Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Potentially Infected by TDSS


  • This topic is locked This topic is locked
14 replies to this topic

#1 AEonAX

AEonAX

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:27 AM

Posted 25 December 2013 - 06:44 AM

Symptoms seen:

  1. Opening of sites unrelated to clicked search result: 2-3 times
  2. BSOD on heavy use on boot 2 times. (Starting chrome as well as opening other application causes SYSTEM SERVICE EXCEPTION)
  3. tdsskiller showing sptd.sys blocked/suspicious behavior 2 times then not after.
  4. PPrL8Tg.jpg   See the mouseoverlink in chrome(suspicious) as well as gmer result.

Actions Taken:

  1. Searched the net and found connection to tdss so scanned using tdsskiller. sptd.sys found suspicious. 
  2. Ran quick scan of MBAM and fixed some problems.
  3. defogged (disabled emulations)
  4. Ran tdsskiller again no suspicious files found.
  5. Ran GMER.
  6. Disabled McAfee, Ran dds.

System Info:

Win7 SP1 and Linux MInt 14 Dual boot, both x64

4 GB ram, 250GB HDD, 1 DVD-RW drive.

Win7:UAC enabled, 2 user accounts: admin and standard. Standard account used always, admin task performed through UAC prompt.. 

 

Read forum and it seems to require guidance from MRT member for tdss removal.

worried after reading this http://www.bleepingcomputer.com/forums/t/461250/tdsskiller-deleted-deviceharddisk0dr0-and-now-operating-system-wont-boot/

Please help. Thank You.

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,729 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:57 PM

Posted 30 December 2013 - 06:45 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/518565 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 AEonAX

AEonAX
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:27 AM

Posted 30 December 2013 - 07:23 AM

Attached latest logs.

Gmerr still showing 

Disk  \Device\Harddisk0\DR0  unknown MBR code

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:57 PM

Posted 30 December 2013 - 08:26 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Lets check your MBR with this tool.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Note: You may be asked if you want to download Avast Free Antivirus I suggest you deny this download unless you do not have any Antivirus protection on the computer.
===

Download correct tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please post the logs for my review. Do not attach them.

Let me know what type of issues you have having with this computer.

#5 AEonAX

AEonAX
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:27 AM

Posted 30 December 2013 - 08:36 AM

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-12-30 19:02:52
-----------------------------
19:02:52.279    OS Version: Windows x64 6.1.7601 Service Pack 1
19:02:52.279    Number of processors: 4 586 0x2505
19:02:52.280    ComputerName: XEON-NB  UserName: AEonAX
19:02:55.226    Initialize success
19:03:10.636    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\000000b1
19:03:10.637    Disk 0 Vendor: ATA_____ HPM1 Size: 238475MB BusType: 11
19:03:10.743    Disk 0 MBR read successfully
19:03:10.746    Disk 0 MBR scan
19:03:10.748    Disk 0 unknown MBR code
19:03:10.751    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
19:03:10.755    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        80374 MB offset 206848
19:03:10.777    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        96460 MB offset 290840760
19:03:10.780    Disk 0 Partition - 00     0F Extended LBA             61536 MB offset 164814846
19:03:10.806    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS        46163 MB offset 196298298
19:03:10.809    Disk 0 Partition - 00     05     Extended             14540 MB offset 164814847
19:03:10.813    Disk 0 Partition 5 00     83        Linux             14540 MB offset 164814848
19:03:10.816    Disk 0 Partition - 00     05     Extended               831 MB offset 194594146
19:03:10.831    Disk 0 Partition 6 00     82   Linux swap               831 MB offset 194594816
19:03:10.887    Disk 0 scanning C:\Windows\system32\drivers
19:03:20.100    Service scanning
19:03:40.614    Modules scanning
19:03:40.620    Disk 0 trace - called modules:
19:03:40.641    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys hal.dll iaStorA.sys 
19:03:40.646    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d11060]
19:03:40.650    3 CLASSPNP.SYS[fffff88000fcc43f] -> nt!IofCallDriver -> [0xfffffa8004b31a90]
19:03:40.655    5 iaStorF.sys[fffff88001df1a2c] -> nt!IofCallDriver -> \Device\000000b1[0xfffffa80049cd3b0]
19:03:40.660    Scan finished successfully
19:04:13.395    Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\Virusrem\MBR.dat"
19:04:13.400    The log file has been saved successfully to "C:\Users\User\Desktop\Virusrem\aswMBR.txt"
 
 
 
frst scan in progress


#6 AEonAX

AEonAX
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:27 AM

Posted 30 December 2013 - 08:39 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-12-2013 01
Ran by AEonAX (administrator) on XEON-NB on 30-12-2013 19:04:52
Running from C:\Users\User\Desktop\Virusrem
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
() G:\Program Files (x86)\WinArchiver Virtual Drive\WAService.exe
(COMODO) G:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() G:\Program Files\COMODO\COMODO Programs Manager\CPMservice.exe
() G:\Downloads\Everything-1.3.3.658b.x64\Everything.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(TuneUp Software) G:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
(Josip Medved) G:\Program Files\VHD Attach\VhdAttachService.exe
(TuneUp Software) G:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() G:\Downloads\Everything-1.3.3.658b.x64\Everything.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Tonec Inc.) G:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Orbitdownloader.com) G:\Program Files (x86)\Orbitdownloader\orbitdm.exe
() G:\xampp\htdocs\Xtras\beep.exe
(Orbitdownloader.com) G:\Program Files (x86)\Orbitdownloader\orbitnet.exe
(eLitecore Technologies Ltd.) G:\Downloads\24online\CyberoamClient.exe
(Internet Download Manager, Tonec Inc.) G:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
() C:\Program Files\AutoHotkey\AutoHotkey.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSM\McSmtFwk.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
() G:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2281256 2010-09-13] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)
HKLM\...\Run: [Everything] - G:\Downloads\Everything-1.3.3.658b.x64\Everything.exe [1357824 2013-06-26] ()
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641664 2012-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-02-20] ()
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Command Processor:  <======= ATTENTION
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKCU\...\Policies\Explorer: [NoDrives] 0x00000000
MountPoints2: {255eee91-075a-11e0-ba22-3c4a924adfd2} - I:\LGAutoRun.exe
MountPoints2: {3ea918de-10d3-11e0-bb7e-005056c00008} - H:\setup.exe
HKU\Guest\...\Run: [SandboxieControl] - "G:\Program Files\Sandboxie\SbieCtrl.exe"
HKU\Guest\...\Run: [Wakoopa] - C:\Users\Guest\AppData\Local\Wakoopa\Wakoopa.exe
HKU\Guest\...\Command Processor:  <===== ATTENTION!
HKU\Sumant\...\Run: [Wakoopa] - g:\Program Files (x86)\Wakoopa\Wakoopa.exe
HKU\Sumant\...\Run: [SandboxieControl] - "G:\Program Files\Sandboxie\SbieCtrl.exe"
HKU\Sumant\...\Command Processor:  <===== ATTENTION!
AppInit_DLLs: C:\Windows\System32\guard64.dll [389840 2012-03-12] (COMODO)
AppInit_DLLs-x32:   C:\Windows\SysWOW64\guard32.dll [301224 2012-03-12] (COMODO)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\beep.exe - Shortcut.lnk
ShortcutTarget: beep.exe - Shortcut.lnk -> G:\xampp\htdocs\Xtras\beep.exe ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\everything.ahk - Shortcut.lnk
ShortcutTarget: everything.ahk - Shortcut.lnk -> C:\Users\User\Desktop\scratch\everything.ahk ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StartModem.exe - Shortcut.lnk
ShortcutTarget: StartModem.exe - Shortcut.lnk -> F:\StartModem.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: 127.0.0.1:3128
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - G:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - G:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: HistoryTriggerBHO Class - {21A88CB9-84D2-4020-A2D1-B25A21034884} - G:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics)
BHO-x32: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - G:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - G:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 10 g:\Program Files (x86)\WideCap\widecapdrv.dll [327168] ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{9E60B2F5-827B-499F-A7FA-96C53121011D}: [NameServer]202.179.76.245,202.71.136.67
 
