lignite Posted November 18, 2013 ID:754936 Share Posted November 18, 2013 All : My PC is after being infected. Typical symptoms : Cannot open registry editor.Search string 'Firewall' , 'HijackThis' crashes all browsers. A program/exe with a very very long file name is running in the process. This is not attached to any service.Can't install HijackThis. Logs below as requested. Please help :DDS.txt======DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.45.2Run by SundarSyscomm at 12:21:46 on 2013-11-18Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.2038.1114 [GMT 0:00].SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_a5f5c1b0b5075a4a\STacSV64.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\System32\spoolsv.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exeC:\Windows\system32\taskhost.exeC:\Windows\Explorer.EXEC:\Windows\system32\PrintIsolationHost.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\NETGEAR\WNA1000M\WlanWpsSvc.exeC:\Windows\system32\Dwm.exeC:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXEC:\Windows\idvwkdyqshvrjolzkkfx.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\IDT\WDM\sttray64.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\system32\igfxsrvc.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Box Sync\BoxSyncHelper.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files (x86)\Camera Assistant Software for Gateway\traybar.exeC:\Program Files (x86)\Browny02\Brother\BrStMonW.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exeC:\Program Files\Box Sync\BoxSync.exeC:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exeC:\Program Files (x86)\NETGEAR\WNA1000M\WNA1000M.exeC:\Users\SUNDAR~1\AppData\Local\Temp\iptggl.exeC:\Users\SUNDAR~1\AppData\Local\Temp\iptggl.exeC:\Program Files (x86)\ControlCenter4\BrCcUxSys.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\Browny02\BrYNSvc.exeC:\Windows\System32\WUDFHost.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Windows\sysWow64\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dlluRun: [pfsoxlbolveviia] kdtsevoeerdxnqlxge.exeuRun: [mzjcitgqkrxl] C:\Users\SUNDAR~1\AppData\Local\Temp\kdtsevoeerdxnqlxge.exeuRunOnce: [ulzwgvmayjtlzatd] ulzwgvmayjtlzatd.exe .uRunOnce: [lzkelxlwrzgvg] C:\Users\SUNDAR~1\AppData\Local\Temp\ulzwgvmayjtlzatd.exe .mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [Camera Assistant Software] "C:\Program Files (x86)\Camera Assistant Software for Gateway\traybar.exe"mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServicesmRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorunmRun: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUNmRun: [mzjcitgqkrxl] idvwkdyqshvrjolzkkfx.exemRun: [kdtsevoeerdxnqlxge] C:\Users\SUNDAR~1\AppData\Local\Temp\ulzwgvmayjtlzatd.exemRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRunOnce: [lzkelxlwrzgvg] ulzwgvmayjtlzatd.exe .mRunOnce: [btigrhzonzkdsuozh] C:\Users\SUNDAR~1\AppData\Local\Temp\btigrhzonzkdsuozh.exe .dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601mExplorerRun: [mbniqdseajrhts] kdtsevoeerdxnqlxge.exemExplorerRun: [pbkchrdmflq] C:\Users\SUNDAR~1\AppData\Local\Temp\idvwkdyqshvrjolzkkfx.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BOXSYN~1.LNK - C:\Program Files\Box Sync\BoxSync.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IMAGEB~1.LNK - C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNA1000M\WNA1000M.exeStartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Startup.pifuPolicies-Explorer: NoDriveTypeAutoRun = dword:1uPolicies-System: DisableRegistryTools = dword:1mPolicies-Explorer: NoDriveTypeAutoRun = dword:1mPolicies-Explorer: NoDrives = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:0mPolicies-System: ConsentPromptBehaviorUser = dword:0mPolicies-System: EnableInstallerDetection = dword:0mPolicies-System: EnableLUA = dword:0mPolicies-System: EnableSecureUIAPaths = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: EnableVirtualization = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0mPolicies-System: DisableRegistryTools = dword:1IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}TCP: NameServer = 192.168.15.1TCP: Interfaces\{48489054-0B62-4CAF-8311-DC4BF701D927} : DHCPNameServer = 192.168.43.1TCP: Interfaces\{4E8D3EDB-A65E-4800-8F11-8E56CA589751} : DHCPNameServer = 192.168.42.129TCP: Interfaces\{6AD889CE-0538-47A6-BFD7-C4C89DCB61B6} : NameServer = 208.67.222.222,208.67.220.220TCP: Interfaces\{6AD889CE-0538-47A6-BFD7-C4C89DCB61B6}\35973734F6D6D6 : NameServer = 208.67.222.222,208.67.220.220TCP: Interfaces\{6AD889CE-0538-47A6-BFD7-C4C89DCB61B6}\35973734F6D6D6 : DHCPNameServer = 192.168.1.1TCP: Interfaces\{6AD889CE-0538-47A6-BFD7-C4C89DCB61B6}\4616461696E636 : NameServer = 208.67.222.222,208.67.220.220TCP: Interfaces\{6AD889CE-0538-47A6-BFD7-C4C89DCB61B6}\4616461696E636 : DHCPNameServer = 192.168.16.1TCP: Interfaces\{76E270A9-7813-4216-84B5-8D019EEE6552} : DHCPNameServer = 192.168.42.129TCP: Interfaces\{78BD2A3F-E04C-46DB-B159-4F34E63CD890} : DHCPNameServer = 192.168.15.1TCP: Interfaces\{8DF21848-D11F-4C44-A3F0-884BF18F3C8A} : DHCPNameServer = 192.168.15.1TCP: Interfaces\{8DF21848-D11F-4C44-A3F0-884BF18F3C8A}\56962736F6D6630353030263236303 : DHCPNameServer = 192.168.1.254TCP: Interfaces\{8DF21848-D11F-4C44-A3F0-884BF18F3C8A}\D456C6D416164696D2F6C646 : DHCPNameServer = 192.168.15.1TCP: Interfaces\{957CCCCC-4336-4964-8937-103B2E850F30} : DHCPNameServer = 192.168.15.1TCP: Interfaces\{957CCCCC-4336-4964-8937-103B2E850F30}\14E64627F696461405 : DHCPNameServer = 192.168.43.1TCP: Interfaces\{957CCCCC-4336-4964-8937-103B2E850F30}\4565F5E45647 : DHCPNameServer = 192.168.15.1TCP: Interfaces\{977DE847-535B-4668-B36F-04356EB6C7D6} : DHCPNameServer = 192.168.1.1TCP: Interfaces\{A2D17AAA-24BB-4BA7-A7DE-1FFA982BD9FC} : DHCPNameServer = 192.168.42.129TCP: Interfaces\{A48F8C8A-4E96-41BB-A7BA-F13811BE5EB2} : DHCPNameServer = 192.168.15.1TCP: Interfaces\{A48F8C8A-4E96-41BB-A7BA-F13811BE5EB2}\251646963737F6E6F57457563747 : DHCPNameServer = 83.97.120.225 83.97.124.225TCP: Interfaces\{A48F8C8A-4E96-41BB-A7BA-F13811BE5EB2}\35973734F6D6D6 : DHCPNameServer = 159.134.0.1 62.231.32.10 159.134.0.2TCP: Interfaces\{A48F8C8A-4E96-41BB-A7BA-F13811BE5EB2}\56962736F6D68323731383739353 : DHCPNameServer = 192.168.1.254TCP: Interfaces\{A48F8C8A-4E96-41BB-A7BA-F13811BE5EB2}\86F64756C637275687 : DHCPNameServer = 192.168.0.254TCP: Interfaces\{A48F8C8A-4E96-41BB-A7BA-F13811BE5EB2}\A6F6E616D6E45647 : DHCPNameServer = 192.168.1.1TCP: Interfaces\{A70863BB-1142-4618-A42D-6EB571E3000F} : DHCPNameServer = 192.168.42.129TCP: Interfaces\{B5E8CD4A-BA16-4397-ABDE-57EA463806BF} : DHCPNameServer = 192.168.15.1TCP: Interfaces\{B67530E0-4DF5-49E1-8599-0F1005377BD5} : DHCPNameServer = 192.168.42.129TCP: Interfaces\{C513E0B8-D71B-47F2-86C8-4700731EF577} : DHCPNameServer = 192.168.42.129TCP: Interfaces\{D24518BD-7CF7-4931-AE09-98ACC6F9FB01} : DHCPNameServer = 192.168.1.1TCP: Interfaces\{D24518BD-7CF7-4931-AE09-98ACC6F9FB01}\C656D657279616 : DHCPNameServer = 192.168.43.1TCP: Interfaces\{D6604EA3-BA79-4D2F-A6C9-A31C89FD2D38} : DHCPNameServer = 192.168.42.129TCP: Interfaces\{E8D2460B-729D-4B54-9A79-A1176E650FB9} : DHCPNameServer = 192.168.43.1Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLLx64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Android\eclipse\JRE\bin\jp2ssv.dllx64-Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exex64-Run: [sysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exex64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [boxSyncHelper] "C:\Program Files\Box Sync\BoxSyncHelper.exe"x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL.============= SERVICES / DRIVERS ===============.R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]R2 WlanWpsSvc;WlanWpsSvc;C:\Program Files (x86)\NETGEAR\WNA1000M\WlanWpsSvc.exe [2011-6-30 167936]R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-7-22 245760]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-8-20 215040]R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]R3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 OracleOraClient11g_home3TNSListener;OracleOraClient11g_home3TNSListener;C:\app\parents\product\11.2.0\client\BIN\TNSLSNR --> C:\app\parents\product\11.2.0\client\BIN\TNSLSNR [?]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-4-19 161384]S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2012-6-27 36328]S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-9-19 102368]S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2010-3-28 16776]S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2010-3-28 9096]S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2012-4-15 13352]S3 GigasetGenericUSB_x64;GigasetGenericUSB_x64;C:\Windows\System32\drivers\GigasetGenericUSB_x64.sys [2012-10-8 54272]S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-6-10 31744]S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr7364.sys [2009-6-10 707072]S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]S3 OracleOraClient11g_home3CMAdmin;OracleOraClient11g_home3CMAdmin;C:\app\parents\product\11.2.0\client\BIN\CMADMIN.EXE [2013-9-28 745472]S3 OracleOraClient11g_home3CMan;OracleOraClient11g_home3CMan;C:\app\parents\product\11.2.0\client\BIN\CMGW.EXE [2013-9-28 229376]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-5-27 20992]S3 RTL8192cu;NETGEAR WNA1000M N150 Wireless USB Micro Adapter;C:\Windows\System32\drivers\WNA1000M.sys [2011-1-31 855144]S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2012-6-27 16872]S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2012-6-27 177640]S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-9-19 203104]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-12 59392]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-6 1255736]S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2009-2-13 14464]S4 Emc.Captiva.WebCaptureService;EMC Captiva Cloud Service;"C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebCaptureService.exe" --> C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebCaptureService.exe [?].=============== Created Last 30 ================.2013-11-18 12:13:42 -------- d-----w- C:\Users\SundarSyscomm\AppData\Roaming\Box Desktop2013-11-18 12:13:25 -------- d-----w- C:\Users\SundarSyscomm\AppData\Local\Google2013-11-18 12:12:57 -------- d-----w- C:\Users\SundarSyscomm\AppData\Roaming\Box Sync2013-11-18 12:12:26 -------- d-----w- C:\Users\SundarSyscomm\AppData\Local\VirtualStore2013-11-18 12:12:21 -------- d-----w- C:\Users\SundarSyscomm\AppData\Roaming\ControlCenter42013-11-18 12:11:48 -------- d-----w- C:\Users\SundarSyscomm\AppData\Local\Box Sync2013-11-18 12:11:25 -------- d-----w- C:\Users\SundarSyscomm\AppData\Local\Temp2013-11-18 08:05:01 765952 -c--a-w- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_STacSV64.exe_7def64283937780144d84abaee5b9fa3dd8665a_0e86400b\AppCrash_STacSV64.exe_7def64283937780144d84abaee5b9fa3dd8665a_0e86400b.bat2013-11-18 08:04:55 765952 ----a-w- C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\usgthrsvc.bat2013-11-14 09:55:18 765952 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Sync\Box Sync.exe2013-11-12 10:12:51 -------- d-----w- C:\SEA2013-11-09 12:31:46 -------- d--h--w- C:\SkyDriveTemp2013-11-08 14:25:51 -------- d-----w- C:\Program Files\Box Sync2013-11-07 16:33:23 -------- d-----w- C:\Windows\PIXTRAN2013-11-07 13:24:37 765952 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remote Virtual USB\Virtual USB.exe2013-11-07 13:24:36 765952 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Java.exe2013-11-07 13:24:36 765952 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Development Kit.bat2013-11-07 13:24:36 765952 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard 6.1\Data Recovery Wizard 6.1.exe2013-11-07 08:37:38 -------- d-----w- C:\ProgramData\WebEx2013-11-07 08:34:25 -------- d-----w- C:\ProgramData\Oracle2013-11-07 08:34:04 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-11-06 09:56:20 -------- d-----r- C:\Users\SundarSyscomm\SkyDrive2013-11-06 09:55:13 -------- d-----r- C:\Users\SundarSyscomm\Virtual Machines2013-11-06 09:40:36 -------- d-----w- C:\Program Files (x86)\Microsoft SkyDrive2013-11-06 09:40:15 -------- d-----w- C:\ProgramData\Microsoft SkyDrive2013-11-05 14:33:33 -------- d-----w- C:\Aspen2013-11-05 13:06:33 40960 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\x5pp.dll2013-11-05 13:06:33 11776 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\x5print.dll2013-11-05 09:36:14 -------- d-----w- C:\HP Universal Print Driver2013-11-05 08:58:58 -------- d-----w- C:\Program Files (x86)\Remote Virtual USB2013-11-05 08:58:50 212992 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll2013-11-05 08:58:16 101376 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\HPZPPWN7.DLL2013-11-03 16:27:34 765952 -c--a-w- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_7e607b4d28bb3ebea1bcd84c37f8bb8b1af6c764_cab_17ec065b\AppCrash_svchost.exe_7e607b4d28bb3ebea1bcd84c37f8bb8b1af6c764_cab_17ec065b.scr2013-10-21 21:47:44 765952 -c--a-w- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_HostProblem_66b5a9d62fffd0b1de4a42d227775259506bddab_0341c14b\NonCritical_HostProblem_66b5a9d62fffd0b1de4a42d227775259506bddab_0341c14b.scr2013-10-19 15:05:42 765952 -c--a-w- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_STacSV64.exe_7def64283937780144d84abaee5b9fa3dd8665a_0440849a\AppCrash_STacSV64.exe_7def64283937780144d84abaee5b9fa3dd8665a_0440849a.bat2013-10-19 14:19:15 765952 -c--a-w- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_HostProblem_66b5a9d62fffd0b1de4a42d227775259506bddab_02c9e732\NonCritical_HostProblem_66b5a9d62fffd0b1de4a42d227775259506bddab_02c9e732.exe2013-10-19 14:03:03 -------- d-sh--w- C:\found.0012013-10-19 12:49:18 -------- d-----w- C:\Program Files (x86)\Conduit2013-10-19 12:36:57 765952 -c--a-w- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_HostProblem_66b5a9d62fffd0b1de4a42d227775259506bddab_cab_03362caa\NonCritical_HostProblem_66b5a9d62fffd0b1de4a42d227775259506bddab_cab_03362caa.exe2013-10-19 12:36:56 765952 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISO to USB\to USB.exe.==================== Find3M ====================.2013-11-18 12:20:26 507904 --sh--r- C:\Windows\xtmodxtmpfurkqodpqmfh.exe2013-11-18 12:20:26 507904 --sh--r- C:\Windows\vpggtlfwxlytkokxhga.exe2013-11-18 12:20:26 507904 --sh--r- C:\Windows\ulzwgvmayjtlzatd.exe2013-11-18 12:20:26 507904 --sh--r- C:\Windows\olfiytqkofvtnutjwyvpsi.exe2013-11-18 12:20:26 507904 --sh--r- C:\Windows\kdtsevoeerdxnqlxge.exe2013-11-18 12:20:26 507904 --sh--r- C:\Windows\btigrhzonzkdsuozh.exe2013-11-18 12:15:59 6582 ----a-w- C:\Windows\System32\PerfStringBackup.TMP2013-11-18 12:12:17 507904 --sh--r- C:\Windows\SysWow64\xtmodxtmpfurkqodpqmfh.exe2013-11-18 12:12:17 507904 --sh--r- C:\Windows\SysWow64\vpggtlfwxlytkokxhga.exe2013-11-18 12:12:17 507904 --sh--r- C:\Windows\SysWow64\olfiytqkofvtnutjwyvpsi.exe2013-11-18 12:12:17 507904 --sh--r- C:\Windows\SysWow64\idvwkdyqshvrjolzkkfx.exe2013-11-18 12:12:17 507904 --sh--r- C:\Windows\idvwkdyqshvrjolzkkfx.exe2013-11-18 12:12:16 507904 --sh--r- C:\Windows\SysWow64\ulzwgvmayjtlzatd.exe2013-11-18 12:12:16 507904 --sh--r- C:\Windows\SysWow64\kdtsevoeerdxnqlxge.exe2013-11-18 09:26:49 765952 ----a-w- C:\ProgramData\Application Data.exe2013-11-18 09:26:48 765952 ----a-w- C:\ProgramData\Users.exe2013-11-18 08:11:18 507904 --sh--r- C:\Windows\SysWow64\btigrhzonzkdsuozh.exe.============= FINISH: 12:22:45.87 =============== ATTACH.txt========= .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1Install Date: 01/01/2010 13:54:57System Uptime: 18/11/2013 12:10:47 (0 hours ago).Motherboard: Gateway | | Processor: Intel® Core2 Duo CPU T5750 @ 2.00GHz | U2E1 | 2000/mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 204 GiB total, 60.013 GiB free.D: is CDROM ()F: is FIXED (NTFS) - 163 GiB total, 162.93 GiB free.H: is Removable.==== Disabled Device Manager Items =============.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: TAP-Windows Adapter V9Device ID: ROOT\NET\0000Manufacturer: TAP-Windows Provider V9Name: TAP-Windows Adapter V9PNP Device ID: ROOT\NET\0000Service: tap0901.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Intel® PRO/Wireless 3945ABG Network ConnectionDevice ID: PCI\VEN_8086&DEV_4222&SUBSYS_10218086&REV_02\4&37A162F9&0&00E1Manufacturer: Intel CorporationName: Intel® PRO/Wireless 3945ABG Network Connection #2PNP Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10218086&REV_02\4&37A162F9&0&00E1Service: netw5v64.==== System Restore Points ===================.No restore point in system..==== Installed Programs ======================. Update for Microsoft Office 2007 (KB2508958)ABBYY FineReader 9.0 SprintAdobe Flash Player 10 ActiveXAdobe Flash Player 11 Plugin 64-bitAdobe Reader 9.3.1Advanced Port Scanner v1.3BitTorrentBox Sync (64 bit)Brother MFL-Pro Suite DCP-7055WCamera Assistant Software for GatewayCanon Inkjet Printer Driver Add-On ModuleCanon My PrinterCanon Utilities ImageBrowser EXCDBurnerXPChanalyzer 4Cisco WebEx MeetingsDefinition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionEaseUS Data Recovery Wizard 6.1EASEUS Partition Master 4.1.1 ProfessionalESET Online Scanner v3EVEREST Ultimate EditionFileZilla Client 3.6.0.2FlashtoolGigaset QuickSyncGoogle ChromeGoogle Talk (remove only)Google Talk PluginGoogle Update HelperHP USB Disk Storage Format ToolIDT AudioImgBurninSSIDerIntel® Graphics Media Accelerator DriverISIS Driver - Brother MFC\DCP v1.0ISO to USBJ2SE Development Kit 5.0 Update 22Java 7 Update 45Java Auto UpdaterJava 6 Update 21 (64-bit)Java 6 Update 31Microsoft .NET Framework 1.1Microsoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft HealthVault Connection CenterMicrosoft HealthVault Connection Center ConfigurationMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Groove MUI (English) 2010Microsoft Office InfoPath MUI (English) 2010Microsoft Office Office 64-bit Components 2007Microsoft Office Office 64-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional Plus 2010Microsoft Office Project 2007 Service Pack 3 (SP3)Microsoft Office Project MUI (English) 2007Microsoft Office Project Professional 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2007Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2007Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2007Microsoft Office Proofing (English) 2010Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 64-bit MUI (English) 2007Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2007Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Visio 2007 Service Pack 3 (SP3)Microsoft Office Visio MUI (English) 2007Microsoft Office Visio Professional 2007Microsoft Office Word MUI (English) 2010Microsoft SkyDriveMicrosoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319MSVC80_x64_v2MSVC80_x86_v2MSXML 4.0 SP2 Parser and SDKMSXML 4.0 SP3 ParserMSXML 4.0 SP3 Parser (KB2758694)MSXML 4.0 SP3 Parser (KB973685)MySQL Workbench 5.2 CENETGEAR WNA1000M Wireless USB 2.0 AdapternLite 1.4.9.1NVIDIA DriversOmron Health Management SoftwarePicasa 3Python 3.2.2Remote Virtual USBRyngaSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition Security Update for Microsoft Office Visio 2007 suites (KB2596595) 32-Bit Edition Skype Click to CallSkype™ 6.3Synaptics Pointing Device DriverSystem Requirements Lab for IntelTAP-Windows 9.9.2TextPad 5Universal Extractor 1.6Update for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2836939)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596660) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2687493) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767849) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2494150)Update for Microsoft Office 2010 (KB2553092)Update for Microsoft Office 2010 (KB2760631) 32-Bit EditionUpdate for Microsoft Office Project 2007 Help (KB963668)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Visio 2007 Help (KB963666)VLC media player 2.0.1Win7codecsWindows 7 ManagerWindows Driver Package - Intel (NETwNs64) net (01/23/2013 15.4.1.1)Windows Driver Package - Intel (NETwNs64) net (04/18/2013 15.7.0.3)Windows Driver Package - Intel net (01/23/2013 15.4.1.1)Windows Driver Package - Intel net (02/21/2013 15.6.1.6)Windows Driver Package - Intel net (04/18/2013 15.7.0.3)Windows Driver Package - RIFF BOX Limited ©, 2011 (riffbox) Ports (20/02/2010 1.0.0000.0)Windows Driver Package - RIFF BOX Limited ©, 2012 (qcusbser) Ports (20/02/2010 1.0.0000.0)Windows Driver Package - RIFF BOX Limited ©, 2012 (RIFFUSBSER) Ports (20/02/2010 1.0.0000.0)WinRAR archiverXilisoft DVD Ripper UltimateXilisoft Video Converter Ultimate 6.==== Event Viewer Messages From Past Week ========.18/11/2013 12:14:01, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147467243.18/11/2013 12:14:01, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x80004015.18/11/2013 12:13:37, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.18/11/2013 12:12:54, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.18/11/2013 12:12:29, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.18/11/2013 12:11:10, Error: Service Control Manager [7001] - The WLAN AutoConfig service depends on the Extensible Authentication Protocol service which failed to start because of the following error: The dependency service or group failed to start.18/11/2013 12:11:10, Error: Service Control Manager [7001] - The Extensible Authentication Protocol service depends on the CNG Key Isolation service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.18/11/2013 10:05:22, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.18/11/2013 10:03:49, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.18/11/2013 10:03:48, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}18/11/2013 10:03:48, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}18/11/2013 10:03:42, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}18/11/2013 10:03:35, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}18/11/2013 10:03:22, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr vpcvmm Wanarpv618/11/2013 10:03:22, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}18/11/2013 09:58:57, Error: Service Control Manager [7034] - The ABBYY FineReader 9.0 Sprint Licensing Service service terminated unexpectedly. It has done this 1 time(s).18/11/2013 09:38:26, Error: Service Control Manager [7034] - The EMC Captiva Cloud Service service terminated unexpectedly. It has done this 3 time(s).18/11/2013 08:08:15, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).18/11/2013 08:08:05, Error: Service Control Manager [7031] - The EMC Captiva Cloud Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.18/11/2013 07:59:15, Error: Service Control Manager [7031] - The EMC Captiva Cloud Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.18/11/2013 07:54:34, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service.18/11/2013 07:52:06, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 12618/11/2013 07:42:53, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}18/11/2013 07:42:52, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service gupdatem with arguments "/comsvc" in order to run the server: {9465B4B4-5216-4042-9A2C-754D3BCDC410}18/11/2013 06:46:35, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 2118/11/2013 00:35:56, Error: Service Control Manager [7034] - The Audio Service service terminated unexpectedly. It has done this 1 time(s).18/11/2013 00:35:38, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the STacSV service.17/11/2013 18:13:12, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.15/11/2013 22:39:37, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.15/11/2013 15:27:10, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.15/11/2013 07:49:55, Error: Disk [11] - The driver detected a controller error on \...\DR2.15/11/2013 07:48:06, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.14/11/2013 23:56:48, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service..==== End Of File =========================== Link to post Share on other sites More sharing options...
