 - 2013-09-08 08:00 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-09 08:10 - 2013-09-08 07:57 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-09 08:10 - 2013-09-08 07:33 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-09 08:10 - 2013-08-29 07:47 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-09 08:10 - 2013-08-29 07:46 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-09 08:10 - 2013-08-29 07:46 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-09 08:10 - 2013-08-29 07:46 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-09 08:10 - 2013-08-29 07:43 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-09 08:10 - 2013-08-29 07:21 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-09 08:10 - 2013-08-29 07:21 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-09 08:10 - 2013-08-29 07:20 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-09 08:10 - 2013-08-29 07:20 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-09 08:10 - 2013-08-29 07:20 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-09 08:10 - 2013-08-29 07:18 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-09 08:10 - 2013-08-29 06:19 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-09 08:10 - 2013-08-29 06:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-09 08:10 - 2013-08-29 06:19 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-09 08:10 - 2013-08-29 06:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-09 08:10 - 2013-08-28 06:51 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 08:10 - 2013-08-28 06:42 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-09 08:10 - 2013-07-20 16:03 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 08:10 - 2013-07-20 16:03 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 08:10 - 2013-07-12 16:11 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 08:10 - 2013-07-12 16:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 08:10 - 2013-07-12 16:10 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-09 08:10 - 2013-07-04 18:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 08:10 - 2013-07-04 18:20 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 08:10 - 2013-07-04 18:20 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 08:10 - 2013-07-04 17:27 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-09 08:10 - 2013-07-04 17:21 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-09 08:10 - 2013-07-04 17:20 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 08:10 - 2013-07-04 15:41 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 08:10 - 2013-07-03 09:35 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 08:10 - 2013-07-03 09:35 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 08:10 - 2013-06-26 04:25 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 08:10 - 2013-06-06 11:20 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 08:10 - 2013-06-06 11:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 08:10 - 2013-06-06 11:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 08:10 - 2013-06-06 11:17 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 08:10 - 2013-06-06 10:27 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-09 08:10 - 2013-06-06 10:21 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-09 08:10 - 2013-06-06 10:20 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-09 08:10 - 2013-06-06 09:00 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 08:10 - 2013-06-06 08:31 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 08:10 - 2013-06-06 08:31 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 08:08 - 2013-09-04 17:42 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 08:08 - 2013-09-04 17:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 08:08 - 2013-09-04 17:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 08:08 - 2013-09-04 17:41 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 08:08 - 2013-09-04 17:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 08:08 - 2013-09-04 17:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-09 08:08 - 2013-09-04 17:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 08:08 - 2013-08-01 17:39 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-07 15:33 - 2013-10-07 15:38 - 19663991 _____ C:\Users\Shravan\Downloads\NOW_V.1.8.4.3_Vista_Win7.zip
2013-10-02 08:23 - 2013-10-02 08:23 - 00000676 _____ C:\Users\Shravan\Downloads\bulk (4).csv
2013-09-27 16:32 - 2013-09-27 16:32 - 00024978 _____ C:\Users\Shravan\Downloads\FOSett_prce_27092013.csv
 
