Tech Support Forum banner
Status
Not open for further replies.
1 - 10 of 10 Posts

·
Registered
Joined
·
5 Posts
Sir my problem is similar as this one
http://www.techsupportforum.com/forums/f100/backdoor-win32-cycbot-b-and-redirecting-when-using-google-533875.html


In this regard I had downloaded Combofix on my desktop and after running it the followingreport is generated..
Now i do not know what to do next.
Please guide me.

ComboFix 11-09-11.06 - dell 09/12/2011 10:51:02.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4003.2314 [GMT -7:00]
Running from: c:\users\dell\Desktop\ComboFix.exe
AV: Guardian 12.00 *Disabled/Updated* {7EEA7DF5-117F-E8EF-F91E-8C3E8C27E621}
SP: Guardian 12.00 *Disabled/Updated* {C58B9C11-3745-E761-C3AE-B74CF7A0AC9C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\ChatVibes Toolbar\tbHElper.dll
c:\programdata\Roaming
c:\users\dell\AppData\Roaming\6774.37F
c:\users\dell\AppData\Roaming\dwm.exe
c:\users\dell\AppData\Roaming\Microsoft\conhost.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-08-12 to 2011-09-12 )))))))))))))))))))))))))))))))
.
.
2011-09-12 17:56 . 2011-09-12 17:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-11 21:16 . 2011-09-11 21:16 -------- d-----w- c:\users\dell\AppData\Roaming\MathWorks
2011-09-11 20:08 . 2011-09-11 20:08 -------- d-----w- c:\program files\MATLAB
2011-09-11 18:26 . 2011-09-11 18:26 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-09-11 18:26 . 2011-09-11 18:26 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-09-11 18:26 . 2011-09-11 18:25 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-11 18:25 . 2011-09-11 18:25 -------- d-----w- c:\program files (x86)\Java
2011-09-09 21:23 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A5B7A7B6-70EF-475E-8480-64ADD835956E}\mpengine.dll
2011-09-07 20:53 . 2011-09-07 20:53 -------- d-----w- c:\users\dell\AppData\Roaming\Dell
2011-09-07 20:52 . 2011-09-12 06:33 -------- d-----w- c:\users\dell\AppData\Local\Stardock_Corporation
2011-09-07 20:52 . 2011-09-07 20:52 -------- dc-h--w- c:\programdata\{CBCE2F73-24E4-481F-84B2-1A5EB720D187}
2011-09-07 20:52 . 2011-09-07 20:52 -------- d-----w- c:\programdata\Dell
2011-09-07 20:52 . 2011-09-07 20:52 -------- d-----w- c:\program files\Dell
2011-09-07 20:51 . 2011-09-07 20:51 -------- d-----w- c:\users\dell\AppData\Local\PackageAware
2011-09-07 19:57 . 2011-09-08 00:49 -------- d-----w- c:\program files (x86)\Britannica 11.0
2011-09-07 19:57 . 2011-09-07 20:06 -------- d--h--w- c:\program files (x86)\Zero G Registry
2011-09-07 19:55 . 2011-09-07 19:55 -------- d--h--w- c:\users\dell\InstallAnywhere
2011-09-06 02:23 . 2011-09-06 03:13 -------- d-----w- c:\program files (x86)\Rovio
2011-09-05 04:08 . 2011-09-06 02:23 -------- d-----w- c:\users\dell\AppData\Roaming\Rovio
2011-08-29 19:10 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-08-29 19:10 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-08-29 19:10 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-08-29 19:10 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-08-29 19:10 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-08-27 01:10 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2011-08-27 01:10 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2011-08-27 01:10 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2011-08-27 01:10 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2011-08-27 01:10 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-08-27 01:10 . 2011-03-11 06:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-08-27 01:10 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-08-27 01:10 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-08-27 01:10 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-08-27 01:10 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-08-27 01:10 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2011-08-26 23:23 . 2011-02-24 06:15 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-08-26 23:23 . 2011-02-24 05:38 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-08-26 23:03 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-08-26 23:02 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-08-26 23:02 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-08-26 23:02 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-08-26 23:02 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-08-26 23:02 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-08-26 23:02 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-08-26 23:02 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-08-26 23:02 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-08-26 23:02 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-08-26 23:01 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-08-26 23:01 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2011-08-26 23:01 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
2011-08-26 23:01 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2011-08-26 23:01 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2011-08-26 23:00 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-08-26 21:45 . 2011-08-26 21:45 -------- d-----w- c:\windows\system32\SPReview
2011-08-26 21:44 . 2011-08-26 21:44 -------- d-----w- c:\windows\system32\EventProviders
2011-08-25 23:19 . 2010-11-20 13:27 1110016 ----a-w- c:\windows\system32\schedsvc.dll
2011-08-25 23:18 . 2010-11-20 13:27 2420736 ----a-w- c:\windows\system32\wuaueng.dll
2011-08-25 23:17 . 2010-11-20 13:24 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-08-25 23:16 . 2010-11-20 13:27 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2011-08-25 23:15 . 2010-11-20 13:27 1232896 ----a-w- c:\windows\system32\WMADMOD.DLL
2011-08-25 23:14 . 2010-11-20 13:27 18944 ----a-w- c:\windows\system32\spopk.dll
2011-08-25 23:13 . 2010-11-20 13:11 6144 ----a-w- c:\windows\system32\drivers\en-US\IPMIDrv.sys.mui
2011-08-25 23:13 . 2010-11-20 13:10 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui
2011-08-25 23:13 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
2011-08-25 23:13 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2011-08-25 23:13 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll
2011-08-25 23:13 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2011-08-25 23:13 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll
2011-08-25 23:13 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2011-08-25 23:10 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2011-08-25 23:10 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-08-25 23:10 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2011-08-25 05:17 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-25 05:17 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-25 04:33 . 2011-09-12 17:56 -------- d-----w- c:\program files (x86)\ChatVibes Toolbar
2011-08-25 00:49 . 2011-09-12 03:21 -------- d-----w- c:\users\dell\AppData\Roaming\DC++
2011-08-25 00:49 . 2011-09-11 05:45 -------- d-----w- c:\users\dell\AppData\Local\DC++
2011-08-25 00:49 . 2011-08-25 00:49 -------- d-----w- c:\program files (x86)\DC++
2011-08-25 00:39 . 2011-09-10 17:11 -------- d-----w- c:\users\dell\AppData\Roaming\IDM
2011-08-25 00:39 . 2011-08-25 00:40 -------- d-----w- c:\program files (x86)\Internet Download Manager
2011-08-25 00:29 . 2011-09-12 17:57 -------- d-----w- c:\users\dell\AppData\Roaming\DMCache
2011-08-24 23:17 . 2011-08-24 23:17 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2011-08-24 23:17 . 2011-08-24 23:17 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-08-24 23:14 . 2011-08-24 23:14 -------- d-----r- C:\MSOCache
2011-08-23 23:17 . 2011-04-28 03:55 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-08-23 23:17 . 2011-04-28 03:54 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-08-23 23:17 . 2010-11-20 13:24 229376 ----a-w- c:\windows\system32\fsquirt.exe
2011-08-22 22:29 . 2011-08-22 22:29 -------- d-----w- c:\windows\SysWow64\Wat
2011-08-22 22:29 . 2011-08-22 22:29 -------- d-----w- c:\windows\system32\Wat
2011-08-22 17:38 . 2011-08-22 17:38 -------- d-----w- c:\users\dell\AppData\Roaming\Reallusion