MrCharlie Posted November 18, 2013 ID:754940 Share Posted November 18, 2013 Welcome to the forum. Please download and run RogueKiller 32 Bit to your desktop. RogueKiller 64 Bit <---use this one for 64 bit systems Which system am I using? Quit all running programs. For Windows XP, double-click to start. For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run. Click Scan to scan the system. When the scan completes > Close out the program > Don't Fix anything! Don't run any other options, they're not all bad!!!!!!! Post back the report which should be located on your desktop. (please don't put logs in code or quotes and use the default font) General P2P/Piracy Warning: 1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided. 2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy. Failure to remove such software will result in your topic being closed and no further assistance being provided. MrC Note: Please read all of my instructions completely including these. Make sure system restore is turned on and running Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive <+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you. <+>The removal of malware isn't instantaneous, please be patient. <+>When we are done, I'll give to instructions on how to cleanup all the tools and logs <+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. ------->Your topic will be closed if you haven't replied within 3 days!<-------- (If I don't respond within 24 hours, please send me a PM) Link to post Share on other sites More sharing options...
lignite Posted November 18, 2013 Author ID:754956 Share Posted November 18, 2013 Hi : Done as advised. Logs below. RogueKiller V8.7.8 _x64_ [Nov 14 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : SundarSyscomm [Admin rights]Mode : Scan -- Date : 11/18/2013 13:32:01| ARK || FAK || MBR | ¤¤¤ Bad processes : 3 ¤¤¤[sUSP PATH] iptggl.exe -- C:\Users\SundarSyscomm\AppData\Local\Temp\iptggl.exe [-] -> KILLED [TermProc][sUSP PATH] iptggl.exe -- C:\Users\SundarSyscomm\AppData\Local\Temp\iptggl.exe [-] -> KILLED [TermProc][sUSP PATH] ulzwgvmayjtlzatd.exe -- C:\Users\SundarSyscomm\AppData\Local\Temp\ulzwgvmayjtlzatd.exe [-] -> KILLED [TermProc] ¤¤¤ Registry Entries : 19 ¤¤¤[RUN][sUSP PATH] HKCU\[...]\Run : mzjcitgqkrxl (C:\Users\SUNDAR~1\AppData\Local\Temp\vpggtlfwxlytkokxhga.exe [-]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-2427464606-374585450-1517765086-1008\[...]\Run : mzjcitgqkrxl (C:\Users\SUNDAR~1\AppData\Local\Temp\vpggtlfwxlytkokxhga.exe [-]) -> FOUND[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : kdtsevoeerdxnqlxge (C:\Users\SUNDAR~1\AppData\Local\Temp\idvwkdyqshvrjolzkkfx.exe [-]) -> FOUND[RUN][sUSP PATH] HKCU\[...]\RunOnce : lzkelxlwrzgvg (C:\Users\SUNDAR~1\AppData\Local\Temp\ulzwgvmayjtlzatd.exe . [-]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-2427464606-374585450-1517765086-1008\[...]\RunOnce : lzkelxlwrzgvg (C:\Users\SUNDAR~1\AppData\Local\Temp\ulzwgvmayjtlzatd.exe . [-]) -> FOUND[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : btigrhzonzkdsuozh (C:\Users\SUNDAR~1\AppData\Local\Temp\ulzwgvmayjtlzatd.exe . [-]) -> FOUND[RUN][sUSP PATH] HKLM\[...]\Run : pbkchrdmflq (C:\Users\SUNDAR~1\AppData\Local\Temp\kdtsevoeerdxnqlxge.exe [-]) -> FOUND[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : pbkchrdmflq (C:\Users\SUNDAR~1\AppData\Local\Temp\kdtsevoeerdxnqlxge.exe [-]) -> FOUND[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (1) -> FOUND[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (1) -> FOUND[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (1) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD2500BEVS-22UST0 ATA Device +++++--- User ---[MBR] 8f9cb51b435c9983fdb79fa71146733b[bSP] 789d126f6cc370a325be57701d37a3eb : Linux MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 208472 Mo1 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 426952702 | Size: 30002 MoUser = LL1 ... OK!User = LL2 ... OK! +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE2 @ USB) Seagate Backup+ BK USB Device +++++--- User ---[MBR] b39d454cc6c71ed5b0e180bf1beb8878[bSP] afa0541cf043ef0b3dcf52dc91c62614 : Empty MBR CodePartition table:0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 2048 | Size: 310000 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 634882048 | Size: 166937 MoUser = LL1 ... OK!Error reading LL2 MBR! Finished : << RKreport[0]_S_11182013_133201.txt >> Link to post Share on other sites More sharing options...
lignite Posted November 18, 2013 Author ID:754959 Share Posted November 18, 2013 Browser seems to be fine, although I'm not sure if the machine is clean.Will wait further instructions. Lig Link to post Share on other sites More sharing options...
MrCharlie Posted November 18, 2013 ID:754967 Share Posted November 18, 2013 Run RogueKiller again and click ScanWhen the scan completes > click on the Registry tabPut a check next to all of these and uncheck the rest: (if found) [RUN][sUSP PATH] HKCU\[...]\Run : mzjcitgqkrxl (C:\Users\SUNDAR~1\AppData\Local\Temp\vpggtlfwxlytkokxhga.exe [-]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-2427464606-374585450-1517765086-1008\[...]\Run : mzjcitgqkrxl (C:\Users\SUNDAR~1\AppData\Local\Temp\vpggtlfwxlytkokxhga.exe [-]) -> FOUND[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : kdtsevoeerdxnqlxge (C:\Users\SUNDAR~1\AppData\Local\Temp\idvwkdyqshvrjolzkkfx.exe [-]) -> FOUND[RUN][sUSP PATH] HKCU\[...]\RunOnce : lzkelxlwrzgvg (C:\Users\SUNDAR~1\AppData\Local\Temp\ulzwgvmayjtlzatd.exe . [-]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-2427464606-374585450-1517765086-1008\[...]\RunOnce : lzkelxlwrzgvg (C:\Users\SUNDAR~1\AppData\Local\Temp\ulzwgvmayjtlzatd.exe . [-]) -> FOUND[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : btigrhzonzkdsuozh (C:\Users\SUNDAR~1\AppData\Local\Temp\ulzwgvmayjtlzatd.exe . [-]) -> FOUND[RUN][sUSP PATH] HKLM\[...]\Run : pbkchrdmflq (C:\Users\SUNDAR~1\AppData\Local\Temp\kdtsevoeerdxnqlxge.exe [-]) -> FOUND[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : pbkchrdmflq (C:\Users\SUNDAR~1\AppData\Local\Temp\kdtsevoeerdxnqlxge.exe [-]) -> FOUND[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (1) -> FOUND[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (1) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (1) -> FOUNDNow click Delete on the right hand column under Options-------------Delete these files if found:You may have to enable hidden files to see them:http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/ <--Hidden files W7 VistaC:\Users\SUNDAR~1\AppData\Local\Temp\vpggtlfwxlytkokxhga.exe(C:\Users\SUNDAR~1\AppData\Local\Temp\ulzwgvmayjtlzatd.exe(C:\Users\SUNDAR~1\AppData\Local\Temp\kdtsevoeerdxnqlxge.exeC:\Users\SUNDAR~1\AppData\Local\Temp\idvwkdyqshvrjolzkkfx.exe-------------------------------Then........Download Malwarebytes Anti-Rootkit from HEREUnzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txtTo attach a log if needed:Bottom right corner of this page.New window that comes up.~~~~~~~~~~~~~~~~~~~~~~~Note:If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:Internet accessWindows UpdateWindows FirewallIf there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.Just run fixdamage.exe.Verify that they are now functioning normally.~~~~~~~~~~~~~~~~~~~~~~~~~~~~Last:Please download and run ComboFix.The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.Please visit this webpage for download links, and instructions for running ComboFixhttp://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease make sure you click download buttons that look like this, not "sponsored ad links":Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Information on disabling your malware programs can be found Here.Make sure you run ComboFix from your desktop.Give it at least 30-45 minutes to finish if needed.Please include the C:\ComboFix.txt in your next reply for further review. ---------->NOTE<----------If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.MrC Link to post Share on other sites More sharing options...
