Jump to content

desktop.ini and google search redirected to random pages


Recommended Posts

Hi,

I have a 2 month old laptop and a mcafee antivirus installed. Still i am infected with two major viruses and It would be great if u could help me out resolving the same.

1. after virus scan mcafee detected desktop.ini virus and says cannot be deleted.

2. google search results are redirected to random webistes. This problem is on and off. Facing this issue periodically.

The dds and attached logs are attached here

Kindly help asap as i have seen that this issue has been rampant offlate.

Aditya

dds.txt

attach.txt

Link to post
Share on other sites

  • Staff

Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to the disclaimer.

[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there

[*]Press Scan button.

[*]type exit and reboot the computer normally

[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.

Link to post
Share on other sites

Hi, I did as you said and i am pasting the log here . Also mcafee is detecting another trojan on my system - Generic.dx!bfws (Quarantined from: C:\Windows\assembly\GAC_64\Desktop.ini )

Kindly check

FRST log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-12-2012

Ran by SYSTEM at 20-12-2012 12:43:38

Running from E:\

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6469736 2012-03-29] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4 [1158248 2012-03-09] (Realtek Semiconductor)

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2871056 2012-04-12] (Synaptics Incorporated)

HKLM\...\Run: [bLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)

HKLM\...\Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [11407120 2012-03-27] (Intel Corporation)

HKLM\...\Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe [5727392 2012-01-19] (Dell Inc.)

HKLM\...\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)

HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1832760 2012-09-20] (Logitech, Inc.)

HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)

HKLM-x32\...\Run: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-02-27] (Intel Corporation)

HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [577024 2012-03-06] (Creative Technology Ltd)

HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35768 2012-07-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)

HKU\Aditya\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671904 2012-08-28] (DT Soft Ltd)

HKU\Aditya\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [969104 2012-12-09] (BitTorrent, Inc.)

HKU\Aditya\...\Run: [googletalk] C:\Users\Aditya\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart [3739648 2007-01-01] (Google)

HKU\Aditya\...\Run: [Google Update] "C:\Users\Aditya\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-10-21] (Google Inc.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

AppInit_DLLs: C:\Windows\system32\nvinitx.dll

==================== Services (Whitelisted) ===================

2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193536 2012-02-06] (Intel Corporation)

2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-01] (Intel Corporation)

2 McAWFwk; C:\PROGRA~1\mcafee\msc\mcawfwk.exe [224704 2011-03-08] (McAfee, Inc.)

2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)

4 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)

2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)

2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)

2 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [383608 2012-09-10] (McAfee, Inc.)

4 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)

2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)

2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [237920 2012-07-17] (McAfee, Inc.)

2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [218320 2012-07-17] (McAfee, Inc.)

2 mfevtp; "C:\Windows\system32\mfevtps.exe" [177144 2012-07-17] (McAfee, Inc.)

2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)

3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-03-29] ()

2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2012-11-23] ()

2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2011-05-18] (Realtek Semiconductor)

2 ZeroConfigService; "C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe" [2669840 2012-03-29] (Intel® Corporation)

==================== Drivers (Whitelisted) =====================

3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [69672 2012-07-17] (McAfee, Inc.)

1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-10-15] (DT Soft Ltd)

3 HipShieldK; C:\Windows\System32\Drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)

3 hswpan; C:\Windows\System32\Drivers\hswpan.sys [109056 2012-01-27] (Ozmo Inc)

3 irstrtdv; C:\Windows\System32\Drivers\irstrtdv.sys [26504 2012-02-07] (Intel Corporation)

3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [169320 2012-07-17] (McAfee, Inc.)

3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [300392 2012-07-17] (McAfee, Inc.)

3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [513456 2012-07-17] (McAfee, Inc.)

0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [752672 2012-07-17] (McAfee, Inc.)

3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [106112 2012-07-17] (McAfee, Inc.)

0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [335784 2012-07-17] (McAfee, Inc.)

3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw00.sys [11471872 2012-03-12] (Intel Corporation)

3 SmbDrvAMDASF; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [24848 2012-04-12] (Synaptics Incorporated)

3 SmbDrvIntel; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [24848 2012-04-12] (Synaptics Incorporated)

3 ST_ACCEL; C:\Windows\System32\Drivers\ST_ACCEL.sys [67184 2012-01-03] (STMicroelectronics)

3 mfeavfk01; [x]

3 vpnva; C:\Windows\System32\DRIVERS\vpnva64.sys [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2012-12-20 09:39 - 2012-12-20 09:39 - 00000000 ____D C:\FRST

2012-12-20 09:38 - 2012-12-20 09:38 - 01461035 ____A (Farbar) C:\Users\Aditya\Downloads\FRST64.exe

2012-12-17 23:21 - 2012-12-17 23:39 - 00000000 ____D C:\Users\Aditya\Downloads\Paa - DVDRip - Hindi - 1CDRip -nEHAL

2012-12-16 17:15 - 2012-12-16 17:15 - 00000000 ____D C:\Users\Aditya\Downloads\[TorrentCity.pl] The.Expendables.2.2012.PL [shogho]

2012-12-16 06:24 - 2012-12-16 06:24 - 00029074 ____A C:\Users\Aditya\Desktop\dds.txt

2012-12-16 06:24 - 2012-12-16 06:24 - 00010269 ____A C:\Users\Aditya\Desktop\attach.txt

2012-12-16 06:23 - 2012-12-16 06:23 - 00688992 ____R (Swearware) C:\Users\Aditya\Downloads\dds.scr

2012-12-16 06:13 - 2012-12-16 06:13 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-12-16 06:13 - 2012-12-16 06:13 - 00001111 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk

2012-12-16 06:13 - 2012-12-16 06:13 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-12-16 06:13 - 2012-12-16 06:13 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes

2012-12-16 06:13 - 2012-12-16 06:13 - 00000000 ____D C:\Users\Aditya\Application Data\Malwarebytes

2012-12-16 06:13 - 2012-12-16 06:13 - 00000000 ____D C:\Users\Aditya\AppData\Roaming\Malwarebytes

2012-12-16 06:13 - 2012-12-16 06:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-12-16 06:13 - 2012-09-29 16:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-12-16 06:12 - 2012-12-16 06:12 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Aditya\Downloads\mbam-setup-1.65.1.1000.exe

2012-12-16 05:31 - 2012-12-16 05:31 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk

2012-12-16 05:31 - 2012-12-16 05:31 - 00002021 ____A C:\Users\All Users\Desktop\Adobe Reader X.lnk

2012-12-15 18:59 - 2012-12-15 19:02 - 00000000 ____D C:\Users\Aditya\Downloads\Daddy Cool - DVDRip - XviD - 1CDRip - [DDR]

2012-12-15 18:56 - 2012-12-15 18:56 - 00015149 ____A C:\Users\Aditya\Downloads\Daddy_Cool_2009_DVDRip_XviD_1CDRip_[DDR].torrent

2012-12-15 18:45 - 2012-12-15 18:45 - 00000000 ____D C:\Pineapple.Express[2008]DvDrip-aXXo

2012-12-15 18:45 - 2011-09-11 19:30 - 1567154176 ____A C:\Manchester.United.The.Double.Champions.Season.Review.2007.2008.avi

2012-12-15 18:45 - 2011-09-05 01:17 - 736458752 ____A C:\Kung Fu Panda 2 (2011) DVDSCR XviD-ZJM.avi

2012-12-15 18:44 - 2012-12-15 18:45 - 00000000 ____D C:\Eternal Sunshine of the Spotless Mind.2004.DVDRip.Xvid

2012-12-15 18:42 - 2012-12-15 18:43 - 00000000 ____D C:\Users\Aditya\Desktop\[ www.TorrentDay.com ] - United.2011.HDTV.XviD-BiA

2012-12-15 08:13 - 2012-12-15 08:14 - 00000000 ____D C:\EA SPORTS Cricket 09

2012-12-15 01:12 - 2012-12-15 01:12 - 00000000 ____D C:\Users\Aditya\Application Data\Reallusion

2012-12-15 01:12 - 2012-12-15 01:12 - 00000000 ____D C:\Users\Aditya\AppData\Roaming\Reallusion

2012-12-13 20:11 - 2012-12-13 20:11 - 00001916 ____A C:\Users\Aditya\Downloads\[isoHunt] Fifa 13 Crack Multiplayer - SKIDROW.torrent

2012-12-12 12:52 - 2012-12-12 12:53 - 00000000 ____D C:\Users\Aditya\My Documents\Outlook Files

