Luffy_zoro Posted October 10, 2013 ID:740215 Share Posted October 10, 2013 First i want to say where i saw the issue first, I used steam for playing games, one day out of the blue while i tried to start steam my system froze and it restarted on its own. I tried to uninstalll and reinstalling steam, and other solutions provided by steam community by i couldn't install steam again. It started giving me problems during installation.Then somebody suggested maybe its a malware problem so i installed malwarebytes to remove the problem. But during scan my system froze and restarted as it did with steam. Now i am sure that its some malware problem. No other application shows any problem. I tried Malwarebyte Chameleon, Chkdsk, degfragment . But still during scan my sytem freezes and restarts . So Please help to solve the issue so that i can install steam again. I tried every solution related to steam given by steamcommunity no use. there were other members with the same problem. the were suggestions for them to use mbam-check and dds.scr . i performed it i pasted the logs here. i am awaiting any instructions. mbam-check result log version: 2.0.0.1000 Malwarebytes Version: REG_SZ 1.75.0.1300 Date Log Created: 10/09/13Time Log Created: 17:02:56 User Account type: Administrator 32 bit Operating System Product Name: REG_SZ Windows 7 Ultimate Current Build Number: 7600 Current Version Number: 6.1 Current CSDVersion: Proxy Status: No proxy is Set LAN Settings:============= only 'Automatically detect settings' is selected SystemPartition:================ HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemPartition REG_SZ \Device\HarddiskVolume1 Balloon Tips Status:==================== Enabled Time Format Settings:===================== Should be:h:mm:ss ttAM PM : Currently:REG_SZ h:mm:ss ttREG_SZ AMREG_SZ PMREG_SZ : Language and Regional Settings:=============================== ACP: Language is English (United States)MACCP: Language is English (United States)OEMCP: Language is English (United States) Startup Folders for Error_Expanding_Variables Check:==================================================== All Users Startup Folder Exists.Current User's Startup Folder Exists. Terminal Services Status for (null) entries in PM logs and GetUserToken errors:=============================================================================== TERMService:==============Type : 32State : 1 (The service is not running.) (State is stopped)WIN32_EXIT_CODE : 1077SERVICE_EXIT_CODE : 0CHECKPOINT : 0WAIT_HINT : 0 TermService Start is set to: 3 (Manual Startup) Compatibility Flag Settings (Any MBAM file listings should be removed):======================================================================= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\LayersSIGN.MEDIA=F2D3B5 Drivers\Software\Drivers\Video\32bit\15.7.3.1409\Setup.exeREG_SZ VISTARTMSIGN.MEDIA=74EF5A88 Adobe Photoshop 7\Setup.exeREG_SZ WINXPSP2C:\Users\Swamy\Downloads\Compressed\Norton 2012 Trial Reset\Norton 2012 Trial Reset\Norton Account Registration.exeREG_SZ WINXPSP2C:\Users\Swamy\Downloads\Programs\OnLineRecovery.exeREG_SZ VISTARTMHKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers Malwarebytes Anti-Malware Shell Extension Block Check:====================================================== MBAM Startup Entries: =====================HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Service and Driver Status:========================== MBAMProtector:==============Type : 2State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)WIN32_EXIT_CODE : 0SERVICE_EXIT_CODE : 0CHECKPOINT : 0WAIT_HINT : 0 MBAMService:==============Type : 16State : 1 (The service is not running.) (State is stopped)WIN32_EXIT_CODE : 0SERVICE_EXIT_CODE : 0CHECKPOINT : 0WAIT_HINT : 0 MBAMScheduler:==============Type : 16State : 4 (The service is running.)WIN32_EXIT_CODE : 0SERVICE_EXIT_CODE : 0CHECKPOINT : 0WAIT_HINT : 0 MBAMChameleon:==============Type : 2State : 1 (The service is not running.) (State is stopped)WIN32_EXIT_CODE : 1077SERVICE_EXIT_CODE : 0CHECKPOINT : 0WAIT_HINT : 0 MBAMProtector Registry Values:============================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtectorType REG_DWORD 2Start REG_DWORD 3ErrorControl REG_DWORD 1ImagePath REG_EXPAND_SZ \??\C:\Windows\system32\drivers\mbam.sysGroup REG_SZ FSFilter Anti-VirusDependOnService REG_MULTI_SZ FltMgr HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\InstancesDefaultInstance REG_SZ MBAMProtector InstanceHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector InstanceAltitude REG_SZ 328800Flags REG_DWORD 0HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Enum0 REG_SZ Root\LEGACY_MBAMPROTECTOR\0000Count REG_DWORD 1NextInstance REG_DWORD 1MBAMService Registry Values:============================ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMServiceType REG_DWORD 16Start REG_DWORD 2ErrorControl REG_DWORD 1ImagePath REG_EXPAND_SZ "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe"DependOnService REG_MULTI_SZ MBAMProtector ObjectName REG_SZ LocalSystemDescription REG_SZ Malwarebytes Anti-Malware serviceDelayedAutostart REG_DWORD 0MBAMScheduler Registry Values:============================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMSchedulerType REG_DWORD 16Start REG_DWORD 2ErrorControl REG_DWORD 1ImagePath REG_EXPAND_SZ "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe"ObjectName REG_SZ LocalSystemDescription REG_SZ Malwarebytes Anti-Malware scheduler MBAM DLL's and Runtime Files:============================= HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid(Default): REG_SZ vbAccelerator Grid ControlHKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid\Clsid(Default): REG_SZ {C5DA1F2B-B2BF-4DFC-BC9A-439133543A67} HKEY_CLASSES_ROOT\SSubTimer6.GSubclass(Default): REG_SZ SSubTimer6.GSubclassHKEY_CLASSES_ROOT\SSubTimer6.GSubclass\Clsid(Default): REG_SZ {71A27032-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\SSubTimer6.CTimer(Default): REG_SZ SSubTimer6.CTimerHKEY_CLASSES_ROOT\SSubTimer6.CTimer\Clsid(Default): REG_SZ {71A27034-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\SSubTimer6.ISubclass(Default): REG_SZ SSubTimer6.ISubclassHKEY_CLASSES_ROOT\SSubTimer6.ISubclass\Clsid(Default): REG_SZ {71A2702F-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}(Default): REG_SZ SSubTimer6.ISubclassHKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented CategoriesHKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgID(Default): REG_SZ SSubTimer6.ISubclassHKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgrammableHKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\TypeLib(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\VERSION(Default): REG_SZ 1.0 HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}(Default): REG_SZ SSubTimer6.GSubclassHKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented CategoriesHKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dllThreadingModel REG_SZ ApartmentHKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgID(Default): REG_SZ SSubTimer6.GSubclassHKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgrammableHKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\TypeLib(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\VERSION(Default): REG_SZ 1.0 HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}(Default): REG_SZ SSubTimer6.CTimerHKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented CategoriesHKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dllThreadingModel REG_SZ ApartmentHKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgID(Default): REG_SZ SSubTimer6.CTimerHKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgrammableHKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\TypeLib(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\VERSION(Default): REG_SZ 1.0 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1(Default): REG_SZ vbAccelerator VB6 SGrid Control 2.0HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocxHKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS(Default): REG_SZ 2HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0(Default): REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix)HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dllHKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS(Default): REG_SZ 0HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}(Default): REG_SZ ISubclassHKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid(Default): REG_SZ {00020424-0000-0000-C000-000000000046}HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32(Default): REG_SZ {00020424-0000-0000-C000-000000000046}HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}Version REG_SZ 1.0 HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}(Default): REG_SZ CTimerHKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid(Default): REG_SZ {00020420-0000-0000-C000-000000000046}HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32(Default): REG_SZ {00020420-0000-0000-C000-000000000046}HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}Version REG_SZ 1.0 HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}(Default): REG_SZ vbalGridHKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid(Default): REG_SZ {00020420-0000-0000-C000-000000000046}HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32(Default): REG_SZ {00020420-0000-0000-C000-000000000046}HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib(Default): REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A}Version REG_SZ 1.1 MBAM Registry Settings and License Info:======================================== HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malwareadvancedheuristics REG_DWORD 1downloadprogram REG_DWORD 1hidereg REG_DWORD 0detectp2p REG_DWORD 0detectpum REG_DWORD 1detectpup REG_DWORD 2updatewarn REG_DWORD 1updatewarndays REG_DWORD 7useproxy REG_DWORD 0useauthentication REG_DWORD 0contextmenu REG_DWORD 1reportthreats REG_DWORD 1startwithwindows REG_DWORD 0 <--MBAM IS NOT SET TO START WITH WINDOWSstartfsdisabled REG_DWORD 0startipdisabled REG_DWORD 0silentipmode REG_DWORD 0autoquarantine REG_DWORD 1notifyinstallprogram REG_DWORD 1trialpromptshown REG_DWORD 1autoquarantinenotify REG_DWORD 1alwaysscanarchives REG_DWORD 1InstallPath REG_SZ C:\Program Files\Malwarebytes' Anti-Malwaredbdate REG_SZ Wed, 09 Oct 2013 09:57:04 GMTdbversion REG_SZ v2013.10.09.03programversion REG_SZ 1.75.0.1300programbuild REG_SZ consumertrialended REG_DWORD 0SchedulerQueue REG_MULTI_SZ 6148, 30327821, 2509917984, 1, 23 | 30327978, 3450540730 ID XXXXX This is hidden data.Key XXXX-XXXX-XXXX-XXXX This is hidden data. HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware (Trial)TrialId There is data here but it is hidden.StartDate REG_SZ Tue, 08 Oct 2013 08:34:12 UTCEndDate REG_SZ Tue, 22 Oct 2013 08:34:12 UTC HKEY_CURRENT_USER\SOFTWARE\Malwarebytes' Anti-Malwarealwaysscanfiles REG_DWORD 1alwaysscanheuristics REG_DWORD 1alwaysscanmemory REG_DWORD 1alwaysscanregistry REG_DWORD 1alwaysscanstartups REG_DWORD 1autosavelog REG_DWORD 1openlog REG_DWORD 1defaultscan REG_DWORD 1terminateie REG_DWORD 0Language REG_SZ English.lngselectedrives REG_SZ C:\|D:\|E:\|F:\|G:\|HKEY_USERS\S-1-5-18\SOFTWARE\Malwarebytes' Anti-Malwarealwaysscanfiles REG_DWORD 1alwaysscanheuristics REG_DWORD 1alwaysscanmemory REG_DWORD 1alwaysscanregistry REG_DWORD 1alwaysscanstartups REG_DWORD 1autosavelog REG_DWORD 1openlog REG_DWORD 1defaultscan REG_DWORD 0terminateie REG_DWORD 0HKEY_USERS\.DEFAULT\SOFTWARE\Malwarebytes' Anti-Malwarealwaysscanfiles REG_DWORD 1alwaysscanheuristics REG_DWORD 1alwaysscanmemory REG_DWORD 1alwaysscanregistry REG_DWORD 1alwaysscanstartups REG_DWORD 1autosavelog REG_DWORD 1openlog REG_DWORD 1defaultscan REG_DWORD 0terminateie REG_DWORD 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1Inno Setup: Setup Version REG_SZ 5.5.3-dev (a)Inno Setup: App Path REG_SZ C:\Program Files\Malwarebytes' Anti-MalwareInstallLocation REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\Inno Setup: Icon Group REG_SZ Malwarebytes' Anti-MalwareInno Setup: User REG_SZ SwamyInno Setup: Selected Tasks REG_SZ desktopiconInno Setup: Deselected Tasks REG_SZ quicklaunchiconInno Setup: Language REG_SZ EnglishDisplayName REG_SZ Malwarebytes Anti-Malware version 1.75.0.1300DisplayIcon REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exeUninstallString REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"QuietUninstallString REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" /SILENTDisplayVersion REG_SZ 1.75.0.1300Publisher REG_SZ Malwarebytes CorporationURLInfoAbout REG_SZ http://www.malwarebytes.orgNoModify REG_DWORD 1NoRepair REG_DWORD 1InstallDate REG_SZ 20131008MajorVersion REG_DWORD 1MinorVersion REG_DWORD 75EstimatedSize REG_DWORD 19726 Pending File Rename Operations: ================================If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation. Scheduler Queue:================ Scheduled Item: Update Schedule Options: | Daily | RandomStart Time: 2013-10-08 10:03 Repeating Every: 1 Recover if missed by: 23 Context Menu Entries:===================== HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt(Default): REG_SZ MBAMShlExt ClassHKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer(Default): REG_SZ MBAMExt.MBAMShlExt.1HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1(Default): REG_SZ MBAMShlExt ClassHKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}(Default): REG_SZ IMBAMShlExtHKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid(Default): REG_SZ {00020424-0000-0000-C000-000000000046}HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32(Default): REG_SZ {00020424-0000-0000-C000-000000000046}HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib(Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}Version REG_SZ 1.0HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}(Default): REG_SZ MBAMShlExt ClassHKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dllThreadingModel REG_SZ ApartmentHKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID(Default): REG_SZ MBAMExt.MBAMShlExt.1HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib(Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID(Default): REG_SZ MBAMExt.MBAMShlExt HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0(Default): REG_SZ MBAMExt 1.0 Type LibraryHKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dllHKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS(Default): REG_SZ 0HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware MBAM Drivers:============= C:\Windows\system32\drivers\mbam.sys File Size: 22856 BYTES FileVersion: 1.60.2.0C:\Windows\system32\drivers\mbamswissarmy.sys File Size: 40776 BYTES FileVersion: 1.60.0.0C:\Windows\system32\drivers\mbamchameleon.sys File Size: 31560 BYTES Required Dependencies:====================== BFE:==============Type : 32State : 4 (The service is running.)WIN32_EXIT_CODE : 0SERVICE_EXIT_CODE : 0CHECKPOINT : 0WAIT_HINT : 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFEDisplayName REG_SZ @%SystemRoot%\system32\bfe.dll,-1001Group REG_SZ NetworkProviderImagePath REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k LocalServiceNoNetworkDescription REG_SZ @%SystemRoot%\system32\bfe.dll,-1002ObjectName REG_SZ NT AUTHORITY\LocalServiceErrorControl REG_DWORD 1Start REG_DWORD 2Type REG_DWORD 32DependOnService REG_MULTI_SZ RpcSs ServiceSidType REG_DWORD 3RequiredPrivileges REG_MULTI_SZ SeAuditPrivilege FailureActions REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\ParametersServiceDll REG_EXPAND_SZ %SystemRoot%\System32\bfe.dllServiceDllUnloadOnStop REG_DWORD 1ServiceMain REG_SZ BfeServiceMain fltmgr:==============Type : 2State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)WIN32_EXIT_CODE : 0SERVICE_EXIT_CODE : 0CHECKPOINT : 0WAIT_HINT : 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgrAttachWhenLoaded REG_DWORD 1DisplayName REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10001Group REG_SZ FSFilter InfrastructureImagePath REG_EXPAND_SZ system32\drivers\fltmgr.sysDescription REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10000ErrorControl REG_DWORD 3Start REG_DWORD 0Tag REG_DWORD 1Type REG_DWORD 2HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum0 REG_SZ Root\LEGACY_FLTMGR\0000Count REG_DWORD 1NextInstance REG_DWORD 1C:\Windows\system32\drivers\fltmgr.sys File Size: 198208 BYTES FileVersion: 6.1.7600.16385C:\Windows\system32\comctl32.ocx File Size: 608448 BYTES FileVersion: 6.0.81.5C:\Windows\system32\mscomctl.ocx File Size: 1069376 BYTES FileVersion: 6.1.98.18C:\Windows\system32\olepro32.dll File Size: 90112 BYTES FileVersion: 6.1.7600.16385 List of MBAM Related Directories:================================= C:\Program Files\Malwarebytes' Anti-Malware7z.dll File Size: 914432 BYTES FileVersion: 9.20.0.0changes.txt File Size: 200 BYTESlicense.rtf File Size: 17916 BYTESmbam.chm File Size: 474148 BYTESmbam.dll File Size: 527944 BYTES FileVersion: 1.70.0.0mbam.exe File Size: 887432 BYTES FileVersion: 1.75.0.1mbamcore.dll File Size: 1127496 BYTES FileVersion: 1.70.0.0mbamext.dll File Size: 80968 BYTES FileVersion: 1.70.0.0mbamgui.exe File Size: 532040 BYTES FileVersion: 1.70.0.0mbamnet.dll File Size: 2191944 BYTES FileVersion: 1.70.0.0mbampt.exe File Size: 40008 BYTES FileVersion: 1.70.0.0mbamscheduler.exe File Size: 418376 BYTES FileVersion: 1.70.0.0mbamservice.exe File Size: 701512 BYTES FileVersion: 1.70.0.0ssubtmr6.dll File Size: 46416 BYTES FileVersion: 1.1.0.3unins000.dat File Size: 15082 BYTESunins000.exe File Size: 712264 BYTES FileVersion: 51.52.0.0unins000.msg File Size: 11277 BYTESvbalsgrid6.ocx File Size: 496976 BYTES FileVersion: 2.0.0.40 C:\Program Files\Malwarebytes' Anti-Malware\Chameleonchameleon.chm File Size: 186068 BYTESfirefox.com File Size: 218184 BYTESfirefox.exe File Size: 218184 BYTESfirefox.pif File Size: 218184 BYTESfirefox.scr File Size: 218184 BYTESiexplore.exe File Size: 218184 BYTESmbam-chameleon.com File Size: 218184 BYTESmbam-chameleon.exe File Size: 218184 BYTESmbam-chameleon.pif File Size: 218184 BYTESmbam-chameleon.scr File Size: 218184 BYTESmbam-killer.exe File Size: 896072 BYTESrundll32.exe File Size: 218184 BYTESsvchost.exe File Size: 218184 BYTESwinlogon.exe File Size: 218184 BYTES C:\Program Files\Malwarebytes' Anti-Malware\Languagesarabic.lng File Size: 21894 BYTESbelarusian.lng File Size: 26884 BYTESbosnian.lng File Size: 27108 BYTESbulgarian.lng File Size: 27574 BYTEScatalan.lng File Size: 28252 BYTESchineseSI.lng File Size: 11024 BYTESchineseTR.lng File Size: 11952 BYTEScroatian.lng File Size: 26670 BYTESczech.lng File Size: 24874 BYTESdanish.lng File Size: 26582 BYTESdutch.lng File Size: 28342 BYTESenglish.lng File Size: 24542 BYTESestonian.lng File Size: 25146 BYTESfinnish.lng File Size: 25950 BYTESfrench.lng File Size: 29830 BYTESgerman.lng File Size: 29894 BYTESgreek.lng File Size: 29300 BYTEShebrew.lng File Size: 19362 BYTEShungarian.lng File Size: 28666 BYTESindonesian.lng File Size: 26854 BYTESitalian.lng File Size: 28194 BYTESjapanese.lng File Size: 16266 BYTESkorean.lng File Size: 14188 BYTESlatvian.lng File Size: 27100 BYTESlithuanian.lng File Size: 27838 BYTESnorwegian.lng File Size: 25116 BYTESpolish.lng File Size: 26644 BYTESportugueseBR.lng File Size: 28654 BYTESportuguesePT.lng File Size: 29062 BYTESromanian.lng File Size: 28290 BYTESrussian.lng File Size: 27302 BYTESserbian.lng File Size: 26804 BYTESslovak.lng File Size: 25644 BYTESslovenian.lng File Size: 24852 BYTESspanish.lng File Size: 30060 BYTESswedish.lng File Size: 25992 BYTESthai.lng File Size: 26092 BYTESturkish.lng File Size: 25876 BYTESvietnamese.lng File Size: 29528 BYTES C:\Users\Swamy\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware C:\Users\Swamy\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logsmbam-log-2013-10-08 (17-17-11).txt File Size: 1890 BYTES C:\Users\Swamy\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malwarerules.ref File Size: 6580934 BYTES C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configurationbuild.conf File Size: 140 BYTESconfig.conf File Size: 4076 BYTEScustom.conf File Size: 20 BYTESdatabase.conf File Size: 432 BYTEShtml.conf File Size: 2904 BYTESlocal.conf File Size: 998 BYTESmanifest.conf File Size: 1752 BYTESmessaging.conf File Size: 1430 BYTESnews.conf File Size: 272 BYTES C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logsprotection-log-2013-10-08.txt File Size: 6824 BYTESprotection-log-2013-10-09.txt File Size: 1026 BYTES C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine ===============================================================END OF FILE DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.21.2Run by Swamy at 17:05:41 on 2013-10-09Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.738 [GMT 5.5:30].AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}.