==================== One Month Modified Files and Folders =======
 
2013-10-27 10:16 - 2013-10-27 10:16 - 00000000 ____D C:\FRST
2013-10-27 10:15 - 2013-10-27 10:15 - 01956160 _____ (Farbar) C:\Users\Shravan\Downloads\FRST64.exe
2013-10-27 10:15 - 2013-10-27 10:15 - 00007891 _____ C:\Users\Shravan\Desktop\UsbFix [Listing 1 ] SHRAVAN-PC.txt
2013-10-27 10:14 - 2013-10-27 10:14 - 00007891 _____ C:\UsbFix [Listing 1 ] SHRAVAN-PC.txt
2013-10-27 10:14 - 2013-10-27 10:06 - 00000000 ____D C:\UsbFix
2013-10-27 10:13 - 2013-10-27 10:13 - 00006972 _____ C:\Users\Shravan\Desktop\UsbFix [Scan 1] SHRAVAN-PC.txt
2013-10-27 10:13 - 2013-10-27 10:13 - 00002116 _____ C:\Users\Shravan\Desktop\SosVirus On Facebook.lnk
2013-10-27 10:13 - 2013-10-27 10:13 - 00002108 _____ C:\Users\Shravan\Desktop\UsbFix Faire un Don.lnk
2013-10-27 10:13 - 2013-10-27 10:13 - 00002092 _____ C:\Users\Shravan\Desktop\SosVirus Forum.lnk
2013-10-27 10:13 - 2013-10-27 10:07 - 00006972 _____ C:\UsbFix [Scan 1] SHRAVAN-PC.txt
2013-10-27 10:11 - 2009-07-14 10:15 - 00013760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-27 10:11 - 2009-07-14 10:15 - 00013760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-27 10:10 - 2012-11-28 08:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-27 10:07 - 2012-11-28 10:42 - 01580625 _____ C:\Windows\WindowsUpdate.log
2013-10-27 10:06 - 2013-10-27 10:06 - 01542361 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\Shravan\Downloads\UsbFix.exe
2013-10-27 10:03 - 2013-09-24 12:36 - 00000000 ____D C:\Users\Shravan\AppData\Roaming\ViberPC
2013-10-27 10:03 - 2012-11-28 10:17 - 00000000 ___RD C:\Users\Shravan\SkyDrive
2013-10-27 10:03 - 2012-11-28 05:43 - 00000000 ___RD C:\Users\Shravan\Google Drive
2013-10-27 10:02 - 2013-10-25 06:07 - 00000448 _____ C:\Windows\setupact.log
2013-10-27 10:02 - 2013-09-24 12:36 - 00000000 ____D C:\Users\Shravan\AppData\Local\Viber
2013-10-27 10:02 - 2012-11-28 05:11 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-27 10:02 - 2009-07-14 10:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-27 10:00 - 2013-10-27 10:00 - 00655360 _____ C:\Users\Shravan\Downloads\MicrosoftFixit50471.msi
2013-10-27 08:04 - 2012-11-27 22:38 - 00000000 ____D C:\Users\Shravan\AppData\Roaming\Skype
2013-10-27 07:46 - 2012-11-28 05:11 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-27 06:38 - 2013-04-15 07:34 - 00000000 ____D C:\Users\Shravan\Desktop\ARAOA  Files
2013-10-27 06:01 - 2012-11-27 23:15 - 00000000 ____D C:\Users\Shravan\AppData\Local\Windows Live
2013-10-26 05:50 - 2012-11-27 23:21 - 00007597 _____ C:\Users\Shravan\AppData\Local\Resmon.ResmonCfg
2013-10-25 17:28 - 2013-10-25 17:28 - 00278018 _____ C:\Users\Shravan\Downloads\fo25OCT2013bhav.csv.zip
2013-10-25 17:19 - 2013-10-25 17:19 - 00016512 _____ C:\Users\Shravan\Desktop\dds.txt
2013-10-25 17:19 - 2013-10-25 17:19 - 00007546 _____ C:\Users\Shravan\Desktop\attach.txt
2013-10-25 17:18 - 2013-10-25 17:18 - 00688992 ____R (Swearware) C:\Users\Shravan\Downloads\dds.com
2013-10-25 15:30 - 2012-10-30 14:50 - 00014848 _____ C:\Users\Shravan\Desktop\PFC REC Book.xls
2013-10-25 08:22 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\rescache
2013-10-25 07:37 - 2013-06-16 17:23 - 00000000 ____D C:\Users\Shravan\Desktop\F&O Data Sheets
2013-10-25 07:04 - 2013-10-25 07:04 - 00024576 _____ C:\Users\Shravan\Downloads\fii_stats_24-Oct-2013.xls
2013-10-25 06:33 - 2013-04-18 10:14 - 00019456 _____ C:\Users\Shravan\Desktop\BOB NZD Rates.xls
2013-10-25 06:18 - 2012-11-27 22:37 - 00002515 _____ C:\Users\Public\Desktop\Skype.lnk
2013-10-25 06:18 - 2012-11-27 22:37 - 00000000 ____D C:\ProgramData\Skype
2013-10-25 06:14 - 2013-10-25 06:14 - 00001087 _____ C:\Users\Shravan\Desktop\Kaspersky Security Scan.lnk
2013-10-25 06:14 - 2013-10-25 06:14 - 00000000 ____D C:\Users\Shravan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2013-10-25 06:14 - 2013-10-25 06:14 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-10-25 06:14 - 2013-10-25 06:14 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-10-25 06:09 - 2013-10-25 06:09 - 00185256 _____ (Лаборатория Касперского) C:\Users\Shravan\Downloads\kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_4300.exe
2013-10-25 06:07 - 2013-10-25 06:07 - 00002026 _____ C:\Windows\PFRO.log
2013-10-25 06:07 - 2013-10-25 06:07 - 00000000 _____ C:\Windows\setuperr.log
2013-10-25 06:05 - 2013-02-12 05:54 - 00000000 ____D C:\Users\Shravan\AppData\Roaming\BitTorrent
2013-10-25 05:07 - 2013-10-24 06:06 - 00023070 _____ C:\Users\Shravan\Downloads\Result.txt
2013-10-25 05:05 - 2013-10-25 05:05 - 00760937 _____ (Farbar) C:\Users\Shravan\Downloads\MiniToolBox (1).exe
2013-10-24 17:53 - 2013-10-24 17:53 - 00278611 _____ C:\Users\Shravan\Downloads\fo24OCT2013bhav.csv.zip
2013-10-24 16:27 - 2013-10-24 16:27 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-24 16:24 - 2013-10-24 16:23 - 00002966 _____ C:\Users\Shravan\Desktop\Rkill.txt
2013-10-24 16:23 - 2013-10-24 16:23 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Shravan\Downloads\rkill.exe
2013-10-24 16:23 - 2013-10-24 16:23 - 00000000 ____D C:\Users\Shravan\Desktop\rkill
2013-10-24 15:30 - 2013-06-16 17:21 - 00000000 ____D C:\Users\Shravan\Desktop\2013 Return files
2013-10-24 06:47 - 2013-10-24 06:47 - 00024576 _____ C:\Users\Shravan\Downloads\fii_stats_23-Oct-2013.xls
2013-10-24 06:16 - 2013-10-23 05:54 - 00000000 ____D C:\Users\Shravan\Desktop\Bleeping computer
2013-10-24 06:09 - 2013-10-24 06:09 - 00000000 ____D C:\Users\Shravan\AppData\Roaming\Malwarebytes
2013-10-24 06:08 - 2013-10-24 06:08 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-24 06:08 - 2013-10-24 06:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-24 06:08 - 2013-10-24 06:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-24 06:08 - 2013-10-24 06:07 - 10284816 _____ (Malwarebytes Corporation                                    ) C:\Users\Shravan\Downloads\mbam-setup.exe
2013-10-24 06:05 - 2013-10-24 06:05 - 00760937 _____ (Farbar) C:\Users\Shravan\Downloads\MiniToolBox.exe
2013-10-24 06:02 - 2013-10-24 06:02 - 00891167 _____ C:\Users\Shravan\Downloads\SecurityCheck.exe
2013-10-23 17:59 - 2013-10-23 17:59 - 00277176 _____ C:\Users\Shravan\Downloads\fo23OCT2013bhav.csv.zip
2013-10-23 15:31 - 2013-04-08 18:47 - 00015360 _____ C:\Users\Shravan\Desktop\HDFC AXIS Bank Book.xls
2013-10-23 07:28 - 2013-10-23 07:28 - 00024576 _____ C:\Users\Shravan\Downloads\fii_stats_22-Oct-2013.xls
2013-10-23 05:55 - 2013-10-23 05:54 - 04745728 _____ (AVAST Software) C:\Users\Shravan\Downloads\aswmbr.exe
2013-10-23 05:52 - 2013-10-23 05:52 - 00688992 ____R (Swearware) C:\Users\Shravan\Downloads\dds.scr
2013-10-22 17:24 - 2013-10-22 17:24 - 00274596 _____ C:\Users\Shravan\Downloads\fo22OCT2013bhav.csv.zip
2013-10-22 15:34 - 2009-07-14 10:43 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-22 10:26 - 2013-10-22 10:26 - 00893799 _____ C:\Users\Shravan\Desktop\scan0026.tif
2013-10-22 10:26 - 2013-10-22 10:26 - 00826562 _____ C:\Users\Shravan\Desktop\scan0025.tif
2013-10-22 06:55 - 2013-10-22 06:55 - 00024576 _____ C:\Users\Shravan\Downloads\fii_stats_21-Oct-2013.xls
2013-10-21 17:09 - 2013-10-21 17:09 - 00273826 _____ C:\Users\Shravan\Downloads\fo21OCT2013bhav.csv.zip
2013-10-20 17:58 - 2013-10-20 17:58 - 00017386 _____ C:\Users\Shravan\Downloads\19-06-2013-TO-20-10-2013NTPCALLN.csv