Chrome: 
=======
CHR DefaultSearchKeyword: google.co.in
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Internet Download Manager Plugin) - C:\Users\AEonAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.12.25.1_1\IDMGCExt.dll (Tonec Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Google Update) - C:\Users\AEonAX\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\AEonAX\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll No File
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\AEonAX\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\AEonAX\AppData\Roaming\Mozilla\plugins\npo1d.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\npmcsnffpl.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (Foxit Reader Plugin for Mozilla) - g:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (Picasa) - g:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (VLC Web Plugin) - g:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Extension: (Google Docs) - C:\Users\AEonAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\AEonAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\AEonAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\AEonAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Yahoo! Toolbar for Chrome) - C:\Users\AEonAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag\1.0.0.271_0
CHR Extension: (IDM Integration) - C:\Users\AEonAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.12.25.1_1
CHR Extension: (Google Wallet) - C:\Users\AEonAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\AEonAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - G:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-11] (SUPERAntiSpyware.com)
S3 ANSYS, Inc. License Manager; C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe [3536896 2009-04-14] (ANSYS, Inc.)
S3 BITCOMET_HELPER_SERVICE; G:\Program Files (x86)\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
R2 cmdAgent; G:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2815496 2012-03-12] (COMODO)
S3 CoordinatorServiceHost; G:\Program Files\SolidWorks Corp\SolidWorks (2)\swScheduler\DTSCoordinatorService.exe [89160 2011-09-27] (Dassault Systèmes SolidWorks Corp.)
R2 CPMService; G:\Program Files\COMODO\COMODO Programs Manager\CPMService.exe [116032 2011-09-05] ()
R2 Everything; G:\Downloads\Everything-1.3.3.658b.x64\Everything.exe [1357824 2013-06-26] ()
S3 FLEXnet License Server; C:\flexlm\lmgrd.exe [1377104 2010-06-18] (Flexera Software, Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-09-24] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025232 2013-11-26] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-11-04] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-11-04] (McAfee, Inc.)
S3 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
S3 OpenVPNService; g:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [190976 2013-01-20] ()
S3 Remote Solver for Flow Simulation 2012; G:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [109624 2011-08-17] (Mentor Graphics Corporation)
S3 SkypeUpdate; G:\Program Files (x86)\Skype\Updater\Updater.exe [161536 2013-01-08] (Skype Technologies)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
S3 Squid; C:\squid\sbin\squid.exe [1114112 2010-03-13] (SQUID Web Proxy Cache - http://www.squid-cache.org/)
S3 TeamViewer8; g:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [3560288 2013-03-06] (TeamViewer GmbH)
S3 TuneUp.Defrag; G:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607048 2012-02-13] (TuneUp Software)
R2 TuneUp.UtilitiesSvc; G:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1401672 2010-04-19] (TuneUp Software)
S3 TunngleService; g:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
R2 VhdAttach; g:\Program Files\VHD Attach\VhdAttachService.exe [276376 2013-05-12] (Josip Medved)
S3 BBDemon; "g:\Program Files (x86)\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe" -service [x]
S2 Crypkey License; crypserv.exe [x]
S3 FolderSize; "G:\Program Files\FolderSize\FolderSizeSvc.exe" [x]
S3 metasploitPostgreSQL; G:/metasploit/postgresql/bin/pg_ctl.exe runservice -N "metasploitPostgreSQL" -D "G:/metasploit/postgresql/data" [x]
S3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [x]
 