2011-08-22 17:17 . 2011-08-22 17:17 -------- d-----w- c:\users\dell\AppData\Roaming\CAD-KAS
2011-08-22 17:17 . 2011-08-22 17:17 75776 ----a-w- c:\windows\cadkasdeinst01e.exe
2011-08-22 17:17 . 2011-08-22 17:17 -------- d-----w- c:\program files (x86)\PDF Editor 3
2011-08-19 06:54 . 2011-08-19 06:54 -------- d-----w- c:\users\dell\AppData\Local\oald8
2011-08-19 06:54 . 2011-08-19 06:54 -------- d-----w- c:\users\dell\AppData\Roaming\oald8
2011-08-19 06:53 . 2011-08-19 06:53 -------- d--h--r- c:\users\dell\AppData\Roaming\SecuROM
2011-08-19 06:53 . 2011-08-19 06:53 -------- d-----w- c:\program files (x86)\IDM
2011-08-19 06:51 . 2011-08-19 06:51 -------- d-----w- c:\program files (x86)\Oxford
2011-08-19 06:26 . 2011-08-19 06:26 286720 ----a-w- c:\windows\iun506.exe
2011-08-19 06:25 . 2011-08-19 06:26 -------- d-----w- c:\program files (x86)\Shipra's Dictionary
2011-08-19 06:25 . 2011-08-19 06:25 -------- d-----w- c:\program files (x86)\GRE Stuff
2011-08-16 17:24 . 2011-08-16 17:28 -------- d-----w- c:\windows\SysWow64\Adobe
2011-08-16 17:05 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-16 17:05 . 2011-04-27 02:40 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-08-16 17:05 . 2011-04-27 02:39 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-08-16 16:57 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-08-16 16:57 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-08-16 16:57 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-08-16 16:52 . 2010-12-23 10:42 961024 ----a-w- c:\windows\system32\CPFilters.dll
2011-08-16 16:52 . 2010-12-23 10:42 723968 ----a-w- c:\windows\system32\EncDec.dll
2011-08-16 16:52 . 2010-12-23 10:42 1118720 ----a-w- c:\windows\system32\sbe.dll
2011-08-16 16:52 . 2010-12-23 05:54 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2011-08-16 16:52 . 2010-12-23 05:54 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-08-16 16:52 . 2010-12-23 10:36 259072 ----a-w- c:\windows\system32\mpg2splt.ax
2011-08-16 16:52 . 2010-12-23 05:54 850944 ----a-w- c:\windows\SysWow64\sbe.dll
2011-08-16 16:52 . 2010-12-23 05:50 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2011-08-16 16:49 . 2011-04-25 02:34 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-16 16:47 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-08-16 16:47 . 2011-03-11 06:34 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-08-16 16:47 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-08-16 16:47 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-08-16 16:47 . 2011-02-19 12:03 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-08-16 16:47 . 2011-02-19 09:00 367616 ----a-w- c:\windows\system32\atmfd.dll
2011-08-16 16:47 . 2011-02-19 06:30 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-08-16 16:47 . 2011-02-19 04:34 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-04 18:16 . 2011-08-06 22:38 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-26 21:56 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-08-26 21:56 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-08-07 00:00 . 2011-08-06 23:07 131336 ----a-w- c:\windows\SysWow64\drivers\avfwot.sys
2011-07-17 15:34 . 2011-07-17 15:34 2048 ----a-w- c:\windows\SysWow64\winver.exe
2011-07-17 15:34 . 2011-07-17 15:34 113543 ----a-w- c:\windows\SysWow64\slmgr.vbs
2011-07-16 04:26 . 2011-08-16 16:39 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0EC9148F-41E2-437C-8437-E576FE833A52}]
2010-11-12 23:06 2646528 ------w- c:\program files (x86)\ChatVibes Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{01193D00-C7F9-4C26-92A2-1CA91F170068}"= "c:\program files (x86)\ChatVibes Toolbar\tbcore3.dll" [2010-11-12 2646528]
.
[HKEY_CLASSES_ROOT\clsid\{01193d00-c7f9-4c26-92a2-1ca91f170068}]
[HKEY_CLASSES_ROOT\FMTLB0003.FMTLB0003.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\FMTLB0003.FMTLB0003]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2010-01-16 717696]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Facebook Update"="c:\users\dell\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-08-06 137536]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2010-12-24 3293184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-11 487561]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R0 mscank;mscank;c:\windows\system32\DRIVERS\mscank64.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-06 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-06 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 ggc;ggc;c:\windows\system32\DRIVERS\ggc.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 catflt;catflt;c:\windows\system32\DRIVERS\catflt.sys [x]
S2 Core Mail Protection;Core Mail Protection;c:\progra~1\QUICKH~1\GUARDI~1\EMLPROXY.EXE [2011-08-14 24952]
S2 Core Scanning Server;Core Scanning Server;c:\progra~1\QUICKH~1\GUARDI~1\SAPISSVC.EXE [2011-08-14 76152]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2010-01-11 155648]
S2 EMLSS;EMLSS;c:\windows\system32\drivers\emltdi.sys [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 Online Protection System;Online Protection System;c:\progra~1\QUICKH~1\GUARDI~1\opssvc.exe [2011-08-14 25464]
S2 Quick Update Service;Quick Update Service;c:\progra~1\QUICKH~1\GUARDI~1\quhlpsvc.exe [2011-08-14 66936]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2062792807-2238250182-3287164389-1000Core.job
- c:\users\dell\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-06 01:59]
.
2011-09-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2062792807-2238250182-3287164389-1000UA.job
- c:\users\dell\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-06 01:59]
.
2011-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-06 22:19]
.
2011-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-06 22:19]
.
2011-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2062792807-2238250182-3287164389-1000Core.job
- c:\users\dell\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-25 22:19]
.
2011-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2062792807-2238250182-3287164389-1000UA.job
- c:\users\dell\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-25 22:19]
.
2011-09-12 c:\windows\Tasks\Resume Quickup Download.job
- c:\progra~1\QUICKH~1\GUARDI~1\ACAPPAA.EXE [2011-08-14 23:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2010-12-23 19:09 83696 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]
"Quick Heal Core UI"="c:\progra~1\QUICKH~1\GUARDI~1\strtupap.exe" [2011-08-14 49016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.ChatVibes.com
mStart Page = hxxp://search.ChatVibes.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:53151
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files (x86)\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.121.12
FF - ProfilePath - c:\users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\knzhepd5.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.ChatVibes.com/
FF - prefs.js: keyword.URL - hxxp://search.ChatVibes.com/?q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 53151
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
FF - Ext: ChatVibes Toolbar: {8B52078D-B630-4B00-A0AB-54D51CEDD9AB} - %profile%\extensions\{8B52078D-B630-4B00-A0AB-54D51CEDD9AB}
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-conhost - c:\users\dell\AppData\Roaming\Microsoft\conhost.exe
WebBrowser-{01193D00-C7F9-4C26-92A2-1CA91F170068} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2062792807-2238250182-3287164389-1000\Software\SecuROM\License information*]
"datasecu"=hex:0f,b0,55,c2,b9,d3,ce,bd,08,48,89,30,cf,d7,d5,ab,c5,c2,16,3d,87,
c7,78,36,8e,a6,24,f2,89,2e,d5,3d,f7,24,e7,bb,8b,52,c4,b3,a3,ab,ec,ac,e3,65,\
"rkeysecu"=hex:cc,e7,c4,91,2c,c5,6f,03,c6,6f,4b,1e,9c,ab,97,7f
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-09-12 10:59:18
ComboFix-quarantined-files.txt 2011-09-12 17:59
.
Pre-Run: 30,486,515,712 bytes free
Post-Run: 32,452,014,080 bytes free
.
- - End Of File - - C32DA2A962BAE3E1D0B95FC79A2A7C41
 

Attachments

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Hello architiitr, and welcome.

While I can appreciate you wanting to get your machine cleaned as quickly as possible, it is never a good idea to follow instructions given to another person. Each machine is different, and even if the symptoms are similar, malware does not always infect each machine in the same way.

Also, while you may see ComboFix being used quite often without incident, the tool should not be run unsupervised (as stated in the Disclaimer that is first displayed by ComboFix when you run the tool) Going forward, I highly recommend you heed such instructions. As explained in Post 2 of our pre-posting topic...

Why we don't ask you to run ComboFix from the onset

ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop.

We first need to verify if there's any rootkits present and how they could affect our tools. DDS & GMER are preliminary scans. We use their logs to map our strategy for attack.

With these logs we can determine the infections present & decide whether to deploy ComboFix.
I'll need to see the current state of the machine. Kindly follow the instructions for running DDS.scr as explained here New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs in your next reply.
 

·
Registered
Joined
·
5 Posts
Discussion Starter · #3 ·
Sir,
On your reccomendation I have run dds.scr and the following report is generated

*******************DDS.TXT*****************************
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27
Run by dell at 12:39:54 on 2011-09-21
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4003.2697 [GMT -7:00]
.
AV: Guardian 12.00 *Enabled/Updated* {7EEA7DF5-117F-E8EF-F91E-8C3E8C27E621}
SP: Guardian 12.00 *Enabled/Updated* {C58B9C11-3745-E761-C3AE-B74CF7A0AC9C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\PROGRA~1\QUICKH~1\GUARDI~1\SAPISSVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\PROGRA~1\QUICKH~1\GUARDI~1\opssvc.exe
C:\PROGRA~1\QUICKH~1\GUARDI~1\quhlpsvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\PROGRA~1\QUICKH~1\GUARDI~1\scanwscs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\PROGRA~1\QUICKH~1\GUARDI~1\onlinent.exe
C:\PROGRA~1\QUICKH~1\GUARDI~1\UPSCHD.EXE
C:\PROGRA~1\QUICKH~1\GUARDI~1\SCANMSG.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\PROGRA~1\QUICKH~1\GUARDI~1\EMLPROXY.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\DC++\DCPlusPlus.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://search.ChatVibes.com
uSearch Bar =
mStart Page = hxxp://search.ChatVibes.com
uInternet Settings,ProxyServer = http=127.0.0.1:53151
mSearchAssistant =
uURLSearchHooks: H - No File
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: QUICKfind BHO Object: {c08df07a-3e49-4e25-9ab0-d3882835f153} - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Facebook Update] "C:\Users\dell\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
TCP: DhcpNameServer = 192.168.121.12 192.168.121.14
TCP: Interfaces\{7BBE3EB8-1A49-427D-A90C-E982153A432E} : DhcpNameServer = 192.168.121.12 192.168.121.14
TCP: Interfaces\{893836BA-3004-4431-BBDC-F2EA6E47D5D7} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{893836BA-3004-4431-BBDC-F2EA6E47D5D7}\25F455455425D202330282E454750225F23502C4142492 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{893836BA-3004-4431-BBDC-F2EA6E47D5D7}\E4544574541425 : DhcpNameServer = 8.8.8.8 192.168.121.14
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: IDMIEHlprObj Class: {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO-X64: IDM Helper - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: QUICKfind BHO Object: {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\96fsv0a6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.in/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Users\dell\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\dell\AppData\Local\Google\Update\1.3.21.71\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ggc;ggc;C:\Windows\system32\DRIVERS\ggc.sys --> C:\Windows\system32\DRIVERS\ggc.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 catflt;catflt;C:\Windows\system32\DRIVERS\catflt.sys --> C:\Windows\system32\DRIVERS\catflt.sys [?]
R2 Core Mail Protection;Core Mail Protection;C:\PROGRA~1\QUICKH~1\GUARDI~1\EMLPROXY.EXE [2011-8-14 24952]
R2 Core Scanning Server;Core Scanning Server;C:\PROGRA~1\QUICKH~1\GUARDI~1\SAPISSVC.EXE [2011-8-14 76152]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2010-1-11 155648]
R2 EMLSS;EMLSS;C:\Windows\system32\drivers\emltdi.sys --> C:\Windows\system32\drivers\emltdi.sys [?]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-17 13336]
R2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]
R2 Online Protection System;Online Protection System;C:\PROGRA~1\QUICKH~1\GUARDI~1\opssvc.exe [2011-8-14 25464]
R2 Quick Update Service;Quick Update Service;C:\PROGRA~1\QUICKH~1\GUARDI~1\quhlpsvc.exe [2011-8-14 66936]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S0 mscank;mscank;C:\Windows\system32\DRIVERS\mscank64.sys --> C:\Windows\system32\DRIVERS\mscank64.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-6 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-6 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-09-21 00:42:07 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C1707A40-7CAA-40C9-ADD8-2BFD05F69F37}\mpengine.dll
2011-09-18 23:57:16 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2011-09-18 22:42:40 -------- d-----w- C:\Windows\pss
2011-09-18 05:02:05 0 ----a-w- C:\Windows\SysWow64\ConduitEngine.tmp
2011-09-18 05:02:04 -------- d-----w- C:\Users\dell\AppData\Local\Conduit
2011-09-18 05:01:52 -------- d-----w- C:\Program Files (x86)\BitTorrent
2011-09-17 20:56:56 -------- d-----w- C:\Users\dell\AppData\Roaming\BitTorrent
2011-09-12 18:41:32 -------- d-sh--w- C:\$RECYCLE.BIN
2011-09-12 17:50:18 98816 ----a-w- C:\Windows\sed.exe
2011-09-12 17:50:18 208896 ----a-w- C:\Windows\MBR.exe
2011-09-11 21:16:55 -------- d-----w- C:\Users\dell\AppData\Roaming\MathWorks
2011-09-11 20:08:40 -------- d-----w- C:\Program Files\MATLAB
2011-09-11 18:26:37 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-09-11 18:26:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-09-07 20:53:41 -------- d-----w- C:\Users\dell\AppData\Roaming\Dell
2011-09-07 20:52:49 -------- d-----w- C:\Users\dell\AppData\Local\Stardock_Corporation
2011-09-07 20:52:44 -------- dc-h--w- C:\ProgramData\{CBCE2F73-24E4-481F-84B2-1A5EB720D187}
2011-09-07 20:52:18 -------- d-----w- C:\Program Files\Dell
2011-09-07 20:51:49 -------- d-----w- C:\Users\dell\AppData\Local\PackageAware
2011-09-07 19:57:07 -------- d--h--w- C:\Program Files (x86)\Zero G Registry
2011-09-07 19:57:07 -------- d-----w- C:\Program Files (x86)\Britannica 11.0
2011-09-07 19:55:27 -------- d--h--w- C:\Users\dell\InstallAnywhere
2011-09-06 02:23:15 -------- d-----w- C:\Program Files (x86)\Rovio
2011-09-05 17:04:56 183696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-09-05 04:08:04 -------- d-----w- C:\Users\dell\AppData\Roaming\Rovio
2011-08-29 19:10:25 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-08-29 19:10:25 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-08-29 19:10:25 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-08-29 19:10:25 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-08-29 19:10:25 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-08-27 03:46:27 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-08-27 01:10:30 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-08-27 01:10:30 2565632 ----a-w- C:\Windows\System32\esent.dll
2011-08-27 01:10:30 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2011-08-27 01:10:29 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-08-27 01:10:29 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-08-27 01:10:29 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-08-27 01:10:29 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-08-27 01:10:29 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-08-27 01:10:29 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-08-27 01:10:29 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-08-27 01:10:29 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-08-26 23:23:35 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-08-26 23:23:35 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-08-26 23:03:00 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-08-26 23:02:58 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-08-26 23:02:58 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-08-26 23:02:35 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-08-26 23:02:35 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-08-26 23:02:35 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-08-26 23:02:35 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-08-26 23:02:35 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-08-26 23:02:35 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-08-26 23:02:35 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-08-26 23:01:54 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-08-26 23:01:54 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-08-26 23:01:48 2871808 ----a-w- C:\Windows\explorer.exe
2011-08-26 23:01:48 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-08-26 23:01:00 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-08-26 23:00:59 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-08-26 21:45:27 -------- d-----w- C:\Windows\System32\SPReview
2011-08-26 21:44:38 -------- d-----w- C:\Windows\System32\EventProviders
2011-08-25 23:19:59 1110016 ----a-w- C:\Windows\System32\schedsvc.dll
2011-08-25 23:18:59 584192 ----a-w- C:\Windows\System32\ipsmsnap.dll
2011-08-25 23:17:59 782336 ----a-w- C:\Windows\SysWow64\webservices.dll
2011-08-25 23:16:59 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2011-08-25 23:15:59 90112 ----a-w- C:\Windows\SysWow64\olepro32.dll
2011-08-25 23:14:59 57344 ----a-w- C:\Program Files\Common Files\System\msadc\msdfmap.dll
2011-08-25 23:13:56 6144 ----a-w- C:\Windows\System32\drivers\en-US\IPMIDrv.sys.mui
2011-08-25 23:13:56 4608 ----a-w- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
2011-08-25 23:13:49 189952 ----a-w- C:\Windows\SysWow64\wdscore.dll
2011-08-25 23:13:48 399872 ----a-w- C:\Windows\System32\dpx.dll
2011-08-25 23:13:43 189952 ----a-w- C:\Windows\SysWow64\sqmapi.dll
2011-08-25 23:13:26 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2011-08-25 23:13:26 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2011-08-25 23:13:26 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll
2011-08-25 23:10:50 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2011-08-25 23:10:49 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-08-25 23:10:41 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2011-08-25 05:17:57 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-08-25 05:17:57 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-08-25 00:49:56 -------- d-----w- C:\Users\dell\AppData\Roaming\DC++
2011-08-25 00:49:56 -------- d-----w- C:\Users\dell\AppData\Local\DC++
2011-08-25 00:49:11 -------- d-----w- C:\Program Files (x86)\DC++
2011-08-25 00:39:45 -------- d-----w- C:\Users\dell\AppData\Roaming\IDM
2011-08-25 00:39:30 -------- d-----w- C:\Program Files (x86)\Internet Download Manager
2011-08-25 00:29:18 -------- d-----w- C:\Users\dell\AppData\Roaming\DMCache
2011-08-24 23:17:48 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2011-08-23 23:17:56 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS
2011-08-23 23:17:56 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2011-08-23 23:17:56 229376 ----a-w- C:\Windows\System32\fsquirt.exe
2011-08-22 22:29:29 -------- d-----w- C:\Windows\SysWow64\Wat
2011-08-22 22:29:28 -------- d-----w- C:\Windows\System32\Wat
.
==================== Find3M ====================
.
2011-09-04 18:16:32 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-26 21:56:14 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-08-26 21:56:14 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-08-22 17:17:23 75776 ----a-w- C:\Windows\cadkasdeinst01e.exe
2011-08-14 23:04:53 39544 ----a-w- C:\Windows\System32\drivers\mscank64.sys
2011-08-14 23:04:52 47160 ----a-w- C:\Windows\System32\drivers\catflt.sys
2011-08-14 23:04:52 18488 ----a-w- C:\Windows\System32\drivers\EMLTDI.SYS
2011-08-14 23:02:30 59960 ----a-w- C:\Windows\System32\drivers\ggc.sys
2011-08-07 00:00:08 131336 ----a-w- C:\Windows\SysWow64\drivers\avfwot.sys
2011-07-17 15:34:06 2048 ----a-w- C:\Windows\SysWow64\winver.exe
2011-07-17 15:34:03 113543 ----a-w- C:\Windows\SysWow64\slmgr.vbs
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe
.
============= FINISH: 12:42:03.37 ===========

What to do next?
ThankYou
 

Attachments

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
You're welcome. :)

Open notepad and copy/paste the text in the code box below into it:

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:53151

Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe

***************************************************

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

***************************************************





Refering to the picture above, drag CFScript into ComboFix.exe


When finished, a log will be produced. Post the C:\ComboFix.txt in your next reply.

========================================

It's important to run an online scan to search for any remnants that may be lurking. Please go to here to run the online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
 

·
Registered
Joined
·
5 Posts
Discussion Starter · #5 ·
Sir,
I have followed your instructions and the follwing report is generated



ComboFix 11-09-21.02 - dell 09/21/2011 21:09:00.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4003.2204 [GMT -7:00]
Running from: c:\users\dell\Desktop\ComboFix.exe
Command switches used :: c:\users\dell\Desktop\CFScript.txt
AV: Guardian 12.00 *Disabled/Updated* {7EEA7DF5-117F-E8EF-F91E-8C3E8C27E621}
SP: Guardian 12.00 *Disabled/Updated* {C58B9C11-3745-E761-C3AE-B74CF7A0AC9C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-08-22 to 2011-09-22 )))))))))))))))))))))))))))))))
.
.
2011-09-22 04:15 . 2011-09-22 04:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-22 04:01 . 2011-09-22 04:01 -------- d-----w- c:\windows\system32\Native
2011-09-21 00:42 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C1707A40-7CAA-40C9-ADD8-2BFD05F69F37}\mpengine.dll
2011-09-18 23:57 . 2011-09-18 23:57 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-09-18 23:42 . 2011-09-18 23:45 -------- d-----w- c:\program files\Common Files\Adobe
2011-09-18 23:41 . 2011-09-18 23:41 -------- d-----w- c:\program files (x86)\Adobe Media Player
2011-09-18 23:39 . 2011-09-18 23:39 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-09-18 05:02 . 2011-09-18 05:02 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp
2011-09-18 05:02 . 2011-09-18 06:28 -------- d-----w- c:\users\dell\AppData\Local\Conduit
2011-09-18 05:01 . 2011-09-18 05:01 -------- d-----w- c:\program files (x86)\BitTorrent
2011-09-17 20:56 . 2011-09-17 20:56 -------- d-----w- c:\users\dell\AppData\Roaming\BitTorrent
2011-09-11 21:16 . 2011-09-11 21:16 -------- d-----w- c:\users\dell\AppData\Roaming\MathWorks
2011-09-11 20:08 . 2011-09-11 20:08 -------- d-----w- c:\program files\MATLAB
2011-09-11 18:26 . 2011-09-11 18:26 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-09-11 18:26 . 2011-09-11 18:26 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-09-11 18:26 . 2011-09-11 18:25 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-11 18:25 . 2011-09-11 18:25 -------- d-----w- c:\program files (x86)\Java
2011-09-07 20:53 . 2011-09-07 20:53 -------- d-----w- c:\users\dell\AppData\Roaming\Dell
2011-09-07 20:52 . 2011-09-12 06:33 -------- d-----w- c:\users\dell\AppData\Local\Stardock_Corporation
2011-09-07 20:52 . 2011-09-07 20:52 -------- dc-h--w- c:\programdata\{CBCE2F73-24E4-481F-84B2-1A5EB720D187}
2011-09-07 20:52 . 2011-09-07 20:52 -------- d-----w- c:\programdata\Dell
2011-09-07 20:52 . 2011-09-07 20:52 -------- d-----w- c:\program files\Dell
2011-09-07 20:51 . 2011-09-07 20:51 -------- d-----w- c:\users\dell\AppData\Local\PackageAware
2011-09-07 19:57 . 2011-09-08 00:49 -------- d-----w- c:\program files (x86)\Britannica 11.0
2011-09-07 19:57 . 2011-09-07 20:06 -------- d--h--w- c:\program files (x86)\Zero G Registry
2011-09-07 19:55 . 2011-09-07 19:55 -------- d--h--w- c:\users\dell\InstallAnywhere
2011-09-06 02:23 . 2011-09-19 13:37 -------- d-----w- c:\program files (x86)\Rovio
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-09-05 04:08 . 2011-09-19 13:37 -------- d-----w- c:\users\dell\AppData\Roaming\Rovio
2011-08-29 19:10 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-08-29 19:10 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-08-29 19:10 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-08-29 19:10 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-08-29 19:10 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-08-27 01:10 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2011-08-27 01:10 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2011-08-27 01:10 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2011-08-27 01:10 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2011-08-27 01:10 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-08-27 01:10 . 2011-03-11 06:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-08-27 01:10 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-08-27 01:10 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-08-27 01:10 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-08-27 01:10 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-08-27 01:10 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2011-08-26 23:23 . 2011-02-24 06:15 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-08-26 23:23 . 2011-02-24 05:38 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-08-26 23:03 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-08-26 23:02 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-08-26 23:02 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-08-26 23:02 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-08-26 23:02 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-08-26 23:02 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-08-26 23:02 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-08-26 23:02 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-08-26 23:02 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-08-26 23:02 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-08-26 23:01 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-08-26 23:01 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2011-08-26 23:01 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
2011-08-26 23:01 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2011-08-26 23:01 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2011-08-26 23:00 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-08-26 21:45 . 2011-08-26 21:45 -------- d-----w- c:\windows\system32\SPReview
2011-08-26 21:44 . 2011-08-26 21:44 -------- d-----w- c:\windows\system32\EventProviders
2011-08-25 23:19 . 2010-11-20 13:27 1110016 ----a-w- c:\windows\system32\schedsvc.dll
2011-08-25 23:18 . 2010-11-20 13:27 2420736 ----a-w- c:\windows\system32\wuaueng.dll
2011-08-25 23:17 . 2010-11-20 13:24 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-08-25 23:16 . 2010-11-20 13:27 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2011-08-25 23:15 . 2010-11-20 13:27 1232896 ----a-w- c:\windows\system32\WMADMOD.DLL
2011-08-25 23:14 . 2010-11-20 13:27 18944 ----a-w- c:\windows\system32\spopk.dll
2011-08-25 23:13 . 2010-11-20 13:11 6144 ----a-w- c:\windows\system32\drivers\en-US\IPMIDrv.sys.mui
2011-08-25 23:13 . 2010-11-20 13:10 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui
2011-08-25 23:13 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
2011-08-25 23:13 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2011-08-25 23:13 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll
2011-08-25 23:13 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2011-08-25 23:13 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll
2011-08-25 23:13 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2011-08-25 23:10 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2011-08-25 23:10 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-08-25 23:10 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2011-08-25 05:17 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-25 05:17 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-25 00:49 . 2011-09-22 02:57 -------- d-----w- c:\users\dell\AppData\Roaming\DC++
2011-08-25 00:49 . 2011-09-17 23:53 -------- d-----w- c:\users\dell\AppData\Local\DC++
2011-08-25 00:49 . 2011-08-25 00:49 -------- d-----w- c:\program files (x86)\DC++
2011-08-25 00:39 . 2011-09-19 01:42 -------- d-----w- c:\users\dell\AppData\Roaming\IDM
2011-08-25 00:39 . 2011-08-25 00:40 -------- d-----w- c:\program files (x86)\Internet Download Manager
2011-08-25 00:29 . 2011-09-22 04:15 -------- d-----w- c:\users\dell\AppData\Roaming\DMCache
2011-08-24 23:17 . 2011-08-24 23:17 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2011-08-24 23:17 . 2011-08-24 23:17 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-08-24 23:14 . 2011-08-24 23:14 -------- d-----r- C:\MSOCache
2011-08-23 23:17 . 2011-04-28 03:55 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-08-23 23:17 . 2011-04-28 03:54 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-08-23 23:17 . 2010-11-20 13:24 229376 ----a-w- c:\windows\system32\fsquirt.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-04 18:16 . 2011-08-06 22:38 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-26 21:56 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-08-26 21:56 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-08-22 17:17 . 2011-08-22 17:17 75776 ----a-w- c:\windows\cadkasdeinst01e.exe
2011-08-14 23:04 . 2011-08-14 23:05 39544 ----a-w- c:\windows\system32\drivers\mscank64.sys
2011-08-14 23:04 . 2011-08-14 23:05 18488 ----a-w- c:\windows\system32\drivers\EMLTDI.SYS
2011-08-14 23:04 . 2011-08-14 23:04 47160 ----a-w- c:\windows\system32\drivers\catflt.sys
2011-08-14 23:02 . 2011-08-14 23:02 59960 ----a-w- c:\windows\system32\drivers\ggc.sys
2011-08-07 00:00 . 2011-08-06 23:07 131336 ----a-w- c:\windows\SysWow64\drivers\avfwot.sys
2011-07-17 15:34 . 2011-07-17 15:34 2048 ----a-w- c:\windows\SysWow64\winver.exe
2011-07-17 15:34 . 2011-07-17 15:34 113543 ----a-w- c:\windows\SysWow64\slmgr.vbs
2011-07-16 05:41 . 2011-08-16 16:40 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-16 05:41 . 2011-08-16 16:40 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-16 05:41 . 2011-08-16 16:39 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-16 05:39 . 2011-08-16 16:39 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-16 05:37 . 2011-08-16 16:40 421888 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 05:21 . 2011-08-16 16:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:21 . 2011-08-16 16:39 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:21 . 2011-08-16 16:39 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:21 . 2011-08-16 16:39 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:21 . 2011-08-16 16:39 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:21 . 2011-08-16 16:39 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:21 . 2011-08-16 16:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:21 . 2011-08-16 16:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:21 . 2011-08-16 16:39 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:21 . 2011-08-16 16:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:21 . 2011-08-16 16:39 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:21 . 2011-08-16 16:39 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:21 . 2011-08-16 16:39 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:21 . 2011-08-16 16:39 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:21 . 2011-08-16 16:39 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:21 . 2011-08-16 16:39 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:21 . 2011-08-16 16:39 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:21 . 2011-08-16 16:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:21 . 2011-08-16 16:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:21 . 2011-08-16 16:39 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:21 . 2011-08-16 16:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:21 . 2011-08-16 16:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:21 . 2011-08-16 16:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:21 . 2011-08-16 16:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:21 . 2011-08-16 16:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:21 . 2011-08-16 16:39 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:21 . 2011-08-16 16:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:21 . 2011-08-16 16:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:29 . 2011-08-16 16:39 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:26 . 2011-08-16 16:39 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-16 04:25 . 2011-08-16 16:39 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-16 04:24 . 2011-08-16 16:39 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-07-16 04:24 . 2011-08-16 16:40 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:15 . 2011-08-16 16:39 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-16 16:39 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-16 16:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-16 16:39 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-16 16:39 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-16 16:39 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-16 16:39 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-16 16:39 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-16 16:39 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-16 16:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-16 16:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:15 . 2011-08-16 16:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:15 . 2011-08-16 16:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:15 . 2011-08-16 16:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:15 . 2011-08-16 16:39 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:15 . 2011-08-16 16:39 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:15 . 2011-08-16 16:39 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:15 . 2011-08-16 16:39 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:15 . 2011-08-16 16:39 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:15 . 2011-08-16 16:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:15 . 2011-08-16 16:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:15 . 2011-08-16 16:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:15 . 2011-08-16 16:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:15 . 2011-08-16 16:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:21 . 2011-08-16 16:39 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-07-16 02:21 . 2011-08-16 16:39 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-07-16 02:17 . 2011-08-16 16:39 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17 . 2011-08-16 16:39 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17 . 2011-08-16 16:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-16 02:17 . 2011-08-16 16:39 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-09 02:46 . 2011-08-16 17:05 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-24 05:34 . 2011-08-16 16:40 214528 ----a-w- c:\windows\system32\winsrv.dll
2011-06-24 05:25 . 2011-08-16 16:40 338432 ----a-w- c:\windows\system32\conhost.exe
.
.
((((((((((((((((((((((((((((( [email protected]_17.57.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-08-16 17:28 . 2011-09-08 02:42 87940 c:\windows\SysWOW64\Adobe\Shockwave 11\uninstaller.exe
+ 2011-08-16 17:28 . 2011-09-15 04:32 87940 c:\windows\SysWOW64\Adobe\Shockwave 11\uninstaller.exe
+ 2011-07-17 15:49 . 2011-09-21 22:31 43394 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-09-22 03:51 32236 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-07-17 15:36 . 2011-09-22 03:51 12640 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2062792807-2238250182-3287164389-1000_UserData.bin
- 2009-07-14 05:30 . 2011-08-28 04:09 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2011-09-14 02:52 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2010-10-20 06:34 . 2010-10-20 06:34 56344 c:\windows\system32\DriverStore\FileRepository\heci.inf_amd64_neutral_8ac1feb3337b1441\HECIx64.sys
+ 2010-10-20 06:34 . 2010-10-20 06:34 56344 c:\windows\system32\drivers\HECIx64.sys
+ 2011-07-17 15:27 . 2011-09-13 00:57 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-17 15:27 . 2011-09-10 21:56 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-17 15:27 . 2011-09-10 21:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-07-17 15:27 . 2011-09-13 00:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-09-10 21:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-09-13 00:57 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-18 23:41 . 2011-09-18 23:41 22528 c:\windows\Installer\b919f2.msi
+ 2011-09-18 23:39 . 2011-09-18 23:39 23040 c:\windows\Installer\b919ba.msi
+ 2011-09-18 23:39 . 2011-09-18 23:39 31232 c:\windows\Installer\b919b3.msi
+ 2011-07-21 19:43 . 2011-07-21 19:43 27648 c:\windows\Installer\3186128.msp
+ 2011-09-12 23:24 . 2011-09-12 23:24 25088 c:\windows\Installer\153a571.msi
+ 2011-09-18 23:37 . 2011-09-18 23:37 10134 c:\windows\Installer\{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}\ARPPRODUCTICON.exe
+ 2011-09-18 23:37 . 2011-09-18 23:37 10134 c:\windows\Installer\{D1A19B02-817E-4296-A45B-07853FD74D57}\ARPPRODUCTICON.exe
+ 2011-09-18 23:40 . 2011-09-18 23:40 10134 c:\windows\Installer\{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}\ARPPRODUCTICON.exe
+ 2011-09-18 23:40 . 2011-09-18 23:40 10134 c:\windows\Installer\{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}\ARPPRODUCTICON.exe
+ 2011-09-18 23:37 . 2011-09-18 23:37 10134 c:\windows\Installer\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}\ARPPRODUCTICON.exe
+ 2011-09-18 23:39 . 2011-09-18 23:39 10134 c:\windows\Installer\{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}\ARPPRODUCTICON.exe
+ 2011-09-18 23:40 . 2011-09-18 23:40 10134 c:\windows\Installer\{925D058B-564A-443A-B4B2-7E90C6432E55}\ARPPRODUCTICON.exe
- 2011-08-24 23:19 . 2011-08-25 10:01 34144 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2011-08-24 23:19 . 2011-09-17 00:09 34144 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2011-08-24 23:19 . 2011-09-17 00:09 42848 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe
- 2011-08-24 23:19 . 2011-08-25 10:01 42848 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe
+ 2011-08-24 23:19 . 2011-09-17 00:09 19296 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2011-08-24 23:19 . 2011-08-25 10:01 19296 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-09-18 23:40 . 2011-09-18 23:40 10134 c:\windows\Installer\{8557397C-A42D-486F-97B3-A2CBC2372593}\ARPPRODUCTICON.exe
+ 2011-09-18 23:38 . 2011-09-18 23:38 10134 c:\windows\Installer\{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}\ARPPRODUCTICON.exe
+ 2011-09-18 23:40 . 2011-09-18 23:40 10134 c:\windows\Installer\{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}\ARPPRODUCTICON.exe
+ 2011-09-18 23:40 . 2011-09-18 23:40 10134 c:\windows\Installer\{1E9FC118-651D-4934-97BE-E53CAE5C7D45}\ARPPRODUCTICON.exe
+ 2011-09-19 13:37 . 2011-09-19 13:37 81350 c:\windows\Installer\{137EA7E1-D30B-4373-B8B6-CB7E85107F6D}\AngryBirdsRio.exe
+ 2011-09-18 23:40 . 2011-09-18 23:40 10134 c:\windows\Installer\{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}\ARPPRODUCTICON.exe
+ 2011-09-18 23:37 . 2011-09-18 23:37 10134 c:\windows\Installer\{08D2E121-7F6A-43EB-97FD-629B44903403}\ARPPRODUCTICON.exe
+ 2011-09-18 23:38 . 2011-09-18 23:38 10134 c:\windows\Installer\{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}\ARPPRODUCTICON.exe
+ 2011-06-06 19:55 . 2011-06-06 19:55 73624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\wow_helper.exe
+ 2011-06-06 19:55 . 2011-06-06 19:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 19:55 . 2011-06-06 19:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 19:55 . 2011-06-06 19:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 19:55 . 2011-06-06 19:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 19:55 . 2011-06-06 19:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
- 2011-07-26 06:40 . 2011-09-12 06:11 3202 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-07-26 06:40 . 2011-09-21 10:50 3202 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-09-15 20:30 . 2011-09-15 20:30 9560 c:\windows\system32\NetworkList\Icons\{EF53CBDA-2432-4BD9-B562-BBB422DC6036}_48.bin
+ 2011-09-15 20:30 . 2011-09-15 20:30 4280 c:\windows\system32\NetworkList\Icons\{EF53CBDA-2432-4BD9-B562-BBB422DC6036}_32.bin
+ 2011-09-15 20:30 . 2011-09-15 20:30 2456 c:\windows\system32\NetworkList\Icons\{EF53CBDA-2432-4BD9-B562-BBB422DC6036}_24.bin
+ 2011-09-15 20:30 . 2011-09-15 20:30 9560 c:\windows\system32\NetworkList\Icons\{E52EF222-104C-4EF0-8C0D-DA0958FC1C7A}_48.bin
+ 2011-09-15 20:30 . 2011-09-15 20:30 4280 c:\windows\system32\NetworkList\Icons\{E52EF222-104C-4EF0-8C0D-DA0958FC1C7A}_32.bin
+ 2011-09-15 20:30 . 2011-09-15 20:30 2456 c:\windows\system32\NetworkList\Icons\{E52EF222-104C-4EF0-8C0D-DA0958FC1C7A}_24.bin
- 2011-08-06 01:21 . 2011-08-06 01:21 9560 c:\windows\system32\NetworkList\Icons\{A54F9191-61F6-4FF8-9EE5-33BC70D6B119}_48.bin
+ 2011-08-06 01:21 . 2011-09-12 18:05 9560 c:\windows\system32\NetworkList\Icons\{A54F9191-61F6-4FF8-9EE5-33BC70D6B119}_48.bin
+ 2011-08-06 01:21 . 2011-09-12 18:05 4280 c:\windows\system32\NetworkList\Icons\{A54F9191-61F6-4FF8-9EE5-33BC70D6B119}_32.bin
- 2011-08-06 01:21 . 2011-08-06 01:21 4280 c:\windows\system32\NetworkList\Icons\{A54F9191-61F6-4FF8-9EE5-33BC70D6B119}_32.bin
+ 2011-08-06 01:21 . 2011-09-12 18:05 2456 c:\windows\system32\NetworkList\Icons\{A54F9191-61F6-4FF8-9EE5-33BC70D6B119}_24.bin
- 2011-08-06 01:21 . 2011-08-06 01:21 2456 c:\windows\system32\NetworkList\Icons\{A54F9191-61F6-4FF8-9EE5-33BC70D6B119}_24.bin
+ 2011-09-22 04:01 . 2011-09-22 04:01 4276 c:\windows\system32\Native\nvdb.dat
+ 2011-07-17 15:25 . 2011-09-22 02:57 5156 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2011-07-17 15:25 . 2011-09-12 13:01 5156 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2011-09-22 03:49 . 2011-09-22 03:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-09-12 17:14 . 2011-09-12 17:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-09-22 03:49 . 2011-09-22 03:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-09-12 17:14 . 2011-09-12 17:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-03-05 17:13 . 2010-03-05 17:13 947472 c:\windows\SysWOW64\msjava.dll
- 2009-07-13 23:26 . 2009-07-14 01:15 361472 c:\windows\SysWOW64\IME\IMEJP10\IMJPAPI.DLL
+ 2011-09-14 22:18 . 2011-07-27 04:27 361472 c:\windows\SysWOW64\IME\IMEJP10\IMJPAPI.DLL
+ 2011-08-02 01:17 . 2011-09-22 02:29 333826 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
- 2009-07-14 02:36 . 2011-09-11 20:24 615360 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-09-21 18:37 615360 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-09-11 20:24 103702 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-09-21 18:37 103702 c:\windows\system32\perfc009.dat
+ 2011-09-14 22:18 . 2011-07-27 05:33 546304 c:\windows\system32\IME\IMEJP10\IMJPAPI.DLL
- 2009-07-13 23:40 . 2009-07-14 01:41 546304 c:\windows\system32\IME\IMEJP10\IMJPAPI.DLL
- 2009-07-14 05:30 . 2011-08-28 04:09 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-09-14 02:52 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-08-27 06:12 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2011-09-14 02:52 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 04:46 . 2011-09-12 06:26 122744 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2011-09-21 19:50 122744 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-07-20 20:53 . 2011-09-17 00:09 873136 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2011-09-22 02:57 478984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-09-08 07:51 . 2011-09-17 21:06 395268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2062792807-2238250182-3287164389-1000-12288.dat
+ 2010-04-07 13:08 . 2010-04-07 13:08 532992 c:\windows\Installer\b919e4.msi
+ 2010-04-07 13:08 . 2010-04-07 13:08 620032 c:\windows\Installer\b919d6.msi
+ 2010-04-07 13:08 . 2010-04-07 13:08 510976 c:\windows\Installer\b919c8.msi
+ 2010-04-07 13:08 . 2010-04-07 13:08 607744 c:\windows\Installer\b919c1.msi
+ 2010-04-07 13:08 . 2010-04-07 13:08 606208 c:\windows\Installer\b9199e.msi
+ 2010-04-07 13:08 . 2010-04-07 13:08 725504 c:\windows\Installer\b91990.msi
- 2011-09-06 02:23 . 2011-09-06 02:23 115474 c:\windows\Installer\{9E4F7DD0-C596-4501-AE16-77F18F7EE694}\AngryBirdsSeasons.exe
+ 2011-09-19 13:30 . 2011-09-19 13:30 115474 c:\windows\Installer\{9E4F7DD0-C596-4501-AE16-77F18F7EE694}\AngryBirdsSeasons.exe
+ 2011-08-24 23:19 . 2011-09-17 00:09 415584 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2011-08-24 23:19 . 2011-08-25 10:01 415584 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2011-08-24 23:19 . 2011-09-17 00:09 303456 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2011-08-24 23:19 . 2011-08-25 10:01 303456 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2011-08-24 23:19 . 2011-08-25 10:01 571232 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2011-08-24 23:19 . 2011-09-17 00:09 571232 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2011-08-24 23:19 . 2011-08-25 10:01 326496 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe
+ 2011-08-24 23:19 . 2011-09-17 00:09 326496 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe
- 2011-08-24 23:19 . 2011-08-25 10:01 469856 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-08-24 23:19 . 2011-09-17 00:09 469856 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2011-08-24 23:19 . 2011-08-25 10:01 178528 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
+ 2011-08-24 23:19 . 2011-09-17 00:09 178528 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
+ 2011-09-19 13:35 . 2011-09-19 13:35 100061 c:\windows\Installer\{1E11EE30-C0D4-46BC-9142-27EB4C37BE35}\AngryBirds.exe
- 2011-09-06 03:13 . 2011-09-06 03:13 100061 c:\windows\Installer\{1E11EE30-C0D4-46BC-9142-27EB4C37BE35}\AngryBirds.exe
+ 2011-06-06 19:55 . 2011-06-06 19:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 19:55 . 2011-06-06 19:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2009-07-14 04:45 . 2011-09-19 13:06 4976248 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2011-09-19 13:09 7413104 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-09-12 04:00 7413104 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-08-27 04:03 . 2011-09-22 02:57 3270035 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2062792807-2238250182-3287164389-1000-8192.dat
+ 2006-12-02 09:20 . 2006-12-02 09:20 3227648 c:\windows\Installer\e8807f.msi
+ 2010-04-07 13:08 . 2010-04-07 13:08 2258944 c:\windows\Installer\b919f9.msi
+ 2010-04-07 13:08 . 2010-04-07 13:08 9998336 c:\windows\Installer\b919eb.msi
+ 2010-04-07 13:08 . 2010-04-07 13:08 3123200 c:\windows\Installer\b919dd.msi
+ 2010-04-07 13:08 . 2010-04-07 13:08 1911808 c:\windows\Installer\b919cf.msi
+ 2010-04-07 13:08 . 2010-04-07 13:08 1528320 c:\windows\Installer\b919ac.msi
+ 2010-04-07 13:08 . 2010-04-07 13:08 3670016 c:\windows\Installer\b91997.msi
+ 2010-04-07 13:08 . 2010-04-07 13:08 1997312 c:\windows\Installer\b91989.msi
+ 2010-04-07 13:08 . 2010-04-07 13:08 2211328 c:\windows\Installer\b91982.msi
+ 2011-04-16 07:14 . 2011-04-16 07:14 3186176 c:\windows\Installer\5fdb0a.msi
+ 2011-08-16 06:56 . 2011-08-16 06:56 3460096 c:\windows\Installer\5f4a8c2.msp
+ 2011-08-01 11:18 . 2011-08-01 11:18 1269760 c:\windows\Installer\11c227.msi
+ 2011-07-28 06:48 . 2011-07-28 06:48 1282560 c:\windows\Installer\11c223.msi
+ 2011-07-15 12:09 . 2011-07-15 12:09 1328640 c:\windows\Installer\11c21d.msi
- 2011-08-24 23:19 . 2011-08-25 10:01 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-08-24 23:19 . 2011-09-17 00:09 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2011-08-24 23:19 . 2011-08-25 10:01 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2011-08-24 23:19 . 2011-09-17 00:09 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2011-08-24 23:19 . 2011-08-25 10:01 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2011-08-24 23:19 . 2011-09-17 00:09 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2011-08-24 23:19 . 2011-08-25 10:01 1449312 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-08-24 23:19 . 2011-09-17 00:09 1449312 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-06-06 19:55 . 2011-06-06 19:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 19:55 . 2011-06-06 19:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
- 2009-07-14 02:34 . 2011-09-08 07:51 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-09-15 09:22 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-08-25 10:03 . 2011-09-06 21:24 47946184 c:\windows\system32\MRT.exe
+ 2010-04-07 13:08 . 2010-04-07 13:08 12719104 c:\windows\Installer\b919a5.msi
+ 2011-09-05 22:01 . 2011-09-05 22:01 13135872 c:\windows\Installer\9ce5b.msp
+ 2011-06-06 19:55 . 2011-06-06 19:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2010-01-16 717696]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Facebook Update"="c:\users\dell\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-08-06 137536]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2010-12-24 3293184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-11 487561]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\QUICKH~1\GUARDI~1\nativscn.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R0 mscank;mscank;c:\windows\system32\DRIVERS\mscank64.sys [x]
R2 Cleaning Service;Cleaning Service;c:\progra~1\QUICKH~1\GUARDI~1\ntclnsrv.exe [2011-08-14 75128]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-06 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-06 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 ggc;ggc;c:\windows\system32\DRIVERS\ggc.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 catflt;catflt;c:\windows\system32\DRIVERS\catflt.sys [x]
S2 Core Mail Protection;Core Mail Protection;c:\progra~1\QUICKH~1\GUARDI~1\EMLPROXY.EXE [2011-08-14 24952]
S2 Core Scanning Server;Core Scanning Server;c:\progra~1\QUICKH~1\GUARDI~1\SAPISSVC.EXE [2011-08-14 76152]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2010-01-11 155648]
S2 EMLSS;EMLSS;c:\windows\system32\drivers\emltdi.sys [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 Online Protection System;Online Protection System;c:\progra~1\QUICKH~1\GUARDI~1\opssvc.exe [2011-08-14 25464]
S2 Quick Update Service;Quick Update Service;c:\progra~1\QUICKH~1\GUARDI~1\quhlpsvc.exe [2011-08-14 66936]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2062792807-2238250182-3287164389-1000Core.job
- c:\users\dell\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-06 01:59]
.
2011-09-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2062792807-2238250182-3287164389-1000UA.job
- c:\users\dell\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-06 01:59]
.
2011-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-06 22:19]
.
2011-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-06 22:19]
.
2011-09-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2062792807-2238250182-3287164389-1000Core.job
- c:\users\dell\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-25 22:19]
.
2011-09-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2062792807-2238250182-3287164389-1000UA.job
- c:\users\dell\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-25 22:19]
.
2011-09-22 c:\windows\Tasks\Resume Quickup Download.job
- c:\progra~1\QUICKH~1\GUARDI~1\ACAPPAA.EXE [2011-08-14 23:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2010-12-23 19:09 83696 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]
"Quick Heal Core UI"="c:\progra~1\QUICKH~1\GUARDI~1\strtupap.exe" [2011-08-14 49016]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.ChatVibes.com
mStart Page = hxxp://search.ChatVibes.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files (x86)\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.121.12 192.168.121.14
FF - ProfilePath - c:\users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\96fsv0a6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.in/
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\system32\StikyNot.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2062792807-2238250182-3287164389-1000\Software\SecuROM\License information*]
"datasecu"=hex:0f,b0,55,c2,b9,d3,ce,bd,08,48,89,30,cf,d7,d5,ab,c5,c2,16,3d,87,
c7,78,36,8e,a6,24,f2,89,2e,d5,3d,f7,24,e7,bb,8b,52,c4,b3,a3,ab,ec,ac,e3,65,\
"rkeysecu"=hex:cc,e7,c4,91,2c,c5,6f,03,c6,6f,4b,1e,9c,ab,97,7f
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-09-21 21:18:05
ComboFix-quarantined-files.txt 2011-09-22 04:18
ComboFix2.txt 2011-09-12 17:59
.
Pre-Run: 35,624,796,160 bytes free
Post-Run: 35,119,419,392 bytes free
.
- - End Of File - - 8CED850AA0C2CBE91757EFA070695BE9





Tell me what to do next?
Thank You
 

Attachments

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Did you have trouble running the online scan at Eset? Please refer back to last set of instructions. :)
 

·
Registered
Joined
·
5 Posts
Discussion Starter · #7 ·
Sir,
I ran the Eset online scan today and it took almost 4 hours to complete.
During this i found that my system's performance was highly reduced and it finally regauned after 3 hours during the scan.

Total 5 files were found to be infected which are as listed below:-


E:\DC++ Downloads\Games\Angry Birds\Angry.Birds.v1.6.2.rar a variant of Win32/HackTool.Patcher.D application
E:\DC++ Downloads\Games\Angry Birds\Angry Birds Cracked Final Complete Pack [world4free.in]\Angry.Birds.v1.6.2.cracked.READ.NFO-THETA\Angry.Birds.v1.6.2.cracked.READ.NFO-THETA\Patch\Patch.exe a variant of Win32/HackTool.Patcher.D application
E:\DC++ Downloads\Setups\Google Products\Google Earth Pro Plus\Google Earth Plus v5.2.1.1329.exe a variant of Win32/Injector.ITQ trojan
E:\DC++ Downloads\Setups\Media Players\VLC\vlc-1.1.4-win32 (2).exe Win32/Virut.NBP virus
E:\DC++ Downloads\Setups\Office\Office 2010\mini-KMS_Activator_v1.052.exe Win32/HackKMS.A application


Now what to do next?

ThankYou
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Hello architir,

I somehow lost my subscription to this thread. If I ever don't respond within 24 hours, send me a PM. :)

All of those detections by Eset need to be removed. Crack programs are not only illegal, they are what caused the infection in this machine.

Please uninstall all of these cracked programs:

Angry Birds
Angry Birds Rio
Angry Birds Seasons
Google Earth
Microsoft Office

Run a new scan with DDS and post both logs it creates.

How is the machine behaving now?
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
You're welcome. :)

We have some final housekeeping to tend to now. Please do not skip this step as it will implement important cleanup procedures, as well as reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point for you.


Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /uninstall

--------------------------------------------------------------------

Should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via PayPal.


To help protect your computer in the future I recommend that you follow these steps and look into the following free programs:

  • Microsoft Windows Update - http://www.windowsupdate.com
    Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


  • WOT, Web of Trust, As 'Googling' is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE.


  • Scan here Secunia - The Leading Provider of Vulnerability Management and Vulnerability Intelligence Solutions for out of date & vulnerable common applications on your computer

  • BACKING UP YOUR REGISTRY
    ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders System Restore unavailable by simple means. With ERUNT, you're able to restore the damaged Registry.

    Vista/Windows 7 users - see this link for proper setup of Erunt Automatically Backup your Windows Vista Registry daily using ERUNT - The Winhelponline Blog


In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles


Best Wishes to you. :wave:
 
1 - 10 of 10 Posts
Status
Not open for further replies.
Top