============== Running Processes ================.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\System32\spoolsv.exeC:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exeC:\Program Files\AVG\AVG2013\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\system32\WinFLService.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exeC:\Windows\Explorer.EXEC:\Windows\RtHDVCpl.exeC:\Program Files\Google\Google Talk\googletalk.exeC:\Program Files\AVG\AVG2013\avgui.exeC:\Windows\System32\WinFLTray.exeC:\Program Files\Internet Download Manager\IDMan.exeC:\Program Files\Internet Download Manager\IEMonitor.exeC:\Windows\system32\WUDFHost.exeC:\Program Files\Mobile Partner\Mobile Partner.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\AVG\AVG2013\avgcfgex.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Internet Explorer\IELowutil.exeC:\Windows\System32\NOTEPAD.EXEC:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exeC:\Windows\system32\conhost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation.============== Pseudo HJT Report ===============.uSearch Bar = PreserveBHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dllBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Blog This in Windows Live: {2adefb8e-b923-35e6-86e2-2b7841f5d2a2} - BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLLBHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLLBHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dlluRun: [WinFLTray] c:\windows\system32\WinFLTray.exeuRun: [FLBackup] c:\program files\newsoftware's\folder lock\FLComServCtrl.exeuRun: [iDMan] c:\program files\internet download manager\IDMan.exe /onbootuRun: [steam] "c:\program files\steam\Steam.exe" -silentmRun: [RtHDVCpl] RtHDVCpl.exemRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServicesmRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostartmRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLYuPolicies-Explorer: NoDriveAutoRun = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htmIE: Download with IDM - c:\program files\internet download manager\IEExt.htmIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll TCP: Interfaces\{9728D89D-FD31-4F3F-B271-78461D1F9F75} : NameServer = 202.148.200.3 202.148.202.4TCP: Interfaces\{C6B11A0E-DE22-4B4D-8795-A6555941F496} : NameServer = 202.148.202.3 202.148.200.3TCP: Interfaces\{EE3BDC8A-C384-4362-84D3-98472BFE0151} : NameServer = 202.148.200.3 202.148.202.4Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLLSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLLmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromeIFEO: garenamessenger.exe - "c:\program files\tuneup utilities 2012\TUAutoReactivator32.exe".================= FIREFOX ===================.FF - ProfilePath - c:\users\swamy\appdata\roaming\mozilla\firefox\profiles\azmgk3j2.default\FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLLFF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLLFF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dllFF - plugin: c:\program files\google\picasa3\npPicasa3.dllFF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dllFF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dllFF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\users\swamy\appdata\local\google\update\1.3.21.153\npGoogleUpdate3.dllFF - plugin: c:\users\swamy\appdata\roaming\mozilla\firefox\profiles\azmgk3j2.default\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}\plugins\np-mswmp.dllFF - plugin: c:\users\swamy\appdata\roaming\mozilla\firefox\profiles\azmgk3j2.default\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}\plugins\npConduitFirefoxPlugin.dllFF - plugin: c:\users\swamy\appdata\roaming\mozilla\plugins\npgoogletalk.dllFF - plugin: c:\users\swamy\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dllFF - plugin: c:\users\swamy\appdata\roaming\mozilla\plugins\npo1d.dllFF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dllFF - ExtSQL: !HIDDEN! 2012-11-18 09:07; hotfix@mozilla.org; c:\users\swamy\appdata\roaming\mozilla\firefox\extensions\MozillaHotfix.============= SERVICES / DRIVERS ===============.R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-7-20 60216]R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-7-20 246072]R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-7-1 96568]R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-5 39224]R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-7-20 208184]R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-9-10 22328]R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-7-20 171320]R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 182072]R1 WinFLAdrv;WinFLAdrv;c:\windows\system32\WinFLAdrv.sys [2012-10-30 29184]R2 ABBYY.Licensing.PDFTransformer.Classic.3.0;ABBYY PDF Transformer 3.0 Licensing Service;c:\program files\abbyy pdf transformer 3.0\NetworkLicenseServer.exe [2010-2-1 759048]R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-7-23 283136]R2 FLService;FLService;c:\windows\system32\WinFLService.exe [2012-10-30 91336]R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2013-7-19 104928]R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-10-8 418376]R2 NEWDRIVER;NEWDRIVER;c:\windows\system32\WinVDEdrv6.sys [2012-10-30 188176]R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2012\TuneUpUtilitiesService32.exe [2012-2-6 1528640]R2 WinVDEDrv;WinVDEDrv;c:\windows\system32\WinVDEdrv.sys [2012-10-30 228112]R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2012-10-8 208896]R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-10-8 72832]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-10-8 22856]R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2012\TuneUpUtilitiesDriver32.sys [2012-2-1 10064]S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-7-4 4939312]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-10-8 701512]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-10-8 102784]S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-10-9 31560]S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-10-9 40776].=============== Created Last 30 ================.2013-10-09 10:45:23 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2013-10-09 10:37:19 31560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2013-10-09 10:11:51 -------- d-----w- c:\users\swamy\appdata\local\ElevatedDiagnostics2013-10-09 09:09:35 -------- d-----w- C:\AdwCleaner2013-10-08 08:34:04 -------- d-----w- c:\users\swamy\appdata\roaming\Malwarebytes2013-10-08 08:33:46 -------- d-----w- c:\programdata\Malwarebytes2013-10-08 08:33:44 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2013-10-08 08:33:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2013-10-07 07:42:26 -------- d-----w- c:\users\swamy\048298C9A4D3490B9FF9AB023A9238F3.TMP2013-10-07 07:30:26 -------- d---a-w- c:\program files\Steam2013-10-04 14:58:49 505104 ----a-w- c:\windows\system32\msxml.dll2013-10-04 14:58:43 69632 ----a-w- c:\windows\system32\xmltok.dll2013-10-04 14:58:43 36864 ----a-w- c:\windows\system32\xmlparse.dll2013-10-04 14:58:43 35840 ----a-w- c:\windows\system32\comdlg32.oca2013-10-04 14:58:43 28432 ----a-w- c:\windows\system32\msxmlr.dll2013-10-04 14:58:43 26096 ----a-w- c:\windows\system32\xmlinst.exe2013-10-04 14:58:43 24576 ----a-w- c:\windows\system32\msxml3a.dll2013-10-04 14:58:42 89360 ----a-w- c:\windows\system32\VB5DB.DLL2013-10-04 14:58:42 29184 ----a-w- c:\windows\system32\MSINET.oca2013-10-04 14:54:56 696320 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll2013-10-04 14:54:56 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll2013-10-04 14:54:56 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe2013-10-04 14:54:56 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll2013-10-04 14:54:56 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll2013-10-04 14:54:56 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll2013-10-04 14:54:48 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll2013-10-04 14:54:48 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll2013-10-02 18:36:41 -------- d-----w- c:\programdata\JetFlash2202013-10-02 17:38:15 -------- d-----w- c:\users\swamy\appdata\roaming\tmp2013-10-02 08:40:51 -------- d-----w- C:\DriveKey2013-10-02 08:40:36 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll2013-10-02 08:40:35 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll2013-10-02 08:40:35 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll2013-10-02 08:40:34 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll2013-10-02 08:40:33 610436 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe2013-09-30 05:02:57 -------- d-----w- c:\windows\system32\appmgmt2013-09-26 08:33:12 -------- d-----w- c:\program files\Video Convert Master2013-09-10 11:46:17 -------- d-----w- c:\users\swamy\appdata\roaming\AnvsoftPdfTools2013-09-10 11:45:53 -------- d-----w- c:\users\swamy\appdata\local\Programs2013-09-09 20:04:48 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys.==================== Find3M ====================.2013-10-09 11:15:13 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-10-09 11:15:13 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-09-04 20:13:42 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys2013-07-19 20:21:00 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys2013-07-19 20:20:56 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys2013-07-19 20:20:56 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys2013-07-19 20:20:50 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys.============= FINISH: 17:06:09.45 =============== attach.txtdds.txt Link to post Share on other sites More sharing options...
kevinf80 Posted October 10, 2013 ID:740261 Share Posted October 10, 2013 Hello and P2P/Piracy Warning: If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy. Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Kevin Link to post Share on other sites More sharing options...
Luffy_zoro Posted October 10, 2013 Author ID:740335 Share Posted October 10, 2013 Thankyou for responding Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013Ran by Swamy (administrator) on SWAMY-PC on 10-10-2013 21:34:04Running from C:\Users\Swamy\Downloads\ProgramsMicrosoft Windows 7 Ultimate (X86) OS Language: English(US)Internet Explorer Version 8Boot Mode: Normal ==================== Processes (Whitelisted) =================== (AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2013\avgrsx.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE(ABBYY) C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(New Softwares.net) C:\Windows\system32\WinFLService.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe(Google) C:\Program Files\Google\Google Talk\googletalk.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe( New Softwares.net) C:\Windows\System32\WinFLTray.exe(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgemcx.exe() C:\Program Files\Mobile Partner\Mobile Partner.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google) C:\Users\Swamy\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4874240 2008-03-03] (Realtek Semiconductor)HKLM\...\Run: [bCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)HKLM\...\Run: [googletalk] - C:\Program Files\Google\Google Talk\googletalk.exe [3739648 2007-01-02] (Google)HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [4411440 2013-08-15] (AVG Technologies CZ, s.r.o.)HKCU\...\Run: [WinFLTray] - C:\Windows\system32\WinFLTray.exe [321736 2012-10-30] ( New Softwares.net)HKCU\...\Run: [FLBackup] - C:\Program Files\NewSoftware's\Folder Lock\FLComServCtrl.exe [275656 2012-10-30] (New Softwares.net)HKCU\...\Run: [iDMan] - C:\Program Files\Internet Download Manager\IDMan.exe [3541008 2012-12-15] (Tonec Inc.)HKCU\...\Run: [steam] - C:\Program Files\Steam\Steam.exe [1610664 2013-10-07] (Valve Corporation)HKCU\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5706480 2013-10-03] (SUPERAntiSpyware)HKCU\...\Policies\system: [LogonHoursAction] 2HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1HKCU\...\Policies\Explorer: [NofolderOptions] 0MountPoints2: I - I:\AutoRun.exeMountPoints2: {24e95c4e-40f9-11e2-ac66-001cc099adbf} - J:\AutoRun.exeMountPoints2: {9d468b85-d7c0-11e2-b31a-806e6f6e6963} - I:\AutoRun.exeMountPoints2: {f0507c69-2963-11e2-a2b6-001e101fabdd} - I:\.\StartModem.exeIMEO\garenamessenger.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://in.msn.com/?rd=1&ucc=IN&dcc=IN&opt=0&ocid=iehpHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhomeSearchScopes: HKLM - DefaultScope value is missing.BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO: Blog This in Windows Live - {2adefb8e-b923-35e6-86e2-2b7841f5d2a2} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKCU - No Name - {B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} - No FileToolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileDPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} http://u3.sandisk.com/download/apps/LPInstaller.CABWinsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)Winsock: Catalog9 000000000100 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)Winsock: Catalog9 000000000101 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)Winsock: Catalog9 000000000102 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)Winsock: Catalog9 000000000103 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)Winsock: Catalog9 000000000104 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)Winsock: Catalog9 000000000105 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)Winsock: Catalog9 000000000106 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)Tcpip\..\Interfaces\{6A1BE518-C25A-465F-80B0-2A28FE2E0AD9}: [NameServer]101.223.255.141 101.223.255.142Tcpip\..\Interfaces\{9728D89D-FD31-4F3F-B271-78461D1F9F75}: [NameServer]202.148.200.3 202.148.202.4Tcpip\..\Interfaces\{C6B11A0E-DE22-4B4D-8795-A6555941F496}: [NameServer]202.148.202.3 202.148.200.3Tcpip\..\Interfaces\{EE3BDC8A-C384-4362-84D3-98472BFE0151}: [NameServer]202.148.200.3 202.148.202.4 FireFox:========FF ProfilePath: C:\Users\Swamy\AppData\Roaming\Mozilla\Firefox\Profiles\azmgk3j2.defaultFF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Swamy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Swamy\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Swamy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Swamy\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Swamy\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF Extension: grooveshredder - C:\Users\Swamy\AppData\Roaming\Mozilla\Firefox\Profiles\azmgk3j2.default\Extensions\grooveshredder@code.argee.org.xpiFF Extension: No Name - C:\Users\Swamy\AppData\Roaming\Mozilla\Firefox\Profiles\azmgk3j2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpiFF HKLM\...\Firefox\Extensions: [hotfix@mozilla.org] - C:\Users\Swamy\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfixFF Extension: Mozilla hotfix - C:\Users\Swamy\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfixFF HKCU\...\Firefox\Extensions: [hotfix@mozilla.org] - C:\Users\Swamy\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfixFF Extension: Mozilla hotfix - C:\Users\Swamy\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfixFF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Swamy\AppData\Roaming\IDM\idmmzcc5FF Extension: IDM CC - C:\Users\Swamy\AppData\Roaming\IDM\idmmzcc5FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Swamy\AppData\Roaming\IDM\idmmzcc5FF Extension: IDM CC - C:\Users\Swamy\AppData\Roaming\IDM\idmmzcc5 Chrome: =======CHR Extension: (Google Docs) - C:\Users\Swamy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0CHR Extension: (Google Drive) - C:\Users\Swamy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0CHR Extension: (YouTube) - C:\Users\Swamy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0CHR Extension: (Adblock Plus) - C:\Users\Swamy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6_0CHR Extension: (Google Search) - C:\Users\Swamy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0CHR Extension: (IDM Integration) - C:\Users\Swamy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.17.4_0CHR Extension: (Gmail) - C:\Users\Swamy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0CHR HKLM\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - C:\Program Files\Internet Download Manager\IDMGCExt.crxCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONCHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119056 2013-05-24] (SUPERAntiSpyware.com)R2 ABBYY.Licensing.PDFTransformer.Classic.3.0; C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [759048 2010-02-01] (ABBYY)R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1528640 2012-02-06] (TuneUp Software) ==================== Drivers (Whitelisted) ==================== R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-07-20] (AVG Technologies CZ, s.r.o.)R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.)R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-09-10] (AVG Technologies CZ, s.r.o.)R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.)R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.)R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-09-05] (AVG Technologies CZ, s.r.o.)R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.)R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [31560 2013-10-09] ()R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-10-09] (Malwarebytes Corporation)R2 NEWDRIVER; C:\Windows\system32\WinVDEdrv6.sys [188176 2012-10-30] ()R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2012-02-01] (TuneUp Software)R1 WinFLAdrv; C:\Windows\System32\WinFLAdrv.sys [29184 2012-10-30] ()R2 WinVDEDrv; C:\Windows\system32\WinVDEdrv.sys [228112 2012-10-30] (NewSoftwares.net, Inc.)U2 ccEvtMgr; U2 ccSetMgr; S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [x]U3 navapsvc; U3 SAVRT; U1 SAVRTPEL; U3 TlntSvr; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-10 21:33 - 2013-10-10 21:33 - 00000000 ____D C:\FRST2013-10-09 18:27 - 2013-10-10 18:27 - 00000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f97ad0d7-6d9b-405f-b6f0-3e2fbf00a26f.job2013-10-09 18:27 - 2013-10-10 13:00 - 00000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 3b3ac4ea-3c2a-49cc-b682-2e8b08e5d94f.job2013-10-09 18:27 - 2013-10-09 18:27 - 00001921 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk2013-10-09 18:27 - 2013-10-09 18:27 - 00000000 ____D C:\Users\Swamy\AppData\Roaming\SUPERAntiSpyware.com2013-10-09 18:27 - 2013-10-09 18:27 