==================== Drivers (Whitelisted) ====================
 
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-12-17] ()
S1 BOHCI; No ImagePath
R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [23944 2010-04-06] (IVT Corporation.)
S3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [30088 2010-04-06] ()
S1 BUHCI; No ImagePath
S1 BUSBD; No ImagePath
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-11-04] (McAfee, Inc.)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [577824 2012-03-12] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [43248 2012-03-12] (COMODO)
R1 CSN5PDTS82x64; C:\Windows\System32\Drivers\CSN5PDTS82x64.sys [34840 2012-10-24] (Colasoft Co., Ltd.)
R0 cumon; C:\Windows\System32\drivers\cumon.sys [205512 2011-09-05] (Windows ® Win 7 DDK provider)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2010-07-15] ()
S3 epmntdrv; C:\Windows\SysWow64\epmntdrv.sys [14216 2010-07-15] ()
R4 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [42888 2011-04-22] ()
R4 EUDISK; C:\Windows\system32\drivers\eudisk.sys [193928 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd)
R4 EUFS; C:\Windows\System32\drivers\eufs.sys [26504 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd)
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2010-07-15] ()
S3 EuGdiDrv; C:\Windows\SysWow64\EuGdiDrv.sys [8456 2010-07-15] ()
R0 Evdd; C:\Windows\System32\drivers\evdd.sys [19568 2011-09-05] ()
S3 FlashUSB; C:\Windows\System32\DRIVERS\FlashUSB_x64.sys [19968 2010-05-12] (Danish Wireless Design A/S)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-22] (Intel Corporation)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [93200 2011-12-19] (COMODO)
R2 IntelHaxm; C:\Windows\System32\DRIVERS\IntelHaxm.sys [89072 2013-03-21] ()
S3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [27016 2010-04-06] (IVT Corporation.)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52832 2012-05-13] (http://libusb-win32.sourceforge.net)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-12-17] ()
R1 LUM; C:\Windows\system32\drivers\LUM.sys [24848 2007-06-05] (IBM)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179792 2013-11-04] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311120 2013-11-04] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519576 2013-11-04] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782360 2013-11-04] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [411944 2013-11-26] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96112 2013-11-26] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343696 2013-11-04] (McAfee, Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R2 NPF; C:\Windows\SysWow64\drivers\npf.sys [30336 2003-04-04] (Politecnico di Torino)
S2 P2k; No ImagePath
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [30336 2007-01-18] (Research in Motion Ltd)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-12-26] (Duplex Secure Ltd.)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R3 TuneUpUtilitiesDrv; G:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2010-02-25] (TuneUp Software)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-19] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-19] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-19] (LG Electronics Inc.)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [117040 2011-12-19] (Oracle Corporation)
S3 vodafone_zte_cdc_acm; C:\Windows\System32\DRIVERS\vodafone_zte_cdc_acm.sys [79872 2011-05-20] (Vodafone)
S3 vodafone_zte_cdc_ecm; C:\Windows\System32\DRIVERS\vodafone_zte_cdc_ecm.sys [58880 2011-05-20] (Vodafone)
S3 vodafone_zte_ecm_enum; C:\Windows\System32\DRIVERS\vodafone_zte_ecm_enum.sys [56320 2011-05-20] (Vodafone)
S3 vodafone_zte_ecm_enum_filter; C:\Windows\System32\DRIVERS\vodafone_zte_ecm_enum_filter.sys [56320 2011-05-20] (Vodafone)
R3 voxaldriver; C:\Windows\System32\DRIVERS\voxaldriverx64.sys [33488 2013-09-08] ()
S3 wdf_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [43128 2011-11-15] (MediaTek Inc.)
S3 zonescreen; C:\Windows\System32\DRIVERS\zsport.sys [12024 2010-10-31] (ZoneOS)
S3 BT; system32\DRIVERS\btnetdrv.sys [x]
S3 BTCOM; system32\DRIVERS\btcomport.sys [x]
S3 BTCOMBUS; System32\Drivers\btcombus.sys [x]
S3 Btcsrusb; System32\Drivers\btcusb.sys [x]
S1 CSN5PDTS82; System32\Drivers\CSN5PDTS82.sys [x]
S2 DS1410D; SYSTEM32\drivers\DS1410D.SYS [x]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 iscFlash; \??\C:\Users\Sumant\AppData\Local\Temp\7zSA321.tmp\iscflashx64.sys [x]
S3 LgBttPort; system32\DRIVERS\lgbtpt64.sys [x]
S3 lgbusenum; system32\DRIVERS\lgbtbs64.sys [x]
S3 LGVMODEM; system32\DRIVERS\lgvmdm64.sys [x]
S1 NetworkX; \SystemRoot\system32\ckldrv.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 VComm; system32\DRIVERS\VComm.sys [x]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
S0 vmci; system32\DRIVERS\vmci.sys [x]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [x]
U3 aswMBR; \??\C:\Users\AEonAX\AppData\Local\Temp\aswMBR.sys [x]
U3 kgddipow; \??\C:\Users\AEonAX\AppData\Local\Temp\kgddipow.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-12-30 19:04 - 2013-12-30 19:04 - 00000000 ____D C:\FRST
2013-12-28 17:14 - 2013-12-28 17:14 - 00000000 ____D C:\ProgramData\Oracle
2013-12-28 17:13 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-28 17:13 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-28 17:13 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-28 17:13 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-28 17:11 - 2013-12-28 17:13 - 00004792 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-12-28 15:41 - 2013-12-28 15:41 - 00000000 ____D C:\Program Files (x86)\Lua
2013-12-28 15:26 - 2013-12-28 15:44 - 00000000 ____D C:\ProgramData\Tunngle
2013-12-28 14:55 - 2013-12-22 04:51 - 00267776 _____ (Just Cause 2: Multiplayer) C:\Users\User\Desktop\JcmpLauncher.exe
2013-12-28 12:03 - 2013-12-28 13:03 - 00002394 _____ C:\Users\User\Desktop\Google Chrome.lnk
2013-12-26 22:55 - 2013-12-26 22:55 - 00045775 _____ C:\Users\User\Downloads\iron.man.three.(2013).eng.1cd.(5148247).zip
2013-12-25 16:53 - 2013-12-30 17:28 - 00031122 _____ C:\Users\AEonAX\Desktop\attach.txt
2013-12-25 16:53 - 2013-12-30 17:28 - 00027852 _____ C:\Users\AEonAX\Desktop\dds.txt
2013-12-25 16:44 - 2013-12-30 17:22 - 00003938 _____ C:\Windows\System32\Tasks\PremeUpdateSilently
2013-12-25 15:47 - 2013-12-30 19:04 - 00000000 ____D C:\Users\User\Desktop\Virusrem
2013-12-25 15:39 - 2013-12-25 15:39 - 00000020 _____ C:\Users\AEonAX\defogger_reenable