2013-10-20 10:25 - 2013-10-20 10:25 - 00000000 ____D C:\Users\Default\AppData\Roaming\IObit
2013-10-20 10:25 - 2013-10-20 10:25 - 00000000 ____D C:\Users\Default User\AppData\Roaming\IObit
2013-10-20 06:34 - 2013-03-04 07:54 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2013-10-20 06:12 - 2013-06-19 15:34 - 00000000 ____D C:\Users\Shravan\AppData\Roaming\npm-cache
2013-10-20 06:12 - 2013-06-19 15:22 - 00000000 ____D C:\Users\Shravan\Documents\Shubha Downloader
2013-10-20 06:11 - 2013-06-19 15:22 - 00000000 ____D C:\Users\Shravan\AppData\Local\shubhadownloader
2013-10-20 05:57 - 2013-10-20 05:57 - 00000000 ____D C:\sharekhan
2013-10-20 05:57 - 2013-10-20 05:57 - 00000000 ____D C:\odin
2013-10-20 05:57 - 2013-10-20 05:57 - 00000000 ____D C:\nest-now
2013-10-20 05:57 - 2013-10-20 05:57 - 00000000 ____D C:\myshubhalabha
2013-10-20 05:56 - 2013-10-20 05:57 - 00130672 _____ C:\sharekhantoami.xlsm
2013-10-20 05:56 - 2013-10-20 05:57 - 00129832 _____ C:\shubhaodin.xlsm
2013-10-20 05:56 - 2013-10-20 05:57 - 00116907 _____ C:\asc2ms.exe
2013-10-20 05:56 - 2013-10-20 05:57 - 00060273 _____ (Open Source Software community project) C:\pthreadGC2.dll
2013-10-20 05:56 - 2013-10-20 05:57 - 00060273 _____ (Open Source Software community project) C:\pthread.dll
2013-10-20 05:56 - 2013-10-20 05:57 - 00009728 _____ (mk) C:\ExcelLogin.exe
2013-10-20 05:56 - 2013-10-20 05:56 - 00000000 ____D C:\Users\Shravan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\shubhalabha
2013-10-20 05:56 - 2012-11-28 05:10 - 00000000 ____D C:\Users\Shravan\AppData\Local\Deployment
2013-10-20 05:55 - 2013-10-20 05:55 - 00429488 _____ () C:\Users\Shravan\Downloads\setup (1).exe
2013-10-19 07:01 - 2013-10-19 07:01 - 00024576 _____ C:\Users\Shravan\Downloads\fii_stats_18-Oct-2013.xls
2013-10-18 17:06 - 2013-10-18 17:06 - 00271754 _____ C:\Users\Shravan\Downloads\fo18OCT2013bhav.csv.zip
2013-10-18 16:29 - 2013-10-18 16:29 - 00024659 _____ C:\Users\Shravan\Downloads\FOSett_prce_18102013.csv
2013-10-18 15:56 - 2013-10-18 15:56 - 00106918 _____ C:\Users\Shravan\Downloads\19-10-2011-TO-17-10-2013ASIANPAINTALLN.csv
2013-10-18 07:07 - 2013-10-18 07:07 - 00024576 _____ C:\Users\Shravan\Downloads\fii_stats_17-Oct-2013.xls
2013-10-18 06:41 - 2012-11-28 05:11 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-18 06:41 - 2012-11-28 05:11 - 00003644 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-17 16:57 - 2013-10-17 16:57 - 00271067 _____ C:\Users\Shravan\Downloads\fo17OCT2013bhav.csv.zip
2013-10-16 07:29 - 2013-10-16 07:29 - 00024576 _____ C:\Users\Shravan\Downloads\fii_stats_15-Oct-2013.xls
2013-10-16 06:13 - 2013-10-16 06:13 - 00000000 ____D C:\Users\Shravan\AppData\Roaming\Oracle
2013-10-16 06:11 - 2013-10-16 06:11 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-16 06:11 - 2013-10-16 06:11 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-16 06:11 - 2013-10-16 06:11 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-16 06:11 - 2013-10-16 06:11 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-16 06:11 - 2013-10-16 06:11 - 00000000 ____D C:\ProgramData\Oracle
2013-10-15 17:02 - 2013-10-15 17:02 - 00272150 _____ C:\Users\Shravan\Downloads\fo15OCT2013bhav.csv.zip
2013-10-15 07:20 - 2013-10-15 07:20 - 00024576 _____ C:\Users\Shravan\Downloads\fii_stats_14-Oct-2013.xls
2013-10-14 17:06 - 2013-10-14 17:06 - 00289024 _____ C:\Users\Shravan\Downloads\fo26SEP2013bhav.csv.zip
2013-10-14 17:01 - 2013-10-14 17:00 - 00269706 _____ C:\Users\Shravan\Downloads\fo14OCT2013bhav.csv.zip
2013-10-14 15:13 - 2013-10-14 15:13 - 00100864 _____ C:\Users\Shravan\Downloads\Financial-Aid-Application.xls
2013-10-14 07:23 - 2012-05-27 14:16 - 00000000 ____D C:\MetaStock Data
2013-10-13 07:20 - 2013-10-13 07:20 - 01043968 _____ C:\Users\Shravan\Downloads\37_tax_audit__sec_44ab_ppt_.ppt
2013-10-12 07:20 - 2013-10-12 07:20 - 00024576 _____ C:\Users\Shravan\Downloads\fii_stats_11-Oct-2013.xls
2013-10-12 00:49 - 2013-10-12 00:49 - 00269242 _____ C:\Users\Shravan\Downloads\fo11OCT2013bhav.csv.zip
2013-10-11 07:46 - 2013-10-11 07:46 - 00053242 _____ C:\Users\Shravan\Downloads\11-10-2012-TO-10-10-2013HINDUNILVRALLN.csv
2013-10-11 06:26 - 2013-10-11 06:26 - 00000000 _____ C:\asc_rdflag
2013-10-11 06:26 - 2012-11-27 21:28 - 00000000 ____D C:\Users\Shravan
2013-10-11 06:24 - 2012-11-28 10:38 - 00000000 ____D C:\Windows\Panther
2013-10-11 06:04 - 2013-10-11 06:04 - 00024576 _____ C:\Users\Shravan\Downloads\fii_stats_10-Oct-2013.xls
2013-10-11 05:47 - 2013-10-11 05:47 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-10-10 17:35 - 2013-10-10 17:35 - 00001142 _____ C:\Users\Public\Desktop\The Downloader.lnk
2013-10-10 17:35 - 2013-10-10 17:35 - 00001107 _____ C:\Users\Public\Desktop\MetaStock Professional.lnk
2013-10-10 17:33 - 2013-10-10 17:33 - 00000000 ____D C:\Windows\OptionScope
2013-10-10 17:33 - 2013-10-10 17:33 - 00000000 ____D C:\Program Files (x86)\Equis
2013-10-10 17:26 - 2013-10-10 17:26 - 00000000 ____D C:\MS11
2013-10-10 17:26 - 2013-10-10 17:20 - 215563091 _____ C:\Users\Shravan\Downloads\MS11.exe
2013-10-10 17:03 - 2013-10-10 17:03 - 00267247 _____ C:\Users\Shravan\Downloads\fo10OCT2013bhav.csv.zip
2013-10-10 05:30 - 2012-11-27 22:37 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-09 18:05 - 2009-07-14 10:38 - 00032616 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-09 11:04 - 2013-10-09 11:04 - 00003549 _____ C:\Users\Shravan\Downloads\16-09-2013-TO-08-10-2013RECLTDEQN.csv
2013-10-09 10:10 - 2012-11-28 08:10 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-09 10:10 - 2012-11-28 08:10 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-09 10:10 - 2012-11-28 08:10 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-09 08:25 - 2013-03-01 04:36 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-09 08:25 - 2013-03-01 04:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-09 08:25 - 2009-07-14 10:15 - 00288744 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-09 08:19 - 2012-11-28 11:59 - 00772558 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-09 08:16 - 2013-07-19 13:29 - 00000000 ____D C:\Windows\system32\MRT
2013-10-09 08:15 - 2012-11-27 23:07 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-07 17:12 - 2012-03-25 06:27 - 00000000 ____D C:\Users\Shravan\Desktop\Setup files
2013-10-07 15:40 - 2013-03-18 15:48 - 00001644 _____ C:\Users\Public\Desktop\Launcher NOW.lnk
2013-10-07 15:38 - 2013-10-07 15:33 - 19663991 _____ C:\Users\Shravan\Downloads\NOW_V.1.8.4.3_Vista_Win7.zip
2013-10-07 14:43 - 2012-11-28 12:54 - 00001100 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-10-07 11:47 - 2013-01-20 14:39 - 00000000 ____D C:\Users\Shravan\Desktop\Printing due
2013-10-02 08:23 - 2013-10-02 08:23 - 00000676 _____ C:\Users\Shravan\Downloads\bulk (4).csv
2013-10-01 15:37 - 2013-05-06 14:52 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-10-01 15:37 - 2013-03-20 15:53 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-10-01 15:37 - 2013-03-20 15:53 - 00105856 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-10-01 15:37 - 2013-03-20 15:53 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-09-27 16:32 - 2013-09-27 16:32 - 00024978 _____ C:\Users\Shravan\Downloads\FOSett_prce_27092013.csv
 