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com2013-10-09 18:27 - 2013-10-09 18:27 - 00000000 ____D C:\Program Files\SUPERAntiSpyware2013-10-09 17:06 - 2013-10-09 17:06 - 00014921 _____ C:\Users\Swamy\Desktop\dds.txt2013-10-09 17:06 - 2013-10-09 17:06 - 00010357 _____ C:\Users\Swamy\Desktop\attach.txt2013-10-09 17:04 - 2013-10-09 17:05 - 00688992 ____R (Swearware) C:\Users\Swamy\Downloads\dds.scr2013-10-09 17:02 - 2013-10-09 17:02 - 00030335 _____ C:\Users\Swamy\Desktop\CheckResults.txt2013-10-09 16:33 - 2013-10-09 16:33 - 00001900 _____ C:\Users\Swamy\Desktop\RKreport[0]_D_10092013_163342.txt2013-10-09 16:32 - 2013-10-09 16:32 - 00003358 _____ C:\Users\Swamy\Desktop\RKreport[0]_S_10092013_163219.txt2013-10-09 16:27 - 2013-10-09 16:33 - 00000000 ____D C:\Users\Swamy\Desktop\RK_Quarantine2013-10-09 16:15 - 2013-10-09 16:15 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys2013-10-09 16:07 - 2013-10-09 16:07 - 00031560 _____ C:\Windows\system32\Drivers\mbamchameleon.sys2013-10-09 14:39 - 2013-10-09 14:40 - 00000000 ____D C:\AdwCleaner2013-10-09 10:23 - 2013-10-10 21:19 - 00000448 _____ C:\Windows\setupact.log2013-10-08 15:02 - 2013-10-10 18:42 - 00000000 ____D C:\Users\Swamy\Documents\FIFA 092013-10-08 15:02 - 2013-10-08 15:02 - 00000552 _____ C:\Users\Swamy\Desktop\FIFA 09.lnk2013-10-08 14:04 - 2013-10-08 14:04 - 00000000 ____D C:\Users\Swamy\AppData\Roaming\Malwarebytes2013-10-08 14:03 - 2013-10-08 14:03 - 00001027 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-10-08 14:03 - 2013-10-08 14:03 - 00000000 ____D C:\ProgramData\Malwarebytes2013-10-08 14:03 - 2013-10-08 14:03 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware2013-10-08 14:03 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2013-10-07 13:12 - 2013-10-07 13:12 - 00000000 ____D C:\Users\Swamy\048298C9A4D3490B9FF9AB023A9238F3.TMP2013-10-07 13:00 - 2013-10-10 21:20 - 00000000 ____D C:\Program Files\Steam2013-10-04 20:28 - 2013-10-04 20:28 - 00000000 ____D C:\Program Files\Ubisoft2013-10-04 20:28 - 2003-10-27 14:06 - 00505104 _____ (Microsoft Corporation) C:\Windows\system32\msxml.dll2013-10-04 20:28 - 2003-10-27 14:06 - 00089360 _____ (Microsoft Corporation) C:\Windows\system32\VB5DB.DLL2013-10-04 20:28 - 2003-10-27 14:06 - 00069632 _____ C:\Windows\system32\xmltok.dll2013-10-04 20:28 - 2003-10-27 14:06 - 00036864 _____ C:\Windows\system32\xmlparse.dll2013-10-04 20:28 - 2003-10-27 14:06 - 00035840 _____ C:\Windows\system32\comdlg32.oca2013-10-04 20:28 - 2003-10-27 14:06 - 00029184 _____ C:\Windows\system32\MSINET.oca2013-10-04 20:28 - 2003-10-27 14:06 - 00028432 _____ (Microsoft Corporation) C:\Windows\system32\msxmlr.dll2013-10-04 20:28 - 2003-10-27 14:06 - 00026096 _____ (Microsoft Corporation) C:\Windows\system32\xmlinst.exe2013-10-04 20:28 - 2003-10-27 14:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\msxml3a.dll2013-10-03 11:59 - 2013-10-03 11:59 - 00000721 _____ C:\Users\Swamy\Desktop\Condition Zero.lnk2013-10-03 00:06 - 2013-10-03 00:06 - 00000000 ____D C:\Users\Swamy\Documents\My Fingerprint Data2013-10-03 00:06 - 2013-10-03 00:06 - 00000000 ____D C:\ProgramData\JetFlash2202013-10-02 23:08 - 2013-10-02 23:19 - 00000000 ____D C:\Users\Swamy\AppData\Roaming\tmp2013-10-02 20:44 - 2013-10-02 20:44 - 00000000 ____D C:\Users\Swamy\Downloads\ChipGenius2013-10-02 20:43 - 2013-10-02 20:44 - 00138431 _____ C:\Users\Swamy\Downloads\ChipGenius.rar2013-10-02 13:23 - 2013-10-02 13:28 - 00000000 ____D C:\Users\Swamy\Documents\GTA Vice City User Files2013-09-30 21:32 - 2013-09-30 21:33 - 00473354 _____ C:\Users\Swamy\Downloads\steam need to be online to update (fatal error) fixed 100% working - YouTube.3GP2013-09-30 16:34 - 2013-09-30 16:34 - 00086082 _____ C:\Users\Swamy\Downloads\Steam.htm2013-09-30 10:32 - 2013-09-30 10:32 - 00000000 ____D C:\Windows\system32\appmgmt2013-09-26 14:03 - 2013-09-26 14:03 - 00000902 _____ C:\Users\Swamy\Desktop\Video Convert Master.lnk2013-09-26 14:03 - 2013-09-26 14:03 - 00000000 ____D C:\Program Files\Video Convert Master2013-09-23 01:57 - 2013-10-08 18:11 - 00000000 ____D C:\Windows\Minidump2013-09-10 17:16 - 2013-09-10 17:16 - 00000000 ____D C:\Users\Swamy\Documents\Anvsoft2013-09-10 17:16 - 2013-09-10 17:16 - 00000000 ____D C:\Users\Swamy\AppData\Roaming\AnvsoftPdfTools2013-09-10 01:34 - 2013-09-10 01:34 - 00022328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys ==================== One Month Modified Files and Folders ======= 2013-10-10 21:33 - 2013-10-10 21:33 - 00000000 ____D C:\FRST2013-10-10 21:32 - 2013-01-29 21:02 - 00000000 ___HD C:\Program Files\InstallShield Installation Information2013-10-10 21:32 - 2012-10-16 19:27 - 00000000 ____D C:\Program Files\Common Files\InstallShield2013-10-10 21:32 - 2009-07-14 07:34 - 00000478 _____ C:\Windows\win.ini2013-10-10 21:31 - 2013-04-29 16:10 - 00000000 ____D C:\Users\Swamy\AppData\Roaming\uTorrent2013-10-10 21:31 - 2012-10-08 13:03 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2013-10-10 21:29 - 2012-12-10 16:01 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3756954993-494701191-2749408217-1000UA.job2013-10-10 21:26 - 2013-06-09 16:09 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-10-10 21:24 - 2012-10-08 12:05 - 00000000 ____D C:\Users\Swamy\AppData\Roaming\DMCache2013-10-10 21:24 - 2009-07-14 10:04 - 00013536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-10-10 21:24 - 2009-07-14 10:04 - 00013536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-10-10 21:23 - 2013-08-06 11:45 - 00000000 ____D C:\Users\Swamy\AppData\Roaming\IDM2013-10-10 21:23 - 2012-10-09 00:20 - 01218821 _____ C:\Windows\WindowsUpdate.log2013-10-10 21:20 - 2013-10-07 13:00 - 00000000 ____D C:\Program Files\Steam2013-10-10 21:20 - 2013-06-09 16:09 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-10-10 21:19 - 2013-10-09 10:23 - 00000448 _____ C:\Windows\setupact.log2013-10-10 21:19 - 2009-07-14 10:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-10-10 19:53 - 2012-12-22 11:13 - 00000000 ____D C:\Users\Swamy\AppData\Roaming\vlc2013-10-10 18:42 - 2013-10-08 15:02 - 00000000 ____D C:\Users\Swamy\Documents\FIFA 092013-10-10 18:27 - 2013-10-09 18:27 - 00000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f97ad0d7-6d9b-405f-b6f0-3e2fbf00a26f.job2013-10-10 17:58 - 2012-10-08 12:07 - 00000000 ____D C:\ProgramData\MFAData2013-10-10 16:06 - 2012-10-08 12:05 - 00000000 ____D C:\Users\Swamy\Downloads\Video2013-10-10 13:29 - 2012-12-10 16:01 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3756954993-494701191-2749408217-1000Core.job2013-10-10 13:00 - 2013-10-09 18:27 - 00000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 3b3ac4ea-3c2a-49cc-b682-2e8b08e5d94f.job2013-10-09 18:27 - 2013-10-09 18:27 - 00001921 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk2013-10-09 18:27 - 2013-10-09 18:27 - 00000000 ____D C:\Users\Swamy\AppData\Roaming\SUPERAntiSpyware.com2013-10-09 18:27 - 2013-10-09 18:27 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com2013-10-09 18:27 - 2013-10-09 18:27 - 00000000 ____D C:\Program Files\SUPERAntiSpyware2013-10-09 17:50 - 2012-10-08 13:03 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe2013-10-09 17:50 - 2012-10-08 13:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl2013-10-09 17:06 - 2013-10-09 17:06 - 00014921 _____ C:\Users\Swamy\Desktop\dds.txt2013-10-09 17:06 - 2013-10-09 17:06 - 00010357 _____ C:\Users\Swamy\Desktop\attach.txt2013-10-09 17:05 - 2013-10-09 17:04 - 00688992 ____R (Swearware) C:\Users\Swamy\Downloads\dds.scr2013-10-09 17:02 - 2013-10-09 17:02 - 00030335 _____ C:\Users\Swamy\Desktop\CheckResults.txt2013-10-09 16:33 - 2013-10-09 16:33 - 00001900 _____ C:\Users\Swamy\Desktop\RKreport[0]_D_10092013_163342.txt2013-10-09 16:33 - 2013-10-09 16:27 - 00000000 ____D C:\Users\Swamy\Desktop\RK_Quarantine2013-10-09 16:32 - 2013-10-09 16:32 - 00003358 _____ C:\Users\Swamy\Desktop\RKreport[0]_S_10092013_163219.txt2013-10-09 16:15 - 2013-10-09 16:15 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys2013-10-09 16:07 - 2013-10-09 16:07 - 00031560 _____ C:\Windows\system32\Drivers\mbamchameleon.sys2013-10-09 14:40 - 2013-10-09 14:39 - 00000000 ____D C:\AdwCleaner2013-10-09 14:40 - 2013-06-08 16:06 - 00000000 ____D C:\Users\Swamy\AppData\Local\iexplorer2013-10-08 18:11 - 2013-09-23 01:57 - 00000000 ____D C:\Windows\Minidump2013-10-08 18:01 - 2012-11-03 12:16 - 00000000 ____D C:\Users\Swamy\Documents\Outlook Files2013-10-08 15:02 - 2013-10-08 15:02 - 00000552 _____ C:\Users\Swamy\Desktop\FIFA 09.lnk2013-10-08 15:00 - 2012-11-02 23:18 - 00000000 ____D C:\Users\Swamy\AppData\Local\CrashDumps2013-10-08 14:04 - 2013-10-08 14:04 - 00000000 ____D C:\Users\Swamy\AppData\Roaming\Malwarebytes2013-10-08 14:03 - 2013-10-08 14:03 - 00001027 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-10-08 14:03 - 2013-10-08 14:03 - 00000000 ____D C:\ProgramData\Malwarebytes2013-10-08 14:03 - 2013-10-08 14:03 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware2013-10-07 20:18 - 2012-10-08 12:03 - 00782154 _____ C:\Windows\system32\PerfStringBackup.INI2013-10-07 13:12 - 2013-10-07 13:12 - 00000000 ____D C:\Users\Swamy\048298C9A4D3490B9FF9AB023A9238F3.TMP2013-10-07 13:12 - 2012-10-08 11:57 - 00000000 ____D C:\Users\Swamy2013-10-07 12:55 - 2009-07-14 07:33 - 42467328 _____ C:\Windows\system32\config\SOFTWARE_tureg_old2013-10-07 12:55 - 2009-07-14 07:33 - 18612224 _____ C:\Windows\system32\config\SYSTEM_tureg_old2013-10-07 12:55 - 2009-07-14 07:33 - 00262144 _____ C:\Windows\system32\config\SECURITY_tureg_old2013-10-07 12:55 - 2009-07-14 07:33 - 00262144 _____ C:\Windows\system32\config\DEFAULT_tureg_old2013-10-07 12:53 - 2009-07-14 07:33 - 00262144 _____ C:\Windows\system32\config\SAM_tureg_old2013-10-04 20:28 - 2013-10-04 20:28 - 00000000 ____D C:\Program Files\Ubisoft2013-10-03 11:59 - 2013-10-03 11:59 - 00000721 _____ C:\Users\Swamy\Desktop\Condition Zero.lnk2013-10-03 00:06 - 2013-10-03 00:06 - 00000000 ____D C:\Users\Swamy\Documents\My Fingerprint Data2013-10-03 00:06 - 2013-10-03 00:06 - 00000000 ____D C:\ProgramData\JetFlash2202013-10-03 00:05 - 2012-10-08 12:05 - 00000000 ____D C:\Users\Swamy\Downloads\Compressed2013-10-02 23:19 - 2013-10-02 23:08 - 00000000 ____D C:\Users\Swamy\AppData\Roaming\tmp2013-10-02 20:44 - 2013-10-02 20:44 - 00000000 ____D C:\Users\Swamy\Downloads\ChipGenius2013-10-02 20:44 - 2013-10-02 20:43 - 00138431 _____ C:\Users\Swamy\Downloads\ChipGenius.rar2013-10-02 13:28 - 2013-10-02 13:23 - 00000000 ____D C:\Users\Swamy\Documents\GTA Vice City User Files2013-10-02 13:23 - 2012-10-08 13:05 - 00000000 ____D C:\Users\Swamy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games2013-10-02 13:16 - 2012-10-08 12:47 - 00000000 ____D C:\Users\Swamy\AppData\Roaming\GameRanger2013-10-01 21:03 - 2013-06-22 11:49 - 00001258 __RSH C:\Users\Swamy\ntuser.pol2013-10-01 14:02 - 2012-11-18 09:07 - 00000000 ____D C:\Users\Swamy\AppData\Roaming\MCommon2013-09-30 21:33 - 2013-09-30 21:32 - 00473354 _____ C:\Users\Swamy\Downloads\steam need to be online to update (fatal error) fixed 100% working - YouTube.3GP2013-09-30 16:34 - 2013-09-30 16:34 - 00086082 _____ C:\Users\Swamy\Downloads\Steam.htm2013-09-30 16:29 - 2009-07-14 10:23 - 00032554 _____ C:\Windows\Tasks\SCHEDLGU.TXT2013-09-30 10:32 - 2013-09-30 10:32 - 00000000 ____D C:\Windows\system32\appmgmt2013-09-28 14:33 - 2012-11-18 13:45 - 00000000 ____D C:\results2013-09-26 14:03 - 2013-09-26 14:03 - 00000902 _____ C:\Users\Swamy\Desktop\Video Convert Master.lnk2013-09-26 14:03 - 2013-09-26 14:03 - 00000000 ____D C:\Program Files\Video Convert Master2013-09-24 19:57 - 2013-06-08 14:14 - 00000000 ____D C:\Program Files\Common Files\Steam2013-09-13 17:54 - 2013-04-06 23:51 - 00000895 _____ C:\Users\Public\Desktop\AVG 2013.lnk2013-09-10 17:16 - 2013-09-10 17:16 - 00000000 ____D C:\Users\Swamy\Documents\Anvsoft2013-09-10 17:16 - 2013-09-10 17:16 - 00000000 ____D C:\Users\Swamy\AppData\Roaming\AnvsoftPdfTools2013-09-10 01:34 - 2013-09-10 01:34 - 00022328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys Files to move or delete:====================C:\ProgramData\win_mpwd_sys.dat Some content of TEMP:====================C:\Users\Swamy\AppData\Local\Temp\drm_dyndata_7370012.dllC:\Users\Swamy\AppData\Local\Temp\ntdll_dump.dllC:\Users\Swamy\AppData\Local\Temp\Quarantine.exeC:\Users\Swamy\AppData\Local\Temp\Uninstal.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legitC:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-01 19:17 ==================== End Of Log ============================Addition.txt Link to post Share on other sites More sharing options...
kevinf80 Posted October 10, 2013 ID:740366 Share Posted October 10, 2013 Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST/FRST64 and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply. Next, Remove and reinstall Malwarebytes, lets seeif it will run ok... Download and save mbam-clean.exe and save to your desktop from the following: http://www.malwarebytes.org/mbam-clean.exe Now do the following: Click on Start and select Control Panel Open Uninstall a Program Uninstall Malwarebytes' Anti-Malware Restart your computer, very important to do that!! Run mbam-clean.exe It will ask to restart your computer, please allow it to do so, very important!! Next, D/L and install Malwarebytes again and update as follows :- Please download Malwarebytes Anti-Malware and save it to your desktop.Alernative D/L mirrorAlternative D/L mirror Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note) Please save the log to a location you will remember. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy and paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Kevin..fixlist.txt Link to post Share on other sites More sharing options...
Luffy_zoro Posted October 11, 2013 Author ID:740640 Share Posted October 11, 2013 hello,I fixed it through frst and even got the fixlog.txt which i have pasted below.. But after i uninstalled and reinstalled malwarebytes and performed the quick scan my system froze & restarted again....I am sure i followed each step correctly.....So wat to do now? Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-10-2013Ran by Swamy at 2013-10-11 13:01:25 Run:1Running from C:\Users\Swamy\Downloads\ProgramsBoot Mode: Normal ============================================== Content of fixlist:*****************StartCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONCHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONC:\ProgramData\win_mpwd_sys.datC:\Users\Swamy\AppData\Local\Temp\drm_dyndata_7370012.dllC:\Users\Swamy\AppData\Local\Temp\ntdll_dump.dllC:\Users\Swamy\AppData\Local\Temp\Quarantine.exeC:\Users\Swamy\AppData\Local\Temp\Uninstal.exeEnd ***************** HKLM\SOFTWARE\Policies\Google => Key deleted successfully.HKCU\SOFTWARE\Policies\Google => Key deleted successfully.C:\ProgramData\win_mpwd_sys.dat => Moved successfully.C:\Users\Swamy\AppData\Local\Temp\drm_dyndata_7370012.dll => Moved successfully.C:\Users\Swamy\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.C:\Users\Swamy\AppData\Local\Temp\Quarantine.exe => Moved successfully."C:\Users\Swamy\AppData\Local\Temp\Uninstal.exe" => File/Directory not found. ==== End of Fixlog ==== Link to post Share on other sites More sharing options...
kevinf80 Posted October 11, 2013 ID:740645 Share Posted October 11, 2013 Please download RogueKiller from here: http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe <- 32 bit version http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe <- 64 bit version Make sure to get the correct version for your system. Quit all running programs Please disconnect any USB or external drives from the computer before you run this scan! For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe Wait until Prescan has finished... The following EULA will appear, please select accept Ensure MBR scan, Check faked and AntiRootkit are checked Select Scan When the scan completes select Report, copy and paste that to your reply. The log should be found in RKreport[?].txt on your Desktop Exit/Close RogueKiller Link to post Share on other sites More sharing options...
Luffy_zoro Posted October 11, 2013 Author ID:740665 Share Posted October 11, 2013 RogueKiller V8.7.2 [Oct 3 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 32 bits versionStarted in : Normal modeUser : Swamy [Admin rights]Mode : Scan -- Date : 10/11/2013 14:39:43| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 12 ¤¤¤[DNS][PUM] HKLM\[...]\CCSet\[...]\{6A1BE518-C25A-465F-80B0-2A28FE2E0AD9} : NameServer (101.223.255.141 101.223.255.142) -> FOUND[DNS][PUM] HKLM\[...]\CCSet\[...]\{9728D89D-FD31-4F3F-B271-78461D1F9F75} : NameServer (202.148.200.3 202.148.202.4) -> FOUND[DNS][PUM] HKLM\[...]\CCSet\[...]\{C6B11A0E-DE22-4B4D-8795-A6555941F496} : NameServer (202.148.202.3 202.148.200.3) -> FOUND[DNS][PUM] HKLM\[...]\CCSet\[...]\{EE3BDC8A-C384-4362-84D3-98472BFE0151} : NameServer (202.148.200.3 202.148.202.4) -> FOUND[DNS][PUM] HKLM\[...]\CS001\[...]\{6A1BE518-C25A-465F-80B0-2A28FE2E0AD9} : NameServer (101.223.255.141 101.223.255.142) -> FOUND[DNS][PUM] HKLM\[...]\CS001\[...]\{9728D89D-FD31-4F3F-B271-78461D1F9F75} : NameServer (202.148.200.3 202.148.202.4) -> FOUND[DNS][PUM] HKLM\[...]\CS001\[...]\{C6B11A0E-DE22-4B4D-8795-A6555941F496} : NameServer (202.148.202.3 202.148.200.3) -> FOUND[DNS][PUM] HKLM\[...]\CS001\[...]\{EE3BDC8A-C384-4362-84D3-98472BFE0151} : NameServer (202.148.200.3 202.148.202.4) -> FOUND[DNS][PUM] HKLM\[...]\CS002\[...]\{6A1BE518-C25A-465F-80B0-2A28FE2E0AD9} : NameServer (101.223.255.141 101.223.255.142) -> FOUND[DNS][PUM] HKLM\[...]\CS002\[...]\{9728D89D-FD31-4F3F-B271-78461D1F9F75} : NameServer (202.148.200.3 202.148.202.4) -> FOUND[DNS][PUM] HKLM\[...]\CS002\[...]\{C6B11A0E-DE22-4B4D-8795-A6555941F496} : NameServer (202.148.202.3 202.148.200.3) -> FOUND[DNS][PUM] HKLM\[...]\CS002\[...]\{EE3BDC8A-C384-4362-84D3-98472BFE0151} : NameServer (202.148.200.3 202.148.202.4) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - ST3500320AS ATA Device +++++--- User ---[MBR] 4763a6c2035437412ac380c955842f87[bSP] ed1e277b9b02c4cc89587c2acead57ef : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 49999 Mo1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 102398310 | Size: 426930 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_10112013_143943.txt >> Link to post Share on other sites More sharing options...
kevinf80 Posted October 11, 2013 ID:740669 Share Posted October 11, 2013 1.Download Malwarebytes Anti-Rootkit from this link: http://www.malwarebytes.org/products/mbar/ 2. Unzip the File to a convenient location. (Recommend the Desktop)3. Open the folder where the contents were unzipped to run mbar.exe 4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image: 5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.) 6. The following image opens, select Next. 7. The following image opens, select Update 8. When the update completes select Next. 9. In the following window ensure "Targets" are ticked. Then select "Scan" 10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed. 11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.12. If no threats were found you will see the following image, Select Exit: 13. Verify that your system is now running normally, making sure that the following items are functional: Internet access Windows Update Windows Firewall 14. If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder. 15. Select "Y" from your Keyboard, tap Enter. 16. The fix will be applied, select any key to Exit. 17. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder: System - logMbar - log Date and time of scan will also be shown Thanks, Kevin... Link to post Share on other sites More sharing options...