2012-12-12 12:52 - 2012-12-12 12:53 - 00000000 ____D C:\Users\Aditya\Documents\Outlook Files

2012-12-12 10:21 - 2012-12-12 10:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2012-12-09 23:27 - 2012-12-09 23:27 - 00000082 ____A C:\Users\Aditya\Desktop\asd.txt

2012-12-09 09:43 - 2012-12-09 09:43 - 00007611 ____A C:\Users\Aditya\Local Settings\Resmon.ResmonCfg

2012-12-09 09:43 - 2012-12-09 09:43 - 00007611 ____A C:\Users\Aditya\Local Settings\Application Data\Resmon.ResmonCfg

2012-12-09 09:43 - 2012-12-09 09:43 - 00007611 ____A C:\Users\Aditya\AppData\Local\Resmon.ResmonCfg

2012-12-06 18:45 - 2012-12-06 19:57 - 00000000 ____D C:\Users\Aditya\Downloads\Skyfall 2012 TS XViD UNiQUE

2012-12-06 17:50 - 2012-12-06 17:50 - 02700800 ____A C:\Users\Aditya\Downloads\SafeAssign.ppt

2012-12-06 16:27 - 2012-12-06 16:27 - 01641482 ____A C:\Users\Aditya\Downloads\resixsigmaprojectmeeting.zip

2012-12-06 10:31 - 2012-12-06 10:31 - 03594354 ____A C:\Users\Aditya\Downloads\18642958.zip

2012-12-05 20:20 - 2012-12-05 20:21 - 01273155 ____A C:\Users\Aditya\Downloads\17485077.zip

2012-12-05 16:52 - 2012-12-05 16:52 - 00015764 ____H C:\Users\Aditya\Desktop\~WRL2637.tmp

2012-12-05 15:58 - 2012-12-05 15:58 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2012-12-04 06:16 - 2012-12-04 06:19 - 00000000 ____D C:\Users\Aditya\Downloads\He-Man and the Masters of the Univers

2012-11-29 22:33 - 2012-11-29 22:33 - 00064699 ____A C:\Users\Aditya\Downloads\cs_untitled.zip

2012-11-29 13:47 - 2012-11-29 13:49 - 48364668 ____A C:\Users\Aditya\Downloads\copy-of-va-bed-cleaning-6zlp8bbrsjlq.zip

2012-11-29 07:33 - 2012-11-29 07:33 - 00530432 ____A C:\Users\Aditya\Downloads\Ameet PPT.ppt

2012-11-28 19:37 - 2012-11-28 19:37 - 00010255 ____A C:\Users\Aditya\Downloads\va_data.xlsx

2012-11-28 07:34 - 2012-12-08 16:19 - 00000000 ____D C:\Users\Aditya\Desktop\Safina

2012-11-28 02:57 - 2012-01-13 09:07 - 00106408 ___RA (Cisco Systems, Inc.) C:\Windows\System32\Drivers\acsock64.sys

2012-11-28 02:56 - 2012-11-28 02:56 - 02588200 ____A (Cisco Systems, Inc.) C:\Users\Aditya\Downloads\anyconnect-win-3.0.5080-web-deploy-k9.exe

2012-11-28 02:50 - 2012-11-28 02:50 - 02208256 ____A C:\Users\Aditya\Downloads\anyconnect-win-2.4.0202-pre-deploy-k9.msi

2012-11-28 02:49 - 2012-11-28 02:49 - 03620352 ____A C:\Users\Aditya\Downloads\anyconnect-win-3.0.08057-pre-deploy-k9.msi

2012-11-28 02:46 - 2012-11-28 02:46 - 00002202 ____A C:\Users\Aditya\Downloads\ubvcl.rdp

2012-11-27 22:07 - 2012-11-27 22:10 - 00000000 ____D C:\Users\Aditya\My Documents\My Received Files

2012-11-27 22:07 - 2012-11-27 22:10 - 00000000 ____D C:\Users\Aditya\Documents\My Received Files

2012-11-27 20:16 - 2012-11-27 20:16 - 01483264 ____A C:\Users\Aditya\Downloads\Lec7-DataLink-LAN-Ch5-515-12.ppt

2012-11-27 19:28 - 2012-11-27 19:28 - 00000000 ___AH C:\Users\Aditya\My Documents\Default.rdp

2012-11-27 19:28 - 2012-11-27 19:28 - 00000000 ___AH C:\Users\Aditya\Documents\Default.rdp

2012-11-27 10:16 - 2012-11-27 10:16 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%

2012-11-27 10:10 - 2012-11-27 10:10 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack

2012-11-23 06:05 - 2012-11-23 06:13 - 00000000 ____D C:\Users\Aditya\My Documents\Assassin's Creed III

2012-11-23 06:05 - 2012-11-23 06:13 - 00000000 ____D C:\Users\Aditya\Documents\Assassin's Creed III

2012-11-23 05:58 - 2012-11-23 06:32 - 00000000 ____D C:\Users\Aditya\Local Settings\Ubisoft Game Launcher

2012-11-23 05:58 - 2012-11-23 06:32 - 00000000 ____D C:\Users\Aditya\Local Settings\Application Data\Ubisoft Game Launcher

2012-11-23 05:58 - 2012-11-23 06:32 - 00000000 ____D C:\Users\Aditya\AppData\Local\Ubisoft Game Launcher

2012-11-23 05:03 - 2012-11-23 05:03 - 00189248 ____A C:\Windows\SysWOW64\PnkBstrB.exe

2012-11-23 05:03 - 2012-11-23 05:03 - 00075136 ____A C:\Windows\SysWOW64\PnkBstrA.exe

2012-11-23 05:03 - 2012-11-23 05:03 - 00001203 ____A C:\Users\Aditya\Desktop\Uplay.lnk

2012-11-23 05:03 - 2012-11-23 05:03 - 00000000 ____D C:\Program Files (x86)\Ubisoft

2012-11-23 05:02 - 2010-06-02 01:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll

2012-11-23 05:02 - 2010-06-02 01:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll

2012-11-23 05:02 - 2010-06-02 01:55 - 00239960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll

2012-11-23 05:02 - 2010-06-02 01:55 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll

2012-11-23 05:02 - 2010-06-02 01:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll

2012-11-23 05:02 - 2010-06-02 01:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll

2012-11-23 05:02 - 2010-05-26 08:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll

2012-11-23 05:02 - 2010-05-26 08:41 - 02401112 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll

2012-11-23 05:02 - 2010-05-26 08:41 - 01907552 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll

2012-11-23 05:02 - 2010-05-26 08:41 - 01868128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll

2012-11-23 05:02 - 2010-05-26 08:41 - 00511328 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll

2012-11-23 05:02 - 2010-05-26 08:41 - 00470880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll

2012-11-23 05:02 - 2010-05-26 08:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll

2012-11-23 05:02 - 2010-05-26 08:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll

2012-11-23 05:02 - 2010-02-04 07:01 - 00530776 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll

2012-11-23 05:02 - 2010-02-04 07:01 - 00528216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll

2012-11-23 05:02 - 2010-02-04 07:01 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll

2012-11-23 05:02 - 2010-02-04 07:01 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll

2012-11-23 05:02 - 2010-02-04 07:01 - 00078680 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll

2012-11-23 05:02 - 2010-02-04 07:01 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll

2012-11-23 05:02 - 2010-02-04 07:01 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll

2012-11-23 05:02 - 2010-02-04 07:01 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll

2012-11-23 05:02 - 2009-09-04 14:44 - 00517960 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll

2012-11-23 05:02 - 2009-09-04 14:44 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll

2012-11-23 05:02 - 2009-09-04 14:44 - 00176968 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll

2012-11-23 05:02 - 2009-09-04 14:29 - 05554512 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll

2012-11-23 05:02 - 2009-09-04 14:29 - 05501792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll

2012-11-23 05:02 - 2009-09-04 14:29 - 02582888 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll

2012-11-23 05:02 - 2009-09-04 14:29 - 01974616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll

2012-11-23 05:02 - 2009-09-04 14:29 - 00285024 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll

2012-11-23 05:02 - 2009-09-04 14:29 - 00235344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll

2012-11-23 05:01 - 2009-09-04 14:44 - 00073544 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll

2012-11-23 05:01 - 2009-09-04 14:29 - 02475352 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll

2012-11-23 05:01 - 2009-09-04 14:29 - 01892184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll

2012-11-23 05:01 - 2009-03-16 11:18 - 00521560 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll

2012-11-23 05:01 - 2009-03-16 11:18 - 00517448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll

2012-11-23 05:01 - 2009-03-16 11:18 - 00235352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll

2012-11-23 05:01 - 2009-03-16 11:18 - 00174936 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll

2012-11-23 05:01 - 2009-03-16 11:18 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll

2012-11-23 05:01 - 2009-03-16 11:18 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll

2012-11-23 05:01 - 2009-03-09 12:27 - 05425496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_41.dll

2012-11-23 05:01 - 2009-03-09 12:27 - 04178264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll

2012-11-23 05:01 - 2009-03-09 12:27 - 02430312 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_41.dll

2012-11-23 05:01 - 2009-03-09 12:27 - 00520544 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_41.dll

2012-11-23 05:01 - 2008-10-27 07:04 - 00518480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll

2012-11-23 05:01 - 2008-10-27 07:04 - 00514384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll

2012-11-23 05:01 - 2008-10-27 07:04 - 00235856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll

2012-11-23 05:01 - 2008-10-27 07:04 - 00175440 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll

2012-11-23 05:01 - 2008-10-27 07:04 - 00074576 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll

2012-11-23 05:01 - 2008-10-27 07:04 - 00070992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll

2012-11-23 05:01 - 2008-10-27 07:04 - 00025936 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll

2012-11-23 05:01 - 2008-10-27 07:04 - 00023376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll

2012-11-23 05:01 - 2008-10-15 03:22 - 05631312 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll

2012-11-23 05:01 - 2008-10-15 03:22 - 04379984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll

2012-11-23 05:01 - 2008-10-15 03:22 - 02605920 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll

2012-11-23 05:01 - 2008-10-15 03:22 - 02036576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll

2012-11-23 05:01 - 2008-10-15 03:22 - 00452440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll

2012-11-23 05:01 - 2008-07-31 07:41 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll

2012-11-23 05:01 - 2008-07-31 07:41 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll

2012-11-23 05:01 - 2008-07-31 07:41 - 00072200 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll

2012-11-23 05:01 - 2008-07-31 07:41 - 00068616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll

2012-11-23 05:01 - 2008-07-31 07:40 - 00513544 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll

2012-11-23 05:01 - 2008-07-31 07:40 - 00509448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll

2012-11-23 05:01 - 2008-07-10 08:01 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll

2012-11-23 05:01 - 2008-07-10 08:00 - 04992520 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll

2012-11-23 05:01 - 2008-07-10 08:00 - 03851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll

2012-11-23 05:01 - 2008-07-10 08:00 - 01942552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll

2012-11-23 05:01 - 2008-07-10 08:00 - 01493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll

2012-11-23 05:01 - 2008-07-10 08:00 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll

2012-11-23 05:00 - 2008-05-30 11:19 - 00511496 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_1.dll

2012-11-23 05:00 - 2008-05-30 11:19 - 00507400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll

2012-11-23 05:00 - 2008-05-30 11:18 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll

2012-11-23 05:00 - 2008-05-30 11:18 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_1.dll

2012-11-23 05:00 - 2008-05-30 11:17 - 00068104 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_0.dll

2012-11-23 05:00 - 2008-05-30 11:17 - 00065032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll

2012-11-23 05:00 - 2008-05-30 11:17 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll

2012-11-23 05:00 - 2008-05-30 11:16 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_4.dll

2012-11-23 05:00 - 2008-05-30 11:11 - 04991496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_38.dll

2012-11-23 05:00 - 2008-05-30 11:11 - 03850760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll

2012-11-23 05:00 - 2008-05-30 11:11 - 01941528 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_38.dll

2012-11-23 05:00 - 2008-05-30 11:11 - 01491992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll

2012-11-23 05:00 - 2008-05-30 11:11 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_38.dll

2012-11-23 05:00 - 2008-05-30 11:11 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll

2012-11-23 05:00 - 2008-03-05 13:04 - 00489480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_0.dll

2012-11-23 05:00 - 2008-03-05 13:03 - 00479752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll

2012-11-23 05:00 - 2008-03-05 13:03 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll

2012-11-23 05:00 - 2008-03-05 13:03 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_0.dll

2012-11-23 05:00 - 2008-03-05 13:00 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_3.dll

2012-11-23 05:00 - 2008-03-05 13:00 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll

2012-11-23 05:00 - 2008-03-05 12:56 - 04910088 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_37.dll

2012-11-23 05:00 - 2008-03-05 12:56 - 03786760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll

2012-11-23 05:00 - 2008-03-05 12:56 - 01860120 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_37.dll

2012-11-23 05:00 - 2008-03-05 12:56 - 01420824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll

2012-11-23 05:00 - 2008-02-05 20:07 - 00529424 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_37.dll

2012-11-23 05:00 - 2008-02-05 20:07 - 00462864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll

2012-11-23 05:00 - 2007-10-22 00:40 - 00411656 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_10.dll

2012-11-23 05:00 - 2007-10-22 00:39 - 00267272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll

2012-11-23 05:00 - 2007-10-12 12:14 - 05081608 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_36.dll

2012-11-23 05:00 - 2007-10-12 12:14 - 03734536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll

2012-11-23 05:00 - 2007-10-12 12:14 - 02006552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_36.dll

2012-11-23 05:00 - 2007-10-12 12:14 - 01374232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll

2012-11-23 05:00 - 2007-10-02 06:56 - 00508264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_36.dll

2012-11-23 05:00 - 2007-10-02 06:56 - 00444776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll

2012-11-23 05:00 - 2007-07-19 21:57 - 00411496 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_9.dll

2012-11-23 05:00 - 2007-07-19 21:57 - 00267112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll

2012-11-23 04:59 - 2007-10-22 00:37 - 00021000 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_2.dll

2012-11-23 04:59 - 2007-10-22 00:37 - 00017928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll

2012-11-23 04:59 - 2007-07-19 15:14 - 05073256 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_35.dll

2012-11-23 04:59 - 2007-07-19 15:14 - 03727720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll

2012-11-23 04:59 - 2007-07-19 15:14 - 01985904 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_35.dll

2012-11-23 04:59 - 2007-07-19 15:14 - 01358192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll

2012-11-23 04:59 - 2007-07-19 15:14 - 00508264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_35.dll

2012-11-23 04:59 - 2007-07-19 15:14 - 00444776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll

2012-11-23 04:59 - 2007-06-20 17:49 - 00409960 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_8.dll

2012-11-23 04:59 - 2007-06-20 17:46 - 00266088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll

2012-11-23 04:59 - 2007-05-16 13:45 - 04496232 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_34.dll

2012-11-23 04:59 - 2007-05-16 13:45 - 03497832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll

2012-11-23 04:59 - 2007-05-16 13:45 - 01401200 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_34.dll

2012-11-23 04:59 - 2007-05-16 13:45 - 01124720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll

2012-11-23 04:59 - 2007-05-16 13:45 - 00506728 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_34.dll

2012-11-23 04:59 - 2007-05-16 13:45 - 00443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll

2012-11-23 04:59 - 2007-04-04 15:55 - 00403304 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_7.dll

2012-11-23 04:59 - 2007-04-04 15:55 - 00261480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll

2012-11-23 04:59 - 2007-04-04 15:54 - 00107368 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_3.dll

2012-11-23 04:59 - 2007-04-04 15:53 - 00081768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll

2012-11-23 04:59 - 2007-03-15 13:57 - 00506728 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_33.dll

2012-11-23 04:59 - 2007-03-15 13:57 - 00443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll

2012-11-23 04:59 - 2007-03-12 13:42 - 04494184 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_33.dll

2012-11-23 04:59 - 2007-03-12 13:42 - 03495784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll

2012-11-23 04:59 - 2007-03-12 13:42 - 01400176 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_33.dll

2012-11-23 04:59 - 2007-03-12 13:42 - 01123696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll

2012-11-23 04:59 - 2007-01-24 12:27 - 00393576 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_6.dll

2012-11-23 04:59 - 2007-01-24 12:27 - 00255848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll

2012-11-23 04:59 - 2006-12-08 09:02 - 00251672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll

2012-11-23 04:59 - 2006-12-08 09:00 - 00390424 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_5.dll