Files to move or delete:
====================
C:\Users\Shravan\agent.exe
C:\Users\Shravan\DRTCP021.exe
C:\Users\Shravan\launchAgent.bat
C:\Users\Shravan\launchDrTCP.bat
C:\Users\Shravan\startAgent.bat
 
 
Some content of TEMP:
====================
C:\Users\Shravan\AppData\Local\Temp\avgnt.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-10-25 08:14
 
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-10-2013 01
Ran by Shravan at 2013-10-27 10:18:55
Running from C:\Users\Shravan\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Install Manager (Version: 8.0.903.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2012.1219.1521.27485)
AMD Media Foundation Decoders (Version: 1.0.71219.1540)
AMD Steady Video Plug-In  (Version: 2.04.0000)
AMD VISION Engine Control Center (x32 Version: 2012.1219.1521.27485)
Avira Free Antivirus (x32 Version: 14.0.0.383)
Bullzip PDF Printer 9.10.0.1629 (Version: 9.10.0.1629)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485)
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485)
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485)
CCC Help Czech (x32 Version: 2012.1219.1520.27485)
CCC Help Danish (x32 Version: 2012.1219.1520.27485)
CCC Help Dutch (x32 Version: 2012.1219.1520.27485)
CCC Help English (x32 Version: 2012.1219.1520.27485)
CCC Help Finnish (x32 Version: 2012.1219.1520.27485)
CCC Help French (x32 Version: 2012.1219.1520.27485)
CCC Help German (x32 Version: 2012.1219.1520.27485)
CCC Help Greek (x32 Version: 2012.1219.1520.27485)
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485)
CCC Help Italian (x32 Version: 2012.1219.1520.27485)
CCC Help Japanese (x32 Version: 2012.1219.1520.27485)
CCC Help Korean (x32 Version: 2012.1219.1520.27485)
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485)
CCC Help Polish (x32 Version: 2012.1219.1520.27485)
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485)
CCC Help Russian (x32 Version: 2012.1219.1520.27485)
CCC Help Spanish (x32 Version: 2012.1219.1520.27485)
CCC Help Swedish (x32 Version: 2012.1219.1520.27485)
CCC Help Thai (x32 Version: 2012.1219.1520.27485)
CCC Help Turkish (x32 Version: 2012.1219.1520.27485)
ccc-utility64 (Version: 2012.1219.1521.27485)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
Cool & Quiet (x32)
CPUID HWMonitor 1.21
D3DX10 (x32 Version: 15.4.2368.0902)
ESET Online Scanner v3 (x32)
Google Chrome (x32 Version: 30.0.1599.101)
Google Drive (x32 Version: 1.12.5329.1887)
Google Update Helper (x32 Version: 1.3.21.165)
Java 7 Update 21 (64-bit) (Version: 7.0.210)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
JMicron JMB36X Driver (x32 Version: 1.17.62.0)
Junk Mail filter update (x32 Version: 16.4.3505.0912)
Kaspersky Security Scan (x32 Version: 12.0.1.340)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Marvell Miniport Driver (x32 Version: 11.24.10.3)
MetaStock Professional 11.0 (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft Corporation (x32 Version: 9.1.0.0)
Microsoft LifeCam (Version: 3.22.270.0)
Microsoft Office XP Professional with FrontPage (x32 Version: 10.0.6626.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 24.0 (x86 en-US) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0)
NOW (x32 Version: 1.8.4.3)
PDFill FREE PDF Tools (Version: 9.0)
Power Indiabulls (x32 Version: 5.0)
Shubha Downloader (HKCU Version: 00.00.00.05)
shubha real time (HKCU Version: 1.0.0.38)
Skype Click to Call (x32 Version: 6.11.13348)
Skype™ 6.9 (x32 Version: 6.9.106)
SpywareBlaster 5.0 (x32 Version: 5.0.0)
TeamViewer 8 (x32 Version: 8.0.22298)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
UsbFix By El Desaparecido (x32)
Viber (HKCU Version: 3.0.0.133634)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912)
Windows Live Essentials (x32 Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3505.0912)
Windows Live Mail (x32 Version: 16.4.3505.0912)
Windows Live MIME IFilter (Version: 16.4.3505.0912)
Windows Live Photo Common (x32 Version: 16.4.3505.0912)
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)
Windows Live SOXE (x32 Version: 16.4.3505.0912)
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)
Windows Live UX Platform (x32 Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)
Windows Live Writer (x32 Version: 16.4.3505.0912)
Windows Live Writer Resources (x32 Version: 16.4.3505.0912)
Windows Mobile Device Updater Component (Version: 04.08.2345.00)
Yahoo! Messenger (x32)
Zune (Version: 04.08.2345.00)
Zune Language Pack (CHS) (Version: 04.08.2345.00)
Zune Language Pack (CHT) (Version: 04.08.2345.00)
Zune Language Pack (CSY) (Version: 04.08.2345.00)
Zune Language Pack (DAN) (Version: 04.08.2345.00)
Zune Language Pack (DEU) (Version: 04.08.2345.00)
Zune Language Pack (ELL) (Version: 04.08.2345.00)
Zune Language Pack (ESP) (Version: 04.08.2345.00)
Zune Language Pack (FIN) (Version: 04.08.2345.00)
Zune Language Pack (FRA) (Version: 04.08.2345.00)
Zune Language Pack (HUN) (Version: 04.08.2345.00)
Zune Language Pack (IND) (Version: 04.08.2345.00)
Zune Language Pack (ITA) (Version: 04.08.2345.00)
Zune Language Pack (JPN) (Version: 04.08.2345.00)
Zune Language Pack (KOR) (Version: 04.08.2345.00)
Zune Language Pack (MSL) (Version: 04.08.2345.00)
Zune Language Pack (NLD) (Version: 04.08.2345.00)
Zune Language Pack (NOR) (Version: 04.08.2345.00)
Zune Language Pack (PLK) (Version: 04.08.2345.00)
Zune Language Pack (PTB) (Version: 04.08.2345.00)
Zune Language Pack (PTG) (Version: 04.08.2345.00)
Zune Language Pack (RUS) (Version: 04.08.2345.00)
Zune Language Pack (SVE) (Version: 04.08.2345.00)
 
==================== Restore Points  =========================
 
09-10-2013 02:40:51 Windows Update
11-10-2013 00:16:44 Windows Update
16-10-2013 00:40:32 Installed Java 7 Update 45
25-10-2013 02:51:59 Scheduled Checkpoint
27-10-2013 04:30:31 Installed Microsoft Fix it 50471
 