2013-12-25 13:11 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-25 13:00 - 2013-12-25 13:00 - 00000000 ____D C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com
2013-12-25 12:58 - 2013-12-25 13:00 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-12-25 12:58 - 2013-12-25 12:58 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-12-25 12:29 - 2013-12-25 12:29 - 00208216 _____ (Kaspersky Lab, GERT) C:\Windows\system32\Drivers\50590544.sys
2013-12-24 23:02 - 2013-12-24 23:02 - 00478475 _____ C:\Users\User\Downloads\bugn_830.zip
2013-12-23 22:16 - 2013-12-23 22:16 - 00649170 _____ C:\Users\User\Downloads\Book 1 - Revelation Space - Alastair Reynolds_70.epub
2013-12-23 20:18 - 2013-12-23 20:18 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft Games
2013-12-23 14:23 - 2013-12-23 14:23 - 00000000 ____D C:\Users\User\AppData\Local\BigHugeEngine
2013-12-23 14:17 - 2013-12-23 14:17 - 00602149 _____ C:\Users\User\Downloads\Kingdoms_of_Amalur_Reckoning_AllVersions_Plus_13_Trainer_Fixed.rar
2013-12-22 11:07 - 2013-12-22 11:08 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CodeBlocks
2013-12-22 11:07 - 2013-12-22 11:07 - 00000803 _____ C:\Users\User\Desktop\CodeBlocks.lnk
2013-12-21 13:59 - 2013-12-21 14:00 - 00002798 _____ C:\Users\User\Downloads\download (3).action
2013-12-20 12:30 - 2013-12-20 12:35 - 00000000 ____D C:\Users\User\AppData\Roaming\CDisplayEx
2013-12-20 12:30 - 2013-12-20 12:30 - 00000000 ____D C:\Program Files\CDisplayEx
2013-12-19 22:11 - 2013-12-25 16:44 - 00000000 ____D C:\Users\AEonAX\AppData\Roaming\Preme for Windows
2013-12-19 22:11 - 2013-12-19 22:11 - 00003648 _____ C:\Windows\System32\Tasks\PremeLogonStart
2013-12-19 22:11 - 2013-12-19 22:11 - 00003516 _____ C:\Windows\System32\Tasks\PremeStartup
2013-12-19 22:11 - 2013-12-19 22:11 - 00000000 ____D C:\Program Files\Preme for Windows
2013-12-19 22:06 - 2013-12-19 22:11 - 00000000 ____D C:\Users\User\AppData\Roaming\Preme for Windows
2013-12-19 20:50 - 2013-12-19 20:50 - 00049675 _____ C:\Users\User\Downloads\The Tomorrow People (US) - 01x09 - Death's Door.LOL.English.HI.C.updated.Addic7ed.com.srt
2013-12-19 20:50 - 2013-12-19 20:50 - 00049231 _____ C:\Users\User\Downloads\The Tomorrow People (US) - 01x08 - Thanatos.LOL.English.C.orig.Addic7ed.com.srt
2013-12-19 19:58 - 2013-12-19 19:58 - 00066592 _____ C:\Users\User\Downloads\White Collar - 05x08 - Digging Deeper.IMMERSE.English.HI.C.orig.Addic7ed.com.srt
2013-12-19 14:41 - 2013-12-19 14:41 - 00003072 _____ C:\Users\User\Downloads\download.action
2013-12-19 14:41 - 2013-12-19 14:41 - 00003072 _____ C:\Users\User\Downloads\download (2).action
2013-12-19 14:41 - 2013-12-19 14:41 - 00003072 _____ C:\Users\User\Downloads\download (1).action
2013-12-19 13:09 - 2013-12-19 13:09 - 00055834 _____ C:\Users\User\Downloads\Almost Human - 01x06 - Arrhythmia.DIMENSION.English.HI.C.updated.Addic7ed.com.srt
2013-12-19 11:14 - 2013-12-25 14:59 - 00791122 _____ C:\Users\User\Documents\stitch_xml
2013-12-17 00:20 - 2013-12-17 00:20 - 00000000 ____D C:\Users\User\AppData\Local\calibre-cache
2013-12-16 23:05 - 2013-12-16 23:05 - 00000000 ____D C:\Users\AEonAX\cr3
2013-12-16 22:47 - 2013-12-23 23:04 - 00000000 ____D C:\Users\User\.cr3
2013-12-16 15:47 - 2013-12-16 15:59 - 00000000 ____D C:\Users\User\Documents\Reus
2013-12-16 15:29 - 2013-12-16 15:29 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2013-12-16 14:58 - 2013-12-16 14:58 - 00977100 _____ C:\Users\User\Downloads\freedom-0.9.8.apk
2013-12-16 13:31 - 2013-12-16 13:32 - 00038964 _____ C:\Users\User\Downloads\ShipData-ShipStats (1).csv
2013-12-16 13:15 - 2013-12-16 13:15 - 00038964 _____ C:\Users\User\Downloads\ShipData-ShipStats.csv
2013-12-14 16:21 - 2013-11-29 17:44 - 00252688 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2013-12-14 16:21 - 2013-11-29 17:43 - 00126736 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2013-12-14 15:52 - 2013-12-14 15:52 - 00000077 _____ C:\wepkeys.txt
2013-12-14 13:38 - 2013-12-14 13:38 - 00000000 ____D C:\Users\User\AppData\Roaming\Cyberoam
2013-12-14 13:37 - 2012-11-05 15:07 - 00118784 _____ () C:\Windows\SysWOW64\NetDiagnosis.dll
2013-12-13 17:32 - 2013-12-13 17:32 - 00024164 _____ C:\Users\User\Downloads\linuxmint-16-cinnamon-dvd-64bit.iso.torrent
2013-12-13 16:57 - 2013-12-13 16:59 - 00000000 ____D C:\Users\User\Google
2013-12-12 20:24 - 2013-12-12 20:24 - 00000000 ____D C:\Users\User\AppData\Roaming\Foxit Software
2013-12-12 19:08 - 2013-12-12 19:08 - 00000000 ____D C:\Users\AEonAX\AppData\Roaming\Foxit Software
2013-12-12 16:49 - 2013-12-12 16:49 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\insight3d
2013-12-11 19:33 - 2013-12-11 19:33 - 00002614 _____ C:\Users\User\Documents\certificate-password.pfx
2013-12-11 00:27 - 2013-12-11 00:28 - 01150733 _____ C:\Users\User\Downloads\Finding_HSV_Ranges.rar
2013-12-07 22:44 - 2013-12-07 22:44 - 00000000 ____D C:\Users\AEonAX\AppData\Roaming\Yahoo!
2013-12-07 22:44 - 2013-12-07 22:44 - 00000000 ____D C:\ProgramData\Yahoo! Companion
2013-12-06 22:35 - 2013-12-06 22:36 - 00064586 _____ C:\Users\User\Downloads\White Collar - 05x07 - Quantico Closure.ASAP.English.HI.C.updated.Addic7ed.com.srt
2013-12-05 20:24 - 2013-12-05 20:24 - 00000218 _____ C:\Users\User\AppData\Local\recently-used.xbel
2013-12-05 16:48 - 2013-12-05 16:51 - 00000000 ____D C:\Users\User\AppData\Roaming\K-Meleon
2013-12-05 16:48 - 2013-12-05 16:48 - 00000000 ____D C:\Users\User\AppData\Local\K-Meleon
2013-12-05 16:40 - 2013-12-05 20:21 - 00000000 ____D C:\Users\User\.gstreamer-0.10
2013-12-05 16:38 - 2013-12-05 20:17 - 00000000 ____D C:\Users\User\AppData\Local\gtk-3.0
2013-12-05 16:33 - 2013-12-05 20:07 - 00000000 ____D C:\Users\User\.dbus-keyrings
2013-12-05 10:21 - 2013-12-05 10:21 - 00000000 ____D C:\Users\User\AppData\Roaming\A's Video Converter
2013-12-05 00:41 - 2013-12-05 00:41 - 00001795 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google App Engine Launcher.lnk
2013-12-05 00:41 - 2013-12-05 00:41 - 00000667 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google App Engine.lnk
2013-12-05 00:23 - 2013-12-05 00:24 - 00029497 _____ C:\Users\User\Downloads\mirrorrr-master.zip
2013-11-30 17:08 - 2013-11-30 17:08 - 00000000 ____D C:\Users\User\AppData\Local\Game Updater
2013-11-30 10:56 - 2013-11-30 10:56 - 00028567 _____ C:\Users\User\Downloads\batman.the.dark.knight.returns.part.2.(2013).eng.1cd.(4774793).zip
2013-11-30 10:56 - 2013-11-30 10:56 - 00024911 _____ C:\Users\User\Downloads\batman.the.dark.knight.returns.part.1.(2012).eng.1cd.(4661109).zip
 