Luffy_zoro Posted October 11, 2013 Author ID:740676 Share Posted October 11, 2013 Hello again, i scanned thru mbar but same thing happened system froze and restarted again. No other application shows this problem only steam and malwarebytes(while scanning).. One more thing when the system restarts "automaticaly" it says searching for boot agent & later it says no boot agent...But after i restart manually the system restarts as usual.. Ther was no mbar log due to incomplete scan i think....But i used fixdamage a log was generated which i pasted below. System-log ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1007 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7600 Windows 7 x86 Account is Administrative Internet Explorer version: 8.0.7600.16385 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXEDCPU speed: 2.388000 GHzMemory total: 2136551424, free: 560496640 Downloaded database version: v2013.10.11.03Downloaded database version: v2013.10.08.02=======================================Initializing...------------ Kernel report ------------ 10/11/2013 15:18:59------------ Loaded modules -----------\SystemRoot\system32\ntkrnlpa.exe\SystemRoot\system32\halmacpi.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\BOOTVID.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\DRIVERS\ACPI.sys\SystemRoot\system32\DRIVERS\WMILIB.SYS\SystemRoot\system32\DRIVERS\msisadrv.sys\SystemRoot\system32\DRIVERS\pci.sys\SystemRoot\system32\DRIVERS\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\system32\DRIVERS\intelide.sys\SystemRoot\system32\DRIVERS\PCIIDEX.SYS\SystemRoot\system32\DRIVERS\pciide.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\atapi.sys\SystemRoot\system32\DRIVERS\ataport.SYS\SystemRoot\system32\DRIVERS\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\DRIVERS\vmstorfl.sys\SystemRoot\system32\DRIVERS\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\avgrkx86.sys\SystemRoot\system32\DRIVERS\avglogx.sys\SystemRoot\system32\DRIVERS\avgmfx86.sys\SystemRoot\system32\DRIVERS\avgidshx.sys\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\WinFLAdrv.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\avgtdix.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\serial.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\DRIVERS\termdd.sys\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\system32\drivers\csc.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\avgldx86.sys\SystemRoot\system32\DRIVERS\avgidsshimx.sys\SystemRoot\system32\DRIVERS\avgidsdriverx.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\igdkmd32.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\e1e6032.sys\SystemRoot\system32\DRIVERS\usbuhci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\1394ohci.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\serenum.sys\SystemRoot\system32\DRIVERS\CompositeBus.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\rdpbus.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\ew_jubusenum.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\RTKVHDA.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\ewusbmdm.sys\SystemRoot\system32\drivers\modem.sys\SystemRoot\system32\DRIVERS\ewusbnet.sys\SystemRoot\system32\DRIVERS\USBSTOR.SYS\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_dumpata.sys\SystemRoot\System32\Drivers\dump_atapi.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\drivers\luafv.sys\??\C:\Windows\system32\drivers\mbam.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\system32\DRIVERS\idmwfp.sys\SystemRoot\system32\DRIVERS\cdfs.sys\??\C:\Windows\system32\WinVDEdrv6.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\??\C:\Windows\system32\WinVDEdrv.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\??\C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys\SystemRoot\system32\DRIVERS\WUDFRd.sys\SystemRoot\system32\DRIVERS\asyncmac.sys\??\C:\Users\Swamy\Downloads\Compressed\RealTemp_370\WinRing0.sys\??\C:\Windows\system32\TrueSight.sys\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\mbamswissarmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk1\DR1Upper Device Object: 0xffffffff864feac8Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000097\Lower Device Object: 0xffffffff86501a90Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xffffffff85eedac8Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-5\Lower Device Object: 0xffffffff85d9f030Lower Device Driver Name: \Driver\atapi\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xffffffff85eedac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff85eed750, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xffffffff85eedac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff85d694d8, DeviceName: Unknown, DriverName: \Driver\ACPI\DevicePointer: 0xffffffff85d9f030, DeviceName: \Device\Ide\IdeDeviceP3T0L0-5\, DriverName: \Driver\atapi\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 815198A1 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 102398247 Partition file system is NTFS Partition is bootable Partition 1 type is Extended with LBA (0xf) Partition is NOT ACTIVE. Partition starts at LBA: 102398310 Numsec = 874353690 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500107862016 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...Done!Physical Sector Size: 0Drive: 1, DevicePointer: 0xffffffff864feac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff864ba020, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xffffffff864feac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff86501a90, DeviceName: \Device\00000097\, DriverName: \Driver\USBSTOR\------------ End ----------Read File: File "c:\programdata\avg2013\chjw\2441ae7441add6b.dat:f07a581a-479a-492d-b92b-fb1b635fa416" is sparse (flags = 32768)Read File: File "c:\programdata\avg2013\chjw\26c26826c267119.dat:ee584650-20a6-4636-818d-b66b6bc3ab61" is sparse (flags = 32768)Infected: C:\ProgramData\InstallMate\{E6EB9417-4897-4BB8-A953-00B53D08B6E1}\Custom.dll --> [Trojan.MSIL.Injector]---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1007 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7600 Windows 7 x86 Account is Administrative Internet Explorer version: 8.0.7600.16385 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXEDCPU speed: 2.388000 GHzMemory total: 2136551424, free: 864133120 Could not load protection driver=======================================Initializing...------------ Kernel report ------------ 10/11/2013 15:32:58------------ Loaded modules -----------\SystemRoot\system32\ntkrnlpa.exe\SystemRoot\system32\halmacpi.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\BOOTVID.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\DRIVERS\ACPI.sys\SystemRoot\system32\DRIVERS\WMILIB.SYS\SystemRoot\system32\DRIVERS\msisadrv.sys\SystemRoot\system32\DRIVERS\pci.sys\SystemRoot\system32\DRIVERS\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\system32\DRIVERS\intelide.sys\SystemRoot\system32\DRIVERS\PCIIDEX.SYS\SystemRoot\system32\DRIVERS\pciide.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\atapi.sys\SystemRoot\system32\DRIVERS\ataport.SYS\SystemRoot\system32\DRIVERS\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\DRIVERS\vmstorfl.sys\SystemRoot\system32\DRIVERS\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\avgrkx86.sys\SystemRoot\system32\DRIVERS\avglogx.sys\SystemRoot\system32\DRIVERS\avgmfx86.sys\SystemRoot\system32\DRIVERS\avgidshx.sys\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\WinFLAdrv.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\avgtdix.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\serial.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\DRIVERS\termdd.sys\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\system32\drivers\csc.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\avgldx86.sys\SystemRoot\system32\DRIVERS\avgidsshimx.sys\SystemRoot\system32\DRIVERS\avgidsdriverx.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\igdkmd32.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\e1e6032.sys\SystemRoot\system32\DRIVERS\usbuhci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\1394ohci.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\serenum.sys\SystemRoot\system32\DRIVERS\CompositeBus.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\rdpbus.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\ew_jubusenum.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\RTKVHDA.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\ewusbmdm.sys\SystemRoot\system32\drivers\modem.sys\SystemRoot\system32\DRIVERS\ewusbnet.sys\SystemRoot\system32\DRIVERS\USBSTOR.SYS\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_dumpata.sys\SystemRoot\System32\Drivers\dump_atapi.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\drivers\luafv.sys\??\C:\Windows\system32\drivers\mbam.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\cdfs.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\system32\DRIVERS\idmwfp.sys\??\C:\Windows\system32\WinVDEdrv6.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\??\C:\Windows\system32\WinVDEdrv.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\??\C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys\SystemRoot\system32\DRIVERS\WUDFRd.sys\SystemRoot\system32\DRIVERS\asyncmac.sys\??\C:\Users\Swamy\Downloads\Compressed\RealTemp_370\WinRing0.sys\??\C:\Windows\system32\drivers\mbamswissarmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk1\DR1Upper Device Object: 0xffffffff86b8b030Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000099\Lower Device Object: 0xffffffff866a7cb8Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xffffffff85eed1b8Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-5\Lower Device Object: 0xffffffff85da1030Lower Device Driver Name: \Driver\atapi\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xffffffff85eed1b8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff85eeecd0, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xffffffff85eed1b8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff85db0918, DeviceName: Unknown, DriverName: \Driver\ACPI\DevicePointer: 0xffffffff85da1030, DeviceName: \Device\Ide\IdeDeviceP3T0L0-5\, DriverName: \Driver\atapi\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 815198A1 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 102398247 Partition file system is NTFS Partition is bootable Partition 1 type is Extended with LBA (0xf) Partition is NOT ACTIVE. Partition starts at LBA: 102398310 Numsec = 874353690 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500107862016 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...Done!Physical Sector Size: 0Drive: 1, DevicePointer: 0xffffffff86b8b030, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff86b9a1b0, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xffffffff86b8b030, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff866a7cb8, DeviceName: \Device\00000099\, DriverName: \Driver\USBSTOR\------------ End ----------Read File: File "c:\programdata\avg2013\chjw\2441ae7441add6b.dat:f07a581a-479a-492d-b92b-fb1b635fa416" is sparse (flags = 32768)Read File: File "c:\programdata\avg2013\chjw\26c26826c267119.dat:ee584650-20a6-4636-818d-b66b6bc3ab61" is sparse (flags = 32768)Infected: C:\ProgramData\InstallMate\{E6EB9417-4897-4BB8-A953-00B53D08B6E1}\Custom.dll --> [Trojan.MSIL.Injector] Link to post Share on other sites More sharing options...
kevinf80 Posted October 11, 2013 ID:740692 Share Posted October 11, 2013 OK, RogueKiller did flag a possible MBR infection, did expect better result from MBAR... Continue: download the latest version of TDSSKiller from here: http://support.kaspersky.com/downloads/utils/tdsskiller.exe and save it to your Desktop. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. Put a checkmark beside loaded modules. A reboot will be needed to apply the changes. Do it. TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs. Then click on Change parameters in TDSSKiller. Check all boxes then click OK. Click the Start Scan button. The scan will be quick. If a suspicious object is detected, the default action will be Skip, click on Continue. If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options. Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed. A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. Link to post Share on other sites More sharing options...
Luffy_zoro Posted October 11, 2013 Author ID:740732 Share Posted October 11, 2013 i Could'n copy paste.. it said too long And there was no cure option for all the threats identified..TDSSKiller.2.8.16.0_11.10.2013_17.56.49_log.txt Link to post Share on other sites More sharing options...
kevinf80 Posted October 11, 2013 ID:740745 Share Posted October 11, 2013 MBR checks back ok, unsigned drivers are not always malicious, have checked MD5 and appear to be ok.... Continue please>> Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :- http://download.bleepingcomputer.com/sUBs/ComboFix.exe Ensure that Combofix is saved directly to the Desktop <--- Very important Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask. Close any open browsers and any other programs you might have running Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator) Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required. If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes. When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze **** Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended. *EXTRA NOTES* If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so. If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted) Post the log in next reply please... Kevin Link to post Share on other sites More sharing options...
Luffy_zoro Posted October 11, 2013 Author ID:740791 Share Posted October 11, 2013 ComboFix 13-10-09.01 - Swamy 11-Oct-13 21:29:09.1.4 - x86Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.857 [GMT 5.5:30]Running from: C:\Users\Swamy\Desktop\ComboFix.exeAV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Users\Swamy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{09993482-642C-4C99-8BC9-69F2A72036FE}.xpsC:\Users\Swamy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{251BF7DA-C6D1-40C2-9C08-1101F4AF6DEB}.xpsC:\Users\Swamy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{576369F7-9A0C-49CD-AE58-02A618B19748}.xpsC:\Users\Swamy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{790CE498-0989-4D4E-BADD-82EC7FEB254C}.xpsC:\Users\Swamy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{93F8D45B-1DC4-49EC-9089-1A4E77532A2B}.xps ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))). -------\Legacy_NEWDRIVER-------\Service_NEWDRIVER ((((((((((((((((((((((((( Files Created from 2013-09-11 to 2013-10-11 ))))))))))))))))))))))))))))))) 2013-10-11 09:48:59 . 2013-10-11 10:04:07 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-10-11 09:46:11 . 2013-10-11 09:46:11 75992 ----a-w- C:\Windows\system32\drivers\mbamchameleon.sys2013-10-11 07:41:58 . 2013-10-11 11:59:43 40776 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys2013-10-11 07:41:58 . 2013-10-11 07:41:58 -------- d-----w- C:\Users\Swamy\AppData\Roaming\Malwarebytes2013-10-11 07:41:47 . 2013-10-11 07:41:47 -------- d-----w- C:\ProgramData\Malwarebytes2013-10-11 07:41:46 . 2013-10-11 07:41:48 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware2013-10-11 07:41:46 . 2013-04-04 09:20:32 22856 ----a-w- C:\Windows\system32\drivers\mbam.sys2013-10-10 16:03:52 . 2013-10-10 16:03:52 -------- d-----w- C:\FRST2013-10-09 12:57:31 . 2013-10-09 12:57:31 -------- d-----w- C:\Users\Swamy\AppData\Roaming\SUPERAntiSpyware.com2013-10-09 10:11:51 . 2013-10-09 10:11:51 -------- d-----w- C:\Users\Swamy\AppData\Local\ElevatedDiagnostics2013-10-09 09:09:35 . 2013-10-09 09:10:58 -------- d-----w- C:\AdwCleaner2013-10-04 14:58:49 . 2003-10-27 08:36:00 505104 ----a-w- C:\Windows\system32\msxml.dll2013-10-04 14:58:43 . 2003-10-27 08:36:02 69632 ----a-w- C:\Windows\system32\xmltok.dll2013-10-04 14:58:43 . 2003-10-27 08:36:02 36864 ----a-w- C:\Windows\system32\xmlparse.dll2013-10-04 14:58:43 . 2003-10-27 08:36:02 28432 ----a-w- C:\Windows\system32\msxmlr.dll2013-10-04 14:58:43 . 2003-10-27 08:36:02 26096 ----a-w- C:\Windows\system32\xmlinst.exe2013-10-04 14:58:43 . 2003-10-27 08:36:00 35840 ----a-w- C:\Windows\system32\comdlg32.oca2013-10-04 14:58:43 . 2003-10-27 08:36:00 24576 ----a-w- C:\Windows\system32\msxml3a.dll2013-10-04 14:58:42 . 2013-10-04 14:58:42 -------- d-----w- C:\Program Files\Ubisoft2013-10-04 14:58:42 . 2003-10-27 08:36:02 89360 ----a-w- C:\Windows\system32\VB5DB.DLL2013-10-04 14:58:42 . 2003-10-27 08:36:00 29184 ----a-w- C:\Windows\system32\MSINET.oca2013-10-04 14:54:56 . 2003-02-27 10:42:48 696320 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll2013-10-04 14:54:56 . 2002-12-05 08:40:32 155648 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll2013-10-04 14:54:56 . 2002-12-02 09:52:44 5632 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe2013-10-04 14:54:56 . 2002-12-02 08:03:04 57344 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll2013-10-04 14:54:56 . 2002-12-02 08:03:04 32768 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\Objectps.dll2013-10-04 14:54:56 . 2002-12-02 08:03:04 237568 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll2013-10-04 14:54:48 . 2013-10-04 14:54:48 282756 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll2013-10-04 14:54:48 . 2013-10-04 14:54:48 163972 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll2013-10-02 18:36:41 . 2013-10-02 18:36:41 -------- d-----w- C:\ProgramData\JetFlash2202013-10-02 17:38:15 . 2013-10-02 17:49:24 -------- d-----w- C:\Users\Swamy\AppData\Roaming\tmp2013-09-26 08:33:12 . 2013-09-26 08:33:53 -------- d-----w- C:\Program Files\Video Convert Master. (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2013-10-10 17:02:39 . 2012-10-08 07:33:02 71048 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl2013-10-10 17:02:39 . 2012-10-08 07:33:02 692616 ----a-w- C:\Windows\system32\FlashPlayerApp.exe2013-09-09 20:04:48 . 2013-09-09 20:04:48 22328 ----a-w- C:\Windows\system32\drivers\avgidsshimx.sys2013-09-04 20:13:42 . 2013-09-04 20:13:42 39224 ----a-w- C:\Windows\system32\drivers\avgrkx86.sys2013-07-19 20:21:00 . 2013-07-19 20:21:00 246072 ----a-w- C:\Windows\system32\drivers\avglogx.sys2013-07-19 20:20:56 . 2013-07-19 20:20:56 60216 ----a-w- C:\Windows\system32\drivers\avgidshx.sys2013-07-19 20:20:56 . 2013-07-19 20:20:56 208184 ----a-w- C:\Windows\system32\drivers\avgidsdriverx.sys2013-07-19 20:20:50 . 2013-07-19 20:20:50 171320 ----a-w- C:\Windows\system32\drivers\avgldx86.sys2012-10-29 12:26:42 . 2012-10-29 12:26:38 261600 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]2012-11-15 23:07:46 21904 ----a-w- C:\Program Files\Internet Download Manager\IDMShellExt.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"WinFLTray"="C:\Windows\system32\WinFLTray.exe" [2012-10-30 11:59:54 321736]"FLBackup"="C:\Program Files\NewSoftware's\Folder Lock\FLComServCtrl.exe" [2012-10-30 12:00:06 275656]"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2012-12-15 06:18:44 3541008]"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2009-07-14 01:14:38 1173504]"googletalk"="C:\Users\Swamy\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 21:22:02 3739648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="RtHDVCpl.exe" [2008-03-03 03:40:08 4874240]"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 11:52:24 91520]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 14:39:05 41208]"AVG_UI"="C:\Program Files\AVG\AVG2013\avgui.exe" [2013-08-15 06:23:50 4411440] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinFLAdrv.sys]@="Driver" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]"Google Update"="C:\Users\Swamy\AppData\Local\Google\Update\GoogleUpdate.exe" /c [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe""Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe""Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 04:22:02 102784]R3 GGSAFERDriver;GGSAFER Driver;C:\Program Files\Garena Plus\Room\safedrv.sys [x]R3 mbamchameleon;mbamchameleon;C:\Windows\system32\drivers\mbamchameleon.sys [2013-10-11 09:46:11 75992]R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\system32\drivers\mbamswissarmy.sys [2013-10-11 11:59:43 40776]R3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Users\Swamy\Downloads\Compressed\RealTemp_370\WinRing0.sys [2008-07-26 17:00:30 14416]S0 AVGIDSHX;AVGIDSHX;C:\Windows\system32\DRIVERS\avgidshx.sys [2013-07-19 20:20:56 60216]S0 Avglogx;AVG Logging Driver;C:\Windows\system32\DRIVERS\avglogx.sys [2013-07-19 20:21:00 246072]S0 Avgrkx86;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx86.sys [2013-09-04 20:13:42 39224]S1 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdriverx.sys [2013-07-19 20:20:56 208184]S1 AVGIDSShim;AVGIDSShim;C:\Windows\system32\DRIVERS\avgidsshimx.sys [2013-09-09 20:04:48 22328]S1 Avgldx86;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx86.sys [2013-07-19 20:20:50 171320]S1 Avgtdix;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdix.sys [2013-03-20 21:38:24 182072]S1 WinFLAdrv;WinFLAdrv;C:\Windows\system32\WinFLAdrv.sys [2012-10-30 12:00:15 29184]S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files\AVG\AVG2013\avgidsagent.exe [2013-07-04 10:23:10 4939312]S2 avgwd;AVG WatchDog;C:\Program Files\AVG\AVG2013\avgwdsvc.exe [2013-07-23 13:39:28 283136]S2 FLService;FLService;C:\Windows\system32\WinFLService.exe [2012-10-30 11:59:57 91336]S2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys [2013-06-27 09:57:42 104928]S2 MBAMScheduler;MBAMScheduler;C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 09:20:32 418376]S2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 09:20:32 701512]S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [2012-02-06 08:55:18 1528640]S2 WinVDEDrv;WinVDEDrv;C:\Windows\system32\WinVDEdrv.sys [2012-10-30 12:00:12 228112]S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys [2010-08-31 12:39:00 208896]S3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2010-07-27 09:55:48 72832]S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [2013-04-04 09:20:32 22856]S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [2012-02-01 07:54:02 10064] --- Other Services/Drivers In Memory --- *NewlyCreated* - WS2IFSL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcsUxTuneUp [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-10-11 07:57:15 1185744 ----a-w- C:\Program Files\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe Contents of the 'Scheduled Tasks' folder 2013-10-11 C:\Windows\Tasks\Adobe Flash Player Updater.job- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 07:33:02 . 2013-10-10 17:02:40] 2013-10-11 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job- C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-09 10:39:34 . 2013-06-09 10:39:23] 2013-10-11 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job- C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-09 10:39:34 . 2013-06-09 10:39:23] 2013-10-11 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3756954993-494701191-2749408217-1000Core.job- C:\Users\Swamy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-10 10:31:44 . 2012-12-10 10:31:42] 2013-10-11 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3756954993-494701191-2749408217-1000UA.job- C:\Users\Swamy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-10 10:31:44 . 2012-12-10 10:31:42] Link to post Share on other sites More sharing options...
kevinf80 Posted October 11, 2013 ID:740799 Share Posted October 11, 2013 Combofix log is not complete.. Link to post Share on other sites More sharing options...
Luffy_zoro Posted October 11, 2013 Author ID:740801 Share Posted October 11, 2013 in C drive there was a folder combofix in that combofix.txt wat ever is ther i have pasted ... do u want me to redo... Link to post Share on other sites More sharing options...
kevinf80 Posted October 11, 2013 ID:740807 Share Posted October 11, 2013 Combofix is listed here C:\Combofix.txt. The log you post is definitely not complete..... Link to post Share on other sites More sharing options...