2012-11-23 04:59 - 2006-11-29 10:06 - 00469264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10.dll

2012-11-23 04:59 - 2006-11-29 10:06 - 00440080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll

2012-11-23 04:58 - 2007-03-05 09:42 - 00017688 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_1.dll

2012-11-23 04:58 - 2007-03-05 09:42 - 00015128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll

2012-11-23 04:58 - 2006-09-28 13:05 - 03977496 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_31.dll

2012-11-23 04:58 - 2006-09-28 13:05 - 02414360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll

2012-11-23 04:58 - 2006-09-28 13:05 - 00237848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll

2012-11-23 04:58 - 2006-09-28 13:04 - 00364824 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_4.dll

2012-11-23 04:58 - 2006-07-28 06:31 - 00083736 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_2.dll

2012-11-23 04:58 - 2006-07-28 06:30 - 00363288 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_3.dll

2012-11-23 04:58 - 2006-07-28 06:30 - 00236824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll

2012-11-23 04:58 - 2006-07-28 06:30 - 00062744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll

2012-11-23 04:58 - 2006-05-31 04:24 - 00230168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll

2012-11-23 04:58 - 2006-05-31 04:22 - 00354072 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_2.dll

2012-11-23 04:58 - 2006-03-31 09:41 - 03927248 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_30.dll

2012-11-23 04:58 - 2006-03-31 09:40 - 02388176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll

2012-11-23 04:58 - 2006-03-31 09:40 - 00352464 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_1.dll

2012-11-23 04:58 - 2006-03-31 09:39 - 00229584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll

2012-11-23 04:58 - 2006-03-31 09:39 - 00083664 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_1.dll

2012-11-23 04:58 - 2006-03-31 09:39 - 00062672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll

2012-11-23 04:58 - 2006-02-03 05:43 - 03830992 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_29.dll

2012-11-23 04:58 - 2006-02-03 05:43 - 02332368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll

2012-11-23 04:58 - 2006-02-03 05:42 - 00355536 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_0.dll

2012-11-23 04:58 - 2006-02-03 05:42 - 00230096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll

2012-11-23 04:58 - 2006-02-03 05:41 - 00016592 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_0.dll

2012-11-23 04:58 - 2006-02-03 05:41 - 00014032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll

2012-11-23 04:58 - 2005-12-05 15:09 - 03815120 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_28.dll

2012-11-23 04:58 - 2005-12-05 15:09 - 02323664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll

2012-11-23 04:57 - 2005-07-22 16:59 - 03807440 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_27.dll

2012-11-23 04:57 - 2005-07-22 16:59 - 02319568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll

2012-11-23 04:57 - 2005-05-26 12:34 - 03767504 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_26.dll

2012-11-23 04:57 - 2005-05-26 12:34 - 02297552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll

2012-11-23 04:57 - 2005-03-18 14:19 - 03823312 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_25.dll

2012-11-23 04:57 - 2005-03-18 14:19 - 02337488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll

2012-11-23 04:57 - 2005-02-05 16:45 - 03544272 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_24.dll

2012-11-23 04:57 - 2005-02-05 16:45 - 02222800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll

2012-11-22 02:15 - 2012-11-22 02:20 - 00006144 ____A C:\Users\Aditya\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-11-22 02:15 - 2012-11-22 02:20 - 00006144 ____A C:\Users\Aditya\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-11-22 02:15 - 2012-11-22 02:20 - 00006144 ____A C:\Users\Aditya\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-11-22 02:14 - 2012-12-15 01:12 - 00000000 ____D C:\Users\All Users\Creative

2012-11-22 02:14 - 2012-12-15 01:12 - 00000000 ____D C:\Users\All Users\Application Data\Creative

2012-11-21 04:31 - 2012-11-21 04:31 - 00000000 ____D C:\Users\Aditya\Application Data\FLEXnet

2012-11-21 04:31 - 2012-11-21 04:31 - 00000000 ____D C:\Users\Aditya\AppData\Roaming\FLEXnet

==================== One Month Modified Files and Folders =======

2012-12-20 09:40 - 2012-10-15 16:11 - 00000000 ____D C:\Users\Aditya\Application Data\uTorrent

2012-12-20 09:40 - 2012-10-15 16:11 - 00000000 ____D C:\Users\Aditya\AppData\Roaming\uTorrent

2012-12-20 09:39 - 2012-12-20 09:39 - 00000000 ____D C:\FRST

2012-12-20 09:38 - 2012-12-20 09:38 - 01461035 ____A (Farbar) C:\Users\Aditya\Downloads\FRST64.exe

2012-12-20 09:18 - 2012-10-21 13:13 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-12-20 09:03 - 2009-07-13 21:13 - 00006032 ____A C:\Windows\System32\PerfStringBackup.INI

2012-12-20 09:02 - 2012-07-28 18:04 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup

2012-12-20 08:55 - 2012-07-28 17:41 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-12-20 08:54 - 2012-11-09 09:49 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-817200368-3420871878-3642773682-1002UA.job

2012-12-20 06:54 - 2009-07-13 20:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-12-20 06:54 - 2009-07-13 20:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-12-20 06:47 - 2012-10-21 13:13 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-12-20 06:47 - 2012-07-28 18:08 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks

2012-12-20 06:47 - 2012-07-28 18:08 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks

2012-12-20 06:47 - 2012-07-28 18:08 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks

2012-12-20 06:47 - 2012-07-28 18:08 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks

2012-12-20 06:47 - 2012-07-28 18:08 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks

2012-12-20 06:47 - 2012-07-28 18:08 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks

2012-12-20 06:46 - 2010-11-20 19:47 - 00632410 ____A C:\Windows\PFRO.log

2012-12-20 06:46 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-12-20 06:46 - 2009-07-13 20:51 - 00066128 ____A C:\Windows\setupact.log

2012-12-20 02:45 - 2012-10-16 20:10 - 00000000 ____D C:\Users\Aditya\My Documents\FIFA 13

2012-12-20 02:45 - 2012-10-16 20:10 - 00000000 ____D C:\Users\Aditya\Documents\FIFA 13

2012-12-20 02:11 - 2012-10-15 09:39 - 00000000 ____D C:\Users\Aditya\Application Data\vlc

2012-12-20 02:11 - 2012-10-15 09:39 - 00000000 ____D C:\Users\Aditya\AppData\Roaming\vlc

2012-12-19 09:54 - 2012-11-09 09:49 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-817200368-3420871878-3642773682-1002Core.job

2012-12-17 23:49 - 2012-10-15 08:22 - 00000000 ____D C:\Users\Aditya\Application Data\Skype

2012-12-17 23:49 - 2012-10-15 08:22 - 00000000 ____D C:\Users\Aditya\AppData\Roaming\Skype

2012-12-17 23:39 - 2012-12-17 23:21 - 00000000 ____D C:\Users\Aditya\Downloads\Paa - DVDRip - Hindi - 1CDRip -nEHAL

2012-12-16 17:15 - 2012-12-16 17:15 - 00000000 ____D C:\Users\Aditya\Downloads\[TorrentCity.pl] The.Expendables.2.2012.PL [shogho]

2012-12-16 06:24 - 2012-12-16 06:24 - 00029074 ____A C:\Users\Aditya\Desktop\dds.txt

2012-12-16 06:24 - 2012-12-16 06:24 - 00010269 ____A C:\Users\Aditya\Desktop\attach.txt

2012-12-16 06:23 - 2012-12-16 06:23 - 00688992 ____R (Swearware) C:\Users\Aditya\Downloads\dds.scr

2012-12-16 06:13 - 2012-12-16 06:13 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-12-16 06:13 - 2012-12-16 06:13 - 00001111 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk

2012-12-16 06:13 - 2012-12-16 06:13 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-12-16 06:13 - 2012-12-16 06:13 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes

2012-12-16 06:13 - 2012-12-16 06:13 - 00000000 ____D C:\Users\Aditya\Application Data\Malwarebytes

2012-12-16 06:13 - 2012-12-16 06:13 - 00000000 ____D C:\Users\Aditya\AppData\Roaming\Malwarebytes

2012-12-16 06:13 - 2012-12-16 06:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-12-16 06:12 - 2012-12-16 06:12 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Aditya\Downloads\mbam-setup-1.65.1.1000.exe

2012-12-16 05:31 - 2012-12-16 05:31 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk

2012-12-16 05:31 - 2012-12-16 05:31 - 00002021 ____A C:\Users\All Users\Desktop\Adobe Reader X.lnk