==================== One Month Modified Files and Folders =======
 
2013-12-30 19:04 - 2013-12-30 19:04 - 00000000 ____D C:\FRST
2013-12-30 19:04 - 2013-12-25 15:47 - 00000000 ____D C:\Users\User\Desktop\Virusrem
2013-12-30 19:00 - 2013-11-22 20:01 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{EC271784-1EC1-459C-A950-31EF18BF55E0}
2013-12-30 19:00 - 2011-05-04 21:06 - 00000000 ____D C:\Users\AEonAX\AppData\Roaming\Orbit
2013-12-30 18:56 - 2011-07-30 00:17 - 00000000 ____D C:\Windows\Minidump
2013-12-30 18:38 - 2013-11-25 23:25 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4049519449-927007857-1670598082-1001UA.job
2013-12-30 18:33 - 2010-12-13 11:45 - 00000000 ____D C:\Users\User\.VirtualBox
2013-12-30 18:31 - 2011-07-27 16:53 - 00000000 ____D C:\Users\AEonAX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-12-30 18:29 - 2013-11-04 21:20 - 00000000 ____D C:\Program Files (x86)\Time Stopper
2013-12-30 18:28 - 2013-07-21 00:01 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4049519449-927007857-1670598082-1011UA.job
2013-12-30 18:26 - 2013-09-27 15:18 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2013-12-30 17:35 - 2012-01-30 19:32 - 00000632 __RSH C:\Users\AEonAX\ntuser.pol
2013-12-30 17:35 - 2011-05-04 21:05 - 00000000 ____D C:\Users\AEonAX
2013-12-30 17:28 - 2013-12-25 16:53 - 00031122 _____ C:\Users\AEonAX\Desktop\attach.txt
2013-12-30 17:28 - 2013-12-25 16:53 - 00027852 _____ C:\Users\AEonAX\Desktop\dds.txt
2013-12-30 17:23 - 2013-09-27 01:13 - 00000000 ____D C:\Users\AEonAX\AppData\Local\CrashDumps
2013-12-30 17:22 - 2013-12-25 16:44 - 00003938 _____ C:\Windows\System32\Tasks\PremeUpdateSilently
2013-12-30 13:37 - 2013-02-06 00:14 - 00000000 ____D C:\Users\User\AppData\Roaming\DMCache
2013-12-30 13:35 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\tracing
2013-12-30 10:42 - 2013-05-02 00:07 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
2013-12-30 10:39 - 2012-03-23 20:56 - 00001583 _____ C:\Users\User\Documents\bru.bru
2013-12-30 10:35 - 2009-07-14 10:43 - 00877702 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-30 10:16 - 2009-07-14 10:15 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-30 10:16 - 2009-07-14 10:15 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-30 10:11 - 2010-11-23 08:00 - 01993705 _____ C:\Windows\WindowsUpdate.log
2013-12-30 10:03 - 2011-07-19 17:57 - 00000434 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-12-30 10:02 - 2010-12-12 22:41 - 00000000 ____D C:\Users\User\AppData\Roaming\Orbit
2013-12-30 10:01 - 2013-11-15 17:57 - 00007642 _____ C:\Windows\setupact.log
2013-12-30 10:01 - 2013-07-31 22:39 - 00000124 _____ C:\HaxLogs.log
2013-12-30 10:01 - 2011-12-25 13:21 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-12-30 10:01 - 2009-07-14 10:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-28 19:00 - 2013-10-20 21:17 - 00069502 _____ C:\Windows\CUAppUsage.Dat
2013-12-28 18:30 - 2013-11-22 11:05 - 00000000 ____D C:\Users\User\AppData\Roaming\Mozilla
2013-12-28 17:14 - 2013-12-28 17:14 - 00000000 ____D C:\ProgramData\Oracle
2013-12-28 17:13 - 2013-12-28 17:11 - 00004792 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-12-28 17:13 - 2010-12-13 10:06 - 00000000 ____D C:\Program Files (x86)\Java
2013-12-28 16:43 - 2013-06-01 13:23 - 00179428 _____ C:\Users\User\Desktop\scratch.txt
2013-12-28 15:44 - 2013-12-28 15:26 - 00000000 ____D C:\ProgramData\Tunngle
2013-12-28 15:41 - 2013-12-28 15:41 - 00000000 ____D C:\Program Files (x86)\Lua
2013-12-28 15:27 - 2011-11-11 01:21 - 00000000 ____D C:\Users\AEonAX\AppData\Roaming\Tunngle
2013-12-28 15:26 - 2011-11-11 02:50 - 00000000 _____ C:\Windows\SysWOW64\Access.dat
2013-12-28 14:27 - 2012-11-24 23:31 - 00000000 ____D C:\ProgramData\Package Cache
2013-12-28 13:03 - 2013-12-28 12:03 - 00002394 _____ C:\Users\User\Desktop\Google Chrome.lnk
2013-12-28 00:38 - 2013-11-25 23:25 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4049519449-927007857-1670598082-1001Core.job
2013-12-28 00:28 - 2013-07-21 00:01 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4049519449-927007857-1670598082-1011Core.job
2013-12-26 22:55 - 2013-12-26 22:55 - 00045775 _____ C:\Users\User\Downloads\iron.man.three.(2013).eng.1cd.(5148247).zip
2013-12-25 16:44 - 2013-12-19 22:11 - 00000000 ____D C:\Users\AEonAX\AppData\Roaming\Preme for Windows
2013-12-25 16:44 - 2011-05-04 21:05 - 00001421 _____ C:\Users\AEonAX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-25 16:44 - 2011-05-04 21:05 - 00000000 ___RD C:\Users\AEonAX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-25 16:44 - 2011-05-04 21:05 - 00000000 ___RD C:\Users\AEonAX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-25 15:39 - 2013-12-25 15:39 - 00000020 _____ C:\Users\AEonAX\defogger_reenable
2013-12-25 15:01 - 2011-07-13 19:37 - 00000000 ____D C:\Users\User\Desktop\scratch