lignite Posted November 18, 2013 Author ID:755142 Share Posted November 18, 2013 Looks like the laptop is now clean. I have post the log from ComboFix below. Waitng for further assisstance. Thanks in advance. ComboFix 13-11-18.01 - SundarSyscomm 18/11/2013 20:06:03.2.2 - x64Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.2038.639 [GMT 0:00]Running from: F:\ComboFix.exeSP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..C:\autorun.infc:\programdata\Adobe\Acrobat\9.0\Replicate\Security\Security.exec:\programdata\Microsoft\Crypto\DSS\DSS.exec:\programdata\Microsoft\Crypto\DSS\MachineKeys\MachineKeys.scrc:\programdata\Microsoft\Crypto\Keys\Keys.scrc:\programdata\Microsoft\Crypto\RSA\MachineKeys\MachineKeys.scrc:\programdata\Microsoft\Crypto\RSA\RSA.batc:\programdata\Microsoft\Crypto\RSA\S-1-5-18\S-1-5-18.exec:\programdata\Microsoft\Network\Downloader\Downloader.pifc:\programdata\Microsoft\User Account Pictures\Default Pictures\Pictures.exec:\programdata\Microsoft\Windows\Templates\Templates.batc:\users\Administrator\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2427464606-374585450-1517765086-500\S-1-5-21-2427464606-374585450-1517765086-500.exec:\users\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-2427464606-374585450-1517765086-500\S-1-5-21-2427464606-374585450-1517765086-500.exec:\users\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates.batc:\users\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs.pifc:\users\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs.exec:\users\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\My.batc:\users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\Cookies.pifc:\users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\Templates.batc:\users\Default\AppData\Roaming\Microsoft\Windows\Templates\Templates.batc:\users\parents_old\AppData\Local\Adobe\Acrobat\9.0\Cache\Cache.exec:\users\parents_old\AppData\Roaming\Microsoft\Crypto\RSA\RSA.batc:\users\parents_old\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates.batc:\users\parents_old\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs.pifc:\users\parents_old\AppData\Roaming\Microsoft\SystemCertificates\My\My.batc:\users\parents_old\AppData\Roaming\Microsoft\Windows\Templates\Templates.batc:\users\Shivaani\AppData\Roaming\Microsoft\Crypto\RSA\RSA.batc:\users\Shivaani\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2427464606-374585450-1517765086-1003\S-1-5-21-2427464606-374585450-1517765086-1003.pifc:\users\Shivaani\AppData\Roaming\Microsoft\Protect\S-1-5-21-2427464606-374585450-1517765086-1003\S-1-5-21-2427464606-374585450-1517765086-1003.pifc:\users\Shivaani\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates.batc:\users\Shivaani\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs.pifc:\users\Shivaani\AppData\Roaming\Microsoft\SystemCertificates\My\My.batc:\users\Shivaani\AppData\Roaming\Microsoft\Windows\Cookies\Cookies.pifc:\users\Shivaani\AppData\Roaming\Microsoft\Windows\Templates\Templates.batF:\autorun.inf..((((((((((((((((((((((((( Files Created from 2013-10-18 to 2013-11-18 )))))))))))))))))))))))))))))))..2013-11-18 20:16 . 2013-11-18 20:16 -------- d-----w- c:\users\TEMP.Fourgig\AppData\Local\temp2013-11-18 20:16 . 2013-11-18 20:16 -------- d-----w- c:\users\sundars\AppData\Local\temp2013-11-18 20:16 . 2013-11-18 20:16 -------- d-----w- c:\users\Shivaani\AppData\Local\temp2013-11-18 20:16 . 2013-11-18 20:16 -------- d-----w- c:\users\Public\AppData\Local\temp2013-11-18 20:16 . 2013-11-18 20:16 -------- d-----w- c:\users\parents_old\AppData\Local\temp2013-11-18 20:16 . 2013-11-18 20:16 -------- d-----w- c:\users\Default\AppData\Local\temp2013-11-18 20:16 . 2013-11-18 20:16 -------- d-----w- c:\users\Administrator\AppData\Local\temp2013-11-18 17:03 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{511D4C50-D1AE-41A7-9956-0860A92066BE}\mpengine.dll2013-11-18 15:12 . 2013-11-18 15:12 -------- d-----w- c:\programdata\Malwarebytes2013-11-18 15:12 . 2013-11-18 16:50 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2013-11-18 15:12 . 2013-11-18 15:12 116440 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2013-11-18 15:11 . 2013-11-18 15:11 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2013-11-18 08:05 . 2013-11-18 09:27 765952 -c--a-w- c:\programdata\Microsoft\Windows\WER\ReportQueue\AppCrash_STacSV64.exe_7def64283937780144d84abaee5b9fa3dd8665a_0e86400b\AppCrash_STacSV64.exe_7def64283937780144d84abaee5b9fa3dd8665a_0e86400b.bat2013-11-18 08:04 . 2013-11-18 09:26 765952 ----a-w- c:\programdata\Microsoft\Search\Data\Temp\usgthrsvc\usgthrsvc.bat2013-11-14 09:55 . 2013-11-18 09:27 765952 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Box Sync\Box Sync.exe2013-11-12 10:12 . 2013-11-14 13:41 -------- d-----w- C:\SEA2013-11-09 12:31 . 2013-11-09 12:31 -------- d-----w- C:\SkyDriveTemp2013-11-08 14:25 . 2013-11-08 14:25 -------- d-----w- c:\program files\Box Sync2013-11-07 16:33 . 2013-11-07 16:33 -------- d-----w- c:\windows\PIXTRAN2013-11-07 13:24 . 2013-11-18 09:27 765952 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Remote Virtual USB\Virtual USB.exe2013-11-07 13:24 . 2013-11-18 09:27 765952 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Java\Java.exe2013-11-07 13:24 . 2013-11-18 09:27 765952 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Development Kit.bat2013-11-07 13:24 . 2013-11-18 09:27 765952 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard 6.1\Data Recovery Wizard 6.1.exe2013-11-07 08:37 . 2013-11-18 16:01 -------- d-----w- c:\programdata\WebEx2013-11-07 08:34 . 2013-11-18 16:01 -------- d-----w- c:\programdata\Oracle2013-11-07 08:34 . 2013-11-07 08:34 -------- d-----w- c:\program files (x86)\Common Files\Java2013-11-07 08:34 . 2013-11-07 08:33 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-11-06 09:54 . 2013-11-18 10:06 -------- d-----w- c:\users\SundarSyscomm2013-11-06 09:40 . 2013-11-06 09:40 -------- d-----w- c:\program files (x86)\Microsoft SkyDrive2013-11-06 09:40 . 2013-11-18 16:01 -------- d-----w- c:\programdata\Microsoft SkyDrive2013-11-05 14:33 . 2013-11-13 13:10 -------- d-----w- C:\Aspen2013-11-05 13:06 . 2009-03-02 13:10 40960 ----a-w- c:\windows\system32\Spool\prtprocs\x64\x5pp.dll2013-11-05 13:06 . 2009-03-02 13:10 11776 ----a-w- c:\windows\system32\Spool\prtprocs\x64\x5print.dll2013-11-05 09:36 . 2013-11-05 09:44 -------- d-----w- C:\HP Universal Print Driver2013-11-05 08:58 . 2013-11-05 08:58 -------- d-----w- c:\program files (x86)\Remote Virtual USB2013-11-05 08:58 . 2000-01-04 06:39 212992 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll2013-11-05 08:58 . 2009-07-14 01:41 101376 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPWN7.DLL2013-11-03 16:27 . 2013-11-18 09:27 765952 -c--a-w- c:\programdata\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_7e607b4d28bb3ebea1bcd84c37f8bb8b1af6c764_cab_17ec065b\AppCrash_svchost.exe_7e607b4d28bb3ebea1bcd84c37f8bb8b1af6c764_cab_17ec065b.scr2013-10-21 21:47 . 2013-11-18 09:27 765952 -c--a-w- c:\programdata\Microsoft\Windows\WER\ReportQueue\NonCritical_HostProblem_66b5a9d62fffd0b1de4a42d227775259506bddab_0341c14b\NonCritical_HostProblem_66b5a9d62fffd0b1de4a42d227775259506bddab_0341c14b.scr...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-11-18 19:55 . 2013-05-19 23:06 6582 ----a-w- c:\windows\system32\PerfStringBackup.TMP2013-11-18 09:31 . 2013-02-24 17:08 765952 ----a-w- c:\users\Shivaani\AppData\Roaming\Microsoft\Windows\SendTo\SendTo.scr2013-11-18 09:31 . 2013-02-24 17:08 765952 ----a-w- c:\users\Shivaani\AppData\Roaming\Microsoft\Windows\Recent\Recent.pif2013-11-18 09:31 . 2013-08-19 14:24 765952 ----a-w- c:\users\Shivaani\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\CustomDestinations.exe2013-11-18 09:31 . 2013-08-19 14:24 765952 ----a-w- c:\users\Shivaani\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\AutomaticDestinations.exe2013-11-18 09:31 . 2013-02-24 17:08 765952 ----a-w- c:\users\Shivaani\AppData\Roaming\Microsoft\Word\STARTUP\STARTUP.pif2013-11-18 09:31 . 2013-02-24 17:08 765952 ----a-w- c:\users\Shivaani\AppData\Roaming\Microsoft\Windows\Themes\Themes.scr2013-11-18 09:31 . 2013-02-24 17:08 765952 ----a-w- c:\users\Shivaani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programs.pif2013-11-18 09:31 . 2013-02-24 17:08 765952 ----a-w- c:\users\Shivaani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessories.pif2013-11-18 09:31 . 2013-02-24 17:08 765952 ----a-w- c:\users\Shivaani\AppData\Roaming\Microsoft\Windows\PrivacIE\PrivacIE.scr2013-11-18 09:31 . 2013-02-24 17:08 765952 ----a-w- c:\users\Shivaani\AppData\Roaming\Microsoft\Windows\Libraries\Libraries.pif2013-11-18 09:31 . 2013-08-19 14:24 765952 ----a-w- c:\users\Shivaani\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TaskBar.scr2013-11-18 09:31 . 2013-08-19 14:24 765952 ----a-w- c:\users\Shivaani\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch.scr2013-11-18 09:31 . 2013-02-24 17:08 765952 ----a-w- c:\users\Shivaani\AppData\Roaming\Microsoft\Office\Recent\Recent.pif2013-11-18 09:31 . 2013-02-24 17:08 765952 ----a-w- c:\users\Shivaani\AppData\Roaming\Microsoft\Network\Connections\Pbk\Pbk.pif2013-11-18 09:31 . 2013-02-24 17:08 765952 ----a-w- c:\users\Shivaani\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\_hiddenPbk.pif2013-11-18 09:31 . 2013-02-24 17:08 765952 ----a-w- c:\users\Shivaani\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\14.scr2013-11-18 09:29 . 2013-02-24 17:06 765952 ----a-w- c:\users\parents_old\AppData\Roaming\Microsoft\Windows\Themes\Themes.scr2013-11-18 09:29 . 2013-02-24 17:06 765952 ----a-w- c:\users\parents_old\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Chrome.pif2013-11-18 09:29 . 2013-02-24 17:06 765952 ----a-w- c:\users\parents_old\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DreamBoxEdit\DreamBoxEdit.pif2013-11-18 09:29 . 2013-02-24 17:06 765952 ----a-w- c:\users\parents_old\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programs.pif2013-11-18 09:29 . 2013-02-24 17:06 765952 ----a-w- c:\users\parents_old\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Advanced Port Scanner\Port Scanner.scr2013-11-18 09:29 . 2013-02-24 17:06 765952 ----a-w- c:\users\parents_old\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessories.pif2013-11-18 09:29 . 2013-08-19 14:23 765952 ----a-w- c:\users\parents_old\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\CustomDestinations.exe2013-11-18 09:29 . 2013-08-19 14:23 765952 ----a-w- c:\users\parents_old\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\AutomaticDestinations.exe2013-11-18 09:29 . 2013-02-24 17:06 765952 ----a-w- c:\users\parents_old\AppData\Roaming\Microsoft\Windows\SendTo\SendTo.scr2013-11-18 09:29 . 2013-02-24 17:06 765952 ----a-w- c:\users\parents_old\AppData\Roaming\Microsoft\Windows\Recent\Recent.pif2013-11-18 09:29 . 2013-02-24 17:06 765952 ----a-w- c:\users\parents_old\AppData\Roaming\Microsoft\Windows\PrivacIE\PrivacIE.scr2013-11-18 09:29 . 2013-02-24 17:06 765952 ----a-w- c:\users\parents_old\AppData\Roaming\Microsoft\Windows\Libraries\Libraries.pif2013-11-18 09:29 . 2013-02-24 17:06 765952 ----a-w- c:\users\parents_old\AppData\Roaming\Microsoft\Windows\Cookies\Cookies.pif2013-11-18 09:29 . 2013-02-24 17:06 765952 ----a-w- c:\users\parents_old\AppData\Roaming\Microsoft\Templates\LiveContent\User\Word Document Building Blocks\Document Building Blocks.pif2013-11-18 09:29 . 2013-02-24 17:06 765952 ----a-w- c:\users\parents_old\AppData\Roaming\Microsoft\Templates\LiveContent\User\SmartArt Graphics\Graphics.scr2013-11-18 09:29 . 2013-02-24 17:06 765952 ----a-w- c:\users\parents_old\AppData\Roaming\Microsoft\Templates\LiveContent\User\Document Themes\Themes.scr2013-11-18 09:29 . 2013-02-24 17:06 765952 ----a-w- c:\users\parents_old\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Word Document Building Blocks\Document Building Blocks.pif2013-11-18 09:29 . 2013-02-24 17:06 765952 ----a-w- c:\users\parents_old\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\SmartArt Graphics\Graphics.scr2013-11-18 09:29 . 2013-02-24 17:06 765952 ----a-w- c:\users\parents_old\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Document Themes\Themes.scr2013-11-18 09:29 . 2013-02-24 17:06 765952 ----a-w- c:\users\parents_old\AppData\Roaming\Microsoft\Templates\LiveContent\LiveContent.pif2013-11-18 09:29 . 2013-02-24 17:06 765952 ----a-w- c:\users\parents_old\AppData\Roaming\Microsoft\Templates\Document Themes\Themes.scr2013-11-18 09:29 . 2013-02-24 17:06 765952 ----a-w- c:\users\parents_old\AppData\Roaming\Microsoft\Office\Recent\Recent.pif2013-11-18 09:29 . 2013-02-24 17:06 765952 ----a-w- c:\users\parents_old\AppData\Roaming\Microsoft\Internet Explorer\UserData\5MSU8O8B\5MSU8O8B.pif2013-11-18 09:29 . 2013-02-24 17:06 765952 ----a-w- c:\users\parents_old\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TaskBar.scr2013-11-18 09:29 . 2013-02-24 17:06 765952 ----a-w- c:\users\parents_old\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch.scr2013-11-18 09:29 . 2013-02-24 17:06 765952 ----a-w- c:\users\parents_old\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\14.scr2013-11-18 09:29 . 2013-02-24 17:06 765952 ----a-w- c:\users\parents_old\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\64bit.scr2013-11-18 09:27 . 2013-08-19 14:21 765952 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Start Menu.exe2013-11-18 09:27 . 2013-08-19 14:21 765952 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\PrintHood.exe2013-11-18 09:27 . 2013-08-19 14:21 765952 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts\NetHood.exe2013-11-18 09:27 . 2013-02-24 17:04 765952 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\SendTo\SendTo.scr2013-11-18 09:27 . 2013-02-24 17:04 765952 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Recent\Recent.pif2013-11-18 09:27 . 2013-08-19 14:21 765952 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Maintenance.exe2013-11-18 09:27 . 2013-08-19 14:21 765952 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Tools.exe2013-11-18 09:27 . 2013-08-19 14:21 765952 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Accessibility.exe2013-11-18 09:27 . 2013-08-19 14:21 765952 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Shortcuts.exe2013-11-18 09:27 . 2013-08-19 14:21 765952 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Shortcuts.exe2013-11-18 09:27 . 2013-02-24 17:04 765952 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programs.pif2013-11-18 09:27 . 2013-02-24 17:04 765952 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessories.pif2013-11-18 09:27 . 2013-02-24 17:04 765952 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Cookies\Cookies.pif2013-11-18 09:27 . 2013-02-24 17:04 765952 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch.scr2013-11-18 09:27 . 2013-08-19 14:21 765952 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Start Menu.exe2013-11-18 09:27 . 2013-08-19 14:21 765952 ----a-w- c:\programdata\Microsoft\Wlansvc\Profiles\Interfaces\{F6283112-A346-490A-AB1C-5C8E78A39B74}\{F6283112-A346-490A-AB1C-5C8E78A39B74}.exe2013-11-18 09:27 . 2013-08-19 14:21 765952 ----a-w- c:\programdata\Microsoft\Wlansvc\Profiles\Interfaces\{F55975DC-AF0F-47AF-B79E-CE912B486034}\{F55975DC-AF0F-47AF-B79E-CE912B486034}.exe2013-11-18 09:27 . 