==================== Hosts content: ==========================
 
2009-07-14 08:04 - 2009-06-11 02:30 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0FB7EDBE-F339-49BE-9148-7848945D0C5D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {5E745CB3-462D-40D6-A962-FEA95155B794} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-28] (Google Inc.)
Task: {9E9DCBD7-80D6-4A8D-9D3C-C83F87750739} - System32\Tasks\DSite => C:\Users\Shravan\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE
Task: {D0DD6DB6-FBBF-4F40-AE40-E13842B8F727} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-28] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DSite.job => C:\Users\Shravan\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-11-28 01:59 - 2012-09-19 18:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-09-24 12:36 - 2013-08-01 00:37 - 12632576 _____ () C:\Users\Shravan\AppData\Local\Viber\3.1.1.60\libViber.dll
2013-09-24 12:36 - 2013-04-30 15:18 - 00679936 _____ () C:\Users\Shravan\AppData\Local\Viber\3.1.1.60\libGLESv2.dll
2013-09-24 12:36 - 2013-04-30 15:18 - 00060416 _____ () C:\Users\Shravan\AppData\Local\Viber\3.1.1.60\libEGL.dll
2013-09-24 12:36 - 2013-04-30 15:23 - 00821760 _____ () C:\Users\Shravan\AppData\Local\Viber\3.1.1.60\platforms\qwindows.dll
2013-09-24 12:36 - 2013-04-30 15:22 - 00022016 _____ () C:\Users\Shravan\AppData\Local\Viber\3.1.1.60\imageformats\qgif.dll
2013-09-24 12:36 - 2013-04-30 15:23 - 00021504 _____ () C:\Users\Shravan\AppData\Local\Viber\3.1.1.60\imageformats\qico.dll
2013-09-24 12:36 - 2013-04-30 15:23 - 00205312 _____ () C:\Users\Shravan\AppData\Local\Viber\3.1.1.60\imageformats\qjpeg.dll
2013-09-24 12:36 - 2013-04-30 15:25 - 00218624 _____ () C:\Users\Shravan\AppData\Local\Viber\3.1.1.60\imageformats\qmng.dll
2013-09-24 12:36 - 2013-04-30 15:23 - 00016384 _____ () C:\Users\Shravan\AppData\Local\Viber\3.1.1.60\imageformats\qsvg.dll
2013-09-24 12:36 - 2013-04-30 15:25 - 00015872 _____ () C:\Users\Shravan\AppData\Local\Viber\3.1.1.60\imageformats\qtga.dll
2013-09-24 12:36 - 2013-04-30 15:25 - 00282112 _____ () C:\Users\Shravan\AppData\Local\Viber\3.1.1.60\imageformats\qtiff.dll
2013-09-24 12:36 - 2013-04-30 15:25 - 00015360 _____ () C:\Users\Shravan\AppData\Local\Viber\3.1.1.60\imageformats\qwbmp.dll
2013-09-24 12:36 - 2013-04-30 15:22 - 00557056 _____ () C:\Users\Shravan\AppData\Local\Viber\3.1.1.60\sqldrivers\qsqlite.dll
2013-10-27 10:02 - 2013-10-27 10:02 - 00098816 _____ () C:\Users\Shravan\AppData\Local\Temp\_MEI21683\win32api.pyd
2013-10-27 10:02 - 2013-10-27 10:02 - 00110080 _____ () C:\Users\Shravan\AppData\Local\Temp\_MEI21683\pywintypes27.dll
2013-10-27 10:02 - 2013-10-27 10:02 - 00364544 _____ () C:\Users\Shravan\AppData\Local\Temp\_MEI21683\pythoncom27.dll
2013-10-27 10:02 - 2013-10-27 10:02 - 00044032 _____ () C:\Users\Shravan\AppData\Local\Temp\_MEI21683\_socket.pyd
2013-10-27 10:02 - 2013-10-27 10:02 - 01153024 _____ () C:\Users\Shravan\AppData\Local\Temp\_MEI21683\_ssl.pyd
2013-10-27 10:02 - 2013-10-27 10:02 - 00320512 _____ () C:\Users\Shravan\AppData\Local\Temp\_MEI21683\win32com.shell.shell.pyd
2013-10-27 10:02 - 2013-10-27 10:02 - 00711680 _____ () C:\Users\Shravan\AppData\Local\Temp\_MEI21683\_hashlib.pyd
2013-10-27 10:02 - 2013-10-27 10:02 - 01175040 _____ () C:\Users\Shravan\AppData\Local\Temp\_MEI21683\wx._core_.pyd
2013-10-27 10:02 - 2013-10-27 10:02 - 00805888 _____ () C:\Users\Shravan\AppData\Local\Temp\_MEI21683\wx._gdi_.pyd
2013-10-27 10:02 - 2013-10-27 10:02 - 00811008 _____ () C:\Users\Shravan\AppData\Local\Temp\_MEI21683\wx._windows_.pyd
2013-10-27 10:02 - 2013-10-27 10:02 - 01062400 _____ () C:\Users\Shravan\AppData\Local\Temp\_MEI21683\wx._controls_.pyd
2013-10-27 10:02 - 2013-10-27 10:02 - 00735232 _____ () C:\Users\Shravan\AppData\Local\Temp\_MEI21683\wx._misc_.pyd
2013-10-27 10:02 - 2013-10-27 10:02 - 00128512 _____ () C:\Users\Shravan\AppData\Local\Temp\_MEI21683\_elementtree.pyd
2013-10-27 10:02 - 2013-10-27 10:02 - 00127488 _____ () C:\Users\Shravan\AppData\Local\Temp\_MEI21683\pyexpat.pyd
2013-10-27 10:02 - 2013-10-27 10:02 - 00557056 _____ () C:\Users\Shravan\AppData\Local\Temp\_MEI21683\pysqlite2._sqlite.pyd
2013-10-27 10:02 - 2013-10-27 10:02 - 00087040 _____ () C:\Users\Shravan\AppData\Local\Temp\_MEI21683\_ctypes.pyd
2013-10-27 10:02 - 2013-10-27 10:02 - 00119808 _____ () C:\Users\Shravan\AppData\Local\Temp\_MEI21683\win32file.pyd
2013-10-27 10:02 - 2013-10-27 10:02 - 00108544 _____ () C:\Users\Shravan\AppData\Local\Temp\_MEI21683\win32security.pyd
2013-10-27 10:02 - 2013-10-27 10:02 - 00018432 _____ () C:\Users\Shravan\AppData\Local\Temp\_MEI21683\win32event.pyd
2013-10-27 10:02 - 2013-10-27 10:02 - 00038912 _____ () C:\Users\Shravan\AppData\Local\Temp\_MEI21683\win32inet.pyd
2013-10-27 10:02 - 2013-10-27 10:02 - 00122368 _____ () C:\Users\Shravan\AppData\Local\Temp\_MEI21683\wx._wizard.pyd
2013-10-27 10:02 - 2013-10-27 10:02 - 00686080 _____ () C:\Users\Shravan\AppData\Local\Temp\_MEI21683\unicodedata.pyd
2013-10-27 10:02 - 2013-10-27 10:02 - 00026624 _____ () C:\Users\Shravan\AppData\Local\Temp\_MEI21683\_multiprocessing.pyd
2013-10-27 10:02 - 2013-10-27 10:02 - 00070656 _____ () C:\Users\Shravan\AppData\Local\Temp\_MEI21683\wx._html2.pyd
2013-10-27 10:02 - 2013-10-27 10:02 - 00010240 _____ () C:\Users\Shravan\AppData\Local\Temp\_MEI21683\select.pyd
2013-10-27 10:02 - 2013-10-27 10:02 - 00025600 _____ () C:\Users\Shravan\AppData\Local\Temp\_MEI21683\win32pdh.pyd
2013-10-27 10:02 - 2013-10-27 10:02 - 00504832 _____ () C:\Users\Shravan\AppData\Local\Temp\_MEI21683\windows._cacheinvalidation.pyd
2013-10-27 10:02 - 2013-10-27 10:02 - 00011264 _____ () C:\Users\Shravan\AppData\Local\Temp\_MEI21683\win32crypt.pyd
2013-10-27 10:02 - 2013-10-27 10:02 - 00035840 _____ () C:\Users\Shravan\AppData\Local\Temp\_MEI21683\win32process.pyd
2013-10-27 10:02 - 2013-10-27 10:02 - 00017408 _____ () C:\Users\Shravan\AppData\Local\Temp\_MEI21683\win32profile.pyd
2013-10-27 10:02 - 2013-10-27 10:02 - 00022528 _____ () C:\Users\Shravan\AppData\Local\Temp\_MEI21683\win32ts.pyd
2013-10-16 07:02 - 2013-10-09 05:31 - 00698832 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
2013-10-16 07:02 - 2013-10-09 05:31 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll
2013-10-16 07:02 - 2013-10-09 05:32 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
2013-10-16 07:02 - 2013-10-09 05:32 - 00415184 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
2013-10-16 07:02 - 2013-10-09 05:31 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Windows:AstInfo
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/27/2013 06:14:35 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (10/26/2013 06:18:45 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (10/25/2013 03:30:29 PM) (Source: Application Error) (User: )
Description: Faulting application name: Now.exe, version: 1.8.4.3, time stamp: 0x5119e684
Faulting module name: Now.exe, version: 1.8.4.3, time stamp: 0x5119e684
Exception code: 0xc0000005
Fault offset: 0x0000685b
Faulting process id: 0xf48
Faulting application start time: 0xNow.exe0
Faulting application path: Now.exe1
Faulting module path: Now.exe2
Report Id: Now.exe3
 