2013-12-25 15:01 - 2010-11-23 16:49 - 00000000 ___RD C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-25 14:59 - 2013-12-19 11:14 - 00791122 _____ C:\Users\User\Documents\stitch_xml
2013-12-25 14:33 - 2009-07-14 10:38 - 00032624 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-25 13:12 - 2011-06-13 09:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-25 13:00 - 2013-12-25 13:00 - 00000000 ____D C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com
2013-12-25 13:00 - 2013-12-25 12:58 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-12-25 12:58 - 2013-12-25 12:58 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-12-25 12:54 - 2013-11-15 17:57 - 00013500 _____ C:\Windows\PFRO.log
2013-12-25 12:29 - 2013-12-25 12:29 - 00208216 _____ (Kaspersky Lab, GERT) C:\Windows\system32\Drivers\50590544.sys
2013-12-24 23:46 - 2012-01-11 19:35 - 00000000 ____D C:\Users\User\AppData\Roaming\codeblocks
2013-12-24 23:02 - 2013-12-24 23:02 - 00478475 _____ C:\Users\User\Downloads\bugn_830.zip
2013-12-24 12:44 - 2011-05-12 11:21 - 00000000 ____D C:\Users\User\dwhelper
2013-12-23 23:04 - 2013-12-16 22:47 - 00000000 ____D C:\Users\User\.cr3
2013-12-23 22:16 - 2013-12-23 22:16 - 00649170 _____ C:\Users\User\Downloads\Book 1 - Revelation Space - Alastair Reynolds_70.epub
2013-12-23 20:19 - 2011-10-08 14:12 - 00000000 ____D C:\Users\User\Documents\My Games
2013-12-23 20:18 - 2013-12-23 20:18 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft Games
2013-12-23 20:11 - 2010-11-23 08:18 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-23 20:10 - 2013-11-17 20:07 - 00095200 _____ C:\Windows\DirectX.log
2013-12-23 16:14 - 2013-02-13 19:41 - 00000000 ____D C:\Users\User\AppData\Roaming\ApexDC++
2013-12-23 16:13 - 2012-05-28 10:33 - 00000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2013-12-23 14:23 - 2013-12-23 14:23 - 00000000 ____D C:\Users\User\AppData\Local\BigHugeEngine
2013-12-23 14:23 - 2011-05-09 14:31 - 00000000 ____D C:\Users\User\AppData\Local\SKIDROW
2013-12-23 14:17 - 2013-12-23 14:17 - 00602149 _____ C:\Users\User\Downloads\Kingdoms_of_Amalur_Reckoning_AllVersions_Plus_13_Trainer_Fixed.rar
2013-12-23 14:17 - 2012-11-05 00:32 - 00000000 ____D C:\Users\User\Documents\FLiNGTrainer
2013-12-22 11:16 - 2012-01-11 19:36 - 00000000 ____D C:\Users\User\Documents\CodeBloX
2013-12-22 11:08 - 2013-12-22 11:07 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CodeBlocks
2013-12-22 11:07 - 2013-12-22 11:07 - 00000803 _____ C:\Users\User\Desktop\CodeBlocks.lnk
2013-12-22 04:51 - 2013-12-28 14:55 - 00267776 _____ (Just Cause 2: Multiplayer) C:\Users\User\Desktop\JcmpLauncher.exe
2013-12-21 14:00 - 2013-12-21 13:59 - 00002798 _____ C:\Users\User\Downloads\download (3).action
2013-12-20 22:04 - 2012-06-09 12:57 - 00000000 ____D C:\Users\AEonAX\AppData\Roaming\MAXON
2013-12-20 12:40 - 2013-11-15 15:48 - 00002942 _____ C:\Windows\System32\Tasks\{679BBDA3-399F-45A4-AFD6-3D8CB5DE942D}
2013-12-20 12:35 - 2013-12-20 12:30 - 00000000 ____D C:\Users\User\AppData\Roaming\CDisplayEx
2013-12-20 12:30 - 2013-12-20 12:30 - 00000000 ____D C:\Program Files\CDisplayEx
2013-12-19 22:11 - 2013-12-19 22:11 - 00003648 _____ C:\Windows\System32\Tasks\PremeLogonStart
2013-12-19 22:11 - 2013-12-19 22:11 - 00003516 _____ C:\Windows\System32\Tasks\PremeStartup
2013-12-19 22:11 - 2013-12-19 22:11 - 00000000 ____D C:\Program Files\Preme for Windows
2013-12-19 22:11 - 2013-12-19 22:06 - 00000000 ____D C:\Users\User\AppData\Roaming\Preme for Windows
2013-12-19 20:50 - 2013-12-19 20:50 - 00049675 _____ C:\Users\User\Downloads\The Tomorrow People (US) - 01x09 - Death's Door.LOL.English.HI.C.updated.Addic7ed.com.srt
2013-12-19 20:50 - 2013-12-19 20:50 - 00049231 _____ C:\Users\User\Downloads\The Tomorrow People (US) - 01x08 - Thanatos.LOL.English.C.orig.Addic7ed.com.srt
2013-12-19 19:58 - 2013-12-19 19:58 - 00066592 _____ C:\Users\User\Downloads\White Collar - 05x08 - Digging Deeper.IMMERSE.English.HI.C.orig.Addic7ed.com.srt
2013-12-19 14:41 - 2013-12-19 14:41 - 00003072 _____ C:\Users\User\Downloads\download.action
2013-12-19 14:41 - 2013-12-19 14:41 - 00003072 _____ C:\Users\User\Downloads\download (2).action
2013-12-19 14:41 - 2013-12-19 14:41 - 00003072 _____ C:\Users\User\Downloads\download (1).action
2013-12-19 13:09 - 2013-12-19 13:09 - 00055834 _____ C:\Users\User\Downloads\Almost Human - 01x06 - Arrhythmia.DIMENSION.English.HI.C.updated.Addic7ed.com.srt
2013-12-18 19:08 - 2010-11-24 04:24 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-12-18 18:27 - 2011-05-31 16:25 - 00007633 _____ C:\Users\AEonAX\AppData\Local\Resmon.ResmonCfg
2013-12-18 13:57 - 2013-01-23 18:22 - 00000000 ____D C:\Users\User\AppData\Roaming\Ubisoft
2013-12-17 22:37 - 2012-01-14 23:04 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2013-12-17 00:26 - 2012-01-15 21:17 - 00000000 ____D C:\Users\User\AppData\Roaming\FileZilla