2013-08-19 14:21 765952 ----a-w- c:\programdata\Microsoft\Wlansvc\Profiles\Interfaces\{F37BFEEB-B536-45B6-8F66-0ED52F7A0D15}\{F37BFEEB-B536-45B6-8F66-0ED52F7A0D15}.exe2013-11-18 09:27 . 2013-08-19 14:21 765952 ----a-w- c:\programdata\Microsoft\Wlansvc\Profiles\Interfaces\{E833D2D4-2508-4B24-AB84-2FD67625A0E4}\{E833D2D4-2508-4B24-AB84-2FD67625A0E4}.exe2013-11-18 09:27 . 2013-08-19 14:21 765952 ----a-w- c:\programdata\Microsoft\Wlansvc\Profiles\Interfaces\{D24518BD-7CF7-4931-AE09-98ACC6F9FB01}\{D24518BD-7CF7-4931-AE09-98ACC6F9FB01}.exe2013-11-18 09:27 . 2013-02-24 17:04 765952 ----a-w- c:\programdata\Microsoft\Wlansvc\Profiles\Interfaces\{D633D73B-6A5D-475B-B550-348E2CE5C404}\{D633D73B-6A5D-475B-B550-348E2CE5C404}.pif2013-11-18 09:27 . 2013-08-19 14:21 765952 ----a-w- c:\programdata\Microsoft\Wlansvc\Profiles\Interfaces\{CC9B0EC7-5A0E-47F1-985A-FA5D61847E93}\{CC9B0EC7-5A0E-47F1-985A-FA5D61847E93}.exe2013-11-18 09:27 . 2013-08-19 14:21 765952 ----a-w- c:\programdata\Microsoft\Wlansvc\Profiles\Interfaces\{C6626D1D-BC7C-41FA-A8DC-9097E8CFD265}\{C6626D1D-BC7C-41FA-A8DC-9097E8CFD265}.exe2013-11-18 09:27 . 2013-08-19 14:21 765952 ----a-w- c:\programdata\Microsoft\Wlansvc\Profiles\Interfaces\{A48F8C8A-4E96-41BB-A7BA-F13811BE5EB2}\{A48F8C8A-4E96-41BB-A7BA-F13811BE5EB2}.scr2013-11-18 09:27 . 2013-08-19 14:21 765952 ----a-w- c:\programdata\Microsoft\Wlansvc\Profiles\Interfaces\{98E8F8FD-F3C4-489D-BA33-AC3578224DEF}\{98E8F8FD-F3C4-489D-BA33-AC3578224DEF}.exe2013-11-18 09:27 . 2013-08-19 14:21 765952 ----a-w- c:\programdata\Microsoft\Wlansvc\Profiles\Interfaces\{98C50950-4753-4DD5-AF26-0FBE54A497D5}\{98C50950-4753-4DD5-AF26-0FBE54A497D5}.exe2013-11-18 09:27 . 2013-08-19 14:21 765952 ----a-w- c:\programdata\Microsoft\Wlansvc\Profiles\Interfaces\{8DF21848-D11F-4C44-A3F0-884BF18F3C8A}\{8DF21848-D11F-4C44-A3F0-884BF18F3C8A}.exe2013-11-18 09:27 . 2013-08-19 14:21 765952 ----a-w- c:\programdata\Microsoft\Wlansvc\Profiles\Interfaces\{7680012C-069B-4820-8154-69E26CA7B270}\{7680012C-069B-4820-8154-69E26CA7B270}.exe2013-11-18 09:27 . 2013-08-19 14:21 765952 ----a-w- c:\programdata\Microsoft\Wlansvc\Profiles\Interfaces\{6AD889CE-0538-47A6-BFD7-C4C89DCB61B6}\{6AD889CE-0538-47A6-BFD7-C4C89DCB61B6}.exe2013-11-18 09:27 . 2013-08-19 14:21 765952 ----a-w- c:\programdata\Microsoft\Wlansvc\Profiles\Interfaces\{5D85A6AE-6F43-4B37-B41E-3F956F259210}\{5D85A6AE-6F43-4B37-B41E-3F956F259210}.exe2013-11-18 09:27 . 2013-08-19 14:21 765952 ----a-w- c:\programdata\Microsoft\Wlansvc\Profiles\Profiles.exe2013-11-18 09:27 . 2013-08-19 14:21 765952 ----a-w- c:\programdata\Microsoft\Wlansvc\Profiles\Interfaces\{163C8206-A343-4868-8C51-50623D6AE50C}\{163C8206-A343-4868-8C51-50623D6AE50C}.exe2013-11-18 09:27 . 2013-08-19 14:21 765952 ----a-w- c:\programdata\Microsoft\Wlansvc\Profiles\Interfaces\{13C64FE4-475C-4FDF-999C-5F79819B26C7}\{13C64FE4-475C-4FDF-999C-5F79819B26C7}.scr2013-11-18 09:27 . 2013-08-19 14:21 765952 ----a-w- c:\programdata\Microsoft\Wlansvc\Profiles\Interfaces\{048753DE-60E4-492A-871E-C5BC75CCB2C6}\{048753DE-60E4-492A-871E-C5BC75CCB2C6}.exe2013-11-18 09:27 . 2013-08-19 14:21 765952 ----a-w- c:\programdata\Microsoft\Windows NT\MSScan\MSScan.exe2013-11-18 09:27 . 2013-08-19 14:21 765952 ----a-w- c:\programdata\Microsoft\Windows NT\MSFax\VirtualInbox\VirtualInbox.exe2013-11-18 09:27 . 2013-08-19 14:21 765952 ----a-w- c:\programdata\Microsoft\Windows NT\MSFax\Inbox\Inbox.exe2013-11-18 09:27 . 2013-02-24 17:04 765952 ----a-w- c:\programdata\Microsoft\Wlansvc\Profiles\Interfaces\{977DE847-535B-4668-B36F-04356EB6C7D6}\{977DE847-535B-4668-B36F-04356EB6C7D6}.scr2013-11-18 09:27 . 2013-02-24 17:04 765952 ----a-w- c:\programdata\Microsoft\Wlansvc\Profiles\Interfaces\{5141C8F3-2BCC-42EA-861D-F0736CB0D73C}\{5141C8F3-2BCC-42EA-861D-F0736CB0D73C}.pif2013-11-18 09:27 . 2013-02-24 17:04 765952 ----a-w- c:\programdata\Microsoft\Wlansvc\Profiles\Interfaces\Interfaces.pif2013-11-18 09:27 . 2013-02-24 17:04 765952 ----a-w- c:\programdata\Microsoft\Wlansvc\Profiles\Interfaces\{2ECA6401-A22B-46AC-9114-61F0014D8C4F}\{2ECA6401-A22B-46AC-9114-61F0014D8C4F}.scr2013-11-18 09:27 . 2013-02-24 17:04 765952 ----a-w- c:\programdata\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\en-US.pif2013-11-18 09:27 . 2013-02-24 17:04 765952 ----a-w- c:\programdata\Microsoft\Windows NT\MSFax\SentItems\SentItems.scr2013-11-18 09:27 . 2013-02-24 17:04 765952 ----a-w- c:\programdata\Microsoft\Windows NT\MSFax\Queue\Queue.scr2013-11-18 09:27 . 2013-02-24 17:04 765952 ----a-w- c:\programdata\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\en-US.pif2013-11-18 09:27 . 2013-02-24 17:04 765952 ----a-w- c:\programdata\Microsoft\Windows NT\MSFax\Common Coverpages\Coverpages.scr2013-11-18 09:27 . 2013-08-19 14:21 765952 ----a-w- c:\programdata\Microsoft\Windows NT\MSFax\MSFax.exe2013-11-18 09:27 . 2013-08-19 14:21 765952 ----a-w- c:\programdata\Microsoft\Windows Defender\Support\Support.exe2013-11-18 09:27 . 2013-08-19 14:21 765952 ----a-w- c:\programdata\Microsoft\Windows Defender\Scans\History\Service\Service.exe2013-11-18 09:27 . 2013-08-19 14:21 765952 ----a-w- c:\programdata\Microsoft\Windows Defender\Scans\History\Results\Quick\Quick.exe2013-11-18 09:27 . 2013-08-19 14:21 765952 ----a-w- c:\programdata\Microsoft\Windows Defender\Scans\History\History.exe2013-11-18 09:27 . 2013-08-19 14:21 765952 ----a-w- c:\programdata\Microsoft\Windows Defender\Scans\History\CacheManager\CacheManager.exe2013-11-18 09:27 . 2013-08-19 14:21 765952 ----a-w- c:\programdata\Microsoft\Windows Defender\Scans\CleanStore\Resources\F3\F3.pif2013-11-18 09:27 . 2013-08-19 14:21 765952 ----a-w- c:\programdata\Microsoft\Windows Defender\Scans\CleanStore\Resources\E0\E0.exe2013-11-18 09:27 . 2013-08-19 14:21 765952 ----a-w- c:\programdata\Microsoft\Windows Defender\Scans\CleanStore\Resources\A6\A6.scr2013-11-18 09:27 . 2013-08-19 14:21 765952 ----a-w- c:\programdata\Microsoft\Windows Defender\Scans\CleanStore\Resources\A5\A5.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"Camera Assistant Software"="c:\program files (x86)\Camera Assistant Software for Gateway\traybar.exe" [2007-09-13 638976]"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Box Sync.lnk - c:\program files\Box Sync\BoxSync.exe -hidden [2013-6-7 7959552]ImageBrowser EX Agent.lnk - c:\program files (x86)\Canon\ImageBrowser EX\MFManager.exe [2012-8-30 69120]NETGEAR WNA1000M Genie.lnk - c:\program files (x86)\NETGEAR\WNA1000M\WNA1000M.exe -Hide [2012-1-4 504064].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableInstallerDetection"= 0 (0x0)"EnableSecureUIAPaths"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"EnableVirtualization"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 OracleOraClient11g_home3TNSListener;OracleOraClient11g_home3TNSListener;c:\app\parents\product\11.2.0\client\BIN\TNSLSNR ;c:\app\parents\product\11.2.0\client\BIN\TNSLSNR [x]R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]R3 GigasetGenericUSB_x64;GigasetGenericUSB_x64;c:\windows\system32\DRIVERS\GigasetGenericUSB_x64.sys;c:\windows\SYSNATIVE\DRIVERS\GigasetGenericUSB_x64.sys [x]R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtpt64.sys [x]R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtbs64.sys [x]R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvmdm64.sys [x]R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]R3 OracleOraClient11g_home3CMAdmin;OracleOraClient11g_home3CMAdmin;c:\app\parents\product\11.2.0\client\BIN\CMADMIN.EXE;c:\app\parents\product\11.2.0\client\BIN\CMADMIN.EXE [x]R3 OracleOraClient11g_home3CMan;OracleOraClient11g_home3CMan;c:\app\parents\product\11.2.0\client\BIN\CMGW.EXE;c:\app\parents\product\11.2.0\client\BIN\CMGW.EXE [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 RTL8192cu;NETGEAR WNA1000M N150 Wireless USB Micro Adapter;c:\windows\system32\DRIVERS\WNA1000M.sys;c:\windows\SYSNATIVE\DRIVERS\WNA1000M.sys [x]R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]R4 Emc.Captiva.WebCaptureService;EMC Captiva Cloud Service;c:\program files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebCaptureService.exe;c:\program files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebCaptureService.exe [x]S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]S2 WlanWpsSvc;WlanWpsSvc;c:\program files (x86)\NETGEAR\WNA1000M\WlanWpsSvc.exe;c:\program files (x86)\NETGEAR\WNA1000M\WlanWpsSvc.exe [x]S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-11-15 13:19 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-02 13:36].2013-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-02 13:36]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopFileLocked]@="{C253B817-3A00-475f-A5A3-6F2DD704B48D}"[HKEY_CLASSES_ROOT\CLSID\{C253B817-3A00-475f-A5A3-6F2DD704B48D}]2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSynced]@="{19ACC806-F7AA-46AA-A80A-726A07CA6637}"[HKEY_CLASSES_ROOT\CLSID\{19ACC806-F7AA-46AA-A80A-726A07CA6637}]2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSyncedCollabs]@="{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}"[HKEY_CLASSES_ROOT\CLSID\{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}]2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSynced]@="{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}"[HKEY_CLASSES_ROOT\CLSID\{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}]2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSyncedCollab]@="{9E48C232-F601-4E41-BB3E-16CBAF317AA4}"[HKEY_CLASSES_ROOT\CLSID\{9E48C232-F601-4E41-BB3E-16CBAF317AA4}]2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 963584]"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [bU]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]"BoxSyncHelper"="c:\program files\Box Sync\BoxSyncHelper.exe" [2013-06-07 393216].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105TCP: DhcpNameServer = 192.168.15.1TCP: Interfaces\{6AD889CE-0538-47A6-BFD7-C4C89DCB61B6}: NameServer = 208.67.222.222,208.67.220.220TCP: Interfaces\{6AD889CE-0538-47A6-BFD7-C4C89DCB61B6}\35973734F6D6D6: NameServer = 208.67.222.222,208.67.220.220TCP: Interfaces\{6AD889CE-0538-47A6-BFD7-C4C89DCB61B6}\4616461696E636: NameServer = 208.67.222.222,208.67.220.220.- - - - ORPHANS REMOVED - - - -.ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exeHKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)AddRemove-{27310A4F-6A97-43C0-928C-FE5313B9949B} - c:\programdata\{A73A8D1F-7E6C-45C6-90E5-2799C895CB0C}\FFOv2011-8_Setup.exeAddRemove-SkyDriveSetup.exe - c:\users\SundarSyscomm\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveSetup.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\OracleOraClient11g_home3TNSListener]"ImagePath"="c:\app\parents\product\11.2.0\client\BIN\TNSLSNR ".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-11-18 20:21:07ComboFix-quarantined-files.txt 2013-11-18 20:21ComboFix2.txt 2013-05-25 10:48.Pre-Run: 65,573,785,600 bytes freePost-Run: 65,760,743,424 bytes free.- - End Of File - - 8100302CFF859EA527F637176EC7F7238E734BD7AA1D4F7E9AF58DF495F6CF9E Link to post Share on other sites More sharing options...
MrCharlie Posted November 18, 2013 ID:755160 Share Posted November 18, 2013 Did you run MBAR and if so can I see the logs.I see you have ESET Online Scanner v3 installed, can you update it and run a scan.Report back.....MrC Link to post Share on other sites More sharing options...
lignite Posted November 19, 2013 Author ID:755312 Share Posted November 19, 2013 MBAR log below. The online scan is in progress. Will revert when that is done. Malwarebytes Anti-Rootkit BETA 1.07.0.1007www.malwarebytes.org Database version: v2013.10.02.12 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16660SundarSyscomm :: FOURGIG [administrator] 18/11/2013 15:12:21mbar-log-2013-11-18 (15-12-21).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled: Objects scanned: 322288Time elapsed: 24 minute(s), 2 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 6HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|mbniqdseajrhts (Worm.AutoRun) -> Data: kdtsevoeerdxnqlxge.exe -> Delete on reboot.HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|mbniqdseajrhts (Worm.AutoRun) -> Data: kdtsevoeerdxnqlxge.exe -> Delete on reboot.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|pfsoxlbolveviia (Worm.AutoRun) -> Data: btigrhzonzkdsuozh.exe -> Delete on reboot.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|ulzwgvmayjtlzatd (Worm.AutoRun) -> Data: btigrhzonzkdsuozh.exe . -> Delete on reboot.HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|mzjcitgqkrxl (Worm.AutoRun) -> Data: vpggtlfwxlytkokxhga.exe -> Delete on reboot.HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce|lzkelxlwrzgvg (Worm.AutoRun) -> Data: xtmodxtmpfurkqodpqmfh.exe . -> Delete on reboot. Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 559C:\Windows\kdtsevoeerdxnqlxge.exe (Worm.AutoRun) -> Delete on reboot.C:\Windows\btigrhzonzkdsuozh.exe (Worm.AutoRun) -> Delete on reboot.C:\Windows\vpggtlfwxlytkokxhga.exe (Worm.AutoRun) -> Delete on reboot.C:\Windows\xtmodxtmpfurkqodpqmfh.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Application Data.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Users.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\ABBYY\ABBYY.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\ABBYY\Bonus.ScreenshotReader\Bonus.ScreenshotReader.pif (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\ABBYY\FineReaderSprint\FineReaderSprint.scr (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Adobe\Adobe.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Adobe\Acrobat\Acrobat.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Adobe\AIR\AIR.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Adobe\ISO-19770\ISO-19770.bat (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Adobe\Reader\Reader.pif (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Adobe\Updater6\Updater6.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Apple Computer\Computer.scr (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Apple Computer\QuickTime\QuickTime.pif (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Brother\Brother.scr (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Brother\BrLog\BrLog.bat (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Brother\PrtDrv\PrtDrv.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Canneverbe Limited\Limited.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Canneverbe Limited\CDBurnerXP\CDBurnerXP.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\CanonBJ\CanonBJ.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\CanonBJ\IJPrinter\IJPrinter.scr (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Canon_Inc_IC\Canon_Inc_IC.scr (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Canon_Inc_IC\AutoUpdate\AutoUpdate.bat (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Canon_Inc_IC\UniversalInstaller\UniversalInstaller.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\ControlCenter4\ControlCenter4.pif (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\CounterPath\CounterPath.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\CounterPath\X-Lite\X-Lite.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Dell\Dell.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Dell\DellSupportCenter\DellSupportCenter.scr (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\DivX\DivX.