Error: (10/25/2013 01:39:55 PM) (Source: Application Hang) (User: )
Description: The program Now.exe version 1.8.4.3 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: f2c
 
Start Time: 01ced14cff51a654
 
Termination Time: 96
 
Application Path: C:\Program Files\NOW\Now.exe
 
Report Id: c901869b-3d4c-11e3-a617-bcaec5475977
 
Error: (10/25/2013 09:02:13 AM) (Source: Application Error) (User: )
Description: Faulting application name: Now.exe, version: 1.8.4.3, time stamp: 0x5119e684
Faulting module name: Now.exe, version: 1.8.4.3, time stamp: 0x5119e684
Exception code: 0xc0000005
Fault offset: 0x0000685b
Faulting process id: 0xc3c
Faulting application start time: 0xNow.exe0
Faulting application path: Now.exe1
Faulting module path: Now.exe2
Report Id: Now.exe3
 
Error: (10/25/2013 08:15:48 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (10/25/2013 05:02:41 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (10/23/2013 05:52:50 PM) (Source: PerfNet) (User: )
Description: 
 
Error: (10/20/2013 07:48:47 AM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.16720 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 163c
 
Start Time: 01cecd3aa2a0caa3
 
Termination Time: 11
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id:
 
Error: (10/19/2013 01:17:15 PM) (Source: PerfNet) (User: )
Description: 
 
 
System errors:
=============
Error: (10/27/2013 10:04:07 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (10/27/2013 09:58:02 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (10/27/2013 06:35:55 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (10/27/2013 05:10:42 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (10/26/2013 05:20:57 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (10/26/2013 05:47:20 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (10/25/2013 05:08:13 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (10/25/2013 06:08:06 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (10/25/2013 06:04:52 AM) (Source: Service Control Manager) (User: )
Description: The Advanced SystemCare Service 6 service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/25/2013 04:57:17 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
 
Microsoft Office Sessions:
=========================
Error: (10/27/2013 06:14:35 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (10/26/2013 06:18:45 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (10/25/2013 03:30:29 PM) (Source: Application Error)(User: )
Description: Now.exe1.8.4.35119e684Now.exe1.8.4.35119e684c00000050000685bf4801ced1599ab32b0cC:\Program Files\NOW\Now.exeC:\Program Files\NOW\Now.exe46b778fa-3d5c-11e3-a617-bcaec5475977
 
Error: (10/25/2013 01:39:55 PM) (Source: Application Hang)(User: )
Description: Now.exe1.8.4.3f2c01ced14cff51a65496C:\Program Files\NOW\Now.exec901869b-3d4c-11e3-a617-bcaec5475977
 
Error: (10/25/2013 09:02:13 AM) (Source: Application Error)(User: )
Description: Now.exe1.8.4.35119e684Now.exe1.8.4.35119e684c00000050000685bc3c01ced131fec05252C:\Program Files\NOW\Now.exeC:\Program Files\NOW\Now.exe094c8920-3d26-11e3-a617-bcaec5475977
 
Error: (10/25/2013 08:15:48 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (10/25/2013 05:02:41 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 
Error: (10/23/2013 05:52:50 PM) (Source: PerfNet)(User: )
Description: 
 
Error: (10/20/2013 07:48:47 AM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.16720163c01cecd3aa2a0caa311C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Error: (10/19/2013 01:17:15 PM) (Source: PerfNet)(User: )
Description: 
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 28%
Total physical RAM: 8190.18 MB
Available physical RAM: 5885.8 MB
Total Pagefile: 16378.53 MB
Available Pagefile: 13989.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (New Volume) (Fixed) (Total:270.45 GB) (Free:197.73 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:195.31 GB) (Free:187.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (KINGSTON) (Removable) (Total:0.93 GB) (Free:0.93 GB) FAT32
Drive f: (New Volume) (Fixed) (Total:232.88 GB) (Free:89.49 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 5D3CE1AD)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 069EBFDC)
Partition 1: (Not Active) - (Size=270 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=195 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 954 MB) (Disk ID: 000C1A25)
Partition 1: (Active) - (Size=953 MB) - (Type=0B)
 
==================== End Of Log ============================
 
 
I have followed all your instructions
I have pasted all the outputs
 
Thanks for helping
 


#4 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:11:02 PM

Posted 29 October 2013 - 03:10 PM

Please run CKScanner (below), and post its result in your reply:

 

CKScanner download:

http://downloads.malwareremoval.com/CKScanner.exe

Important: - Save it to the Desktop

Double-click CKScanner.exe, then, click: Search For Files

 
When a list appears, click: Save List To File

A message box verifies the file saved.

 

Double-click the CKFiles.txt on your Desktop, and provide its contents in your reply.


Old duck...


#5 Newbie1011

Newbie1011
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 29 October 2013 - 08:29 PM

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\users\shravan\desktop\rahul folder\age of empires 2 - orginal 2.0a update and crack\age2upa.exe
c:\users\shravan\desktop\rahul folder\age of empires 2 - orginal 2.0a update and crack\aoe2v2.0a.zip
c:\users\shravan\desktop\rahul folder\age of empires 2 - orginal 2.0a update and crack\file_id.diz
c:\users\shravan\desktop\rahul folder\age of empires 2 - orginal 2.0a update and crack\tnt[crack!team].nfo
c:\users\shravan\desktop\rahul folder\aoe\new folder\crack\age2_x1.exe
c:\users\shravan\desktop\rahul folder\crack\age2_x1.exe
c:\users\shravan\favorites\rk\crack the interview - what is compaction (www.cracktheinterview.com).url
c:\users\shravan\favorites\rk\bit !!!\cat\useful links crackzo.url
c:\users\shravan\favorites\rk\micro\edraw crack serial keygen torrent free full version warez download rapidshare.url
c:\users\shravan\favorites\rk\micro\edraw free full warez download, edraw crack, serial, keygen, no cd, rapidshare, free.url
scanner sequence 3.DF.11.LSAPGZ
 ----- EOF ----- 
 
Thanks for helping

Edited by Newbie1011, 29 October 2013 - 08:30 PM.


#6 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:11:02 PM

Posted 30 October 2013 - 10:16 AM

The CKFiles report detects cracked software on the computer.

Besides being illegal, cracked software is a prime source for infecting your system, as malware authors prey on users looking to circumvent software protection mechanisms.

This forum, as well as other reputable malware removal forums, do not support the use of illegal software, as our help may be construed as aiding copyright violations. Therefore, if you wish to receive my help, you must remove all cracked software from the computer.

When done removing the cracked software, run CKScanner once again, and post the new CKFiles.txt in your reply.

Old duck...


#7 Newbie1011

Newbie1011
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 30 October 2013 - 09:03 PM

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\users\shravan\favorites\rk\crack the interview - what is compaction (www.cracktheinterview.com).url
c:\users\shravan\favorites\rk\bit !!!\cat\useful links crackzo.url
scanner sequence 3.LB.11.GEAADA
 ----- EOF ----- 
 
Hi 
 
My friends use this computer and they may have installed those files
I think the above files are nor cracked software
Please let m e know if they also have to be removed
 
Thanks for helping


#8 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:11:02 PM

Posted 01 November 2013 - 06:59 PM

E:\ -> Removable drive # 952 Mb (950 Mb free - 100%) [KINGSTON] # FAT32[/color

The USBFix Research report does not show that the above removable drive was connected.