2012-12-15 19:02 - 2012-12-15 18:59 - 00000000 ____D C:\Users\Aditya\Downloads\Daddy Cool - DVDRip - XviD - 1CDRip - [DDR]

2012-12-15 18:56 - 2012-12-15 18:56 - 00015149 ____A C:\Users\Aditya\Downloads\Daddy_Cool_2009_DVDRip_XviD_1CDRip_[DDR].torrent

2012-12-15 18:45 - 2012-12-15 18:45 - 00000000 ____D C:\Pineapple.Express[2008]DvDrip-aXXo

2012-12-15 18:45 - 2012-12-15 18:44 - 00000000 ____D C:\Eternal Sunshine of the Spotless Mind.2004.DVDRip.Xvid

2012-12-15 18:43 - 2012-12-15 18:42 - 00000000 ____D C:\Users\Aditya\Desktop\[ www.TorrentDay.com ] - United.2011.HDTV.XviD-BiA

2012-12-15 08:14 - 2012-12-15 08:13 - 00000000 ____D C:\EA SPORTS Cricket 09

2012-12-15 01:12 - 2012-12-15 01:12 - 00000000 ____D C:\Users\Aditya\Application Data\Reallusion

2012-12-15 01:12 - 2012-12-15 01:12 - 00000000 ____D C:\Users\Aditya\AppData\Roaming\Reallusion

2012-12-15 01:12 - 2012-11-22 02:14 - 00000000 ____D C:\Users\All Users\Creative

2012-12-15 01:12 - 2012-11-22 02:14 - 00000000 ____D C:\Users\All Users\Application Data\Creative

2012-12-13 20:11 - 2012-12-13 20:11 - 00001916 ____A C:\Users\Aditya\Downloads\[isoHunt] Fifa 13 Crack Multiplayer - SKIDROW.torrent

2012-12-13 08:47 - 2012-07-28 18:05 - 00000000 ____D C:\Users\All Users\Skype

2012-12-13 08:47 - 2012-07-28 18:05 - 00000000 ____D C:\Users\All Users\Application Data\Skype

2012-12-12 20:46 - 2012-10-15 08:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2012-12-12 12:53 - 2012-12-12 12:52 - 00000000 ____D C:\Users\Aditya\My Documents\Outlook Files

2012-12-12 12:53 - 2012-12-12 12:52 - 00000000 ____D C:\Users\Aditya\Documents\Outlook Files

2012-12-12 10:21 - 2012-12-12 10:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2012-12-12 02:55 - 2012-07-28 17:41 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-12-12 02:55 - 2012-07-28 17:41 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-12-09 23:27 - 2012-12-09 23:27 - 00000082 ____A C:\Users\Aditya\Desktop\asd.txt

2012-12-09 09:43 - 2012-12-09 09:43 - 00007611 ____A C:\Users\Aditya\Local Settings\Resmon.ResmonCfg

2012-12-09 09:43 - 2012-12-09 09:43 - 00007611 ____A C:\Users\Aditya\Local Settings\Application Data\Resmon.ResmonCfg

2012-12-09 09:43 - 2012-12-09 09:43 - 00007611 ____A C:\Users\Aditya\AppData\Local\Resmon.ResmonCfg

2012-12-08 16:19 - 2012-11-28 07:34 - 00000000 ____D C:\Users\Aditya\Desktop\Safina

2012-12-07 20:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\spool

2012-12-06 19:57 - 2012-12-06 18:45 - 00000000 ____D C:\Users\Aditya\Downloads\Skyfall 2012 TS XViD UNiQUE

2012-12-06 17:50 - 2012-12-06 17:50 - 02700800 ____A C:\Users\Aditya\Downloads\SafeAssign.ppt

2012-12-06 16:27 - 2012-12-06 16:27 - 01641482 ____A C:\Users\Aditya\Downloads\resixsigmaprojectmeeting.zip

2012-12-06 10:31 - 2012-12-06 10:31 - 03594354 ____A C:\Users\Aditya\Downloads\18642958.zip

2012-12-05 20:21 - 2012-12-05 20:20 - 01273155 ____A C:\Users\Aditya\Downloads\17485077.zip

2012-12-05 16:52 - 2012-12-05 16:52 - 00015764 ____H C:\Users\Aditya\Desktop\~WRL2637.tmp

2012-12-05 16:16 - 2012-11-15 23:08 - 00000000 ____D C:\Users\Aditya\Downloads\Counter Strike Condition Zero

2012-12-05 15:58 - 2012-12-05 15:58 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2012-12-04 21:57 - 2012-10-15 10:35 - 00000000 ____D C:\Users\Aditya\My Documents\FIFA 11

2012-12-04 21:57 - 2012-10-15 10:35 - 00000000 ____D C:\Users\Aditya\Documents\FIFA 11

2012-12-04 06:19 - 2012-12-04 06:16 - 00000000 ____D C:\Users\Aditya\Downloads\He-Man and the Masters of the Univers

2012-11-29 22:33 - 2012-11-29 22:33 - 00064699 ____A C:\Users\Aditya\Downloads\cs_untitled.zip

2012-11-29 18:50 - 2012-07-28 18:06 - 00000000 ___RD C:\Program Files (x86)\Skype

2012-11-29 13:50 - 2012-07-28 19:35 - 01801924 ____A C:\Windows\WindowsUpdate.log

2012-11-29 13:49 - 2012-11-29 13:47 - 48364668 ____A C:\Users\Aditya\Downloads\copy-of-va-bed-cleaning-6zlp8bbrsjlq.zip

2012-11-29 07:33 - 2012-11-29 07:33 - 00530432 ____A C:\Users\Aditya\Downloads\Ameet PPT.ppt

2012-11-28 19:37 - 2012-11-28 19:37 - 00010255 ____A C:\Users\Aditya\Downloads\va_data.xlsx

2012-11-28 02:58 - 2012-07-28 17:58 - 00000000 ____D C:\Program Files (x86)\Cisco

2012-11-28 02:56 - 2012-11-28 02:56 - 02588200 ____A (Cisco Systems, Inc.) C:\Users\Aditya\Downloads\anyconnect-win-3.0.5080-web-deploy-k9.exe

2012-11-28 02:50 - 2012-11-28 02:50 - 02208256 ____A C:\Users\Aditya\Downloads\anyconnect-win-2.4.0202-pre-deploy-k9.msi

2012-11-28 02:49 - 2012-11-28 02:49 - 03620352 ____A C:\Users\Aditya\Downloads\anyconnect-win-3.0.08057-pre-deploy-k9.msi

2012-11-28 02:46 - 2012-11-28 02:46 - 00002202 ____A C:\Users\Aditya\Downloads\ubvcl.rdp

2012-11-27 22:23 - 2012-10-15 09:30 - 00000000 ____D C:\Users\All Users\Cisco

2012-11-27 22:23 - 2012-10-15 09:30 - 00000000 ____D C:\Users\All Users\Application Data\Cisco

2012-11-27 22:10 - 2012-11-27 22:07 - 00000000 ____D C:\Users\Aditya\My Documents\My Received Files

2012-11-27 22:10 - 2012-11-27 22:07 - 00000000 ____D C:\Users\Aditya\Documents\My Received Files

2012-11-27 20:50 - 2012-10-15 09:32 - 00000000 ____D C:\Users\Aditya\Local Settings\Cisco

2012-11-27 20:50 - 2012-10-15 09:32 - 00000000 ____D C:\Users\Aditya\Local Settings\Application Data\Cisco

2012-11-27 20:50 - 2012-10-15 09:32 - 00000000 ____D C:\Users\Aditya\AppData\Local\Cisco

2012-11-27 20:16 - 2012-11-27 20:16 - 01483264 ____A C:\Users\Aditya\Downloads\Lec7-DataLink-LAN-Ch5-515-12.ppt

2012-11-27 19:28 - 2012-11-27 19:28 - 00000000 ___AH C:\Users\Aditya\My Documents\Default.rdp

2012-11-27 19:28 - 2012-11-27 19:28 - 00000000 ___AH C:\Users\Aditya\Documents\Default.rdp

2012-11-27 15:05 - 2012-10-18 14:54 - 00000000 ____D C:\personal

2012-11-27 10:16 - 2012-11-27 10:16 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%

2012-11-27 10:10 - 2012-11-27 10:10 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack

2012-11-25 20:46 - 2009-07-13 21:08 - 00032612 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-11-23 06:32 - 2012-11-23 05:58 - 00000000 ____D C:\Users\Aditya\Local Settings\Ubisoft Game Launcher

2012-11-23 06:32 - 2012-11-23 05:58 - 00000000 ____D C:\Users\Aditya\Local Settings\Application Data\Ubisoft Game Launcher

2012-11-23 06:32 - 2012-11-23 05:58 - 00000000 ____D C:\Users\Aditya\AppData\Local\Ubisoft Game Launcher

2012-11-23 06:13 - 2012-11-23 06:05 - 00000000 ____D C:\Users\Aditya\My Documents\Assassin's Creed III

2012-11-23 06:13 - 2012-11-23 06:05 - 00000000 ____D C:\Users\Aditya\Documents\Assassin's Creed III

2012-11-23 05:03 - 2012-11-23 05:03 - 00189248 ____A C:\Windows\SysWOW64\PnkBstrB.exe

2012-11-23 05:03 - 2012-11-23 05:03 - 00075136 ____A C:\Windows\SysWOW64\PnkBstrA.exe

2012-11-23 05:03 - 2012-11-23 05:03 - 00001203 ____A C:\Users\Aditya\Desktop\Uplay.lnk

2012-11-23 05:03 - 2012-11-23 05:03 - 00000000 ____D C:\Program Files (x86)\Ubisoft

2012-11-23 05:03 - 2012-07-28 17:53 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2012-11-23 05:00 - 2012-07-28 18:10 - 00044936 ____A C:\Windows\DirectX.log

2012-11-22 02:20 - 2012-11-22 02:15 - 00006144 ____A C:\Users\Aditya\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-11-22 02:20 - 2012-11-22 02:15 - 00006144 ____A C:\Users\Aditya\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-11-22 02:20 - 2012-11-22 02:15 - 00006144 ____A C:\Users\Aditya\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-11-21 04:31 - 2012-11-21 04:31 - 00000000 ____D C:\Users\Aditya\Application Data\FLEXnet

2012-11-21 04:31 - 2012-11-21 04:31 - 00000000 ____D C:\Users\Aditya\AppData\Roaming\FLEXnet

ZeroAccess:

C:\Windows\Installer\{eed017b0-16ba-2b31-db2c-83e08e056589}

C:\Windows\Installer\{eed017b0-16ba-2b31-db2c-83e08e056589}\@

C:\Windows\Installer\{eed017b0-16ba-2b31-db2c-83e08e056589}\L

C:\Windows\Installer\{eed017b0-16ba-2b31-db2c-83e08e056589}\U

C:\Windows\Installer\{eed017b0-16ba-2b31-db2c-83e08e056589}\L\00000004.@

C:\Windows\Installer\{eed017b0-16ba-2b31-db2c-83e08e056589}\L\201d3dde

C:\Windows\Installer\{eed017b0-16ba-2b31-db2c-83e08e056589}\L\4cce1f70

C:\Windows\Installer\{eed017b0-16ba-2b31-db2c-83e08e056589}\L\55490ac4

C:\Windows\Installer\{eed017b0-16ba-2b31-db2c-83e08e056589}\U\00000004.@

C:\Windows\Installer\{eed017b0-16ba-2b31-db2c-83e08e056589}\U\00000008.@

C:\Windows\Installer\{eed017b0-16ba-2b31-db2c-83e08e056589}\U\000000cb.@

C:\Windows\Installer\{eed017b0-16ba-2b31-db2c-83e08e056589}\U\80000000.@

C:\Windows\Installer\{eed017b0-16ba-2b31-db2c-83e08e056589}\U\80000032.@

C:\Windows\Installer\{eed017b0-16ba-2b31-db2c-83e08e056589}\U\80000064.@

ZeroAccess:

C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:

C:\Windows\assembly\GAC_64\Desktop.ini

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-12-06 11:05:28

Restore point made on: 2012-12-14 20:16:50

==================== Memory info ===========================

Percentage of memory in use: 12%

Total physical RAM: 6046.31 MB

Available physical RAM: 5315.57 MB

Total Pagefile: 6044.51 MB

Available Pagefile: 5310.32 MB

Total Virtual: 8192 MB

Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:447.47 GB) (Free:284.15 GB) NTFS

3 Drive e: (Transcend) (Fixed) (Total:465.76 GB) (Free:48.66 GB) NTFS

4 Drive f: (RECOVERY) (Fixed) (Total:18.25 GB) (Free:5.57 GB) NTFS ==>[system with boot components (obtained from reading drive)]

5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 465 GB 0 B

Disk 1 Online 8 GB 0 B

Disk 2 Online 465 GB 1024 KB

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 OEM 39 MB 31 KB

Partition 2 Primary 18 GB 40 MB

Partition 3 Primary 447 GB 18 GB

==================================================================================

Disk: 0

Partition 1

Type : DE

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 FAT Partition 39 MB Healthy Hidden

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 F RECOVERY NTFS Partition 18 GB Healthy

=========================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C OS NTFS Partition 447 GB Healthy

=========================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 OEM 8190 MB 1024 KB

==================================================================================

Disk: 1

Partition 1

Type : 84

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 RAW Partition 8190 MB Healthy Hidden

=========================================================

Partitions of Disk 2:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 465 GB 31 KB

==================================================================================

Disk: 2

Partition 1

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E Transcend NTFS Partition 465 GB Healthy

=========================================================

Last Boot: 2012-12-14 21:21

==================== End Of Log =============================

Link to post
Share on other sites

  • Staff

services.exe is infected, ComboFix should replace it, but if it doesn't we can search for a replacement with FRST

we have a little more work to do, so stick with me, Please do the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
C:\Windows\Installer\{eed017b0-16ba-2b31-db2c-83e08e056589}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.

NEXT

Refer to the ComboFix User's Guide

  1. Download ComboFix from the following location:
    Link
    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on ComboFix.exe & follow the prompts.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Hi did as you said although i could not save the fixlog.txt on my flash drive i saved it in documents n den copy pasted. Hope thats ok.

heres the combo fix log

ComboFix 12-12-20.02 - Aditya 12/20/2012 13:27:20.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6046.4160 [GMT -5:00]

Running from: c:\users\Aditya\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Roaming

c:\users\Aditya\AppData\Local\Microsoft\Windows\Temporary Internet Files\{AFA492C3-0C1A-491A-9B03-64A550323922}.xps

c:\windows\assembly\GAC_32\Desktop.ini

c:\windows\assembly\GAC_64\Desktop.ini

c:\windows\iun6002.exe

c:\windows\RPSETUP.EXE.LOG

.

Infected copy of c:\windows\system32\Services.exe was found and disinfected

Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-11-20 to 2012-12-20 )))))))))))))))))))))))))))))))

.

.

2012-12-20 17:39 . 2012-12-20 17:39 -------- d-----w- C:\FRST

2012-12-16 14:13 . 2012-12-16 14:13 -------- d-----w- c:\users\Aditya\AppData\Roaming\Malwarebytes

2012-12-16 14:13 . 2012-12-16 14:13 -------- d-----w- c:\programdata\Malwarebytes

2012-12-16 14:13 . 2012-12-16 14:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-12-16 14:13 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-16 02:45 . 2012-12-16 02:45 -------- d-----w- C:\Pineapple.Express[2008]DvDrip-aXXo

2012-12-16 02:44 . 2012-12-16 02:45 -------- d-----w- C:\Eternal Sunshine of the Spotless Mind.2004.DVDRip.Xvid

2012-12-15 16:13 . 2012-12-15 16:14 -------- d-----w- C:\EA SPORTS Cricket 09

2012-12-15 09:12 . 2012-12-15 09:12 -------- d-----w- c:\users\Aditya\AppData\Roaming\Reallusion

2012-12-08 04:13 . 2012-12-08 04:13 -------- d-----w- c:\users\Aditya\AppData\Local\ElevatedDiagnostics

2012-12-08 04:10 . 2011-02-09 17:29 342016 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpcpp112.dll

2012-11-30 02:50 . 2012-11-30 02:50 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-11-28 10:57 . 2012-01-13 17:07 106408 ----a-r- c:\windows\system32\drivers\acsock64.sys

2012-11-27 18:16 . 2012-11-27 18:16 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-11-27 18:10 . 2012-11-27 18:10 220160 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll

2012-11-27 18:10 . 2012-11-27 18:10 -------- d-----w- c:\program files (x86)\Mega Codec Pack