Luffy_zoro Posted October 11, 2013 Author ID:740814 Share Posted October 11, 2013 ComboFix 13-10-09.01 - Swamy 11-Oct-13 22:18:33.2.4 - x86Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.1163 [GMT 5.5:30]Running from: c:\users\Swamy\Desktop\ComboFix.exeAV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..---- Previous Run -------.c:\users\Swamy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{09993482-642C-4C99-8BC9-69F2A72036FE}.xpsc:\users\Swamy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{251BF7DA-C6D1-40C2-9C08-1101F4AF6DEB}.xpsc:\users\Swamy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{576369F7-9A0C-49CD-AE58-02A618B19748}.xpsc:\users\Swamy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{790CE498-0989-4D4E-BADD-82EC7FEB254C}.xpsc:\users\Swamy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{93F8D45B-1DC4-49EC-9089-1A4E77532A2B}.xps..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Legacy_NEWDRIVER-------\Service_NEWDRIVER..((((((((((((((((((((((((( Files Created from 2013-09-11 to 2013-10-11 )))))))))))))))))))))))))))))))..2013-10-11 16:53 . 2013-10-11 16:53 -------- d-----w- c:\users\Default\AppData\Local\temp2013-10-11 09:48 . 2013-10-11 10:04 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2013-10-11 09:46 . 2013-10-11 09:46 75992 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2013-10-11 07:41 . 2013-10-11 11:59 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2013-10-11 07:41 . 2013-10-11 07:41 -------- d-----w- c:\users\Swamy\AppData\Roaming\Malwarebytes2013-10-11 07:41 . 2013-10-11 07:41 -------- d-----w- c:\programdata\Malwarebytes2013-10-11 07:41 . 2013-10-11 07:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2013-10-11 07:41 . 2013-04-04 09:20 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2013-10-10 16:03 . 2013-10-10 16:03 -------- d-----w- C:\FRST2013-10-09 12:57 . 2013-10-09 12:57 -------- d-----w- c:\users\Swamy\AppData\Roaming\SUPERAntiSpyware.com2013-10-09 10:11 . 2013-10-09 10:11 -------- d-----w- c:\users\Swamy\AppData\Local\ElevatedDiagnostics2013-10-09 09:09 . 2013-10-09 09:10 -------- d-----w- C:\AdwCleaner2013-10-04 14:58 . 2003-10-27 08:36 505104 ----a-w- c:\windows\system32\msxml.dll2013-10-04 14:58 . 2003-10-27 08:36 69632 ----a-w- c:\windows\system32\xmltok.dll2013-10-04 14:58 . 2003-10-27 08:36 36864 ----a-w- c:\windows\system32\xmlparse.dll2013-10-04 14:58 . 2003-10-27 08:36 28432 ----a-w- c:\windows\system32\msxmlr.dll2013-10-04 14:58 . 2003-10-27 08:36 26096 ----a-w- c:\windows\system32\xmlinst.exe2013-10-04 14:58 . 2003-10-27 08:36 35840 ----a-w- c:\windows\system32\comdlg32.oca2013-10-04 14:58 . 2003-10-27 08:36 24576 ----a-w- c:\windows\system32\msxml3a.dll2013-10-04 14:58 . 2013-10-04 14:58 -------- d-----w- c:\program files\Ubisoft2013-10-04 14:58 . 2003-10-27 08:36 89360 ----a-w- c:\windows\system32\VB5DB.DLL2013-10-04 14:58 . 2003-10-27 08:36 29184 ----a-w- c:\windows\system32\MSINET.oca2013-10-04 14:54 . 2003-02-27 10:42 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll2013-10-04 14:54 . 2002-12-05 08:40 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll2013-10-04 14:54 . 2002-12-02 09:52 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe2013-10-04 14:54 . 2002-12-02 08:03 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll2013-10-04 14:54 . 2002-12-02 08:03 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll2013-10-04 14:54 . 2002-12-02 08:03 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll2013-10-04 14:54 . 2013-10-04 14:54 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll2013-10-04 14:54 . 2013-10-04 14:54 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll2013-10-02 18:36 . 2013-10-02 18:36 -------- d-----w- c:\programdata\JetFlash2202013-10-02 17:38 . 2013-10-02 17:49 -------- d-----w- c:\users\Swamy\AppData\Roaming\tmp2013-09-26 08:33 . 2013-09-26 08:33 -------- d-----w- c:\program files\Video Convert Master...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-10-10 17:02 . 2012-10-08 07:33 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-10-10 17:02 . 2012-10-08 07:33 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-09-09 20:04 . 2013-09-09 20:04 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys2013-09-04 20:13 . 2013-09-04 20:13 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys2013-07-19 20:21 . 2013-07-19 20:21 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys2013-07-19 20:20 . 2013-07-19 20:20 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys2013-07-19 20:20 . 2013-07-19 20:20 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys2013-07-19 20:20 . 2013-07-19 20:20 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys2012-10-29 12:26 . 2012-10-29 12:26 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]2012-11-15 23:07 21904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"WinFLTray"="c:\windows\system32\WinFLTray.exe" [2012-10-30 321736]"FLBackup"="c:\program files\NewSoftware's\Folder Lock\FLComServCtrl.exe" [2012-10-30 275656]"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-12-15 3541008]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]"googletalk"="c:\users\Swamy\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="RtHDVCpl.exe" [2008-03-03 4874240]"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-08-15 4411440].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinFLAdrv.sys]@="Driver".[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]"Google Update"="c:\users\Swamy\AppData\Local\Google\Update\GoogleUpdate.exe" /c.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe""Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe""Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe".R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [2013-07-04 4939312]R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 102784]R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Plus\Room\safedrv.sys [x]R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-10-11 75992]R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-10-11 40776]R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Swamy\Downloads\Compressed\RealTemp_370\WinRing0.sys [2008-07-26 14416]S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2013-07-19 60216]S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2013-07-19 246072]S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2013-09-04 39224]S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2013-07-19 208184]S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2013-09-09 22328]S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2013-07-19 171320]S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2013-03-20 182072]S1 WinFLAdrv;WinFLAdrv;c:\windows\system32\WinFLAdrv.sys [2012-10-30 29184]S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [2013-07-23 283136]S2 FLService;FLService;c:\windows\system32\WinFLService.exe [2012-10-30 91336]S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2013-06-27 104928]S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [2012-02-06 1528640]S2 WinVDEDrv;WinVDEDrv;c:\windows\system32\WinVDEdrv.sys [2012-10-30 228112]S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-08-31 208896]S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-07-27 72832]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [2012-02-01 10064]..HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcsUxTuneUp.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-10-11 07:57 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-10-11 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 17:02].2013-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-09 10:39].2013-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-09 10:39].2013-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3756954993-494701191-2749408217-1000Core.job- c:\users\Swamy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-10 10:31].2013-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3756954993-494701191-2749408217-1000UA.job- c:\users\Swamy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-10 10:31]..------- Supplementary Scan -------.IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htmIE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htmTCP: Interfaces\{9728D89D-FD31-4F3F-B271-78461D1F9F75}: NameServer = 202.148.200.3 202.148.202.4TCP: Interfaces\{C6B11A0E-DE22-4B4D-8795-A6555941F496}: NameServer = 202.148.202.3 202.148.200.3TCP: Interfaces\{EE3BDC8A-C384-4362-84D3-98472BFE0151}: NameServer = 202.148.200.3 202.148.202.4FF - ProfilePath - c:\users\Swamy\AppData\Roaming\Mozilla\Firefox\Profiles\azmgk3j2.default\FF - ExtSQL: !HIDDEN! 2012-11-18 09:07; hotfix@mozilla.org; c:\users\Swamy\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix.- - - - ORPHANS REMOVED - - - -.WebBrowser-{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} - (no file)...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-3756954993-494701191-2749408217-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e*n*žxC#\OpenWithList]@Class="Shell""a"="vlc.exe""MRUList"="a".[HKEY_USERS\S-1-5-21-3756954993-494701191-2749408217-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*f*l*v*èf\OpenWithList]@Class="Shell""a"="vlc.exe""MRUList"="a".[HKEY_USERS\S-1-5-21-3756954993-494701191-2749408217-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*f*l*v*qW*\OpenWithList]@Class="Shell""a"="vlc.exe""MRUList"="a".[HKEY_USERS\S-1-5-21-3756954993-494701191-2749408217-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*f*l*v*Žºˆr\OpenWithList]@Class="Shell""a"="vlc.exe""MRUList"="a".[HKEY_USERS\S-1-5-21-3756954993-494701191-2749408217-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*f*l*v*}éÉ;\OpenWithList]@Class="Shell""a"="vlc.exe""MRUList"="a".[HKEY_USERS\S-1-5-21-3756954993-494701191-2749408217-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*f*úL]@Class="Shell".[HKEY_USERS\S-1-5-21-3756954993-494701191-2749408217-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*f*úL\OpenWithList]@Class="Shell""a"="vlc.exe""MRUList"="a".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-10-11 22:25:54ComboFix-quarantined-files.txt 2013-10-11 16:55.Pre-Run: 11,987,693,568 bytes freePost-Run: 11,934,216,192 bytes free.- - End Of File - - 1B534204FAA0ADDD7B95EB5AD6576D52A36C5E4F47E84449FF07ED3517B43A31 Link to post Share on other sites More sharing options...
kevinf80 Posted October 11, 2013 ID:740819 Share Posted October 11, 2013 1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Open notepad and copy/paste the text in the Codebox below into it:ClearJavaCache::Folder::c:\users\Swamy\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfixRegNull::[HKEY_USERS\S-1-5-21-3756954993-494701191-2749408217-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e*n*žxC#\OpenWithList][HKEY_USERS\S-1-5-21-3756954993-494701191-2749408217-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*f*l*v*èf\OpenWithList][HKEY_USERS\S-1-5-21-3756954993-494701191-2749408217-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*f*l*v*qW*\OpenWithList][HKEY_USERS\S-1-5-21-3756954993-494701191-2749408217-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*f*l*v*Žºˆr\OpenWithList][HKEY_USERS\S-1-5-21-3756954993-494701191-2749408217-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*f*l*v*}éÉ;\OpenWithList][HKEY_USERS\S-1-5-21-3756954993-494701191-2749408217-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*f*úL][HKEY_USERS\S-1-5-21-3756954993-494701191-2749408217-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*f*úL\OpenWithList]Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exeRefering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Next, We need to run an online AV scan to ensure there are no remnants of any infection left on your system, this scan can take several hours to complete, it is very thorough and well worth running, please be patient and let it complete: Run Eset Online Scanner **Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scan click on the Run ESET Online Scanner button Tick the box next to YES, I accept the Terms of Use.Click Start When asked, allow the add/on to be installedClick Start Make sure that the option Remove found threats is unticked Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.Click Scan wait for the virus definitions to be downloaded Wait for the scan to finish When the scan is complete If no threats were found put a checkmark in "Uninstall application on close" close program report to me that nothing was found If threats were found click on "list of threats found" click on "export to text file" and save it as ESET SCAN and save to the desktop Click on back put a checkmark in "Uninstall application on close" click on finish close program copy and paste the report here Kevin. Link to post Share on other sites More sharing options...
Luffy_zoro Posted October 11, 2013 Author ID:740840 Share Posted October 11, 2013 this is the report from combofix...i will Report of eset scan in a while its taking much time... ComboFix 13-10-09.01 - Swamy 11-Oct-13 23:16:00.4.4 - x86Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.1134 [GMT 5.5:30]Running from: c:\users\Swamy\Desktop\ComboFix.exeAV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..---- Previous Run -------.c:\users\Swamy\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix\chrome.manifestc:\users\Swamy\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix\chrome\content\addlist.jsc:\users\Swamy\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix\chrome\content\em.xulc:\users\Swamy\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix\chrome\content\hashtable.jsc:\users\Swamy\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix\chrome\content\overlay.xulc:\users\Swamy\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix\chrome\content\update.jsc:\users\Swamy\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix\chrome\skin\mozilla-logo.pngc:\users\Swamy\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix\install.rdfc:\users\Swamy\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix\tcookies.dat.-- Previous Run --.Infected copy of c:\windows\system32\userinit.exe was found and disinfected Restored copy from - c:\windows\erdnt\cache\userinit.exe .--------..((((((((((((((((((((((((( Files Created from 2013-09-11 to 2013-10-11 )))))))))))))))))))))))))))))))..2013-10-11 17:51 . 2013-10-11 17:51 -------- d-----w- c:\users\Default\AppData\Local\temp2013-10-11 17:28 . 2013-10-11 17:51 -------- d-----w- c:\users\Swamy\AppData\Local\temp2013-10-11 09:48 . 2013-10-11 10:04 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2013-10-11 09:46 . 2013-10-11 09:46 75992 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2013-10-11 07:41 . 2013-10-11 11:59 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2013-10-11 07:41 . 2013-10-11 07:41 -------- d-----w- c:\users\Swamy\AppData\Roaming\Malwarebytes2013-10-11 07:41 . 2013-10-11 07:41 -------- d-----w- c:\programdata\Malwarebytes2013-10-11 07:41 . 2013-10-11 07:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2013-10-11 07:41 . 2013-04-04 09:20 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2013-10-10 16:03 . 2013-10-10 16:03 -------- d-----w- C:\FRST2013-10-09 12:57 . 2013-10-09 12:57 -------- d-----w- c:\users\Swamy\AppData\Roaming\SUPERAntiSpyware.com2013-10-09 10:11 . 2013-10-09 10:11 -------- d-----w- c:\users\Swamy\AppData\Local\ElevatedDiagnostics2013-10-09 09:09 . 2013-10-09 09:10 -------- d-----w- C:\AdwCleaner2013-10-04 14:58 . 2003-10-27 08:36 505104 ----a-w- c:\windows\system32\msxml.dll2013-10-04 14:58 . 2003-10-27 08:36 69632 ----a-w- c:\windows\system32\xmltok.dll2013-10-04 14:58 . 2003-10-27 08:36 36864 ----a-w- c:\windows\system32\xmlparse.dll2013-10-04 14:58 . 2003-10-27 08:36 28432 ----a-w- c:\windows\system32\msxmlr.dll2013-10-04 14:58 . 2003-10-27 08:36 26096 ----a-w- c:\windows\system32\xmlinst.exe2013-10-04 14:58 . 2003-10-27 08:36 35840 ----a-w- c:\windows\system32\comdlg32.oca2013-10-04 14:58 . 2003-10-27 08:36 24576 ----a-w- c:\windows\system32\msxml3a.dll2013-10-04 14:58 . 2013-10-04 14:58 -------- d-----w- c:\program files\Ubisoft2013-10-04 14:58 . 2003-10-27 08:36 89360 ----a-w- c:\windows\system32\VB5DB.DLL2013-10-04 14:58 . 2003-10-27 08:36 29184 ----a-w- c:\windows\system32\MSINET.oca2013-10-04 14:54 . 2003-02-27 10:42 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll2013-10-04 14:54 . 2002-12-05 08:40 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll2013-10-04 14:54 . 2002-12-02 09:52 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe2013-10-04 14:54 . 2002-12-02 08:03 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll2013-10-04 14:54 . 2002-12-02 08:03 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll2013-10-04 14:54 . 2002-12-02 08:03 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll2013-10-04 14:54 . 2013-10-04 14:54 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll2013-10-04 14:54 . 2013-10-04 14:54 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll2013-10-02 18:36 . 2013-10-02 18:36 -------- d-----w- c:\programdata\JetFlash2202013-10-02 17:38 . 2013-10-02 17:49 -------- d-----w- c:\users\Swamy\AppData\Roaming\tmp2013-09-26 08:33 . 2013-09-26 08:33 -------- d-----w- c:\program files\Video Convert Master...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-10-10 17:02 . 2012-10-08 07:33 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-10-10 17:02 . 2012-10-08 07:33 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-09-09 20:04 . 2013-09-09 20:04 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys2013-09-04 20:13 . 2013-09-04 20:13 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys2013-07-19 20:21 . 2013-07-19 20:21 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys2013-07-19 20:20 . 2013-07-19 20:20 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys2013-07-19 20:20 . 2013-07-19 20:20 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys2013-07-19 20:20 . 2013-07-19 20:20 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys2012-10-29 12:26 . 2012-10-29 12:26 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]2012-11-15 23:07 21904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"WinFLTray"="c:\windows\system32\WinFLTray.exe" [2012-10-30 321736]"FLBackup"="c:\program files\NewSoftware's\Folder Lock\FLComServCtrl.exe" [2012-10-30 275656]"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-12-15 3541008]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]"googletalk"="c:\users\Swamy\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="RtHDVCpl.exe" [2008-03-03 4874240]"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-08-15 4411440].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinFLAdrv.sys]@="Driver".[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]"Google Update"="c:\users\Swamy\AppData\Local\Google\Update\GoogleUpdate.exe" /c.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe""Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe""Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe".R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [2013-07-04 4939312]R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 102784]R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Plus\Room\safedrv.sys [x]R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-10-11 75992]R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-10-11 40776]R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Swamy\Downloads\Compressed\RealTemp_370\WinRing0.sys [2008-07-26 14416]S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2013-07-19 60216]S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2013-07-19 246072]S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2013-09-04 39224]S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2013-07-19 208184]S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2013-09-09 22328]S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2013-07-19 171320]S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2013-03-20 182072]S1 WinFLAdrv;WinFLAdrv;c:\windows\system32\WinFLAdrv.sys [2012-10-30 29184]S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [2013-07-23 283136]S2 FLService;FLService;c:\windows\system32\WinFLService.exe [2012-10-30 91336]S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2013-06-27 104928]S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [2012-02-06 1528640]S2 WinVDEDrv;WinVDEDrv;c:\windows\system32\WinVDEdrv.sys [2012-10-30 228112]S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-08-31 208896]S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-07-27 72832]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [2012-02-01 10064]..HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcsUxTuneUp.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-10-11 07:57 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-10-11 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 17:02].2013-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-09 10:39].2013-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-09 10:39].2013-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3756954993-494701191-2749408217-1000Core.job- c:\users\Swamy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-10 10:31].2013-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3756954993-494701191-2749408217-1000UA.job- c:\users\Swamy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-10 10:31]..------- Supplementary Scan -------.uInternet Settings,ProxyOverride = *.localIE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htmIE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htmTCP: Interfaces\{9728D89D-FD31-4F3F-B271-78461D1F9F75}: NameServer = 202.148.200.3 202.148.202.4TCP: Interfaces\{C6B11A0E-DE22-4B4D-8795-A6555941F496}: NameServer = 202.148.202.3 202.148.200.3TCP: Interfaces\{EE3BDC8A-C384-4362-84D3-98472BFE0151}: NameServer = 202.148.200.3 202.148.202.4FF - ProfilePath - c:\users\Swamy\AppData\Roaming\Mozilla\Firefox\Profiles\azmgk3j2.default\FF - ExtSQL: !HIDDEN! 2012-11-18 09:07; hotfix@mozilla.org; c:\users\Swamy\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix..--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-3756954993-494701191-2749408217-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e*n*žxC#\OpenWithList]@Class="Shell""a"="vlc.exe""MRUList"="a".[HKEY_USERS\S-1-5-21-3756954993-494701191-2749408217-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*f*l*v*èf\OpenWithList]@Class="Shell""a"="vlc.exe""MRUList"="a".[HKEY_USERS\S-1-5-21-3756954993-494701191-2749408217-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*f*l*v*qW*\OpenWithList]@Class="Shell""a"="vlc.exe""MRUList"="a".[HKEY_USERS\S-1-5-21-3756954993-494701191-2749408217-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*f*l*v*Žºˆr\OpenWithList]@Class="Shell""a"="vlc.exe""MRUList"="a".[HKEY_USERS\S-1-5-21-3756954993-494701191-2749408217-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*f*l*v*}éÉ;\OpenWithList]@Class="Shell""a"="vlc.exe""MRUList"="a".[HKEY_USERS\S-1-5-21-3756954993-494701191-2749408217-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*f*úL]@Class="Shell".[HKEY_USERS\S-1-5-21-3756954993-494701191-2749408217-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*f*úL\OpenWithList]@Class="Shell""a"="vlc.exe""MRUList"="a".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-10-11 23:23:16ComboFix-quarantined-files.txt 2013-10-11 17:53ComboFix2.txt 2013-10-11 16:55.Pre-Run: 11,997,270,016 bytes freePost-Run: 11,943,768,064 bytes free.- - End Of File - - F0EE98774A56DB0DF3EFD06A250EFB28A36C5E4F47E84449FF07ED3517B43A31 Link to post Share on other sites More sharing options...
Luffy_zoro Posted October 11, 2013 Author ID:740847 Share Posted October 11, 2013 Same thing happend again during eset scan my system restarted automaticaly after some 16 min of scanning..There were about 8 threats when it went down... Link to post Share on other sites More sharing options...
kevinf80 Posted October 11, 2013 ID:740856 Share Posted October 11, 2013 Yes I believe there is still issues that we are not finding, the last log from CF was from its 4th run, not the 3rd run which was a scripted fix. Why you not tell me that... I want you to run FRST again, this time from the Recovery Environment, we may have better chance of finding more infection from outside of windows.... download Farbar Recovery Scan Tool from here: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Plug the flash drive into the infected PC. If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt Here: http://www.bleepingcomputer.com/tutorials/windows-8-recovery-environment-command-prompt/ to enter System Recovery Command prompt. If you are using Vista or Windows 7 enter System Recovery Options. Plug the flashdrive into the infected PC. Enter System Recovery Options I give two methods, use whichever is convenient for you. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Select Your Country as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next. To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Select Your Country as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next. On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt Select Command PromptIn the command window type in notepad and press Enter.The notepad opens. Under File menu select Open.Select "Computer" and find your flash drive letter and close the notepad.In the command window type e:\frst64 or e:\frst depending on your version. Press EnterNote: Replace letter e with the drive letter of your flash drive.The tool will start to run.When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply. Link to post Share on other sites More sharing options...