2013-12-17 00:20 - 2013-12-17 00:20 - 00000000 ____D C:\Users\User\AppData\Local\calibre-cache
2013-12-16 23:05 - 2013-12-16 23:05 - 00000000 ____D C:\Users\AEonAX\cr3
2013-12-16 15:59 - 2013-12-16 15:47 - 00000000 ____D C:\Users\User\Documents\Reus
2013-12-16 15:44 - 2010-11-24 05:01 - 00871918 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-16 15:29 - 2013-12-16 15:29 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2013-12-16 14:58 - 2013-12-16 14:58 - 00977100 _____ C:\Users\User\Downloads\freedom-0.9.8.apk
2013-12-16 13:32 - 2013-12-16 13:31 - 00038964 _____ C:\Users\User\Downloads\ShipData-ShipStats (1).csv
2013-12-16 13:15 - 2013-12-16 13:15 - 00038964 _____ C:\Users\User\Downloads\ShipData-ShipStats.csv
2013-12-14 20:06 - 2012-01-29 00:52 - 00000000 ____D C:\Users\AEonAX\.VirtualBox
2013-12-14 15:52 - 2013-12-14 15:52 - 00000077 _____ C:\wepkeys.txt
2013-12-14 13:38 - 2013-12-14 13:38 - 00000000 ____D C:\Users\User\AppData\Roaming\Cyberoam
2013-12-13 17:32 - 2013-12-13 17:32 - 00024164 _____ C:\Users\User\Downloads\linuxmint-16-cinnamon-dvd-64bit.iso.torrent
2013-12-13 16:59 - 2013-12-13 16:57 - 00000000 ____D C:\Users\User\Google
2013-12-12 20:24 - 2013-12-12 20:24 - 00000000 ____D C:\Users\User\AppData\Roaming\Foxit Software
2013-12-12 19:08 - 2013-12-12 19:08 - 00000000 ____D C:\Users\AEonAX\AppData\Roaming\Foxit Software
2013-12-12 16:49 - 2013-12-12 16:49 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\insight3d
2013-12-11 22:46 - 2011-05-26 15:05 - 00000000 ____D C:\Users\User\AppData\Roaming\XnView
2013-12-11 19:33 - 2013-12-11 19:33 - 00002614 _____ C:\Users\User\Documents\certificate-password.pfx
2013-12-11 19:17 - 2010-11-24 06:32 - 00000000 ____D C:\Users\User\Documents\Visual Studio 2010
2013-12-11 00:33 - 2013-11-25 23:25 - 00003872 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4049519449-927007857-1670598082-1001UA
2013-12-11 00:33 - 2013-11-25 23:25 - 00003476 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4049519449-927007857-1670598082-1001Core
2013-12-11 00:28 - 2013-12-11 00:27 - 01150733 _____ C:\Users\User\Downloads\Finding_HSV_Ranges.rar
2013-12-09 12:10 - 2012-05-19 15:20 - 00000000 ____D C:\Users\User\AppData\Roaming\Launchy
2013-12-07 22:44 - 2013-12-07 22:44 - 00000000 ____D C:\Users\AEonAX\AppData\Roaming\Yahoo!
2013-12-07 22:44 - 2013-12-07 22:44 - 00000000 ____D C:\ProgramData\Yahoo! Companion
2013-12-07 22:44 - 2011-04-14 23:11 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2013-12-07 22:32 - 2011-07-14 21:36 - 00000000 ____D C:\Users\AEonAX\AppData\Roaming\TeraCopy
2013-12-07 19:17 - 2013-04-13 23:43 - 00000000 ____D C:\Users\User\AppData\Local\ApexDC++
2013-12-07 19:02 - 2012-10-20 00:48 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-07 19:02 - 2012-10-20 00:48 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-06 22:36 - 2013-12-06 22:35 - 00064586 _____ C:\Users\User\Downloads\White Collar - 05x07 - Quantico Closure.ASAP.English.HI.C.updated.Addic7ed.com.srt
2013-12-06 22:12 - 2012-10-20 00:48 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-06 22:12 - 2012-10-20 00:48 - 00003644 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-05 23:42 - 2013-10-22 02:35 - 00000000 ____D C:\Windows\System32\Tasks\alarms
2013-12-05 20:24 - 2013-12-05 20:24 - 00000218 _____ C:\Users\User\AppData\Local\recently-used.xbel
2013-12-05 20:21 - 2013-12-05 16:40 - 00000000 ____D C:\Users\User\.gstreamer-0.10
2013-12-05 20:17 - 2013-12-05 16:38 - 00000000 ____D C:\Users\User\AppData\Local\gtk-3.0
2013-12-05 20:07 - 2013-12-05 16:33 - 00000000 ____D C:\Users\User\.dbus-keyrings
2013-12-05 16:51 - 2013-12-05 16:48 - 00000000 ____D C:\Users\User\AppData\Roaming\K-Meleon
2013-12-05 16:48 - 2013-12-05 16:48 - 00000000 ____D C:\Users\User\AppData\Local\K-Meleon
2013-12-05 16:40 - 2012-12-31 19:40 - 00000000 ____D C:\Users\User\AppData\Local\webkit
2013-12-05 10:21 - 2013-12-05 10:21 - 00000000 ____D C:\Users\User\AppData\Roaming\A's Video Converter
2013-12-05 00:41 - 2013-12-05 00:41 - 00001795 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google App Engine Launcher.lnk
2013-12-05 00:41 - 2013-12-05 00:41 - 00000667 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google App Engine.lnk
2013-12-05 00:24 - 2013-12-05 00:23 - 00029497 _____ C:\Users\User\Downloads\mirrorrr-master.zip
2013-11-30 17:08 - 2013-11-30 17:08 - 00000000 ____D C:\Users\User\AppData\Local\Game Updater
2013-11-30 10:56 - 2013-11-30 10:56 - 00028567 _____ C:\Users\User\Downloads\batman.the.dark.knight.returns.part.2.(2013).eng.1cd.(4774793).zip
2013-11-30 10:56 - 2013-11-30 10:56 - 00024911 _____ C:\Users\User\Downloads\batman.the.dark.knight.returns.part.1.(2012).eng.1cd.(4661109).zip
2013-11-30 10:18 - 2013-08-27 00:20 - 00000000 ____D C:\Users\User\AppData\Roaming\Mumble
 