2012-11-23 13:58 . 2012-11-23 14:32 -------- d-----w- c:\users\Aditya\AppData\Local\Ubisoft Game Launcher

2012-11-23 13:03 . 2012-11-23 13:03 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-11-23 13:03 . 2012-11-23 13:03 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-11-23 13:03 . 2012-11-23 13:03 -------- d-----w- c:\program files (x86)\Ubisoft

2012-11-23 13:01 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll

2012-11-23 13:00 . 2008-05-30 19:19 511496 ----a-w- c:\windows\system32\XAudio2_1.dll

2012-11-23 12:59 . 2007-07-19 23:14 508264 ----a-w- c:\windows\system32\d3dx10_35.dll

2012-11-23 12:58 . 2007-03-05 17:42 15128 ----a-w- c:\windows\SysWow64\x3daudio1_1.dll

2012-11-23 12:57 . 2005-07-23 00:59 3807440 ----a-w- c:\windows\system32\d3dx9_27.dll

2012-11-23 12:57 . 2005-05-26 20:34 3767504 ----a-w- c:\windows\system32\d3dx9_26.dll

2012-11-23 12:57 . 2005-05-26 20:34 2297552 ----a-w- c:\windows\SysWow64\d3dx9_26.dll

2012-11-23 12:57 . 2005-03-18 22:19 3823312 ----a-w- c:\windows\system32\d3dx9_25.dll

2012-11-23 12:57 . 2005-02-06 00:45 3544272 ----a-w- c:\windows\system32\d3dx9_24.dll

2012-11-22 10:14 . 2012-12-15 09:12 -------- d-----w- c:\programdata\Creative

2012-11-21 12:31 . 2012-11-21 12:31 -------- d-----w- c:\users\Aditya\AppData\Roaming\FLEXnet

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-12 10:55 . 2012-07-29 01:41 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-12 10:55 . 2012-07-29 01:41 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-11-17 16:18 . 2012-11-16 07:45 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll

2012-11-14 13:31 . 2012-10-16 21:54 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-11-05 11:14 . 2012-11-05 11:14 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-11-05 11:14 . 2012-11-05 11:14 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-11-05 11:14 . 2012-11-05 11:14 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-10-18 18:25 . 2012-11-14 12:10 3149824 ----a-w- c:\windows\system32\win32k.sys

2012-10-15 18:27 . 2012-10-15 18:27 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2012-10-15 15:58 . 2010-06-24 16:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-10-09 18:17 . 2012-11-14 12:10 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-10-09 18:17 . 2012-11-14 12:10 226816 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-10-09 17:40 . 2012-11-14 12:10 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll

2012-10-09 17:40 . 2012-11-14 12:10 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll

2012-10-08 16:42 . 2012-10-08 16:42 831848 ----a-w- c:\windows\SysWow64\nvumdshim.dll

2012-10-08 16:42 . 2012-10-08 16:42 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll

2012-10-08 16:42 . 2012-10-08 16:42 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll

2012-10-08 16:42 . 2012-10-08 16:42 26331496 ----a-w- c:\windows\system32\nvoglv64.dll

2012-10-08 16:42 . 2012-10-08 16:42 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll

2012-10-08 16:42 . 2012-10-08 16:42 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2012-10-08 16:42 . 2012-10-08 16:42 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2012-10-08 16:42 . 2012-07-29 03:12 973672 ----a-w- c:\windows\system32\nvumdshimx.dll

2012-10-08 16:42 . 2012-10-08 16:42 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll

2012-10-08 16:42 . 2012-10-08 16:42 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2012-10-08 16:42 . 2012-10-08 16:42 30056 ----a-w- c:\windows\system32\drivers\nvpciflt.sys

2012-10-08 16:42 . 2012-10-08 16:42 2747240 ----a-w- c:\windows\system32\nvcuvid.dll

2012-10-08 16:42 . 2012-10-08 16:42 25256296 ----a-w- c:\windows\system32\nvcompiler.dll

2012-10-08 16:42 . 2012-10-08 16:42 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2012-10-08 16:42 . 2012-07-29 03:12 247144 ----a-w- c:\windows\system32\nvinitx.dll

2012-10-08 16:42 . 2012-10-08 16:42 9146728 ----a-w- c:\windows\system32\nvcuda.dll

2012-10-08 16:42 . 2012-10-08 16:42 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll

2012-10-08 16:42 . 2012-10-08 16:42 7414632 ----a-w- c:\windows\system32\nvopencl.dll

2012-10-08 16:42 . 2012-10-08 16:42 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll

2012-10-08 16:42 . 2012-10-08 16:42 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-10-08 16:42 . 2012-07-29 03:12 202600 ----a-w- c:\windows\SysWow64\nvinit.dll

2012-10-08 16:42 . 2012-10-08 16:42 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2012-10-08 16:42 . 2012-07-29 03:12 2731880 ----a-w- c:\windows\system32\nvapi64.dll

2012-10-08 16:42 . 2012-10-08 16:42 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-10-08 16:42 . 2012-10-08 16:42 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2012-10-08 16:42 . 2012-07-29 03:12 1760104 ----a-w- c:\windows\system32\nvdispco64.dll

2012-10-08 12:19 . 2012-11-14 13:32 17811968 ----a-w- c:\windows\system32\mshtml.dll

2012-10-08 11:42 . 2012-11-14 13:32 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-10-08 11:31 . 2012-11-14 13:32 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-10-08 11:24 . 2012-11-14 13:32 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-10-08 11:23 . 2012-11-14 13:32 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-10-08 11:22 . 2012-11-14 13:32 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-10-08 11:22 . 2012-11-14 13:32 237056 ----a-w- c:\windows\system32\url.dll

2012-10-08 11:20 . 2012-11-14 13:32 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-10-08 11:18 . 2012-11-14 13:32 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-10-08 11:17 . 2012-11-14 13:32 599040 ----a-w- c:\windows\system32\vbscript.dll

2012-10-08 11:17 . 2012-11-14 13:32 816640 ----a-w- c:\windows\system32\jscript.dll

2012-10-08 11:15 . 2012-11-14 13:32 729088 ----a-w- c:\windows\system32\msfeeds.dll

2012-10-08 11:15 . 2012-11-14 13:32 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-10-08 11:13 . 2012-11-14 13:32 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-10-08 11:13 . 2012-11-14 13:32 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-10-08 11:09 . 2012-11-14 13:32 248320 ----a-w- c:\windows\system32\ieui.dll

2012-10-08 07:56 . 2012-11-14 13:32 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-10-08 07:48 . 2012-11-14 13:32 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-10-08 07:47 . 2012-11-14 13:32 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-10-08 07:44 . 2012-11-14 13:32 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-10-08 07:43 . 2012-11-14 13:32 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-10-08 07:40 . 2012-11-14 13:32 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-10-03 17:56 . 2012-11-14 12:10 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-10-03 17:44 . 2012-11-14 12:10 303104 ----a-w- c:\windows\system32\nlasvc.dll

2012-10-03 17:44 . 2012-11-14 12:10 70656 ----a-w- c:\windows\system32\nlaapi.dll

2012-10-03 17:44 . 2012-11-14 12:10 246272 ----a-w- c:\windows\system32\netcorehc.dll

2012-10-03 17:44 . 2012-11-14 12:10 18944 ----a-w- c:\windows\system32\netevent.dll

2012-10-03 17:44 . 2012-11-14 12:10 216576 ----a-w- c:\windows\system32\ncsi.dll

2012-10-03 17:42 . 2012-11-14 12:10 569344 ----a-w- c:\windows\system32\iphlpsvc.dll

2012-10-03 16:42 . 2012-11-14 12:10 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll

2012-10-03 16:42 . 2012-11-14 12:10 18944 ----a-w- c:\windows\SysWow64\netevent.dll

2012-10-03 16:42 . 2012-11-14 12:10 156672 ----a-w- c:\windows\SysWow64\ncsi.dll

2012-10-03 16:07 . 2012-11-14 12:10 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2012-10-02 19:51 . 2012-07-29 03:33 3536817 ----a-w- c:\windows\system32\nvcoproc.bin

2012-10-02 19:51 . 2012-07-29 03:33 3293544 ----a-w- c:\windows\system32\nvsvc64.dll

2012-10-02 19:51 . 2012-07-29 03:33 6200680 ----a-w- c:\windows\system32\nvcpl.dll

2012-10-02 19:50 . 2012-07-29 03:33 891240 ----a-w- c:\windows\system32\nvvsvc.exe