Luffy_zoro Posted October 12, 2013 Author ID:741029 Share Posted October 12, 2013 Yes i am sorry, I forgot to mention that.. The second time u asked me to run combofix everything went smooth but at the last it didn't generate the cobofix log i waited for half an hour.....so i ran combofix again and than it generated...... The frst scan result below... Using the first method above..... Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013Ran by SYSTEM on MININT-S5RSACB on 12-10-2013 11:17:00Running from I:\Windows 7 Ultimate (X86) OS Language: English(US)Internet Explorer Version 8Boot Mode: Recovery The current controlset is ControlSet001ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4874240 2008-03-02] (Realtek Semiconductor)HKLM\...\Run: [bCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [4411440 2013-08-14] (AVG Technologies CZ, s.r.o.)HKU\Swamy\...\Run: [WinFLTray] - C:\Windows\system32\WinFLTray.exe [ 2012-10-30] ( New Softwares.net)HKU\Swamy\...\Run: [FLBackup] - C:\Program Files\NewSoftware's\Folder Lock\FLComServCtrl.exe [ 2012-10-30] (New Softwares.net)HKU\Swamy\...\Run: [iDMan] - C:\Program Files\Internet Download Manager\IDMan.exe [ 2012-12-14] (Tonec Inc.)HKU\Swamy\...\Run: [googletalk] - C:\Users\Swamy\AppData\Roaming\Google\Google Talk\googletalk.exe [ 2007-01-01] (Google)HKU\Swamy\...\Policies\system: [LogonHoursAction] 2HKU\Swamy\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 ========================== Services (Whitelisted) ================= S2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)S2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)S2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1528640 2012-02-06] (TuneUp Software) ==================== Drivers (Whitelisted) ==================== S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-07-19] (AVG Technologies CZ, s.r.o.)S0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-19] (AVG Technologies CZ, s.r.o.)S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-09-09] (AVG Technologies CZ, s.r.o.)S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [171320 2013-07-19] (AVG Technologies CZ, s.r.o.)S0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-19] (AVG Technologies CZ, s.r.o.)S0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-06-30] (AVG Technologies CZ, s.r.o.)S0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-09-04] (AVG Technologies CZ, s.r.o.)S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-20] (AVG Technologies CZ, s.r.o.)S0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-13] (Microsoft Corporation)S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75992 2013-10-11] (Malwarebytes Corporation)S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-10-11] (Malwarebytes Corporation)S3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2012-01-31] (TuneUp Software)S1 WinFLAdrv; C:\Windows\System32\WinFLAdrv.sys [29184 2012-10-30] ()S3 WinRing0_1_2_0; C:\Users\Swamy\Downloads\Compressed\RealTemp_370\WinRing0.sys [14416 2008-07-26] (OpenLibSys.org)S2 WinVDEDrv; C:\Windows\system32\WinVDEdrv.sys [228112 2012-10-30] (NewSoftwares.net, Inc.)S3 catchme; \??\C:\Users\Swamy\AppData\Local\Temp\catchme.sys [x]S2 ccEvtMgr; S2 ccSetMgr; S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [x]S3 navapsvc; S3 SAVRT; S1 SAVRTPEL; S3 TlntSvr; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-11 10:54 - 2013-10-11 10:54 - 00016297 _____ C:\ComboFix.txt2013-10-11 10:03 - 2013-10-11 10:03 - 00000000 ____D C:\Program Files\ESET2013-10-11 07:57 - 2013-10-11 10:54 - 00000000 ____D C:\Qoobox2013-10-11 07:57 - 2013-10-11 09:30 - 00000000 ____D C:\Windows\erdnt2013-10-11 07:57 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe2013-10-11 07:57 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe2013-10-11 07:57 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2013-10-11 07:57 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2013-10-11 07:57 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2013-10-11 07:57 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe2013-10-11 07:57 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe2013-10-11 07:57 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe2013-10-11 06:28 - 2013-10-11 06:29 - 05131844 ____R (Swearware) C:\Users\Swamy\Desktop\ComboFix.exe2013-10-11 01:48 - 2013-10-11 02:04 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-10-11 01:46 - 2013-10-11 01:46 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys2013-10-11 01:45 - 2013-10-11 01:46 - 00000000 ____D C:\Users\Swamy\Desktop\mbar2013-10-11 01:09 - 2013-10-11 01:09 - 00002855 _____ C:\Users\Swamy\Desktop\RKreport[0]_S_10112013_143943.txt2013-10-11 01:06 - 2013-10-11 01:14 - 00000000 ____D C:\Users\Swamy\Desktop\RK_Quarantine2013-10-11 01:01 - 2013-09-25 12:49 - 78106760 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe2013-10-10 23:52 - 2013-10-10 23:52 - 00000400 _____ C:\Users\Swamy\Downloads\fixlist.txt2013-10-10 23:41 - 2013-10-11 03:59 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys2013-10-10 23:41 - 2013-10-10 23:41 - 00001027 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-10-10 23:41 - 2013-10-10 23:41 - 00000000 ____D C:\Users\Swamy\AppData\Roaming\Malwarebytes2013-10-10 23:41 - 2013-10-10 23:41 - 00000000 ____D C:\ProgramData\Malwarebytes2013-10-10 23:41 - 2013-10-10 23:41 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware2013-10-10 23:41 - 2013-04-04 01:20 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys2013-10-10 23:38 - 2013-10-11 21:32 - 00036280 _____ C:\Windows\PFRO.log2013-10-10 08:03 - 2013-10-10 08:03 - 00000000 ____D C:\FRST2013-10-09 04:57 - 2013-10-09 04:57 - 00000000 ____D C:\Users\Swamy\AppData\Roaming\SUPERAntiSpyware.com2013-10-09 03:34 - 2013-10-09 03:35 - 00688992 ____R (Swearware) C:\Users\Swamy\Downloads\dds.scr2013-10-09 01:09 - 2013-10-09 01:10 - 00000000 ____D C:\AdwCleaner2013-10-08 20:53 - 2013-10-11 21:32 - 00001456 _____ C:\Windows\setupact.log2013-10-08 01:32 - 2013-10-10 05:12 - 00000000 ____D C:\Users\Swamy\Documents\FIFA 092013-10-08 01:32 - 2013-10-08 01:32 - 00000552 _____ C:\Users\Swamy\Desktop\FIFA 09.lnk2013-10-04 06:58 - 2013-10-04 06:58 - 00000000 ____D C:\Program Files\Ubisoft2013-10-04 06:58 - 2003-10-27 00:36 - 00505104 _____ (Microsoft Corporation) C:\Windows\System32\msxml.dll2013-10-04 06:58 - 2003-10-27 00:36 - 00089360 _____ (Microsoft Corporation) C:\Windows\System32\VB5DB.DLL2013-10-04 06:58 - 2003-10-27 00:36 - 00069632 _____ C:\Windows\System32\xmltok.dll2013-10-04 06:58 - 2003-10-27 00:36 - 00036864 _____ C:\Windows\System32\xmlparse.dll2013-10-04 06:58 - 2003-10-27 00:36 - 00035840 _____ C:\Windows\System32\comdlg32.oca2013-10-04 06:58 - 2003-10-27 00:36 - 00029184 _____ C:\Windows\System32\MSINET.oca2013-10-04 06:58 - 2003-10-27 00:36 - 00028432 _____ (Microsoft Corporation) C:\Windows\System32\msxmlr.dll2013-10-04 06:58 - 2003-10-27 00:36 - 00026096 _____ (Microsoft Corporation) C:\Windows\System32\xmlinst.exe2013-10-04 06:58 - 2003-10-27 00:36 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\msxml3a.dll2013-10-02 22:29 - 2013-10-02 22:29 - 00000721 _____ C:\Users\Swamy\Desktop\Condition Zero.lnk2013-10-02 10:36 - 2013-10-02 10:36 - 00000000 ____D C:\Users\Swamy\Documents\My Fingerprint Data2013-10-02 10:36 - 2013-10-02 10:36 - 00000000 ____D C:\ProgramData\JetFlash2202013-10-02 09:38 - 2013-10-02 09:49 - 00000000 ____D C:\Users\Swamy\AppData\Roaming\tmp2013-10-02 07:14 - 2013-10-02 07:14 - 00000000 ____D C:\Users\Swamy\Downloads\ChipGenius2013-10-02 07:13 - 2013-10-02 07:14 - 00138431 _____ C:\Users\Swamy\Downloads\ChipGenius.rar2013-10-01 23:53 - 2013-10-01 23:58 - 00000000 ____D C:\Users\Swamy\Documents\GTA Vice City User Files2013-09-30 08:02 - 2013-09-30 08:03 - 00473354 _____ C:\Users\Swamy\Downloads\steam need to be online to update (fatal error) fixed 100% working - YouTube.3GP2013-09-30 03:04 - 2013-09-30 03:04 - 00086082 _____ C:\Users\Swamy\Downloads\Steam.htm2013-09-29 21:02 - 2013-09-29 21:02 - 00000000 ____D C:\Windows\System32\appmgmt2013-09-26 00:33 - 2013-09-26 00:33 - 00000902 _____ C:\Users\Swamy\Desktop\Video Convert Master.lnk2013-09-26 00:33 - 2013-09-26 00:33 - 00000000 ____D C:\Program Files\Video Convert Master2013-09-22 12:27 - 2013-10-08 04:41 - 00000000 ____D C:\Windows\Minidump ==================== One Month Modified Files and Folders ======= 2013-10-11 21:41 - 2012-10-08 10:50 - 01926608 _____ C:\Windows\WindowsUpdate.log2013-10-11 21:41 - 2012-10-07 22:35 - 00000000 ____D C:\Users\Swamy\AppData\Roaming\DMCache2013-10-11 21:39 - 2012-10-07 22:33 - 00782154 _____ C:\Windows\System32\PerfStringBackup.INI2013-10-11 21:38 - 2012-10-07 22:37 - 00000000 ____D C:\ProgramData\MFAData2013-10-11 21:37 - 2009-07-13 20:34 - 00013536 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-10-11 21:37 - 2009-07-13 20:34 - 00013536 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-10-11 21:32 - 2013-10-10 23:38 - 00036280 _____ C:\Windows\PFRO.log2013-10-11 21:32 - 2013-10-08 20:53 - 00001456 _____ C:\Windows\setupact.log2013-10-11 10:54 - 2013-10-11 10:54 - 00016297 _____ C:\ComboFix.txt2013-10-11 10:54 - 2013-10-11 07:57 - 00000000 ____D C:\Qoobox2013-10-11 10:52 - 2009-07-13 18:04 - 00000215 _____ C:\Windows\system.ini2013-10-11 10:03 - 2013-10-11 10:03 - 00000000 ____D C:\Program Files\ESET2013-10-11 09:30 - 2013-10-11 07:57 - 00000000 ____D C:\Windows\erdnt2013-10-11 08:55 - 2009-07-13 18:37 - 00000000 __RHD C:\users\Default2013-10-11 08:55 - 2009-07-13 18:37 - 00000000 ___RD C:\users\Public2013-10-11 08:06 - 2009-07-13 18:03 - 41943040 _____ C:\Windows\System32\config\SOFTWARE.bak2013-10-11 08:06 - 2009-07-13 18:03 - 19398656 _____ C:\Windows\System32\config\SYSTEM.bak2013-10-11 08:06 - 2009-07-13 18:03 - 00262144 _____ C:\Windows\System32\config\DEFAULT.bak2013-10-11 08:06 - 2009-07-13 18:03 - 00065536 _____ C:\Windows\System32\config\SAM.bak2013-10-11 08:06 - 2009-07-13 18:03 - 00024576 _____ C:\Windows\System32\config\SECURITY.bak2013-10-11 06:29 - 2013-10-11 06:28 - 05131844 ____R (Swearware) C:\Users\Swamy\Desktop\ComboFix.exe2013-10-11 05:37 - 2012-12-21 21:43 - 00000000 ____D C:\Users\Swamy\AppData\Roaming\vlc2013-10-11 04:14 - 2012-10-07 23:47 - 00000000 ____D C:\Users\Swamy\AppData\Roaming\Google2013-10-11 04:12 - 2012-10-08 08:33 - 00000000 ____D C:\Program Files\Google2013-10-11 03:59 - 2013-10-10 23:41 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys2013-10-11 03:57 - 2013-06-26 05:54 - 00000000 ____D C:\Program Files\ABBYY PDF Transformer 3.02013-10-11 03:57 - 2013-06-26 05:09 - 00000000 ____D C:\ProgramData\ABBYY2013-10-11 03:56 - 2012-10-07 22:27 - 00000000 ____D C:\users\Swamy2013-10-11 02:04 - 2013-10-11 01:48 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-10-11 01:46 - 2013-10-11 01:46 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys2013-10-11 01:46 - 2013-10-11 01:45 - 00000000 ____D C:\Users\Swamy\Desktop\mbar2013-10-11 01:14 - 2013-10-11 01:06 - 00000000 ____D C:\Users\Swamy\Desktop\RK_Quarantine2013-10-11 01:09 - 2013-10-11 01:09 - 00002855 _____ C:\Users\Swamy\Desktop\RKreport[0]_S_10112013_143943.txt2013-10-11 01:08 - 2013-08-05 22:15 - 00000000 ____D C:\Users\Swamy\AppData\Roaming\IDM2013-10-11 00:55 - 2012-10-07 22:35 - 00000000 ____D C:\Users\Swamy\Downloads\Compressed2013-10-11 00:00 - 2012-10-07 23:16 - 00000000 ____D C:\Users\Swamy\AppData\Roaming\Mozilla2013-10-10 23:52 - 2013-10-10 23:52 - 00000400 _____ C:\Users\Swamy\Downloads\fixlist.txt2013-10-10 23:41 - 2013-10-10 23:41 - 00001027 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-10-10 23:41 - 2013-10-10 23:41 - 00000000 ____D C:\Users\Swamy\AppData\Roaming\Malwarebytes2013-10-10 23:41 - 2013-10-10 23:41 - 00000000 ____D C:\ProgramData\Malwarebytes2013-10-10 23:41 - 2013-10-10 23:41 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware2013-10-10 09:43 - 2012-10-07 22:35 - 00000000 ____D C:\Users\Swamy\Downloads\Video2013-10-10 09:02 - 2012-10-07 23:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe2013-10-10 09:02 - 2012-10-07 23:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl2013-10-10 08:03 - 2013-10-10 08:03 - 00000000 ____D C:\FRST2013-10-10 08:02 - 2013-01-29 07:32 - 00000000 ___HD C:\Program Files\InstallShield Installation Information2013-10-10 08:02 - 2012-10-16 05:57 - 00000000 ____D C:\Program Files\Common Files\InstallShield2013-10-10 08:02 - 2009-07-13 18:04 - 00000478 _____ C:\Windows\win.ini2013-10-10 08:01 - 2013-04-29 02:40 - 00000000 ____D C:\Users\Swamy\AppData\Roaming\uTorrent2013-10-10 05:12 - 2013-10-08 01:32 - 00000000 ____D C:\Users\Swamy\Documents\FIFA 092013-10-09 04:57 - 2013-10-09 04:57 - 00000000 ____D C:\Users\Swamy\AppData\Roaming\SUPERAntiSpyware.com2013-10-09 03:35 - 2013-10-09 03:34 - 00688992 ____R (Swearware) C:\Users\Swamy\Downloads\dds.scr2013-10-09 01:10 - 2013-10-09 01:09 - 00000000 ____D C:\AdwCleaner2013-10-09 01:10 - 2013-06-08 02:36 - 00000000 ____D C:\Users\Swamy\AppData\Local\iexplorer2013-10-08 04:41 - 2013-09-22 12:27 - 00000000 ____D C:\Windows\Minidump2013-10-08 04:31 - 2012-11-02 22:46 - 00000000 ____D C:\Users\Swamy\Documents\Outlook Files2013-10-08 01:32 - 2013-10-08 01:32 - 00000552 _____ C:\Users\Swamy\Desktop\FIFA 09.lnk2013-10-08 01:30 - 2012-11-02 09:48 - 00000000 ____D C:\Users\Swamy\AppData\Local\CrashDumps2013-10-06 23:25 - 2009-07-13 18:03 - 42467328 _____ C:\Windows\System32\config\SOFTWARE_tureg_old2013-10-06 23:25 - 2009-07-13 18:03 - 18612224 _____ C:\Windows\System32\config\SYSTEM_tureg_old2013-10-06 23:25 - 2009-07-13 18:03 - 00262144 _____ C:\Windows\System32\config\SECURITY_tureg_old2013-10-06 23:25 - 2009-07-13 18:03 - 00262144 _____ C:\Windows\System32\config\DEFAULT_tureg_old2013-10-06 23:23 - 2009-07-13 18:03 - 00262144 _____ C:\Windows\System32\config\SAM_tureg_old2013-10-04 06:58 - 2013-10-04 06:58 - 00000000 ____D C:\Program Files\Ubisoft2013-10-02 22:29 - 2013-10-02 22:29 - 00000721 _____ C:\Users\Swamy\Desktop\Condition Zero.lnk2013-10-02 10:36 - 2013-10-02 10:36 - 00000000 ____D C:\Users\Swamy\Documents\My Fingerprint Data2013-10-02 10:36 - 2013-10-02 10:36 - 00000000 ____D C:\ProgramData\JetFlash2202013-10-02 09:49 - 2013-10-02 09:38 - 00000000 ____D C:\Users\Swamy\AppData\Roaming\tmp2013-10-02 07:14 - 2013-10-02 07:14 - 00000000 ____D C:\Users\Swamy\Downloads\ChipGenius2013-10-02 07:14 - 2013-10-02 07:13 - 00138431 _____ C:\Users\Swamy\Downloads\ChipGenius.rar2013-10-01 23:58 - 2013-10-01 23:53 - 00000000 ____D C:\Users\Swamy\Documents\GTA Vice City User Files2013-10-01 23:46 - 2012-10-07 23:17 - 00000000 ____D C:\Users\Swamy\AppData\Roaming\GameRanger2013-10-01 07:33 - 2013-06-21 22:19 - 00001258 __RSH C:\Users\Swamy\ntuser.pol2013-10-01 00:32 - 2012-11-17 19:37 - 00000000 ____D C:\Users\Swamy\AppData\Roaming\MCommon2013-09-30 08:03 - 2013-09-30 08:02 - 00473354 _____ C:\Users\Swamy\Downloads\steam need to be online to update (fatal error) fixed 100% working - YouTube.3GP2013-09-30 03:04 - 2013-09-30 03:04 - 00086082 _____ C:\Users\Swamy\Downloads\Steam.htm2013-09-29 21:02 - 2013-09-29 21:02 - 00000000 ____D C:\Windows\System32\appmgmt2013-09-28 01:03 - 2012-11-18 00:15 - 00000000 ____D C:\results2013-09-26 00:33 - 2013-09-26 00:33 - 00000902 _____ C:\Users\Swamy\Desktop\Video Convert Master.lnk2013-09-26 00:33 - 2013-09-26 00:33 - 00000000 ____D C:\Program Files\Video Convert Master2013-09-25 12:49 - 2013-10-11 01:01 - 78106760 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe2013-09-24 06:27 - 2013-06-08 00:44 - 00000000 ____D C:\Program Files\Common Files\Steam2013-09-13 04:24 - 2013-04-06 10:21 - 00000895 _____ C:\Users\Public\Desktop\AVG 2013.lnk ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legitC:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= 1Restore point made on: 2013-10-11 03:56:03 ==================== Memory info =========================== Percentage of memory in use: 19%Total physical RAM: 2037.57 MBAvailable physical RAM: 1644.97 MBTotal Pagefile: 2037.57 MBAvailable Pagefile: 1643.16 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1950.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:48.83 GB) (Free:11.08 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive d: (OnE PiEce) (Fixed) (Total:87.89 GB) (Free:6.57 GB) NTFSDrive e: (GaMes) (Fixed) (Total:97.65 GB) (Free:12.26 GB) NTFSDrive f: (MuZiq) (Fixed) (Total:97.65 GB) (Free:15.45 GB) NTFSDrive g: (Movies) (Fixed) (Total:133.73 GB) (Free:18.83 GB) NTFSDrive i: (PEN DRIVE) (Removable) (Total:3.76 GB) (Free:2.58 GB) FAT32Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 815198A1)Partition 1: (Active) - (Size=49 GB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=417 GB) - (Type=OF Extended) ========================================================Disk: 1 (Size: 4 GB) (Disk ID: 6F20736B)No partition Table on disk 1.Disk 1 is a removable device. LastRegBack: 2013-10-01 05:47 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
kevinf80 Posted October 12, 2013 ID:741044 Share Posted October 12, 2013 That log is clean, no obvious malware present... OK continue... Download OTL from any of the following links and save to your Desktop: http://oldtimer.geekstogo.com/OTL.exehttp://itxassociates.com/OT-Tools/OTL.comhttp://www.itxassociates.com/OT-Tools/OTL.scr Double click on the icon to run it, Vista or Windows 7 users right click and select Run as Administartor. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top, make sure Standard output is selected. Select Scan all users Under the Extra Registry section, check Use SafeList In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check". Under the Custom Scan box paste this in: netsvcs%systemroot%\*. /mp /s%systemroot%\*. /rp /smsconfig%SYSTEMDRIVE%\*.exe%LOCALAPPDATA%\*.exe/md5startconsrv.dllexplorer.exewinlogon.exeUserinit.exesvchost.exe/md5stopCREATERESTOREPOINT Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply Link to post Share on other sites More sharing options...