Will you connect the removable drive and run USBFix, Research once again?

Edited by Aaflac, 01 November 2013 - 07:01 PM.

Old duck...


#9 Newbie1011

Newbie1011
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 01 November 2013 - 07:09 PM

############################## | UsbFix V 7.145 | [Research]
 
User: Shravan (Administrator) # SHRAVAN-PC
Updated 17/10/2013 by El Desaparecido - Team SosVirus
Started at 05:33:50 | 02/11/2013
 
 
PC: ASUSTeK Computer INC. (Crosshair IV Formula)
CPU: AMD Athlon™ II X4 620 Processor
RAM -> [Total : 8190 | Free : 5911]
Bios: American Megatrends Inc.
Boot: Normal boot
 
OS: Microsoft Windows 7 Ultimate  (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16721
 
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Avira Desktop [Enabled | Updated]
FW: Windows FireWall Service [Enabled]
 
C:\ (%systemdrive%) -> Fixed drive # 270 Gb (195 Mb free - 72%) [New Volume] # NTFS
D:\ -> Fixed drive # 195 Gb (187 Mb free - 96%) [New Volume] # NTFS
E:\ -> Removable drive # 952 Mb (950 Mb free - 100%) [KINGSTON] # FAT32
F:\ -> Fixed drive # 233 Gb (89 Mb free - 38%) [New Volume] # NTFS
 
################## | Active Processes |
 
C:\Windows\system32\csrss.exe (ID 388 |ParentID 380)
C:\Windows\system32\wininit.exe (ID 460 |ParentID 380)
C:\Windows\system32\csrss.exe (ID 496 |ParentID 476)
C:\Windows\system32\services.exe (ID 520 |ParentID 460)
C:\Windows\system32\lsass.exe (ID 536 |ParentID 460)
C:\Windows\system32\lsm.exe (ID 544 |ParentID 460)
C:\Windows\system32\svchost.exe (ID 664 |ParentID 520)
C:\Windows\system32\winlogon.exe (ID 684 |ParentID 476)
C:\Windows\system32\svchost.exe (ID 784 |ParentID 520)
C:\Windows\system32\atiesrxx.exe (ID 852 |ParentID 520)
C:\Windows\System32\svchost.exe (ID 908 |ParentID 520)
C:\Windows\System32\svchost.exe (ID 944 |ParentID 520)
C:\Windows\system32\svchost.exe (ID 984 |ParentID 520)
C:\Windows\system32\svchost.exe (ID 1008 |ParentID 520)
C:\Windows\system32\svchost.exe (ID 604 |ParentID 520)
C:\Windows\system32\svchost.exe (ID 1060 |ParentID 520)
C:\Windows\System32\spoolsv.exe (ID 1180 |ParentID 520)
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (ID 1212 |ParentID 520)
C:\Windows\system32\svchost.exe (ID 1232 |ParentID 520)
C:\Windows\system32\atieclxx.exe (ID 1388 |ParentID 852)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID 1464 |ParentID 520)
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (ID 1504 |ParentID 520)
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (ID 1560 |ParentID 520)
C:\Windows\SysWOW64\AstSrv.exe (ID 1596 |ParentID 520)
C:\Windows\system32\taskhost.exe (ID 1644 |ParentID 520)
C:\Windows\system32\Dwm.exe (ID 1796 |ParentID 944)
C:\Windows\Explorer.EXE (ID 1836 |ParentID 1760)
C:\Windows\system32\svchost.exe (ID 1980 |ParentID 520)
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (ID 2036 |ParentID 520)
C:\Program Files\Microsoft LifeCam\MSCamS64.exe (ID 1880 |ParentID 520)
C:\Program Files (x86)\Google\Drive\googledrivesync.exe (ID 1132 |ParentID 1836)
C:\Users\Shravan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (ID 1460 |ParentID 1836)
C:\Users\Shravan\AppData\Local\Viber\Viber.exe (ID 1540 |ParentID 1836)
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (ID 1688 |ParentID 1836)
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (ID 2140 |ParentID 2112)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID 2680 |ParentID 2112)
C:\Program Files (x86)\Google\Drive\googledrivesync.exe (ID 1740 |ParentID 1132)
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (ID 2660 |ParentID 520)
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (ID 2832 |ParentID 1560)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID 2892 |ParentID 520)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID 2132 |ParentID 2892)
C:\Windows\system32\SearchIndexer.exe (ID 3164 |ParentID 520)
C:\Windows\sysWOW64\wbem\wmiprvse.exe (ID 3244 |ParentID 664)
C:\Windows\system32\svchost.exe (ID 3548 |ParentID 520)
C:\Windows\system32\wbem\wmiprvse.exe (ID 3916 |ParentID 664)
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (ID 3488 |ParentID 1836)
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (ID 2076 |ParentID 664)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID 3340 |ParentID 520)
C:\Windows\servicing\TrustedInstaller.exe (ID 3528 |ParentID 520)
C:\Windows\system32\taskeng.exe (ID 4248 |ParentID 1008)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 2804 |ParentID 1836)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 2488 |ParentID 2804)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 4112 |ParentID 2804)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 3816 |ParentID 2804)
C:\Windows\system32\SearchFilterHost.exe (ID 4580 |ParentID 3164)
C:\Windows\system32\SearchProtocolHost.exe (ID 4136 |ParentID 3164)
C:\Windows\system32\svchost.exe (ID 5016 |ParentID 520)
C:\Windows\System32\WUDFHost.exe (ID 5040 |ParentID 944)
C:\UsbFix\Go.exe (ID 3940 |ParentID 5116)
C:\Windows\system32\wbem\wmiprvse.exe (ID 3876 |ParentID 664)
 
################## | Regedit Run |
 
HKLM\SOFTWARE | Run : [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE\wow6432Node | Run : [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | RunOnce : [] - 
HKLM\SOFTWARE\wow6432Node | RunOnce : [] - 
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-950273752-2326613030-74709175-1000\SOFTWARE | Run : [GoogleDriveSync] - "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-950273752-2326613030-74709175-1000\SOFTWARE | Run : [SkyDrive] - "C:\Users\Shravan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
HKU\S-1-5-21-950273752-2326613030-74709175-1000\SOFTWARE | Run : [Viber] - "C:\Users\Shravan\AppData\Local\Viber\Viber.exe" StartMinimized
HKU\S-1-5-21-950273752-2326613030-74709175-1000\SOFTWARE | Run : [KSS] - "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
 
################## | Files # Infected Folders |
 
 
################## | Registry |
 
 
 
################## | Vaccin |
 
(!) This computer is not vaccinated!
 
################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |
 
Thanks for helping


#10 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:11:02 PM

Posted 01 November 2013 - 08:10 PM

It appears there is nothing on that removable drive.

 

Is that the case?


Old duck...


#11 Newbie1011

Newbie1011
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 01 November 2013 - 08:23 PM

No.

There are several files on that pendrive.

However, I did not open the folders even though I got the prompt from windows when i inserted the drive in the USB Port

Shall I view the folders in the file before running the check ?

Thanks for advising


Edited by Newbie1011, 01 November 2013 - 08:24 PM.


#12 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:11:02 PM

Posted 01 November 2013 - 08:56 PM

Let's try the following...

 

Please press the Windows key and the R key at the same time for the Run prompt to appear.

In the Run prompt, type the following in the Open area, and press Enter: cmd

 

When the Command Prompt opens, copy/paste (with the mouse) the following, and press: Enter

 

attrib -h -s -r -a /s /d E:\*.*

 

(Make sure the removable drive is still in the same port!)

 

 

Now, please run USBFix once again

Press: Research

When done, the program closes on its own, and a report appears.