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\DivX\Setup\Setup.pif (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\EPSON\EPSON.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\EPSON\EPSON SX420W Series\SX420W Series.pif (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\EPSON\Event Manager\Manager.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\EPSON\PRINTER\PRINTER.scr (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\EPSON\Setup\Setup.pif (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\EPSON\STM3\STM3.bat (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\FLEXnet\FLEXnet.pif (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\FLEXnet\Connect\Connect.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Gigaset QuickSync\QuickSync.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Gigaset QuickSync\Firmware\Firmware.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Installations\Installations.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}.pif (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\InstallShield\InstallShield.pif (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\InstallShield\ISEngine12.0\ISEngine12.0.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\KingsIsle Entertainment\Entertainment.pif (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\KingsIsle Entertainment\Wizard101\Wizard101.bat (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\LGMOBILEAX\LGMOBILEAX.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\LGMOBILEAX\B2C_Client\B2C_Client.pif (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\LGMOBILEAX\image\image.scr (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\LGMOBILEAX\Language\Language.scr (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\McAfee\McAfee.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\McAfee\MCLOGS\MCLOGS.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Microsoft\Microsoft.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Microsoft\MF\MF.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Microsoft\Assistance\Assistance.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Microsoft\Crypto\Crypto.pif (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Microsoft\Device Stage\Stage.scr (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Microsoft\DeviceSync\DeviceSync.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Microsoft\DRM\DRM.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Microsoft\eHome\eHome.pif (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Microsoft\Event Viewer\Viewer.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Microsoft\HealthVault\HealthVault.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Microsoft\HTML Help\HTML Help.pif (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Microsoft\IdentityCRL\IdentityCRL.pif (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Microsoft\IlsCache\IlsCache.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Microsoft\Media Player\Player.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Microsoft\MSDN\MSDN.scr (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Microsoft\Network\Network.bat (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Microsoft\OFFICE\OFFICE.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\OfficeSoftwareProtectionPlatform.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Microsoft\RAC\RAC.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Microsoft\Search\Search.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Microsoft\User Account Pictures\Account Pictures.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Microsoft\Vault\Vault.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Microsoft\VISIO\VISIO.scr (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Microsoft\Windows\Windows.pif (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Microsoft\Windows Defender\Defender.pif (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Microsoft\Windows NT\Windows NT.bat (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Microsoft\Wlansvc\Wlansvc.bat (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Microsoft\WPD\WPD.scr (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Microsoft\WwanSvc\WwanSvc.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Microsoft Help\Microsoft Help.pif (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Microsoft SkyDrive\SkyDrive.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Microsoft SkyDrive\setup\setup.pif (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Nuance\Nuance.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Nuance\OmniPageCSDK16\OmniPageCSDK16.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Nuance\PaperPort\PaperPort.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Nuance\PDF Professional\Professional.pif (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Oracle\Oracle.bat (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\PC Suite\Suite.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\PC Suite\ConfServer\ConfServer.pif (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\PC Suite\Settings\Settings.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\PC Suite\Temp\Temp.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\PDF Architect\Architect.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Pure Networks\Networks.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Pure Networks\Setup\Setup.pif (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\ScanSoft\ScanSoft.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\ScanSoft\PaperPort\PaperPort.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\ScanSoft\Swizard\Swizard.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Skype\Skype.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Skype\Apps\Apps.pif (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Skype\Plugins\Plugins.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Skype\Toolbars\Toolbars.bat (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Skype\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Skype\{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}\{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Sony Corporation\Corporation.bat (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Sony Corporation\AutoUpdateClient\AutoUpdateClient.pif (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Sony Corporation\WALKMAN Guide\Guide.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Sony Ericsson\Ericsson.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Sun\Sun.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Sun\Java\Java.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Tarma Installer\Installer.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\{361E80BE-388B-4270-BF54-A10C2B756504}.pif (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\UDL\UDL.scr (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\WebEx\WebEx.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\WebEx\WebEx\WebEx.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Western Digital\Digital.pif (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Western Digital\WD SmartWare\SmartWare.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Win7codecs\Win7codecs.pif (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Win7codecs\{9358A3E1-C79C-4A76-86C8-383E19BB2346}\{9358A3E1-C79C-4A76-86C8-383E19BB2346}.pif (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Wizard101(UK)\Wizard101(UK).pif (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Wizard101(UK)\Bin\Bin.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Wizard101(UK)\Data\Data.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Wizard101(UK)\PatchClient\PatchClient.pif (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\zeon\zeon.exe (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\zeon\DocuCom\DocuCom.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Roaming\Application Data.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Roaming\Roaming.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Roaming\Adobe\Adobe.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Roaming\Adobe\Flash Player\Player.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Roaming\Epson\Epson.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Roaming\Epson\Event Manager\Manager.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Roaming\FileZilla\FileZilla.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Roaming\Helios\Helios.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Roaming\Helios\TextPad\TextPad.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Roaming\Identities\Identities.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Roaming\Identities\{27D52F90-0C62-4940-9D2E-84EE3057B13B}\{27D52F90-0C62-4940-9D2E-84EE3057B13B}.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Roaming\Macromedia\Macromedia.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\Player.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Roaming\Media Center Programs\Center Programs.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Roaming\Microsoft\Microsoft.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Roaming\Microsoft\Credentials\Credentials.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Roaming\Microsoft\Crypto\Crypto.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Explorer.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Roaming\Microsoft\MMC\MMC.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\Protect.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Roaming\Microsoft\SystemCertificates\SystemCertificates.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Windows.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Roaming\SystemRequirementsLab\SystemRequirementsLab.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Roaming\vlc\vlc.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Roaming\WinRAR\WinRAR.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\Default\AppData\Roaming\Application Data.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Default\AppData\Roaming\Roaming.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Default\AppData\Roaming\Macromedia\Macromedia.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\Default\AppData\Roaming\Macromedia\Flash Player\Player.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Default\AppData\Roaming\Media Center Programs\Center Programs.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\Default\AppData\Roaming\Microsoft\Microsoft.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Explorer.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Default\AppData\Roaming\Microsoft\Windows\Windows.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\Adobe\Adobe PDF\Adobe PDF.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\Adobe\Color\Color.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\BitTorrent\BitTorrent.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\FileZilla\FileZilla.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\Helios\Helios.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\Helios\TextPad\TextPad.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\Identities\Identities.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\Identities\{9A04ED79-F57E-4001-B186-EDB1846B62C7}\{9A04ED79-F57E-4001-B186-EDB1846B62C7}.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\Ihf\Ihf.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\InstallShield\InstallShield.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\LaunchPad\LaunchPad.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\Leadertech\PowerRegister\PowerRegister.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\Macromedia\Macromedia.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\Media Center Programs\Center Programs.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\MetaGeek\MetaGeek.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\Microsoft\Clip Organizer\Organizer.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\Microsoft\CLView\CLView.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\Microsoft\Credentials\Credentials.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\Microsoft\Crypto\Crypto.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\Microsoft\Document Building Blocks\Building Blocks.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\Microsoft\eHome\eHome.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\Microsoft\Excel\Excel.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\Microsoft\HTML Help\HTML Help.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\Microsoft\IdentityCRL\IdentityCRL.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\Microsoft\PowerPoint\PowerPoint.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\Microsoft\Queries\Queries.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\Microsoft\SystemCertificates\SystemCertificates.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\Microsoft\Templates\Templates.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\Microsoft\Windows\Windows.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\Microsoft\Word\Word.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\Mozilla\Mozilla.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\Mozilla\Firefox\Firefox.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\Nokia\Nokia.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\Nokia\LaunchApplication\LaunchApplication.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\PC Suite\359550012626801\359550012626801.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\Rynga\anbu.alli\anbu.alli.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\Skype\Content\Content.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\Skype\shared_dynco\shared_dynco.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\Skype\shared_html\shared_html.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\Skype\shared_httpfe\shared_httpfe.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\Skype\sundar.singaravelu\sundar.singaravelu.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\Sony Corporation\Corporation.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\Sony Corporation\Auto Magic Update Client\Magic Update Client.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\Tor\Tor.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\uTorrent\uTorrent.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\vlc\vlc.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\Western Digital\Digital.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\WinRAR\WinRAR.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\Woi\cuvuer.exe (Trojan.VUPX.PTI1) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\Woi\Woi.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\Xilisoft\Video Converter Ultimate 6\Converter Ultimate 6.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\AppData\Roaming\BitTorrent\BitTorrent.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\AppData\Roaming\HTC\HTC.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\AppData\Roaming\HTC\Database\Database.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\AppData\Roaming\HTC\Download\Download.