Luffy_zoro Posted October 12, 2013 Author ID:741147 Share Posted October 12, 2013 i really see some unwanted things in this log.....the contents i never visit ....the log is too long to copy paste...i have pasted OTL log here ...& attached extras.txt............. OTL logfile created on: 12-Oct-13 9:20:28 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Swamy\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstationInternet Explorer (Version = 8.0.7600.16385)Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy 1.99 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 60.19% Memory free3.98 Gb Paging File | 2.92 Gb Available in Paging File | 73.43% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 48.83 Gb Total Space | 10.87 Gb Free Space | 22.26% Space Free | Partition Type: NTFSDrive D: | 87.89 Gb Total Space | 6.57 Gb Free Space | 7.47% Space Free | Partition Type: NTFSDrive E: | 97.65 Gb Total Space | 12.26 Gb Free Space | 12.56% Space Free | Partition Type: NTFSDrive F: | 97.65 Gb Total Space | 15.45 Gb Free Space | 15.82% Space Free | Partition Type: NTFSDrive G: | 133.73 Gb Total Space | 18.83 Gb Free Space | 14.08% Space Free | Partition Type: NTFSDrive J: | 22.28 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: SWAMY-PC | User Name: Swamy | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All usersCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013-10-12 21:15:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Swamy\Desktop\OTL.exePRC - [2013-08-15 11:53:50 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exePRC - [2013-07-23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exePRC - [2013-07-10 01:33:22 | 000,452,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exePRC - [2013-07-04 15:53:28 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exePRC - [2013-07-04 15:53:26 | 001,117,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exePRC - [2013-07-04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exePRC - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exePRC - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exePRC - [2013-03-18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exePRC - [2012-12-15 11:48:44 | 003,541,008 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exePRC - [2012-12-12 19:14:48 | 000,268,248 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exePRC - [2012-10-30 17:29:57 | 000,091,336 | ---- | M] (New Softwares.net) -- C:\Windows\System32\WinFLService.exePRC - [2012-10-30 17:29:54 | 000,321,736 | ---- | M] ( New Softwares.net) -- C:\Windows\System32\WinFLTray.exePRC - [2012-02-06 14:25:22 | 001,220,928 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exePRC - [2012-02-06 14:25:18 | 001,528,640 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exePRC - [2009-07-14 06:44:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exePRC - [2009-07-14 06:44:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exePRC - [2009-05-25 13:09:40 | 000,528,384 | ---- | M] () -- C:\Program Files\Mobile Partner\Mobile Partner.exePRC - [2008-03-03 09:10:08 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exePRC - [2007-01-02 02:52:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\Swamy\AppData\Roaming\Google\Google Talk\googletalk.exe ========== Modules (No Company Name) ========== MOD - [2010-01-21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dllMOD - [2010-01-09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODFMOD - [2009-10-01 07:37:54 | 000,991,232 | ---- | M] () -- C:\Program Files\Mobile Partner\NDISAPI.dllMOD - [2009-09-21 16:44:10 | 000,139,264 | ---- | M] () -- C:\Program Files\Mobile Partner\NetInfoPlugin.dllMOD - [2009-09-19 15:24:44 | 000,143,360 | ---- | M] () -- C:\Program Files\Mobile Partner\LocaleMgrPlugin.dllMOD - [2009-09-19 15:24:02 | 000,159,744 | ---- | M] () -- C:\Program Files\Mobile Partner\SMSPlugin.dllMOD - [2009-09-19 15:23:10 | 000,032,768 | ---- | M] () -- C:\Program Files\Mobile Partner\NotifyServicePlugin.dllMOD - [2009-09-19 15:21:02 | 000,057,344 | ---- | M] () -- C:\Program Files\Mobile Partner\ConfigFilePlugin.dllMOD - [2009-09-19 15:19:42 | 000,110,592 | ---- | M] () -- C:\Program Files\Mobile Partner\DeviceMgrPlugin.dllMOD - [2009-09-19 15:16:06 | 000,073,728 | ---- | M] () -- C:\Program Files\Mobile Partner\CallPlugin.dllMOD - [2009-09-19 15:13:34 | 000,090,112 | ---- | M] () -- C:\Program Files\Mobile Partner\DialUpPlugin.dllMOD - [2009-09-19 15:12:16 | 000,229,376 | ---- | M] () -- C:\Program Files\Mobile Partner\DeviceMgrUIPlugin.dllMOD - [2009-09-19 14:56:40 | 000,176,128 | ---- | M] () -- C:\Program Files\Mobile Partner\mm1agent.dllMOD - [2009-05-25 13:09:40 | 000,528,384 | ---- | M] () -- C:\Program Files\Mobile Partner\Mobile Partner.exeMOD - [2009-05-23 11:02:32 | 000,061,440 | R--- | M] () -- C:\Program Files\Mobile Partner\XCodec.dllMOD - [2009-05-23 11:02:30 | 000,061,440 | R--- | M] () -- C:\Program Files\Mobile Partner\DeviceOperate.dllMOD - [2009-05-23 11:02:28 | 000,155,648 | R--- | M] () -- C:\Program Files\Mobile Partner\DetectDev.dllMOD - [2009-05-23 11:02:24 | 000,557,056 | R--- | M] () -- C:\Program Files\Mobile Partner\atcomm.dllMOD - [2009-03-31 16:07:20 | 000,025,600 | R--- | M] () -- C:\Program Files\Mobile Partner\rvh245AutoCaps.dllMOD - [2009-03-31 16:07:14 | 000,038,912 | R--- | M] () -- C:\Program Files\Mobile Partner\rvgef.dllMOD - [2009-03-31 16:07:06 | 000,098,304 | R--- | M] () -- C:\Program Files\Mobile Partner\rvasn1.dllMOD - [2007-08-23 16:39:30 | 000,014,848 | R--- | M] () -- C:\Program Files\Mobile Partner\isaputrace.dllMOD - [2007-07-31 15:50:04 | 000,090,112 | R--- | M] () -- C:\Program Files\Mobile Partner\FileManager.dll ========== Services (SafeList) ========== SRV - [2013-10-10 22:32:40 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2013-07-23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)SRV - [2013-07-04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)SRV - [2013-07-03 17:33:01 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)SRV - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)SRV - [2012-11-19 17:03:24 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)SRV - [2012-10-30 17:29:57 | 000,091,336 | ---- | M] (New Softwares.net) [Auto | Running] -- C:\Windows\System32\WinFLService.exe -- (FLService)SRV - [2012-10-29 17:56:42 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)SRV - [2012-02-06 14:25:18 | 001,528,640 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)SRV - [2012-02-06 14:25:18 | 000,028,992 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)SRV - [2010-01-21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)SRV - [2009-07-14 06:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)SRV - [2009-07-14 06:46:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)SRV - [2009-07-14 06:45:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Swamy\AppData\Local\Temp\catchme.sys -- (catchme)DRV - [2013-10-11 17:29:43 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)DRV - [2013-10-11 15:16:11 | 000,075,992 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamchameleon.sys -- (mbamchameleon)DRV - [2013-09-10 01:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)DRV - [2013-09-05 01:43:42 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)DRV - [2013-07-20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)DRV - [2013-07-20 01:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)DRV - [2013-07-20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)DRV - [2013-07-20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)DRV - [2013-07-01 01:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)DRV - [2013-06-27 15:27:42 | 000,104,928 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)DRV - [2013-04-04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)DRV - [2013-03-21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)DRV - [2012-10-30 17:30:15 | 000,029,184 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\WinFLAdrv.sys -- (WinFLAdrv)DRV - [2012-10-30 17:30:12 | 000,228,112 | ---- | M] (NewSoftwares.net, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\WinVDEdrv.sys -- (WinVDEDrv)DRV - [2012-02-01 13:24:02 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)DRV - [2010-08-31 18:09:00 | 000,208,896 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)DRV - [2010-08-07 17:48:42 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)DRV - [2010-07-27 15:25:48 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)DRV - [2010-07-27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)DRV - [2009-07-14 06:49:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)DRV - [2009-07-14 06:49:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)DRV - [2009-07-14 06:49:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)DRV - [2009-07-14 04:58:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)DRV - [2009-07-14 04:58:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)DRV - [2009-07-14 03:32:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)DRV - [2008-07-26 22:30:30 | 000,014,416 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Stopped] -- C:\Users\Swamy\Downloads\Compressed\RealTemp_370\WinRing0.sys -- (WinRing0_1_2_0) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=19.9.1.14IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=19.9.1.14IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3756954993-494701191-2749408217-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usIE - HKU\S-1-5-21-3756954993-494701191-2749408217-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}IE - HKU\S-1-5-21-3756954993-494701191-2749408217-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRCIE - HKU\S-1-5-21-3756954993-494701191-2749408217-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE - HKU\S-1-5-21-3756954993-494701191-2749408217-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: hotfix@mozilla.org:2.0FF - prefs.js..extensions.enabledAddons: grooveshredder@code.argee.org:1.14.10FF - prefs.js..extensions.enabledAddons: mozilla_cc@internetdownloadmanager.com:7.3.54FF - prefs.js..extensions.enabledAddons: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}:10.16.2.509FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Swamy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Swamy\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Swamy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Swamy\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Swamy\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\hotfix@mozilla.org: C:\Users\Swamy\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfixFF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-10-29 17:56:42 | 000,000,000 | ---D | M]FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\hotfix@mozilla.org: C:\Users\Swamy\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfixFF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Swamy\AppData\Roaming\IDM\idmmzcc5 [2013-10-12 21:10:17 | 000,000,000 | ---D | M]FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-10-29 17:56:42 | 000,000,000 | ---D | M]FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Swamy\AppData\Roaming\IDM\idmmzcc5 [2013-10-12 21:10:17 | 000,000,000 | ---D | M] [2012-10-08 12:46:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Swamy\AppData\Roaming\Mozilla\Extensions[2013-10-11 22:58:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Swamy\AppData\Roaming\Mozilla\Firefox\Extensions[2013-10-09 14:40:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Swamy\AppData\Roaming\Mozilla\Firefox\Profiles\azmgk3j2.default\extensions[2013-06-13 18:18:48 | 000,089,261 | ---- | M] () (No name found) -- C:\Users\Swamy\AppData\Roaming\Mozilla\Firefox\Profiles\azmgk3j2.default\extensions\grooveshredder@code.argee.org.xpi[2013-05-09 20:29:06 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Swamy\AppData\Roaming\Mozilla\Firefox\Profiles\azmgk3j2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi[2012-10-29 17:56:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions[2013-10-12 21:10:17 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\SWAMY\APPDATA\ROAMING\IDM\IDMMZCC5File not found (No name found) -- C:\USERS\SWAMY\APPDATA\ROAMING\MOZILLA\FIREFOX\EXTENSIONS\MOZILLAHOTFIXFile not found (No name found) -- C:\USERS\SWAMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AZMGK3J2.DEFAULT\EXTENSIONS\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}[2012-10-29 17:56:42 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll[2012-09-06 06:56:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml[2012-10-22 13:02:37 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},CHR - homepage: http://www.india-100.com/?hp=08062013CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dllCHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Disabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\pdf.dllCHR - plugin: Internet Download Manager Plugin (Enabled) = C:\Users\Swamy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.17.4_2\IDMGCExt.dllCHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dllCHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Swamy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dllCHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Swamy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dllCHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Swamy\AppData\Roaming\Mozilla\plugins\npo1d.dllCHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLLCHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLLCHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dllCHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dllCHR - plugin: Java Platform SE 7 U21 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dllCHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dllCHR - Extension: Google Docs = C:\Users\Swamy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\CHR - Extension: Google Drive = C:\Users\Swamy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\CHR - Extension: YouTube = C:\Users\Swamy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\CHR - Extension: Adblock Plus = C:\Users\Swamy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6_0\CHR - Extension: Google Search = C:\Users\Swamy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\CHR - Extension: IDM Integration = C:\Users\Swamy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.17.4_0\CHR - Extension: Chrome In-App Payments service = C:\Users\Swamy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\CHR - Extension: Gmail = C:\Users\Swamy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013-10-11 23:00:31 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O3 - HKU\S-1-5-21-3756954993-494701191-2749408217-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)O4 - HKU\S-1-5-21-3756954993-494701191-2749408217-1000..\Run: [FLBackup] C:\Program Files\NewSoftware's\Folder Lock\FLComServCtrl.exe ()O4 - HKU\S-1-5-21-3756954993-494701191-2749408217-1000..\Run: [googletalk] C:\Users\Swamy\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)O4 - HKU\S-1-5-21-3756954993-494701191-2749408217-1000..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)O4 - HKU\S-1-5-21-3756954993-494701191-2749408217-1000..\Run: [WinFLTray] C:\Windows\System32\WinFLTray.exe ( New Softwares.net)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-3756954993-494701191-2749408217-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-3756954993-494701191-2749408217-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0O7 - HKU\S-1-5-21-3756954993-494701191-2749408217-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O7 - HKU\S-1-5-21-3756954993-494701191-2749408217-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2O7 - HKU\S-1-5-21-3756954993-494701191-2749408217-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} http://u3.sandisk.com/download/apps/LPInstaller.CAB (CInstallLPCtrl Object)O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A1BE518-C25A-465F-80B0-2A28FE2E0AD9}: NameServer = 202.148.202.3 202.148.200.3O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9728D89D-FD31-4F3F-B271-78461D1F9F75}: NameServer = 202.148.200.3 202.148.202.4O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6B11A0E-DE22-4B4D-8795-A6555941F496}: NameServer = 202.148.202.3 202.148.200.3O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE3BDC8A-C384-4362-84D3-98472BFE0151}: NameServer = 202.148.200.3 202.148.202.4O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2009-06-11 03:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]O32 - AutoRun File - [2010-04-10 11:00:00 | 000,000,045 | R--- | M] () - J:\AUTORUN.INF -- [ CDFS ]O32 - AutoRun File - [2010-04-10 11:00:00 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - J:\AutoRun.exe -- [ CDFS ]O34 - HKLM BootExecute: (autocheck autochk *)O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not foundNetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)NetSvcs: Nla - File not foundNetSvcs: Ntmssvc - File not foundNetSvcs: NWCWorkstation - File not foundNetSvcs: Nwsapagent - File not foundNetSvcs: SRService - File not foundNetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)NetSvcs: WmdmPmSp - File not foundNetSvcs: LogonHours - File not foundNetSvcs: PCAudit - File not foundNetSvcs: helpsvc - File not foundNetSvcs: uploadmgr - File not found CREATERESTOREPOINTRestore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013-10-12 21:13:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Swamy\Desktop\OTL.exe[2013-10-12 00:24:25 | 000,000,000 | ---D | C] -- C:\Windows\temp[2013-10-12 00:23:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN[2013-10-11 23:33:56 | 000,000,000 | ---D | C] -- C:\Program Files\ESET[2013-10-11 22:58:35 | 000,000,000 | ---D | C] -- C:\Users\Swamy\AppData\Local\temp[2013-10-11 21:27:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe[2013-10-11 21:27:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe[2013-10-11 21:27:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe[2013-10-11 21:27:39 | 000,000,000 | ---D | C] -- C:\Qoobox[2013-10-11 21:27:22 | 000,000,000 | ---D | C] -- C:\Windows\erdnt[2013-10-11 19:58:36 | 005,131,844 | R--- | C] (Swearware) -- C:\Users\Swamy\Desktop\ComboFix.exe[2013-10-11 17:44:44 | 000,000,000 | ---D | C] -- C:\Users\Swamy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Talk[2013-10-11 15:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)[2013-10-11 15:16:11 | 000,075,992 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys[2013-10-11 15:15:56 | 000,000,000 | ---D | C] -- C:\Users\Swamy\Desktop\mbar[2013-10-11 14:36:51 | 000,000,000 | ---D | C] -- C:\Users\Swamy\Desktop\RK_Quarantine[2013-10-11 13:11:58 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys[2013-10-11 13:11:58 | 000,000,000 | ---D | C] -- C:\Users\Swamy\AppData\Roaming\Malwarebytes[2013-10-11 13:11:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2013-10-11 13:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[2013-10-11 13:11:46 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys[2013-10-11 13:11:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2013-10-10 21:33:52 | 000,000,000 | ---D | C] -- C:\FRST[2013-10-09 18:27:31 | 000,000,000 | ---D | C] -- C:\Users\Swamy\AppData\Roaming\SUPERAntiSpyware.com[2013-10-09 15:41:51 | 000,000,000 | ---D | C] -- C:\Users\Swamy\AppData\Local\ElevatedDiagnostics[2013-10-09 14:39:35 | 000,000,000 | ---D | C] -- C:\AdwCleaner[2013-10-08 15:02:40 | 000,000,000 | ---D | C] -- C:\Users\Swamy\Documents\FIFA 09[2013-10-04 20:28:49 | 000,505,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml.dll[2013-10-04 20:28:43 | 000,028,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxmlr.dll[2013-10-04 20:28:43 | 000,026,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlinst.exe[2013-10-04 20:28:43 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3a.dll[2013-10-04 20:28:42 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB5DB.DLL[2013-10-04 20:28:42 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft[2013-10-04 20:26:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UBISOFT[2013-10-03 00:06:41 | 000,000,000 | ---D | C] -- C:\Users\Swamy\Documents\My Fingerprint Data[2013-10-03 00:06:41 | 000,000,000 | ---D | C] -- C:\ProgramData\JetFlash220[2013-10-02 23:08:15 | 000,000,000 | ---D | C] -- C:\Users\Swamy\AppData\Roaming\tmp[2013-10-02 13:23:45 | 000,000,000 | ---D | C] -- C:\Users\Swamy\Documents\GTA Vice City User Files[2013-09-30 10:32:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt[2013-09-26 14:03:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Convert Master[2013-09-26 14:03:12 | 000,000,000 | ---D | C] -- C:\Program Files\Video Convert Master[2013-09-23 01:57:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump[2013-09-13 17:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG ========== Files - Modified Within 30 Days ========== [2013-10-12 21:15:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Swamy\Desktop\OTL.exe[2013-10-12 21:13:18 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2013-10-12 21:13:18 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2013-10-12 21:10:24 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2013-10-12 21:07:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2013-10-12 12:29:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3756954993-494701191-2749408217-1000UA.job[2013-10-12 11:31:51 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2013-10-12 11:31:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2013-10-12 11:09:21 | 000,662,484 | ---- | M] () -- C:\Windows\System32\perfh009.dat[2013-10-12 11:09:21 | 000,121,352 | ---- | M] () -- C:\Windows\System32\perfc009.dat[2013-10-11 23:00:31 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts[2013-10-11 19:59:06 | 005,131,844 | R--- | M] (Swearware) -- C:\Users\Swamy\Desktop\ComboFix.exe[2013-10-11 17:29:43 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys[2013-10-11 15:16:11 | 000,075,992 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys[2013-10-11 13:29:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3756954993-494701191-2749408217-1000Core.job[2013-10-11 13:11:48 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2013-10-10 22:32:39 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe[2013-10-10 22:32:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl[2013-10-08 15:02:22 | 000,000,552 | ---- | M] () -- C:\Users\Swamy\Desktop\FIFA 09.lnk[2013-10-03 11:59:04 | 000,000,721 | ---- | M] () -- C:\Users\Swamy\Desktop\Condition Zero.lnk[2013-10-01 21:03:13 | 000,001,258 | RHS- | M] () -- C:\Users\Swamy\ntuser.pol[2013-09-26 14:03:19 | 000,000,902 | ---- | M] () -- C:\Users\Swamy\Desktop\Video Convert Master.lnk[2013-09-13 17:54:48 | 000,000,895 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk ========== Files Created - No Company Name ========== [2013-10-11 21:27:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe[2013-10-11 21:27:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe[2013-10-11 21:27:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe[2013-10-11 21:27:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe[2013-10-11 21:27:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe[2013-10-11 13:11:48 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2013-10-08 15:02:22 | 000,000,552 | ---- | C] () -- C:\Users\Swamy\Desktop\FIFA 09.lnk[2013-10-04 20:28:43 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll[2013-10-04 20:28:43 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll[2013-10-04 20:28:43 | 000,035,840 | ---- | C] () -- C:\Windows\System32\comdlg32.oca[2013-10-04 20:28:42 | 000,029,184 | ---- | C] () -- C:\Windows\System32\MSINET.oca[2013-10-03 11:59:04 | 000,000,721 | ---- | C] () -- C:\Users\Swamy\Desktop\Condition Zero.lnk[2013-09-26 14:03:19 | 000,000,902 | ---- | C] () -- C:\Users\Swamy\Desktop\Video Convert Master.lnk[2013-07-03 17:43:13 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll[2013-06-22 11:49:33 | 000,001,258 | RHS- | C] () -- C:\Users\Swamy\ntuser.pol[2013-05-05 14:41:55 | 000,011,776 | ---- | C] () -- C:\Users\Swamy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2013-02-27 22:06:01 | 000,000,693 | -HS- | C] () -- C:\Windows\System32\win_lockerdb_sys.dat[2013-02-27 22:06:01 | 000,000,693 | -HS- | C] () -- C:\Users\Swamy\AppData\Local\win_lockerdb_sys.dat[2013-02-08 18:39:38 | 000,002,079 | -HS- | C] () -- C:\Windows\System32\win_fldb_sys.dat[2013-02-08 18:35:41 | 000,000,867 | ---- | C] () -- C:\Users\Swamy\AppData\Local\HackLogs.dat[2012-12-13 13:43:45 | 000,045,270 | ---- | C] () -- C:\Users\Swamy\AppData\Roaming\room_v3.dat[2012-11-19 16:17:14 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll[2012-11-17 21:29:37 | 000,000,136 | ---- | C] () -- C:\Windows\UNlock.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zzmbkjttcv.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zyadeizbstq.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zmpm.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zlvlgaoro.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zhbezzk.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zgtn.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zbu.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\yztg.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ywcotf.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\yruogei.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\yqwnxmuqkr.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ynbpico.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\yft.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\yfddtyco.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\yeqc.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ybcwdcj.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xrjmwls.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xratz.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xnrwoffi.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xkiazoygsu.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xitroqxj.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\xibfo.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xhxj.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xhliavnncf.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xhi.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xhepiahgu.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xei.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xdu.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xbwudob.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xbeumyws.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xabxrnwognq.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wztapis.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wvpmojcpagc.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wvmaql.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wuienx.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wtkvqxla.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wmcwjfwebcg.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wmaeoulj.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wjjkwjxof.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wjd.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wgfzxqxc.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vwx.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vwvpxtf.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vtccpjjxhbl.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vpymgh.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vky.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vhgdwwy.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vexcv.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vekhfmquvd.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\uvhkeoo.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\uuknvmo.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\upqsk.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\uilhoi.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\uhgxcxne.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ugh.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ubomomrwsdk.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\uaqqwmjt.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tubh.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tttpgilubhz.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tmksiwyo.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tjerrruiu.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tgysztaa.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tgp.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tcu.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\szanch.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\swrosmstc.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\swmx.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\svh.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\surl.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\sthnpbr.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\srt.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\sqrvkkbktxz.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\slfzi.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\skjqlknoa.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\sfsz.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rzuc.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rvitifkhda.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ruwy.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rumiqlhw.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rtsquze.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\rnni.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rnaxcorvnpm.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rmkgnn.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\riffaw.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rifbww.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rhw.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rfbddh.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\refyhravcw.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rckntimj.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rbou.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qzegqoobxiy.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qxbus.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qsopsnklrnj.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qrpcq.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qqqewpfdl.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qpghwlpi.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qnretzig.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qheefqe.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\qgqkumwr.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qbdvroefxtf.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\pxluctu.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pvsbacopgo.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\puxozpwjj.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ptfcgaof.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\psxulyb.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\psuezqksw.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pqjjgvrcrr.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pplmagu.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pefaimbebk.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pedcjlq.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pcpmvigyknw.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pclkwlz.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pathdekgnl.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\oxxpcqneqfk.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ousspnt.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\oofsbkfk.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\onuhfaqdr.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\olcfhmx.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\okbzdweogsf.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\oicryjbsxhd.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ogn.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ogknbwh.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ocduhsoaeky.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\netcd.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ndpxrjvfik.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mxdvmytw.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mwzhlh.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mwuwz.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mpuqpwyjjoe.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mlfml.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mhymnl.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mhefcltipun.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mcrrrdylbyb.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mbufohzbd.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mbpbf.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lxjydaq.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lwcnbd.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lvzw.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lvjfqnrfy.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lqya.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lnm.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lmkwvtfa.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\liif.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lhlcj.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lffhqjpt.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ldna.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ktkvvqws.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kokjkgnayl.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\knk.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kkrk.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kgqeevfnt.