 

>> Please post the new UsbFix.txt (Research) report in your reply.

 


 


Old duck...


#13 Newbie1011

Newbie1011
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 02 November 2013 - 02:51 AM

############################## | UsbFix V 7.145 | [Research]
 
User: Shravan (Administrator) # SHRAVAN-PC
Updated 17/10/2013 by El Desaparecido - Team SosVirus
Started at 13:15:39 | 02/11/2013
 
 
PC: ASUSTeK Computer INC. (Crosshair IV Formula)
CPU: AMD Athlon™ II X4 620 Processor
RAM -> [Total : 8190 | Free : 6365]
Bios: American Megatrends Inc.
Boot: Normal boot
 
OS: Microsoft Windows 7 Ultimate  (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16721
 
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Avira Desktop [Enabled | Updated]
FW: Windows FireWall Service [Enabled]
 
C:\ (%systemdrive%) -> Fixed drive # 270 Gb (195 Mb free - 72%) [New Volume] # NTFS
D:\ -> Fixed drive # 195 Gb (187 Mb free - 96%) [New Volume] # NTFS
E:\ -> Removable drive # 952 Mb (950 Mb free - 100%) [KINGSTON] # FAT32
F:\ -> Fixed drive # 233 Gb (89 Mb free - 38%) [New Volume] # NTFS
 
################## | Active Processes |
 
C:\Windows\system32\csrss.exe (ID 388 |ParentID 380)
C:\Windows\system32\wininit.exe (ID 460 |ParentID 380)
C:\Windows\system32\csrss.exe (ID 496 |ParentID 476)
C:\Windows\system32\services.exe (ID 520 |ParentID 460)
C:\Windows\system32\lsass.exe (ID 536 |ParentID 460)
C:\Windows\system32\lsm.exe (ID 544 |ParentID 460)
C:\Windows\system32\svchost.exe (ID 664 |ParentID 520)
C:\Windows\system32\winlogon.exe (ID 684 |ParentID 476)
C:\Windows\system32\svchost.exe (ID 780 |ParentID 520)
C:\Windows\system32\atiesrxx.exe (ID 848 |ParentID 520)
C:\Windows\System32\svchost.exe (ID 916 |ParentID 520)
C:\Windows\System32\svchost.exe (ID 956 |ParentID 520)
C:\Windows\system32\svchost.exe (ID 996 |ParentID 520)
C:\Windows\system32\svchost.exe (ID 1020 |ParentID 520)
C:\Windows\system32\svchost.exe (ID 340 |ParentID 520)
C:\Windows\system32\svchost.exe (ID 1064 |ParentID 520)
C:\Windows\System32\spoolsv.exe (ID 1184 |ParentID 520)
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (ID 1216 |ParentID 520)
C:\Windows\system32\svchost.exe (ID 1236 |ParentID 520)
C:\Windows\system32\atieclxx.exe (ID 1392 |ParentID 848)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID 1476 |ParentID 520)
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (ID 1540 |ParentID 520)
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (ID 1564 |ParentID 520)
C:\Windows\system32\taskhost.exe (ID 1636 |ParentID 520)
C:\Windows\SysWOW64\AstSrv.exe (ID 1668 |ParentID 520)
C:\Windows\system32\Dwm.exe (ID 1760 |ParentID 956)
C:\Windows\Explorer.EXE (ID 1808 |ParentID 1748)
C:\Windows\system32\svchost.exe (ID 1980 |ParentID 520)
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (ID 1412 |ParentID 520)
C:\Program Files\Microsoft LifeCam\MSCamS64.exe (ID 972 |ParentID 520)
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (ID 1524 |ParentID 520)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID 2132 |ParentID 520)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID 2260 |ParentID 2132)
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (ID 2752 |ParentID 1564)
C:\Windows\system32\svchost.exe (ID 2992 |ParentID 520)
C:\Program Files (x86)\Google\Drive\googledrivesync.exe (ID 1912 |ParentID 1808)
C:\Users\Shravan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (ID 1832 |ParentID 1808)
C:\Users\Shravan\AppData\Local\Viber\Viber.exe (ID 1748 |ParentID 1808)
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (ID 2528 |ParentID 1808)
C:\Program Files (x86)\Google\Drive\googledrivesync.exe (ID 2392 |ParentID 1912)
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (ID 1356 |ParentID 2516)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID 2660 |ParentID 2516)
C:\Windows\system32\SearchIndexer.exe (ID 2940 |ParentID 520)
C:\Windows\sysWOW64\wbem\wmiprvse.exe (ID 3224 |ParentID 664)
C:\Windows\system32\wbem\wmiprvse.exe (ID 3532 |ParentID 664)
C:\Windows\system32\sppsvc.exe (ID 3056 |ParentID 520)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID 2268 |ParentID 520)
C:\Windows\system32\wbem\WmiApSrv.exe (ID 2420 |ParentID 520)
C:\UsbFix\Go.exe (ID 2524 |ParentID 3956)
C:\Windows\system32\wbem\wmiprvse.exe (ID 2736 |ParentID 664)
C:\Windows\system32\svchost.exe (ID 2296 |ParentID 520)
C:\Windows\System32\WUDFHost.exe (ID 3552 |ParentID 956)
 
################## | Regedit Run |
 
HKLM\SOFTWARE | Run : [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE\wow6432Node | Run : [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | RunOnce : [] - 
HKLM\SOFTWARE\wow6432Node | RunOnce : [] - 
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-950273752-2326613030-74709175-1000\SOFTWARE | Run : [GoogleDriveSync] - "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-950273752-2326613030-74709175-1000\SOFTWARE | Run : [SkyDrive] - "C:\Users\Shravan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
HKU\S-1-5-21-950273752-2326613030-74709175-1000\SOFTWARE | Run : [Viber] - "C:\Users\Shravan\AppData\Local\Viber\Viber.exe" StartMinimized
HKU\S-1-5-21-950273752-2326613030-74709175-1000\SOFTWARE | Run : [KSS] - "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
 
################## | Files # Infected Folders |
 
 
################## | Registry |
 
 
 
################## | Vaccin |
 
(!) This computer is not vaccinated!
 
################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |
 
 
Thanks for helping


#14 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:11:02 PM

Posted 02 November 2013 - 07:42 PM

Strange. The drive is not read, but it is listed:

E:\ -> Removable drive # 952 Mb (950 Mb free - 100%) [KINGSTON] # FAT32

 

It is also shown as 100% free????  :scratchhead:

 

Let's check the removable drive's status...

 

Please connect the removable USB drive.

 

Go to Start > Computer
Right-click on Computer, and select: Manage

A Computer Management window appears.
On the left panel, select: Disk Management

 

A panel displaying the physical drives and partitions appears.
MaximIze it by pressing the square on the upper right of the screen.

 

Please use the Snipping Tool, and provide an image in your reply:
http://www.vistax64.com/tutorials/148532-how-use-snipping-tool-vista.html
(Also applies to Windows 7)


Old duck...


#15 Newbie1011

Newbie1011
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 03 November 2013 - 11:56 PM

 Before i do that, I just wanted to give you some info

I can now see 2 folders in my pendrive, which i could not see earlier

They are both empty but the contents may have been deleted by the various anti virus which i have run on your recommendations

The folders are

 

balerina

obala_je_stvarno

 

Also when I run your recommended program #12, the computer asks if I should allow the files in Drive E to be viewed.

I say no.

Shall I allow it ?

 

Shall i still run the recommendations in #14 or shall I run #12( with allow files to be viewed ) again ?

 

 

 

Thanks for helping


Edited by Newbie1011, 04 November 2013 - 12:00 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users