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\AppData\Roaming\HTC\Local Store\Store.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\AppData\Roaming\Identities\Identities.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\AppData\Roaming\Identities\{661B79A7-2C90-42C0-808D-67783C9B96C8}\{661B79A7-2C90-42C0-808D-67783C9B96C8}.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\AppData\Roaming\Macromedia\Macromedia.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\AppData\Roaming\Media Center Programs\Center Programs.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\AppData\Roaming\Microsoft\Credentials\Credentials.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\AppData\Roaming\Microsoft\Crypto\Crypto.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\AppData\Roaming\Microsoft\Document Building Blocks\Building Blocks.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\AppData\Roaming\Microsoft\eHome\eHome.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\AppData\Roaming\Microsoft\Network\Network.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\AppData\Roaming\Microsoft\Sticky Notes\Notes.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\AppData\Roaming\Microsoft\SystemCertificates\SystemCertificates.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\AppData\Roaming\Microsoft\Templates\Templates.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\AppData\Roaming\Microsoft\Windows\Windows.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\AppData\Roaming\Microsoft\Word\Word.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\AppData\Roaming\Mozilla\Mozilla.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\AppData\Roaming\Mozilla\Firefox\Firefox.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\AppData\Roaming\Skype\shared_dynco\shared_dynco.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\AppData\Roaming\Skype\shared_html\shared_html.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\AppData\Roaming\Skype\shared_httpfe\shared_httpfe.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\AppData\Roaming\WinRAR\WinRAR.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\Desktop\Desktop.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\Default\Desktop\Desktop.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\Desktop\Desktop.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\Public\Desktop\Desktop.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\Desktop\Desktop.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\sundars\Desktop\Desktop.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\SundarSyscomm\Desktop\Desktop.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\Microsoft\Windows\Windows.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\Microsoft\Windows\1024\1024.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\Microsoft\Windows\1033\1033.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\Microsoft\Windows\Burn\Burn.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\Microsoft\Windows\Caches\Caches.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer\Explorer.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\Microsoft\Windows\Ringtones\Ringtones.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Internet Files.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\Microsoft\Windows\WER\WER.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Default\AppData\Local\Microsoft\Windows\Windows.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\Default\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Default\AppData\Local\Microsoft\Windows\History\History.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Internet Files.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Microsoft\Windows\Windows.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Microsoft\Windows\Caches\Caches.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Microsoft\Windows\History\History.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Microsoft\Windows\Ringtones\Ringtones.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Microsoft\Windows\Themes\Themes.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\AppData\Local\Microsoft\Windows\Windows.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\AppData\Local\Microsoft\Windows\Caches\Caches.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\AppData\Local\Microsoft\Windows\History\History.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\AppData\Local\Microsoft\Windows\Ringtones\Ringtones.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\AppData\Local\Microsoft\Windows\Themes\Themes.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\TEMP.Fourgig\AppData\Local\Microsoft\Windows\Windows.pif (Worm.AutoRun) -> Delete on reboot.C:\mbniqdseajrhts.bat (Worm.AutoRun) -> Delete on reboot.C:\mzjcitgqkrxl.bat (Worm.AutoRun) -> Delete on reboot.C:\ufneirckch.bat (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$REM3Q78.exe (Trojan.Agent.NR) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RIGZPLX.exe (Trojan.Agent.NR) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RKRM9Z0.exe (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RLLW1MM.exe (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$R4GU1S8.exe (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$R520V75.exe (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$R6QVGKK.exe (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RF8IXRL.exe (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RHHDRCF.exe (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RNV3V83.exe (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RZM1NSP.exe (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RZTGXNM.exe (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RZWUEJZ.exe (Trojan.Agent.NR) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$R0K54EB.exe (Trojan.Agent.NR) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$R2Z56Q7.exe (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RB3OVYL.tmp\TCD401.tmp.scr (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RBMKTUY.tmp\TCD82D.tmp.scr (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RBS16R2\7660_19176.bat (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RDHQITX.tmp\TCDE52.tmp.scr (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RE47E3M.tmp\TCD8BC.tmp.scr (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RS18RSB\1776_21093.exe (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RS2L5XD.tmp\TCD722.tmp.scr (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RSJF9UM\msohtmlclip.scr (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RSNR05U\msohtmlclip1.bat (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RSXSUC4\3124_3390.exe (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RU58WZK.tmp\TCDE40.tmp.scr (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RVEFAVD.tmp\TCDCCD.tmp.scr (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$R3JMZ5C\Adobe.exe (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RMBWHNN.tmp\TCDB03.tmp.scr (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$R05HMRD\3304_27386.exe (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$R0AS5T5\hsperfdata_SundarSyscomm.exe (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RHY3W3K\{7DA64FB8-F362-43AA-A0C9-3324B63BE6F2}.exe (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RIV39LZ\2944_5504.pif (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RJ130TO\VBE.exe (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RJXW7QO.tmp\TCDE73.tmp.scr (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RK9AXZN.0\OICE_F66F4B91-2DD8-483E-8B56-22B8554E3DF3.0.scr (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RKPYGCK.tmp\TCD248.tmp.scr (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RL5YW24.tmp\TCDF981.tmp.scr (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RM03B6U\{D0937639-E578-42D9-A349-0519D18D683E}.exe (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RM1565B\Low.exe (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RM90LR8.tmp\TCDD2F.tmp.scr (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$R3KDT14.tmp\TCDDB0.tmp.scr (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$R3T7BLU.tmp\TCD12.tmp.scr (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$R40A55P.tmp\TCDF980.tmp.scr (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$R4G7HPD.tmp\TCD2D6.tmp.scr (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$R4TUW1G.tmp\TCDEB5.tmp.scr (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$R4W8L57\{6821BD3A-71C0-4004-A1F5-728F3E4A9EFA}.bat (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$R5FG9WK\VBE.exe (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$R6Q5KN4\msdtadmin.exe (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$R71KC8D\WebEx.exe (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$R7HSXFM\Xerox.pif (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$R9F12QX.tmp\TCDE85.tmp.scr (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RF49EXD.tmp\TCDF9B2.tmp.scr (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RFUFNY9.tmp\TCDAD2.tmp.scr (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RFYJF6T.tmp\TCD217.tmp.scr (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RG1O42T\Tutorial - How to use HijackThis to remove Browser Hijackers & Spyware_files.exe (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RGZA1U6\backups.bat (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RHEDB2X.tmp\TCDCFE.tmp.scr (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RHS2IIK.tmp\TCD9E6.tmp.scr (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RMIYGTC.tmp\TCD441.tmp.scr (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RMJAT95.tmp\TCDD6F.tmp.scr (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RMUIS7Q.tmp\TCD472.tmp.scr (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RNADPEZ.tmp\TCDFFD2.tmp.scr (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$ROGQHFT\logging.exe (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RPOXJ3N.tmp\TCDFFA1.tmp.scr (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RQ7VW2K\{AC280CEA-5153-4978-9D40-2A5E863AB317}.scr (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RXJIP1T.tmp\TCDFA6F.tmp.scr (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$RXJRSYD.0\OICE_2A43C0F2-AE26-4617-B634-D034555426BE.0.scr (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$R1VHIXM.tmp\TCDDF0.tmp.scr (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$R21N8BR.tmp\TCDFE29.tmp.scr (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$R2YE3NF\CDM.bat (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$R2ZU6GS.tmp\TCDCAC.tmp.scr (Worm.AutoRun) -> Delete on reboot.C:\$RECYCLE.BIN\S-1-5-21-2427464606-374585450-1517765086-1008\$R319GIF.tmp\TCDB53.tmp.scr (Worm.AutoRun) -> Delete on reboot.C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Startup.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Startup.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Startup.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Startup.pif (Worm.AutoRun) -> Delete on reboot.C:\Windows\SysWOW64\btigrhzonzkdsuozh.exe (Worm.AutoRun) -> Delete on reboot.C:\Windows\SysWOW64\idvwkdyqshvrjolzkkfx.exe (Worm.AutoRun) -> Delete on reboot.C:\Windows\SysWOW64\kdtsevoeerdxnqlxge.exe (Worm.AutoRun) -> Delete on reboot.C:\Windows\SysWOW64\olfiytqkofvtnutjwyvpsi.exe (Worm.AutoRun) -> Delete on reboot.C:\Windows\SysWOW64\ulzwgvmayjtlzatd.exe (Worm.AutoRun) -> Delete on reboot.C:\Windows\SysWOW64\vpggtlfwxlytkokxhga.exe (Worm.AutoRun) -> Delete on reboot.C:\Windows\SysWOW64\xtmodxtmpfurkqodpqmfh.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\temp\temp.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\temp\outlook logging\logging.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\temp\sef201.tmp\sef201.tmp.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\temp\sefA872.tmp\sefA872.tmp.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\temp\CRX_75DAF8CB7768\CRX_75DAF8CB7768.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\temp\WPDNSE\WPDNSE.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\temp\{2140EEBC-1620-48EE-BEC7-47A9AE436C85}\{2140EEBC-1620-48EE-BEC7-47A9AE436C85}.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\temp\{33D440CF-9FD7-479B-8B8A-BA01652ED73A}\{33D440CF-9FD7-479B-8B8A-BA01652ED73A}.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\temp\{66454117-9767-4986-9FAD-12D1708EF270}\{66454117-9767-4986-9FAD-12D1708EF270}.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\temp\{8493C69B-C582-4879-8F19-E232F4C8A569}\{8493C69B-C582-4879-8F19-E232F4C8A569}.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\temp\{91C33343-3F0E-42AE-A7FC-FEAC19E64462}\{91C33343-3F0E-42AE-A7FC-FEAC19E64462}.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\temp\{9ADFFB5A-8616-4BE5-94B5-13F0F4CD5398}\{9ADFFB5A-8616-4BE5-94B5-13F0F4CD5398}.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\temp\{AF9BAE98-078B-4225-80A8-852484C5EF64}\{AF9BAE98-078B-4225-80A8-852484C5EF64}.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\temp\{C4648A86-C82A-4AF3-BC1F-9F94B0E69AE2}\{C4648A86-C82A-4AF3-BC1F-9F94B0E69AE2}.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\temp\{E590AF6B-EC9D-4203-BE77-E45665E2ACA6}\{E590AF6B-EC9D-4203-BE77-E45665E2ACA6}.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\temp\Low\Low.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\temp\Low\__skype_toolbar_v5_logs\__skype_toolbar_v5_logs.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\temp\Low\__skype_toolbar_v5_logs\html\html.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\temp\hsperfdata_Administrator\hsperfdata_Administrator.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Default\AppData\Local\temp\temp.exe (Worm.AutoRun) -> Delete on reboot.c:\Users\SundarSyscomm\AppData\Local\Temp\~pi1548.tmp (Worm.AutoRun) -> Delete on reboot.C:\Users\SundarSyscomm\AppData\Local\Temp\ktzoqxgm\ufneirckch.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\Administrator.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\AppData.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\Contacts\Contacts.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\Documents\Documents.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\Downloads\Downloads.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\Favorites\Favorites.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\Links\Links.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\Music\Music.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\Pictures\Pictures.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\Saved Games\Games.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\Searches\Searches.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\Videos\Videos.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\Virtual Machines\Machines.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\Default\Default User.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Default\Default.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Default\AppData\AppData.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Default\Documents\Documents.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Default\Downloads\Downloads.