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kfkegdfzsmf.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kblu.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kaddzumq.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\jxqxva.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\jvpytddxshm.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\jvanbm.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\jscxtijpp.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\jecbuzopv.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ixrmyzmuf.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ivz.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\itshnv.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\isnvgwxvzx.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\imisiwl.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ilppyukvb.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ikvd.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ifvbafbi.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\iduxw.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ict.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ibqvywo.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hxpuo.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hulemjbpzih.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\htzs.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\htubwk.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hrfumedgw.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hqwxnfwmq.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hoboh.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hmzimwaq.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hhxjfatux.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hgu.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hgdxppghmnp.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hfaptb.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hbqnkzjqm.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gzswrdxw.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gxveh.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gxiglgpq.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gswxesatox.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gksspjwk.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gjrxn.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\giemuzl.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ggjxmqh.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gecrm.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gcgii.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gbx.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fyvyvw.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fqat.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fnyj.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fmlgoxxnn.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fkuuzbgv.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fhagevihj.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\fas.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ezafudvoiyt.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\err.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\epuzw.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ehe.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\egskehx.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\eesejbzog.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\edsljcdivuy.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\ecisfvuhpa.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dxrnzku.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dqajfj.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dmtlsnues.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dkfd.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\djzobvavx.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dgppwo.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\detwvkklv.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\defhdp.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\cqbt.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\cntaml.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\civwzqm.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\cfclssx.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\cdntf.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\cbqynozbpo.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\cbgvboorrjj.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\bzyz.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\byoqvakieh.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\bxqecmpfn.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\bulcyfilrrd.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\bsmobir.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\blxcchdo.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\betjex.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\baxqskha.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\azuxhafgo.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ayyyufnvi.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\aso.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\arembuqqlhl.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\apluecjxljh.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\akjgqsepny.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ajnzyssdz.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ajfm.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\aesvs.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\aclcvmx.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zvxuplfqaiv.dat[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zmulmsalvp.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\yfguqg.dat[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vuzy.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ujupkolaxz.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\udixx.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tixbprzs.dat[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\sntlrnm.dat[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\skcx.dat[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\sjzadmi.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rpz.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qttwzyei.dat[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qqqt.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pqognjycvt.dat[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pjtdqi.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\phcioojd.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\otvbczqzr.dat[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\otorwgb.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\oofzxmm.dat[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ooaomuyhvz.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\olhdsirhbjm.dat[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ntpp.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\npuailglpt.dat[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\narceunvfsr.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mvhxlyyr.dat[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\minowwpnhw.dat[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mflohpswrxl.dat[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\maynwlp.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\kragnbr.dat[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kppamcnflm.dat[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kjvzwobzke.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\jazdltqdat.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ithugwck.dat[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hxokmtz.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hiushfclfla.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gwegf.dat[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ghdvcccqxcv.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fzzu.dat[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fnxe.dat[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\eewo.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dmuuqmc.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dgckkqqq.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dfswulgomz.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ctxnogspj.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\bsxkwl.dat[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\auemdu.ini[2012-11-04 16:12:25 | 000,019,339 | ---- | C] () -- C:\Users\Swamy\AppData\Roaming\4356[2012-10-30 17:35:22 | 000,000,620 | -HS- | C] () -- C:\Users\Swamy\AppData\Local\settingsFL.dat[2012-10-30 17:33:03 | 000,002,599 | -HS- | C] () -- C:\Users\Swamy\AppData\Local\win_fldb_sys.dat[2012-10-30 17:31:11 | 000,000,700 | -HS- | C] () -- C:\Users\Swamy\AppData\Local\systemFL7.dat[2012-10-30 17:30:34 | 000,003,465 | -HS- | C] () -- C:\Windows\System32\win_stlthdb_sys.dat[2012-10-30 17:30:34 | 000,003,465 | -HS- | C] () -- C:\Users\Swamy\AppData\Local\win_stlthdb_sys.dat[2012-10-30 17:30:15 | 000,029,184 | ---- | C] () -- C:\Windows\System32\WinFLAdrv.sys[2012-10-30 17:30:13 | 000,188,176 | ---- | C] () -- C:\Windows\System32\WinVDEdrv6.sys[2012-10-30 17:29:56 | 000,014,024 | ---- | C] () -- C:\Windows\System32\WinFLMsgService.exe[2012-10-30 17:29:55 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nwsftUninstall.exe[2012-10-19 15:13:05 | 000,000,161 | ---- | C] () -- C:\Windows\AutoKMS.ini[2012-10-08 21:31:42 | 000,000,990 | -HS- | C] () -- C:\Users\Swamy\AppData\Roaming\systemfl.$dk ========== ZeroAccess Check ========== [2009-07-14 10:12:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2009-07-14 06:46:14 | 012,866,560 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 06:45:20 | 000,605,696 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 06:46:17 | 000,342,528 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both ========== LOP Check ========== [2013-05-09 21:02:33 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software[2013-05-09 21:02:33 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software[2013-09-10 17:16:17 | 000,000,000 | ---D | M] -- C:\Users\Swamy\AppData\Roaming\AnvsoftPdfTools[2013-04-06 23:52:08 | 000,000,000 | ---D | M] -- C:\Users\Swamy\AppData\Roaming\AVG2013[2013-04-29 16:14:13 | 000,000,000 | ---D | M] -- C:\Users\Swamy\AppData\Roaming\BitTorrent[2013-01-29 21:39:33 | 000,000,000 | ---D | M] -- C:\Users\Swamy\AppData\Roaming\COWON[2013-07-31 19:07:14 | 000,000,000 | ---D | M] -- C:\Users\Swamy\AppData\Roaming\Crayon Physics Deluxe[2013-10-12 12:29:29 | 000,000,000 | ---D | M] -- C:\Users\Swamy\AppData\Roaming\DMCache[2013-10-02 13:16:45 | 000,000,000 | ---D | M] -- C:\Users\Swamy\AppData\Roaming\GameRanger[2012-12-15 11:08:08 | 000,000,000 | ---D | M] -- C:\Users\Swamy\AppData\Roaming\GarenaPlus[2013-10-11 14:38:46 | 000,000,000 | ---D | M] -- C:\Users\Swamy\AppData\Roaming\IDM[2013-10-01 14:02:46 | 000,000,000 | ---D | M] -- C:\Users\Swamy\AppData\Roaming\MCommon[2012-11-18 13:42:16 | 000,000,000 | ---D | M] -- C:\Users\Swamy\AppData\Roaming\SoftOrbits[2013-10-02 23:19:24 | 000,000,000 | ---D | M] -- C:\Users\Swamy\AppData\Roaming\tmp[2013-01-12 15:40:22 | 000,000,000 | ---D | M] -- C:\Users\Swamy\AppData\Roaming\TuneUp Software[2012-11-05 12:06:43 | 000,000,000 | ---D | M] -- C:\Users\Swamy\AppData\Roaming\TypingMaster7[2013-01-17 21:14:15 | 000,000,000 | ---D | M] -- C:\Users\Swamy\AppData\Roaming\Unigraphics Solutions[2013-10-10 21:31:42 | 000,000,000 | ---D | M] -- C:\Users\Swamy\AppData\Roaming\uTorrent[2013-04-07 22:27:21 | 000,000,000 | ---D | M] -- C:\Users\Swamy\AppData\Roaming\WinLive ========== Purity Check ========== ========== Custom Scans ========== < %systemroot%\*. /mp /s > < %systemroot%\*. /rp /s > < %SYSTEMDRIVE%\*.exe > < %LOCALAPPDATA%\*.exe > < MD5 for: EXPLORER.EXE >[2009-07-14 06:44:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\erdnt\cache\explorer.exe[2009-07-14 06:44:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\explorer.exe[2009-07-14 06:44:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe < MD5 for: SVCHOST.EXE >[2009-07-14 06:44:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe[2009-07-14 06:44:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe[2009-07-14 06:44:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe[2013-04-04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe < MD5 for: USERINIT.EXE >[2009-07-14 06:44:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\erdnt\cache\userinit.exe[2009-07-14 06:44:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe[2009-07-14 06:44:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE >[2009-07-14 06:44:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\erdnt\cache\winlogon.exe[2009-07-14 06:44:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\System32\winlogon.exe[2009-07-14 06:44:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe[2013-04-04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe ========== Files - Unicode (All) ==========[2013-01-07 19:38:48 | 000,001,138 | ---- | M] ()(C:\Windows\System32\?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????-???????-????????????vn Girl - Sex Videos, Adult Movies, Porn V.lnk) -- C:\Windows\System32\楦敬⼺⼯㩃唯敳獲匯慷祭䐯睯汮慯獤嘯摩潥嘯摩潥┭〲晈ⵦ㈰┰〲畃楲獯瑩╹〲┳〲潓╮〲晏㈥䄰㈥䠰畯敳敫灥牥㈥吰╯〲湁潮╹〲態敲╮〲┭〲晨ⵦ㈰┰〲畣楲獯瑩╹〲┳〲潳╮〲景㈥愰㈥栰畯敳敫灥牥㈥琰╯〲湡潮╹〲慫敲╮〲┭〲獁慩╮〲楇汲㈥ⴰ㈥匰硥㈥嘰摩潥ⱳ㈥䄰畤瑬㈥䴰癯敩ⱳ㈥倰牯╮〲楖敤獯┬〲敓祸㈥䌰楬獰┬〲牆敥㈥堰塘㈥估汮湩汦vn Girl - Sex Videos, Adult Movies, Porn V.lnk[2013-01-06 18:34:18 | 000,001,138 | ---- | C] ()(C:\Windows\System32\?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????-???????-????????????vn Girl - Sex Videos, Adult Movies, Porn V.lnk) -- C:\Windows\System32\楦敬⼺⼯㩃唯敳獲匯慷祭䐯睯汮慯獤嘯摩潥嘯摩潥┭〲晈ⵦ㈰┰〲畃楲獯瑩╹〲┳〲潓╮〲晏㈥䄰㈥䠰畯敳敫灥牥㈥吰╯〲湁潮╹〲態敲╮〲┭〲晨ⵦ㈰┰〲畣楲獯瑩╹〲┳〲潳╮〲景㈥愰㈥栰畯敳敫灥牥㈥琰╯〲湡潮╹〲慫敲╮〲┭〲獁慩╮〲楇汲㈥ⴰ㈥匰硥㈥嘰摩潥ⱳ㈥䄰畤瑬㈥䴰癯敩ⱳ㈥倰牯╮〲楖敤獯┬〲敓祸㈥䌰楬獰┬〲牆敥㈥堰塘㈥估汮湩汦vn Girl - Sex Videos, Adult Movies, Porn V.lnk[2012-12-21 23:37:14 | 000,001,888 | ---- | M] ()(C:\Windows\System32\????????????????????????????????????????????????????????????????????????????????????????¦????????????????????????????????-???????-????????????vto - Sex Videos, Adult Movies, Porn Videos, Sexy Clips, F.lnk) -- C:\Windows\System32\楦敬⼺⼯㩃唯敳獲匯慷祭䐯睯汮慯獤嘯摩潥嘯摩潥┭〲牄㌸㈥䈰杩㈥吰瑩╳〲慄杵瑨牥㈥䄰摮㈥估獢散敮㈥䘰浡汩╹〲┭〲牤㌸㈥戰杩㈥琰瑩╳〲慤杵瑨牥㈥愰摮㈥漰獢散敮㈥昰浡汩╹〲┭〲獁歵╡〲潍楲潭潴㈥ⴰ㈥匰硥㈥嘰摩潥ⱳ㈥䄰畤瑬㈥䴰癯敩ⱳ㈥倰牯╮〲楖敤獯┬〲敓祸㈥䌰楬獰┬〲牆敥㈥堰塘㈥估汮湩汦vto - Sex Videos, Adult Movies, Porn Videos, Sexy Clips, F.lnk[2012-12-21 23:37:14 | 000,001,888 | ---- | C] ()(C:\Windows\System32\????????????????????????????????????????????????????????????????????????????????????????¦????????????????????????????????-???????-????????????vto - Sex Videos, Adult Movies, Porn Videos, Sexy Clips, F.lnk) -- C:\Windows\System32\楦敬⼺⼯㩃唯敳獲匯慷祭䐯睯汮慯獤嘯摩潥嘯摩潥┭〲牄㌸㈥䈰杩㈥吰瑩╳〲慄杵瑨牥㈥䄰摮㈥估獢散敮㈥䘰浡汩╹〲┭〲牤㌸㈥戰杩㈥琰瑩╳〲慤杵瑨牥㈥愰摮㈥漰獢散敮㈥昰浡汩╹〲┭〲獁歵╡〲潍楲潭潴㈥ⴰ㈥匰硥㈥嘰摩潥ⱳ㈥䄰畤瑬㈥䴰癯敩ⱳ㈥倰牯╮〲楖敤獯┬〲敓祸㈥䌰楬獰┬〲牆敥㈥堰塘㈥估汮湩汦vto - Sex Videos, Adult Movies, Porn Videos, Sexy Clips, F.lnk ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction < End of report > Extras.Txt Link to post Share on other sites More sharing options...
kevinf80 Posted October 13, 2013 ID:741322 Share Posted October 13, 2013 Re-Run by double left click, Vista and Widows 7 users accept UAC alert.Under the box at the bottom, paste in the following, start with and include the colon plus OTL . :OTL :OTLO3 - HKU\S-1-5-21-3756954993-494701191-2749408217-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zzmbkjttcv.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zyadeizbstq.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zmpm.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zlvlgaoro.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zhbezzk.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zgtn.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zbu.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\yztg.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ywcotf.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\yruogei.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\yqwnxmuqkr.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ynbpico.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\yft.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\yfddtyco.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\yeqc.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ybcwdcj.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xrjmwls.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xratz.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xnrwoffi.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xkiazoygsu.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xitroqxj.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\xibfo.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xhxj.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xhliavnncf.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xhi.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xhepiahgu.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xei.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xdu.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xbwudob.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xbeumyws.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xabxrnwognq.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wztapis.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wvpmojcpagc.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wvmaql.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wuienx.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wtkvqxla.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wmcwjfwebcg.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wmaeoulj.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wjjkwjxof.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wjd.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wgfzxqxc.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vwx.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vwvpxtf.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vtccpjjxhbl.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vpymgh.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vky.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vhgdwwy.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vexcv.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vekhfmquvd.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\uvhkeoo.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\uuknvmo.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\upqsk.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\uilhoi.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\uhgxcxne.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ugh.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ubomomrwsdk.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\uaqqwmjt.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tubh.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tttpgilubhz.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tmksiwyo.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tjerrruiu.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tgysztaa.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tgp.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tcu.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\szanch.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\swrosmstc.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\swmx.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\svh.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\surl.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\sthnpbr.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\srt.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\sqrvkkbktxz.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\slfzi.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\skjqlknoa.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\sfsz.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rzuc.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rvitifkhda.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ruwy.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rumiqlhw.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rtsquze.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\rnni.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rnaxcorvnpm.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rmkgnn.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\riffaw.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rifbww.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rhw.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rfbddh.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\refyhravcw.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rckntimj.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rbou.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qzegqoobxiy.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qxbus.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qsopsnklrnj.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qrpcq.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qqqewpfdl.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qpghwlpi.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qnretzig.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qheefqe.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\qgqkumwr.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qbdvroefxtf.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\pxluctu.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pvsbacopgo.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\puxozpwjj.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ptfcgaof.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\psxulyb.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\psuezqksw.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pqjjgvrcrr.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pplmagu.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pefaimbebk.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pedcjlq.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pcpmvigyknw.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pclkwlz.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pathdekgnl.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\oxxpcqneqfk.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ousspnt.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\oofsbkfk.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\onuhfaqdr.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\olcfhmx.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\okbzdweogsf.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\oicryjbsxhd.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ogn.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ogknbwh.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ocduhsoaeky.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\netcd.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ndpxrjvfik.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mxdvmytw.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mwzhlh.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mwuwz.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mpuqpwyjjoe.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mlfml.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mhymnl.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mhefcltipun.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mcrrrdylbyb.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mbufohzbd.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mbpbf.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lxjydaq.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lwcnbd.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lvzw.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lvjfqnrfy.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lqya.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lnm.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lmkwvtfa.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\liif.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lhlcj.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lffhqjpt.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ldna.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ktkvvqws.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kokjkgnayl.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\knk.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kkrk.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kgqeevfnt.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kfkegdfzsmf.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kblu.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kaddzumq.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\jxqxva.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\jvpytddxshm.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\jvanbm.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\jscxtijpp.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\jecbuzopv.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ixrmyzmuf.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ivz.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\itshnv.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\isnvgwxvzx.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\imisiwl.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ilppyukvb.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ikvd.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ifvbafbi.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\iduxw.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ict.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ibqvywo.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hxpuo.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hulemjbpzih.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\htzs.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\htubwk.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hrfumedgw.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hqwxnfwmq.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hoboh.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hmzimwaq.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hhxjfatux.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hgu.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hgdxppghmnp.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hfaptb.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hbqnkzjqm.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gzswrdxw.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gxveh.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gxiglgpq.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gswxesatox.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gksspjwk.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gjrxn.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\giemuzl.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ggjxmqh.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gecrm.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gcgii.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gbx.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fyvyvw.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fqat.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fnyj.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fmlgoxxnn.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fkuuzbgv.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fhagevihj.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\fas.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ezafudvoiyt.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\err.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\epuzw.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ehe.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\egskehx.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\eesejbzog.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\edsljcdivuy.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\ecisfvuhpa.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dxrnzku.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dqajfj.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dmtlsnues.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dkfd.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\djzobvavx.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dgppwo.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\detwvkklv.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\defhdp.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\cqbt.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\cntaml.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\civwzqm.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\cfclssx.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\cdntf.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\cbqynozbpo.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\cbgvboorrjj.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\bzyz.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\byoqvakieh.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\bxqecmpfn.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\bulcyfilrrd.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\bsmobir.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\blxcchdo.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\betjex.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\baxqskha.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\azuxhafgo.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ayyyufnvi.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\aso.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\arembuqqlhl.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\apluecjxljh.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\akjgqsepny.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ajnzyssdz.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ajfm.ini[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\aesvs.dat[2012-11-15 20:35:47 | 000,000,028 | ---- | C] () -- C:\Windows\System32\aclcvmx.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zvxuplfqaiv.dat[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zmulmsalvp.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\yfguqg.dat[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vuzy.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ujupkolaxz.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\udixx.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tixbprzs.dat[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\sntlrnm.dat[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\skcx.dat[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\sjzadmi.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rpz.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qttwzyei.dat[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qqqt.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pqognjycvt.dat[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pjtdqi.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\phcioojd.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\otvbczqzr.dat[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\otorwgb.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\oofzxmm.dat[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ooaomuyhvz.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\olhdsirhbjm.dat[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ntpp.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\npuailglpt.dat[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\narceunvfsr.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mvhxlyyr.dat[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\minowwpnhw.dat[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mflohpswrxl.dat[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\maynwlp.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\kragnbr.dat[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kppamcnflm.dat[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kjvzwobzke.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\jazdltqdat.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ithugwck.dat[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hxokmtz.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hiushfclfla.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gwegf.dat[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ghdvcccqxcv.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fzzu.dat[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fnxe.dat[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\eewo.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dmuuqmc.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dgckkqqq.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dfswulgomz.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ctxnogspj.ini[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\bsxkwl.dat[2012-11-15 20:35:46 | 000,000,028 | ---- | C] () -- C:\Windows\System32\auemdu.ini:FilesC:\Users\Swamy\AppData\Roaming\W3YJWGZC46.exeC:\Users\Swamy\AppData\Local\Temp\W3YJWGZC46.exeipconfig /flushdns /c:Commands[emptytemp][CREATERESTOREPOINT] Then click button at the topLet the program run unhindered, when done it will say "Fix Complete press ok to open the log"Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. Next, Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. (Scroll to bottom of page) The file will be randomly named Reboot to safe mode Run Dr Web Tick the I agree box and select continue Click select objects for scanning Tick all boxes as shown Click the wrench and select automatically apply actions to threats Press start scan The scan will now commence Once the scan has finished click open report A notepad will open Select File > Save as.. Save it to your desktop This log will be excessive, Attach it to your next reply… Kevin... Link to post Share on other sites More sharing options...
Recommended Posts