2012-10-02 19:50 . 2012-07-29 03:33 866664 ----a-w- c:\windows\system32\nv3dappshext.dll

2012-10-02 19:50 . 2012-07-29 03:33 63336 ----a-w- c:\windows\system32\nvshext.dll

2012-10-02 19:50 . 2012-07-29 03:33 55144 ----a-w- c:\windows\system32\nv3dappshextr.dll

2012-10-02 19:50 . 2012-07-29 03:33 2557800 ----a-w- c:\windows\system32\nvsvcr.dll

2012-10-02 19:50 . 2012-07-29 03:33 118120 ----a-w- c:\windows\system32\nvmctray.dll

2012-09-25 22:47 . 2012-11-14 12:10 78336 ----a-w- c:\windows\SysWow64\synceng.dll

2012-09-25 22:46 . 2012-11-14 12:10 95744 ----a-w- c:\windows\system32\synceng.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MediaIconsOerlay]

@="{1EC23CFF-4C58-458f-924C-8519AEF61B32}"

[HKEY_CLASSES_ROOT\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32}]

2012-10-15 09:08 220160 ----a-w- c:\program files (x86)\Mega Codec Pack\Filters\Haali\mmdinfo.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]

"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-12-10 969104]

"googletalk"="c:\users\Aditya\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]

"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2012-03-06 577024]

"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-01-09 659968]

R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-01-17 135952]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-10-09 173568]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592]

R2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-03-16 2439272]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-02-01 363800]

R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2012-01-13 106408]

R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2012-01-09 195584]

R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2012-03-27 1304912]

R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2012-02-28 34232]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-07-17 106112]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2012-03-29 273168]

R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [2012-02-26 398144]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]

R3 SmbDrvAMDASF;SmbDrvAMDASF;c:\windows\system32\drivers\Smb_driver_AMDASF.sys [2012-04-13 24848]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-16 1255736]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]

R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-02-27 16152]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-07-17 335784]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-10-08 30056]

S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2011-07-16 22128]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-10-15 283200]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-03-27 1014096]

S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2012-03-27 1104208]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-01-11 627936]

S2 irstrtsv;Intel® Rapid Start Technology Service;c:\windows\SysWOW64\irstrtsv.exe [2012-02-07 193536]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-02-01 161560]

S2 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-07-17 218320]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-07-17 177144]

S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]

S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2011-05-18 199272]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2012-02-16 1695040]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-11-22 3290304]

S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]

S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2012-03-29 2669840]

S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2012-01-09 195584]

S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2012-02-13 95232]

S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2012-02-13 747008]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-07-17 69672]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-06-16 176000]

S3 hswpan;WPAN Driver;c:\windows\system32\DRIVERS\hswpan.sys [2012-01-27 109056]

S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2012-03-21 60928]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]

S3 irstrtdv;Intel® Rapid Start Technology Driver;c:\windows\system32\DRIVERS\irstrtdv.sys [2012-02-07 26504]

S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-02-27 356120]

S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-02-27 788760]

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2012-02-28 25496]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-07-17 513456]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-03-16 340584]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-09-30 646248]

S3 SmbDrvIntel;SmbDrvIntel;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys [2012-04-13 24848]

S3 ST_ACCEL;STMicroelectronics Accelerometer Service;c:\windows\system32\DRIVERS\ST_ACCEL.sys [2012-01-03 67184]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-20 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-29 10:55]

.

2012-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-21 21:12]

.

2012-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-21 21:12]

.

2012-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-817200368-3420871878-3642773682-1002Core.job

- c:\users\Aditya\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-09 21:12]

.

2012-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-817200368-3420871878-3642773682-1002UA.job

- c:\users\Aditya\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-09 21:12]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-03-30 6469736]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-03-09 1158248]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-17 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-17 398616]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-17 440600]

"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-03-15 178960]

"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-03-27 11407120]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]

"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab

FF - ProfilePath - c:\users\Aditya\AppData\Roaming\Mozilla\Firefox\Profiles\uqrcmdos.default\

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

.

**************************************************************************

.

Completion time: 2012-12-20 13:41:15 - machine was rebooted

ComboFix-quarantined-files.txt 2012-12-20 18:41

.

Pre-Run: 311,534,678,016 bytes free

Post-Run: 311,539,433,472 bytes free

.

- - End Of File - - 4679158547FBDDF1E230DCC14E80E071

Link to post
Share on other sites

  • Staff

looking better, we still have a little more work to do to make sure there are no leftovers so stay with me, Please run the following:

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT

Download AdwCleaner from here and save it to your desktop.

  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

NEXT

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT

Go here to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Link to post
Share on other sites

Hi did as u told, here are the following logs

1. JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.2.1 (12.20.2012:1)

OS: Windows 7 Home Premium x64

Ran by Aditya on Fri 12/21/2012 at 6:48:34.80

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\iminent

Successfully deleted: [Registry Key] hkey_current_user\software\sweetim

Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Fri 12/21/2012 at 6:55:13.38

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

2. AdwCleaner log

# AdwCleaner v2.101 - Logfile created 12/21/2012 at 06:57:10

# Updated 16/12/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Aditya - ADITYA-PC

# Boot Mode : Normal

# Running from : C:\Users\Aditya\Downloads\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default

File : C:\Users\Aditya\AppData\Roaming\Mozilla\Firefox\Profiles\uqrcmdos.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Aditya\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [1176 octets] - [21/12/2012 06:57:10]

########## EOF - C:\AdwCleaner[s1].txt - [1236 octets] ##########

3. Malwarebytes log

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.12.21.09

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Aditya :: ADITYA-PC [administrator]

12/21/2012 7:09:54 AM

mbam-log-2012-12-21 (07-09-54).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 231338

Time elapsed: 1 minute(s), 49 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

4. ESET log

C:\FRST\Quarantine\{eed017b0-16ba-2b31-db2c-83e08e056589}\U\00000004.@ Win64/Conedex.C trojan

C:\FRST\Quarantine\{eed017b0-16ba-2b31-db2c-83e08e056589}\U\00000008.@ Win64/Agent.BA trojan

C:\FRST\Quarantine\{eed017b0-16ba-2b31-db2c-83e08e056589}\U\000000cb.@ Win64/Conedex.B trojan

C:\FRST\Quarantine\{eed017b0-16ba-2b31-db2c-83e08e056589}\U\80000000.@ Win64/Sirefef.AW trojan

C:\FRST\Quarantine\{eed017b0-16ba-2b31-db2c-83e08e056589}\U\80000032.@ probably a variant of Win32/Sirefef.FD trojan

C:\FRST\Quarantine\{eed017b0-16ba-2b31-db2c-83e08e056589}\U\80000064.@ a variant of Win64/Sirefef.AN trojan

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application

C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.EZ trojan

C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.W trojan

C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir Win64/Patched.A.Gen trojan

C:\Users\Aditya\Downloads\DTLite4454-0316.exe Win32/OpenCandy application

C:\Users\Aditya\Downloads\setup.exe a variant of Win32/InstallCore.AT application

Link to post
Share on other sites

  • Staff

most of what ESET has found is already in quarantine.

These installer files:

C:\Users\Aditya\Downloads\DTLite4454-0316.exe

C:\Users\Aditya\Downloads\setup.exe

come bundled with adware, so if you no lnger need them, then right click and delete them (empty your recycle bin)

P2P - I see you have P2P software utorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It likely contributed to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

Please see this topic for more information:

Perils of P2P File Sharing.

I would strongly recommend that you uninstall this now. You can do so via Control Panel >> Programs and Features.

NEXT

Please advise how the computer is running now and if there are any outstanding issues

Link to post
Share on other sites

Hi ,

done as you said. The only problem i am facing right now is the games which used to run fine on my laptop before the attack, they start gettng stuck after 20 mins of gameplay (framerate is very low).

I am not sure if its due to the same or not.

Rest all is fine so far.

I ll keep in mind about the p2p sharing (thanx for the heads up )

Link to post
Share on other sites

  • Staff

I would try completely uninstalling the games that have been affected, then run the following tool followed by a defrag, then reinstall the games and see if there is any difference

Please download Windows Repair (all in one) from here

Install the program then run it

Go to step 2 and allow it to run Disk check

Capture3.gif

Once that is done then go to step 3 and allow it to run SFC

Capture.gif

On the the Start Repairs tab => Click the Start

7fthj.png

Click on the select all check box and then click on Start

DON'T use the computer while each scan is in progress.

Restart may be needed to finish the repair procedure.

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.