Files to move or delete:
====================
C:\Users\AEonAX\DesktopFiddler2Upgrade.exe
 
 
Some content of TEMP:
====================
C:\Users\AEonAX\AppData\Local\Temp\8A0ADE76-7B15-4B61-BE52-4B7F117B4C38.exe
C:\Users\AEonAX\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\Foxit Updater.exe
C:\Users\User\AppData\Local\Temp\npp.6.5.2.Installer.exe
C:\Users\User\AppData\Local\Temp\RemoveTypes.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-12-30 15:52
 
==================== End Of Log ============================

Attached Files



#7 AEonAX

AEonAX
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:27 AM

Posted 30 December 2013 - 08:42 AM

My windows 7 has 3 user accounts

  1. AEonAX(Administrator) rarely used to login.
  2. User(Standard) Used all the time with admin tasks performed after UAC prompt.
  3. Sumant(disabled,invisible)


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:57 PM

Posted 30 December 2013 - 01:58 PM

Your MBR is clean. this is just to indicate the the Mbr code is not known to the tool.

Disk 0 unknown MBR code

===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

HKCU\...\Command Processor:  <======= ATTENTION
HKU\Guest\...\Command Processor:  <===== ATTENTION!
HKU\Sumant\...\Command Processor:  <===== ATTENTION!
Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
S1 BOHCI; No ImagePath
S1 BUHCI; No ImagePath
S1 BUSBD; No ImagePath
U3 aswMBR; \??\C:\Users\AEonAX\AppData\Local\Temp\aswMBR.sys [x]
U3 kgddipow; \??\C:\Users\AEonAX\AppData\Local\Temp\kgddipow.sys [x]

end
Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know of any issues with this computer.

#9 AEonAX

AEonAX
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:27 AM

Posted 01 January 2014 - 01:50 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-12-2013 01
Ran by AEonAX at 2014-01-01 12:19:30 Run:1
Running from C:\Users\User\Desktop\Virusrem
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
HKCU\...\Command Processor:  <======= ATTENTION
HKU\Guest\...\Command Processor:  <===== ATTENTION!
HKU\Sumant\...\Command Processor:  <===== ATTENTION!
Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
S1 BOHCI; No ImagePath
S1 BUHCI; No ImagePath
S1 BUSBD; No ImagePath
U3 aswMBR; \??\C:\Users\AEonAX\AppData\Local\Temp\aswMBR.sys [x]
U3 kgddipow; \??\C:\Users\AEonAX\AppData\Local\Temp\kgddipow.sys [x]
 
end
*****************
 
HKCU\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
HKU\Guest\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
HKU\Sumant\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} => Value deleted successfully.
HKCR\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} => Key not found.
BOHCI => Service deleted successfully.
BUHCI => Service deleted successfully.
BUSBD => Service deleted successfully.
aswMBR => Service not found.
kgddipow => Service not found.
 
==== End of Fixlog ====


#10 AEonAX

AEonAX
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:27 AM

Posted 01 January 2014 - 01:54 AM

Can you tell me more about the 3 services deleted.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:57 PM

Posted 01 January 2014 - 10:09 AM

If you are referring to these services, you can Google the name and find out more about them.

S1 BOHCI; No ImagePath
S1 BUHCI; No ImagePath
S1 BUSBD; No ImagePath


Any remaining issues?

#12 AEonAX

AEonAX
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:27 AM

Posted 01 January 2014 - 10:42 AM

No issues now.

Thanks for the help. My McAfee Antivirus plus expired today. Which Antivirus do you recommend. I am currently thinking of Avast Free or Avira Free. Suggestions welcome. 

And is Malware Removal Training Program  still online as per the sticky topic.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:57 PM

Posted 01 January 2014 - 10:57 AM

If you are looking for a free virus protection I suggerst Microsoft Security Essentials.
http://windows.microsoft.com/en-CA/windows/security-essentials-download

The other free virus protrection programs are installed with Adware - (Potentially Unwanted Program) PUP programs.

===

To remove McAfee use their un-installer.
You will find the link on this page.
http://answers.microsoft.com/en-us/protect/forum/mse-protect_start/list-of-anti-malware-product-removal-tools/407bf6da-c05d-4546-8788-0aa4c25a1f91
===
 

And is Malware Removal Training Program still online as per the sticky topic.

It all depends if an instructor is available. Try it.

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===


Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful add-ons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===

#14 AEonAX

AEonAX
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:27 AM

Posted 01 January 2014 - 11:24 AM

Thank you for the above post.

This is my setup now MS Security Essential, Comodo firewall, MBAM, SuperAntiSpyware, Chrome all updated regularly.

 

I cannot run combofix /uninstall as I haven't installed it.



#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:57 PM

Posted 07 January 2014 - 08:47 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users