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Default\Favorites\Favorites.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\Default\Links\Links.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\Default\Music\Music.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\Default\Pictures\Pictures.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Default\Saved Games\Games.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\Default\Videos\Videos.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\parents_old.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\AppData.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\Favorites\Favorites.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\Links\Links.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\Music\Music.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\Saved Games\Games.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\Searches\Searches.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\Videos\Videos.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\Virtual Machines\Machines.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\WA33JD\WA33JD.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\Public\Favorites\Favorites.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\Public\Libraries\Libraries.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\Public\Music\Music.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\Public\Videos\Videos.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\Favorites\Favorites.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\Links\Links.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\Music\Music.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\Saved Games\Games.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\Searches\Searches.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\Videos\Videos.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\Virtual Machines\Machines.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\sundars\sundars.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\sundars\Favorites\Favorites.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\sundars\Links\Links.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\sundars\Music\Music.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\sundars\Saved Games\Games.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\sundars\Searches\Searches.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\sundars\Videos\Videos.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\sundars\Virtual Machines\Machines.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\SundarSyscomm\Favorites\Favorites.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\SundarSyscomm\Links\Links.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\SundarSyscomm\Music\Music.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\SundarSyscomm\Saved Games\Games.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\SundarSyscomm\Searches\Searches.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\SundarSyscomm\Videos\Videos.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\SundarSyscomm\Virtual Machines\Machines.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\Application Data.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\Local.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\Settings.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\Adobe\Adobe.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\Adobe\Acrobat\Acrobat.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\Adobe\Updater6\Updater6.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\Google\Google.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\Google\Chrome\Chrome.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\Microsoft\Microsoft.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\Microsoft\Credentials\Credentials.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Feeds.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\Cache.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\Microsoft\FORMS\FORMS.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\Explorer.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Player.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\Microsoft\Office\Office.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\Microsoft\Outlook\Outlook.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\Microsoft\Terminal Server Client\Server Client.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Windows Mail.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\Microsoft\Windows Media\Media.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Sidebar.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\Microsoft Help\Microsoft Help.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\VirtualStore\VirtualStore.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\VirtualStore\Program Files (x86)\Files (x86).scr (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\VirtualStore\PROGRA~2\PROGRA~2.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\Default\AppData\Local\Application Data.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Default\AppData\Local\Local.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Default\AppData\Local\Settings.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Default\AppData\Local\Adobe\Adobe.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Default\AppData\Local\Adobe\Acrobat\Acrobat.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Default\AppData\Local\Adobe\Updater6\Updater6.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Default\AppData\Local\Microsoft\Microsoft.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Default\AppData\Local\Microsoft Help\Microsoft Help.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Local.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Microsoft\Credentials\Credentials.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Microsoft\Device Stage\Stage.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Microsoft\FORMS\FORMS.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Microsoft\NetTraces\NetTraces.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Microsoft\Portable Devices\Devices.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Microsoft\Terminal Server Client\Server Client.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Microsoft\Visio\Visio.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Microsoft\Windows Media\Media.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Microsoft\Windows Sidebar\Sidebar.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\ABBYY\ABBYY.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\ABBYY\FineReaderSprint\FineReaderSprint.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Adobe\Adobe.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Adobe\Acrobat\Acrobat.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Adobe\AIR\AIR.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Adobe\CameraRaw\CameraRaw.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Adobe\Color\Color.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Adobe\ESD\ESD.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Adobe\Updater6\Updater6.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\APN\APN.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\APN\GoogleCRXs\GoogleCRXs.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Apps\Apps.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Apps\2.0\2.0.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Cooliris\Cooliris.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Cooliris\520d0df4-f16e-4744-aaa0-1099913a2f6b\520d0df4-f16e-4744-aaa0-1099913a2f6b.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Deployment\Deployment.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Downloaded Installations\Installations.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Downloaded Installations\{557E71C4-7595-428C-8FD3-2C7084E24935}\{557E71C4-7595-428C-8FD3-2C7084E24935}.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Downloaded Installations\{F468A340-997A-49C5-A9E5-885181791F79}\{F468A340-997A-49C5-A9E5-885181791F79}.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Downloaded Installations\{F8F46AD2-1CE0-4A78-962F-D1474E7A5A84}\{F8F46AD2-1CE0-4A78-962F-D1474E7A5A84}.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Eclipse\Eclipse.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Eclipse\ico_dir\ico_dir.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\ElevatedDiagnostics\ElevatedDiagnostics.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\ElevatedDiagnostics\460911090\460911090.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Google\Google.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Google\Chrome\Chrome.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Google\CrashReports\CrashReports.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Google\GBScreensaver\GBScreensaver.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Google\Update\Update.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Htc\Devices\Devices.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\LG Electronics\Electronics.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\MetaGeek, LLC\MetaGeek, LLC.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\MetaGeek, LLC\Chanalyzer\Chanalyzer.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\MetaGeek,_LLC\MetaGeek,_LLC.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\MetaGeek,_LLC\Chanalyzer.exe_Url_4hzuowulerxcengcveyb11ynd3bbgyv4\Chanalyzer.exe_Url_4hzuowulerxcengcveyb11ynd3bbgyv4.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Microsoft Games\Games.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Microsoft Games\Hearts\Hearts.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Microsoft Games\Minesweeper\Minesweeper.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Microsoft Games\Purble Place\Place.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Microsoft Games\Solitaire\Solitaire.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Microsoft Games\Spider Solitaire\Solitaire.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Microsoft Help\Microsoft Help.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Mozilla\Mozilla.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Mozilla\Firefox\Firefox.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\VirtualStore\VirtualStore.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\VirtualStore\Program Files (x86)\Files (x86).scr (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\VirtualStore\PROGRA~2\PROGRA~2.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\Western Digital\Digital.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\AppData\Local\{64A3A4F2-B792-11D6-A78A-00B0D0150220}\{64A3A4F2-B792-11D6-A78A-00B0D0150220}.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\AppData\Local\Adobe\Color\Color.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\AppData\Local\Google\GBScreensaver\GBScreensaver.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\AppData\Local\Htc\Devices\Devices.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\AppData\Local\Microsoft\Credentials\Credentials.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\AppData\Local\Microsoft\Windows Media\Media.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\AppData\Local\Microsoft\Windows Sidebar\Sidebar.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\AppData\Local\Microsoft Help\Microsoft Help.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\AppData\Local\Mozilla\Mozilla.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\Shivaani\AppData\Local\Mozilla\Firefox\Firefox.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\TEMP.Fourgig.000\AppData\Local\Google\Chrome\Chrome.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\TEMP\AppData\Local\Google\Chrome\Chrome.pif (Worm.AutoRun) -> Delete on reboot.C:\Windows\idvwkdyqshvrjolzkkfx.exe (Worm.AutoRun) -> Delete on reboot.C:\Windows\ulzwgvmayjtlzatd.exe (Worm.AutoRun) -> Delete on reboot.C:\Windows\olfiytqkofvtnutjwyvpsi.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Public\Recorded TV\Sample Media\Media.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\Public\Videos\Sample Videos\Videos.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\Desktop\MP3\hindi\hindi.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\Desktop\padmini\padmini.bat (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\Desktop\PadminiMadrasFlat\PadminiMadrasFlat.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\Desktop\PadminiMadrasFlat\Naren\Naren.scr (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\Desktop\Coinop\Coinop.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\parents_old\Desktop\Coinop\logo_final_pack\logo_final_pack.pif (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R0IPPPWI\R0IPPPWI.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XOHJ8W85\XOHJ8W85.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\AntiPhishing.exe (Worm.AutoRun) -> Delete on reboot.C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4WY4GE70\4WY4GE70.exe (Worm.AutoRun) -> Delete on reboot. Physical Sectors Detected: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
MrCharlie Posted November 19, 2013 ID:755409 Share Posted November 19, 2013 You have a nasty virus on the system:Worm.AutoRunhttp://antivirus.about.com/od/virusdescriptions/ht/autorunworms.htmMrC Link to post Share on other sites More sharing options...
lignite Posted November 19, 2013 Author ID:755453 Share Posted November 19, 2013 Scan in progress using ESET. Read about the virus. Looks nasty. Looks like I have to scan all the drives too . Agree ? Link to post Share on other sites More sharing options...
MrCharlie Posted November 19, 2013 ID:755470 Share Posted November 19, 2013 Yes, follow the directions in that link I posted. also......install Panda USB and AutoRun Vaccine: http://research.pandasecurity.com/Panda-USB-and-AutoRun-Vaccine/ Disable autorun: http://support.microsoft.com/kb/967715 MrC Link to post Share on other sites More sharing options...
lignite Posted November 20, 2013 Author ID:755779 Share Posted November 20, 2013 ESET gets stuck at 99% . Tried this a few times and after 3 hours of scanning,hangs. It reports that approx 5000 files have to be cleaned. Please keep this thread open. I will try a different scanner and report. Any suggestions on a online scanner - KAspersky/Trend micro don't report the virus. Link to post Share on other sites More sharing options...
MrCharlie Posted November 20, 2013 ID:755904 Share Posted November 20, 2013 Sounds like the system is trashed. Some listed here: http://antivirus.about.com/od/freeantivirussoftware/tp/avrescuecd.htm http://www.microsoft.com/security/scanner/en-us/default.aspx MrC Link to post Share on other sites More sharing options...
MrCharlie Posted November 25, 2013 ID:757809 Share Posted November 25, 2013 How are we doing?? Do you still need help or can I close this post?? MrC Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 26, 2013 ID:758274 Share Posted November 26, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts