Solved Another victim of Sirefef.m , Sirefef.w , Sirefef.ab

[Goatb0y]

Re- installed MSE ,(since it was not working)
windows 7 64 bit is getting a critical error, In a restart loop every min ever since.
Im posting this from Ubuntu OS from the same laptop

Is having Ubuntu 12 in this case beneficial?
I dont have access to a another system now.

Will post the Frst.exe log asap

HelP! May-Day ! May - Day

 

[Goatb0y]

Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 26-07-2012 20:14:13
Running from H:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet002

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2531624 2010-12-16] (Synaptics Incorporated)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [4479648 2011-01-25] (Dell Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167960 2011-03-29] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [391704 2011-03-29] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [418840 2011-03-29] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6561384 2010-12-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 [2186856 2010-12-10] (Realtek Semiconductor)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [] [x]
HKU\sid\...\Run: [] [x]
HKU\sid\...\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray [1084840 2012-05-16] (Nokia)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
AppInit_DLLs: C:\Windows\system32\nvinitx.dll

==================== Services (Whitelisted) ======

2 Autodesk Content Service; "C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe" [18656 2011-02-02] ()
2 BTHSSecurityMgr; "C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe" [135952 2012-03-07] (Intel(R) Corporation)
2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [542552 2012-04-10] ()
3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [77520 2012-04-10] ()
2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [329544 2012-04-02] ()
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-04-17] ()
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe /StartService [278336 2011-09-19] (NVIDIA)
2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2656280 2010-12-20] (Intel Corporation)
2 ZeroConfigService; "C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe" [2671376 2012-04-17] (Intel® Corporation)

========================== Drivers (Whitelisted) =============

1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [272448 2011-12-02] (DT Soft Ltd)
3 epmntdrv; \??\C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] ()
3 EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()
3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
3 iBtFltCoex; C:\Windows\System32\Drivers\iBtFltCoex.sys [60416 2011-12-09] (Intel Corporation)
1 nvkflt; C:\Windows\System32\Drivers\nvkflt.sys [249152 2012-05-15] (NVIDIA Corporation)
3 nvoclk64; C:\Windows\System32\Drivers\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [526392 2011-12-02] (Duplex Secure Ltd.)
3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltjx64.sys [9216 2012-01-09] (Nokia)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-26 01:27 - 2012-07-26 01:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2AA0020DA9B48E90
2012-07-26 01:27 - 2012-07-26 01:27 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cxstwfio.sys
2012-07-26 01:24 - 2012-07-26 01:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C8B7CA4A5C52A336
2012-07-26 01:21 - 2012-07-26 01:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.71122D9373C8F96A
2012-07-26 01:18 - 2012-07-26 01:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.560347A70CA17B92
2012-07-26 01:18 - 2012-07-26 01:18 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hmxulcyz.sys
2012-07-25 23:26 - 2012-07-25 23:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.161FAE6AE96E0C11
2012-07-25 21:41 - 2012-07-25 21:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3341FE63FE88642B
2012-07-25 21:39 - 2012-07-25 21:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B8F78FA34D89C3E1
2012-07-25 21:36 - 2012-07-25 21:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DC52FBDFC5BEB716
2012-07-25 21:22 - 2012-07-25 21:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1393E2475C0089EB
2012-07-25 21:19 - 2012-07-25 21:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.09969574390F3329
2012-07-25 21:00 - 2012-07-25 21:00 - 00347424 ____A (Microsoft Corporation) C:\Users\sid\Downloads\MicrosoftFixit.wu.LB.159266708634130137.2.1.Run.exe
2012-07-25 20:44 - 2012-07-25 20:44 - 00347424 ____A (Microsoft Corporation) C:\Users\sid\Downloads\MicrosoftFixit.wu.LB.159266708634130137.1.1.Run.exe
2012-07-25 20:39 - 2012-07-25 20:39 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-25 20:39 - 2012-07-25 20:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-25 20:34 - 2012-07-25 20:35 - 12621696 ____A (Microsoft Corporation) C:\Users\sid\Downloads\mseinstall.exe
2012-07-25 09:24 - 2012-07-25 21:23 - 00133404 ____A C:\Windows\WindowsUpdate.log
2012-07-24 04:09 - 2012-07-24 04:09 - 00065078 ____A C:\Users\sid\Downloads\bathory_a_fine_day_to_die.gp5
2012-07-24 03:11 - 2012-07-24 03:15 - 19939226 ____A C:\Users\sid\Downloads\1 - 1 - Class 1 - Introduction.mp4
2012-07-24 01:59 - 2012-07-24 01:59 - 04572057 ____A ( ) C:\Users\sid\Downloads\SetupSketchyPhysics3.2-Dec2.exe
2012-07-23 22:10 - 2012-07-23 23:01 - 00127176 ____A C:\Users\sid\Desktop\Neeraj.skb
2012-07-23 21:54 - 2012-07-23 23:02 - 00126371 ____A C:\Users\sid\Desktop\Neeraj.skp
2012-07-23 06:05 - 2012-07-23 06:05 - 00033462 ____A C:\Users\sid\Downloads\waking.life.(2001).eng.1cd.(3087952) (1).zip
2012-07-23 06:05 - 2012-07-23 06:05 - 00033461 ____A C:\Users\sid\Downloads\waking.life.(2001).eng.1cd.(3087952).zip
2012-07-22 10:22 - 2012-07-22 10:22 - 00015289 ____A C:\Users\sid\Downloads\1 - 3 - How to Write for this Course.srt
2012-07-22 10:22 - 2012-07-22 10:22 - 00012519 ____A C:\Users\sid\Downloads\1 - 2 - How to Read for this Course.srt
2012-07-22 10:22 - 2012-07-22 10:22 - 00012352 ____A C:\Users\sid\Downloads\1 - 1 - What this Course is About.srt
2012-07-22 10:20 - 2012-07-22 10:23 - 31499654 ____A C:\Users\sid\Downloads\1 - 2 - How to Read for this Course.mp4
2012-07-19 09:47 - 2012-07-19 09:47 - 01641413 ____A C:\Users\sid\Desktop\plans_recover.bak
2012-07-18 20:33 - 2012-07-20 01:33 - 01823205 ____A C:\Users\sid\Desktop\plans_recover.dwg
2012-07-17 09:52 - 2012-07-26 01:23 - 00003550 ____A C:\Windows\setupact.log
2012-07-17 09:52 - 2012-07-17 09:52 - 00000000 ____A C:\Windows\setuperr.log
2012-07-17 09:08 - 2012-07-17 09:08 - 00092248 ____A C:\Users\sid\Documents\cc_20120717_223831.reg
2012-07-16 15:22 - 2012-07-16 15:22 - 00169672 ____A C:\Users\sid\Documents\Untitleddd.skp
2012-07-15 05:58 - 2012-07-15 05:58 - 00440036 ____A C:\Users\sid\Documents\site.skp
2012-07-15 05:58 - 2012-07-15 05:58 - 00440036 ____A C:\Users\sid\Documents\site.skb
2012-07-15 04:00 - 2012-07-15 04:00 - 00223965 ____A C:\Users\sid\Documents\AutoSave_Untitled_3.skp
2012-07-15 03:43 - 2012-07-15 03:43 - 00000129 ____A C:\Users\sid\Desktop\plot.log
2012-07-13 21:10 - 2012-07-13 21:10 - 00000000 ____A C:\Users\sid\Desktop\New Text Document (2).txt
2012-07-13 03:08 - 2012-07-13 03:14 - 21255901 ____A C:\Users\sid\Documents\Untitled (2).mxi
2012-07-13 03:08 - 2012-07-13 03:12 - 13357488 ____A C:\Users\sid\Documents\Untitled (2).mxs
2012-07-13 03:08 - 2012-07-13 03:12 - 00000000 ____D C:\Users\sid\Documents\textures
2012-07-12 20:19 - 2012-07-12 20:19 - 00033690 ____A C:\Users\sid\Downloads\system_of_a_down_lonely_day.gp5
2012-07-12 09:19 - 2012-07-13 03:15 - 12795499 ____A C:\Users\sid\Documents\Untitled (2).skb
2012-07-11 21:10 - 2012-07-11 21:10 - 00000000 ____D C:\Program Files (x86)\Gophoto.it
2012-07-11 21:08 - 2012-07-11 21:10 - 00000000 ____D C:\Program Files (x86)\1ClickDownload
2012-07-11 21:08 - 2012-07-11 21:08 - 00274103 ____A C:\Users\sid\Downloads\Carl_Sagan_-_The_Demon-Haunted_World-_Science_as_a_Candle_in.exe
2012-07-11 19:24 - 2012-07-11 19:24 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-07-11 09:24 - 2012-07-11 09:24 - 00051712 ____A C:\Users\sid\Downloads\Lecture1.ppt
2012-07-11 08:34 - 2012-07-11 08:34 - 00000000 ____D C:\Users\All Users\Intel
2012-07-11 08:33 - 2012-07-11 08:33 - 00000000 ____D C:\Program Files (x86)\Cisco
2012-07-11 08:11 - 2012-07-11 08:11 - 00000000 ____D C:\Users\sid\AppData\Roaming\SystemRequirementsLab
2012-07-11 07:25 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 06:58 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 06:58 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 06:58 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 06:58 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 06:58 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 06:58 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 06:58 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 06:58 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 06:58 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 06:58 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 06:58 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 06:58 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 06:58 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 06:58 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 06:58 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-11 06:58 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-11 06:58 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-11 06:58 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-11 06:58 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-11 06:58 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-11 06:58 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-11 06:58 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-11 06:58 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-11 06:58 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-11 06:58 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-11 06:58 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-11 06:58 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-11 06:58 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-11 05:18 - 2003-07-15 18:33 - 00032845 ____A C:\Users\sid\Desktop\Black Sabbath - Iron Man (7).gp3
2012-07-10 21:50 - 2012-07-10 21:51 - 00000000 ____D C:\Users\sid\AppData\Local\NVIDIA Corporation
2012-07-10 19:47 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 19:47 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 19:47 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 19:47 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 19:47 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 19:47 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 19:47 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-10 19:47 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-10 19:46 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 19:46 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 19:46 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 19:46 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 19:46 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 19:46 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 19:46 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 19:46 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 19:46 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-10 19:41 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-10 19:40 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-06 20:26 - 1998-10-29 03:15 - 00306688 ____A (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2012-07-06 08:38 - 2012-07-06 08:47 - 00000428 ____A C:\Users\sid\Desktop\Router Settings.txt
2012-07-06 06:43 - 2012-07-06 06:43 - 01502710 ____A C:\Users\sid\Downloads\fwrnaisolation.zip
2012-07-06 06:21 - 2012-07-16 23:54 - 00000000 ____D C:\Users\sid\Desktop\sam
2012-07-05 20:06 - 2012-07-05 20:06 - 00000000 ____D C:\Users\sid\AppData\Local\NeoSmart_Technologies
2012-07-05 20:04 - 2012-07-05 20:04 - 00271568 ____A C:\ANG0
2012-07-05 20:04 - 2012-07-05 20:04 - 00000000 ____D C:\NST
2012-07-05 20:03 - 2012-07-05 20:03 - 00000000 ____D C:\Program Files (x86)\NeoSmart Technologies
2012-07-04 01:13 - 2012-07-04 01:13 - 00000000 ____D C:\DriveKey
2012-07-03 08:07 - 2012-07-03 08:07 - 00000000 ____D C:\Users\sid\Desktop\BN_data
2012-07-02 00:57 - 2012-07-02 00:57 - 00000000 ____D C:\Users\sid\AppData\Local\NokiaAccount
2012-07-01 23:44 - 2012-07-02 01:14 - 00000000 ____D C:\Users\sid\AppData\Roaming\Nokia
2012-07-01 23:44 - 2012-07-01 23:44 - 00000000 ____D C:\Users\sid\AppData\Roaming\Nokia Suite
2012-06-29 19:29 - 2012-06-29 19:44 - 00000000 ____D C:\Recovered Files
2012-06-29 19:25 - 2012-06-29 19:26 - 00000000 ____D C:\Program Files (x86)\Data Recover-Center
2012-06-29 19:25 - 2012-06-29 19:25 - 00001165 ____A C:\Users\UpdatusUser\Desktop\Data Recover-Center.lnk
2012-06-29 19:25 - 2012-06-29 19:25 - 00001165 ____A C:\Users\sid\Desktop\Data Recover-Center.lnk


============ 3 Months Modified Files ========================

2012-07-26 01:27 - 2012-07-26 01:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2AA0020DA9B48E90
2012-07-26 01:27 - 2012-07-26 01:27 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cxstwfio.sys
2012-07-26 01:24 - 2012-07-26 01:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C8B7CA4A5C52A336
2012-07-26 01:24 - 2012-07-25 09:24 - 00133404 ____A C:\Windows\WindowsUpdate.log
2012-07-26 01:23 - 2012-07-17 09:52 - 00003550 ____A C:\Windows\setupact.log
2012-07-26 01:23 - 2012-02-02 01:36 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-26 01:23 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-26 01:21 - 2012-07-26 01:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.71122D9373C8F96A
2012-07-26 01:18 - 2012-07-26 01:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.560347A70CA17B92
2012-07-26 01:18 - 2012-07-26 01:18 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hmxulcyz.sys
2012-07-25 23:26 - 2012-07-25 23:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.161FAE6AE96E0C11
2012-07-25 21:41 - 2012-07-25 21:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3341FE63FE88642B
2012-07-25 21:39 - 2012-07-25 21:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B8F78FA34D89C3E1
2012-07-25 21:36 - 2012-07-25 21:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DC52FBDFC5BEB716
2012-07-25 21:25 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-07-25 21:22 - 2012-07-25 21:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1393E2475C0089EB
2012-07-25 21:19 - 2012-07-25 21:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.09969574390F3329
2012-07-25 21:08 - 2011-12-02 01:48 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-644134914-3384040744-1973889131-1000UA.job
2012-07-25 21:06 - 2012-06-20 14:56 - 00000920 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-644134914-3384040744-1973889131-1000UA.job
2012-07-25 21:06 - 2012-06-20 14:56 - 00000898 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-644134914-3384040744-1973889131-1000Core.job
2012-07-25 21:00 - 2012-07-25 21:00 - 00347424 ____A (Microsoft Corporation) C:\Users\sid\Downloads\MicrosoftFixit.wu.LB.159266708634130137.2.1.Run.exe
2012-07-25 21:00 - 2009-07-13 20:45 - 00022064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-25 21:00 - 2009-07-13 20:45 - 00022064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-25 20:51 - 2012-02-02 01:36 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-25 20:44 - 2012-07-25 20:44 - 00347424 ____A (Microsoft Corporation) C:\Users\sid\Downloads\MicrosoftFixit.wu.LB.159266708634130137.1.1.Run.exe
2012-07-25 20:42 - 2009-07-13 21:13 - 00782272 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-25 20:39 - 2012-02-21 03:33 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-25 20:39 - 2011-12-02 02:35 - 00796422 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-25 20:36 - 2012-04-08 05:13 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-25 20:35 - 2012-07-25 20:34 - 12621696 ____A (Microsoft Corporation) C:\Users\sid\Downloads\mseinstall.exe
2012-07-25 07:49 - 2011-12-02 01:48 - 00000848 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-644134914-3384040744-1973889131-1000Core.job
2012-07-24 04:09 - 2012-07-24 04:09 - 00065078 ____A C:\Users\sid\Downloads\bathory_a_fine_day_to_die.gp5
2012-07-24 03:15 - 2012-07-24 03:11 - 19939226 ____A C:\Users\sid\Downloads\1 - 1 - Class 1 - Introduction.mp4
2012-07-24 01:59 - 2012-07-24 01:59 - 04572057 ____A ( ) C:\Users\sid\Downloads\SetupSketchyPhysics3.2-Dec2.exe
2012-07-23 23:02 - 2012-07-23 21:54 - 00126371 ____A C:\Users\sid\Desktop\Neeraj.skp
2012-07-23 23:01 - 2012-07-23 22:10 - 00127176 ____A C:\Users\sid\Desktop\Neeraj.skb
2012-07-23 06:05 - 2012-07-23 06:05 - 00033462 ____A C:\Users\sid\Downloads\waking.life.(2001).eng.1cd.(3087952) (1).zip
2012-07-23 06:05 - 2012-07-23 06:05 - 00033461 ____A C:\Users\sid\Downloads\waking.life.(2001).eng.1cd.(3087952).zip
2012-07-22 10:23 - 2012-07-22 10:20 - 31499654 ____A C:\Users\sid\Downloads\1 - 2 - How to Read for this Course.mp4
2012-07-22 10:22 - 2012-07-22 10:22 - 00015289 ____A C:\Users\sid\Downloads\1 - 3 - How to Write for this Course.srt
2012-07-22 10:22 - 2012-07-22 10:22 - 00012519 ____A C:\Users\sid\Downloads\1 - 2 - How to Read for this Course.srt
2012-07-22 10:22 - 2012-07-22 10:22 - 00012352 ____A C:\Users\sid\Downloads\1 - 1 - What this Course is About.srt
2012-07-22 09:03 - 2012-02-23 00:15 - 00016384 ____A C:\Users\sid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-20 01:33 - 2012-07-18 20:33 - 01823205 ____A C:\Users\sid\Desktop\plans_recover.dwg
2012-07-19 09:47 - 2012-07-19 09:47 - 01641413 ____A C:\Users\sid\Desktop\plans_recover.bak
2012-07-17 09:52 - 2012-07-17 09:52 - 00000000 ____A C:\Windows\setuperr.log
2012-07-17 09:08 - 2012-07-17 09:08 - 00092248 ____A C:\Users\sid\Documents\cc_20120717_223831.reg
2012-07-16 15:22 - 2012-07-16 15:22 - 00169672 ____A C:\Users\sid\Documents\Untitleddd.skp
2012-07-15 05:58 - 2012-07-15 05:58 - 00440036 ____A C:\Users\sid\Documents\site.skp
2012-07-15 05:58 - 2012-07-15 05:58 - 00440036 ____A C:\Users\sid\Documents\site.skb
2012-07-15 04:35 - 2012-03-07 23:54 - 00215742 ____A C:\Users\sid\Documents\Untitled.skb
2012-07-15 04:35 - 2012-02-14 18:20 - 00215742 ____A C:\Users\sid\Documents\Untitled.skp
2012-07-15 04:00 - 2012-07-15 04:00 - 00223965 ____A C:\Users\sid\Documents\AutoSave_Untitled_3.skp
2012-07-15 03:43 - 2012-07-15 03:43 - 00000129 ____A C:\Users\sid\Desktop\plot.log
2012-07-13 21:10 - 2012-07-13 21:10 - 00000000 ____A C:\Users\sid\Desktop\New Text Document (2).txt
2012-07-13 03:15 - 2012-07-12 09:19 - 12795499 ____A C:\Users\sid\Documents\Untitled (2).skb
2012-07-13 03:14 - 2012-07-13 03:08 - 21255901 ____A C:\Users\sid\Documents\Untitled (2).mxi
2012-07-13 03:12 - 2012-07-13 03:08 - 13357488 ____A C:\Users\sid\Documents\Untitled (2).mxs
2012-07-13 00:51 - 2009-07-13 21:08 - 00032574 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-12 20:19 - 2012-07-12 20:19 - 00033690 ____A C:\Users\sid\Downloads\system_of_a_down_lonely_day.gp5
2012-07-11 21:08 - 2012-07-11 21:08 - 00274103 ____A C:\Users\sid\Downloads\Carl_Sagan_-_The_Demon-Haunted_World-_Science_as_a_Candle_in.exe
2012-07-11 20:56 - 2012-04-08 05:13 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-11 20:56 - 2011-12-02 00:18 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-11 09:24 - 2012-07-11 09:24 - 00051712 ____A C:\Users\sid\Downloads\Lecture1.ppt
2012-07-11 07:29 - 2009-07-13 20:45 - 05125840 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 06:58 - 2011-12-02 00:50 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-06 08:47 - 2012-07-06 08:38 - 00000428 ____A C:\Users\sid\Desktop\Router Settings.txt
2012-07-06 06:43 - 2012-07-06 06:43 - 01502710 ____A C:\Users\sid\Downloads\fwrnaisolation.zip
2012-07-05 20:04 - 2012-07-05 20:04 - 00271568 ____A C:\ANG0
2012-07-05 11:04 - 2012-02-17 20:55 - 00001485 ___AH C:\Windows\EPMBatch.ept
2012-07-02 00:06 - 2012-03-27 07:19 - 00007607 ____A C:\Users\sid\AppData\Local\Resmon.ResmonCfg
2012-06-29 19:25 - 2012-06-29 19:25 - 00001165 ____A C:\Users\UpdatusUser\Desktop\Data Recover-Center.lnk
2012-06-29 19:25 - 2012-06-29 19:25 - 00001165 ____A C:\Users\sid\Desktop\Data Recover-Center.lnk
2012-06-22 20:57 - 2012-03-10 04:39 - 00000943 ____A C:\Users\UpdatusUser\Desktop\Audacity.lnk
2012-06-19 22:36 - 2012-06-19 22:36 - 00722782 ____A C:\Windows\unins000.exe
2012-06-19 22:36 - 2012-06-19 22:36 - 00012548 ____A C:\Windows\unins000.dat
2012-06-19 22:36 - 2012-06-19 22:36 - 00002118 ____A C:\Users\Public\Desktop\Studio Devil VGA II.lnk
2012-06-13 01:23 - 2012-06-13 01:23 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2012-06-11 20:06 - 2012-06-11 20:06 - 00921654 ____A C:\Users\sid\Documents\venkybrender.bmp
2012-06-11 19:08 - 2012-07-11 07:25 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-10 01:11 - 2012-06-10 01:11 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
2012-06-08 22:21 - 2012-06-08 22:21 - 01705494 ____A C:\Users\sid\Downloads\passport.zip
2012-06-08 22:21 - 2012-06-08 22:21 - 00424229 ____A C:\Users\sid\Downloads\DS Passport-last page.tif
2012-06-08 21:43 - 2012-07-10 19:47 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-10 19:47 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-10 19:47 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-10 19:47 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-10 19:40 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-10 19:47 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-10 19:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-10 19:41 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-04 22:56 - 2012-06-04 22:54 - 08103936 ____A C:\Users\sid\Downloads\Eq_Intr.ppt
2012-06-02 14:19 - 2012-06-20 23:08 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-20 23:08 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-20 23:08 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-20 23:08 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-20 23:08 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-20 23:08 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-20 23:08 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 04:49 - 2012-07-11 06:58 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-11 06:58 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-11 06:58 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-11 06:58 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-11 06:58 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-11 06:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-11 06:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-11 06:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-11 06:58 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-11 06:58 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-11 06:58 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-11 06:58 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-11 06:58 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-11 06:58 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:49 - 2012-06-20 23:08 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 01:45 - 2012-06-20 23:08 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 01:07 - 2012-07-11 06:58 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-11 06:58 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-11 06:58 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-11 06:58 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-11 06:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 06:58 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-11 06:58 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-11 06:58 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 06:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 06:58 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-11 06:58 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-11 06:58 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 06:58 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 06:58 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-10 19:46 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-10 19:46 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-10 19:46 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-10 19:46 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-10 19:46 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-10 19:46 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-10 19:46 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-10 19:46 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-10 19:46 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-28 00:27 - 2012-05-28 00:27 - 00002783 ____A C:\Users\sid\Documents\services.txt
2012-05-25 20:45 - 2012-05-25 20:45 - 00007864 ____A C:\Users\sid\Downloads\tataskymonthlystatementapril2012.zip
2012-05-22 15:58 - 2012-05-22 15:58 - 00021872 ____A C:\Users\sid\Documents\wmv1.wmv
2012-05-22 06:42 - 2012-05-22 06:42 - 00001209 ____A C:\Users\Public\Desktop\TempoPerfect Metronome Software.lnk
2012-05-21 08:23 - 2012-05-21 08:21 - 10104832 ____A ((c) Phoenix Technologies Ltd. ) C:\Users\sid\Documents\L502XA10.exe
2012-05-21 08:23 - 2012-05-21 08:21 - 08276776 ____A C:\Users\sid\Documents\USB3_Renesas_W7_A03_Setup-61X2W_ZPE.exe
2012-05-19 22:48 - 2012-05-19 22:48 - 00000635 ____A C:\Users\sid\Desktop\iw5sp - Shortcut.lnk
2012-05-19 00:51 - 2012-05-19 00:49 - 06526498 ____A C:\Users\sid\Downloads\4-123-fall-2003.zip
2012-05-16 03:28 - 2012-05-07 23:59 - 10978165 ____A C:\Users\sid\Documents\daaancebak.skb
2012-05-15 02:48 - 2012-05-28 04:11 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-05-15 02:48 - 2012-05-28 04:11 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-05-15 02:48 - 2012-05-28 04:11 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-05-15 02:48 - 2012-05-28 04:11 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-05-15 02:48 - 2012-05-28 04:11 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-05-15 02:48 - 2012-05-28 04:11 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-05-15 02:48 - 2012-05-28 04:11 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-05-15 02:48 - 2012-05-28 04:11 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-05-15 02:48 - 2012-05-28 04:11 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-05-15 02:48 - 2012-05-28 04:11 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-05-15 02:48 - 2012-05-28 04:11 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-05-15 02:48 - 2012-05-28 04:11 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-05-15 02:48 - 2012-05-28 04:11 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-05-15 02:48 - 2012-05-28 04:11 - 00364352 ____A (NVIDIA Corporation) C:\Windows\System32\nvdecodemft.dll
2012-05-15 02:48 - 2012-05-28 04:11 - 00301376 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvdecodemft.dll
2012-05-15 02:48 - 2012-05-28 04:11 - 00249152 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvkflt.sys
2012-05-15 02:48 - 2012-05-28 04:11 - 00028992 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvpciflt.sys
2012-05-15 02:48 - 2012-02-22 19:37 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-05-15 02:48 - 2012-02-22 19:37 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-05-15 02:48 - 2012-02-22 19:37 - 00068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-05-15 02:48 - 2012-02-22 19:37 - 00061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-05-15 02:48 - 2011-12-02 06:32 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-05-15 02:48 - 2011-12-02 06:32 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2012-05-15 02:48 - 2011-12-02 06:32 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
2012-05-15 02:48 - 2011-12-02 06:32 - 00818496 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2012-05-15 02:48 - 2011-12-01 08:01 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2012-05-15 02:48 - 2011-12-01 08:01 - 00949056 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2012-05-15 02:48 - 2011-12-01 08:01 - 00246592 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2012-05-15 02:48 - 2011-12-01 08:01 - 00202048 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2012-05-15 02:48 - 2011-12-01 08:01 - 00014324 ____A C:\Windows\System32\nvinfo.pb
2012-05-15 01:29 - 2011-04-21 07:05 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2012-05-15 01:29 - 2011-04-21 07:05 - 02621723 ____A C:\Windows\System32\nvcoproc.bin
2012-05-15 01:29 - 2011-04-21 07:05 - 02561856 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2012-05-15 01:29 - 2011-04-21 07:05 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-05-15 01:29 - 2011-04-21 07:05 - 00858944 ____A (NVIDIA Corporation) C:\Windows\System32\nv3dappshext.dll
2012-05-15 01:29 - 2011-04-21 07:05 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-05-15 01:29 - 2011-04-21 07:05 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-05-15 01:29 - 2011-04-21 07:05 - 00055616 ____A (NVIDIA Corporation) C:\Windows\System32\nv3dappshextr.dll
2012-05-15 01:28 - 2011-04-21 07:05 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-05-15 00:38 - 2012-05-15 00:38 - 10684466 ____A C:\Users\sid\Documents\daaancebak1.skp
2012-05-14 12:51 - 2012-05-14 12:51 - 00423744 ____A C:\Windows\SysWOW64\nvStreaming.exe
2012-05-12 00:19 - 2012-05-12 00:18 - 00019456 __ASH C:\Users\sid\Documents\Thumbs.db
2012-05-09 04:14 - 2012-05-07 22:31 - 09174155 ____A C:\Users\sid\Documents\daaancebak.skp
2012-05-09 00:35 - 2012-05-09 00:08 - 16499200 ____A C:\Users\sid\Documents\daaancebak.avi
2012-05-09 00:06 - 2012-05-08 23:53 - 12074496 ____A C:\Users\sid\Documents\final.avi
2012-05-09 00:00 - 2012-05-08 02:10 - 10623750 ____A (Macrovision Corporation) C:\Users\sid\Downloads\Unconfirmed 61985.crdownload
2012-05-09 00:00 - 2012-05-08 02:10 - 10132668 ____A (Macrovision Corporation) C:\Users\sid\Downloads\Unconfirmed 5284.crdownload
2012-05-09 00:00 - 2012-05-08 02:10 - 09907708 ____A (Macrovision Corporation) C:\Users\sid\Downloads\Unconfirmed 6752.crdownload
2012-05-08 23:01 - 2012-05-08 19:29 - 07994964 ____A C:\Users\sid\Documents\AutoSave_daaancebak.skp
2012-05-04 03:06 - 2012-06-13 01:44 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-13 01:44 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 01:44 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-03 17:36 - 2011-12-01 06:53 - 00180200 ____A C:\Users\sid\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-03 03:12 - 2012-05-03 03:12 - 00000532 ____A C:\Users\sid\AppData\Local\datos.txt
2012-05-03 02:14 - 2012-05-03 02:14 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_point64_01009.Wdf
2012-05-03 00:39 - 2012-05-03 00:24 - 13712351 ____A C:\Users\sid\Downloads\phys200.zip
2012-05-01 00:32 - 2012-05-01 00:32 - 00053027 ____A C:\Users\sid\Documents\AutoSave_Untitled_2.skp
2012-04-30 21:40 - 2012-06-13 01:44 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-30 03:20 - 2012-04-30 03:20 - 00007572 ____A C:\Users\sid\Desktop\911Tabs.Com - External Link.htm
2012-04-30 01:17 - 2012-04-30 01:17 - 00000000 ____A C:\Windows\SysWOW64\cd.dat
2012-04-29 02:57 - 2012-04-29 02:57 - 00000999 ____A C:\Users\sid\Downloads\GPass-en.bmk
2012-04-29 02:57 - 2012-04-29 01:33 - 00001399 ____A C:\Users\sid\Downloads\GPass.ini
2012-04-29 01:33 - 2012-04-29 01:33 - 00124968 ____A C:\Users\sid\Downloads\scap.dll

ZeroAccess:
C:\Windows\Installer\{847eeb52-e810-69e1-b2e3-a4591c763952}
C:\Windows\Installer\{847eeb52-e810-69e1-b2e3-a4591c763952}\@
C:\Windows\Installer\{847eeb52-e810-69e1-b2e3-a4591c763952}\L
C:\Windows\Installer\{847eeb52-e810-69e1-b2e3-a4591c763952}\n
C:\Windows\Installer\{847eeb52-e810-69e1-b2e3-a4591c763952}\U
C:\Windows\Installer\{847eeb52-e810-69e1-b2e3-a4591c763952}\U\00000001.@

ZeroAccess:
C:\Users\sid\AppData\Local\{847eeb52-e810-69e1-b2e3-a4591c763952}
C:\Users\sid\AppData\Local\{847eeb52-e810-69e1-b2e3-a4591c763952}\@
C:\Users\sid\AppData\Local\{847eeb52-e810-69e1-b2e3-a4591c763952}\L
C:\Users\sid\AppData\Local\{847eeb52-e810-69e1-b2e3-a4591c763952}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 19%
Total physical RAM: 3990.17 MB
Available physical RAM: 3200.21 MB
Total Pagefile: 3988.37 MB
Available Pagefile: 3188.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:93.13 GB) (Free:36.44 GB) NTFS
2 Drive d: (Local Disk) (Fixed) (Total:141.38 GB) (Free:13.42 GB) NTFS
3 Drive f: () (Fixed) (Total:175.78 GB) (Free:7.85 GB) NTFS
5 Drive h: () (Removable) (Total:3.75 GB) (Free:2.89 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 3072 KB
Disk 1 Online 3853 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 93 GB 101 MB
Partition 3 Primary 175 GB 93 GB
Partition 0 Extended 196 GB 269 GB
Partition 4 Logical 141 GB 269 GB
Partition 5 Logical 476 MB 410 GB
Partition 6 Logical 18 GB 410 GB
Partition 7 Logical 32 GB 429 GB
Partition 8 Logical 3814 MB 462 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 93 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F NTFS Partition 175 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 D Local Disk NTFS Partition 141 GB Healthy

==================================================================================

Disk: 0
Partition 5
Type : 83
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Disk: 0
Partition 6
Type : 83
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Disk: 0
Partition 7
Type : 83
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Disk: 0
Partition 8
Type : 82
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3851 MB 31 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT32 Removable 3851 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-19 05:18

======================= End Of Log ==========================

 

[Goatb0y]

Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-26 20:16:44
Running from H:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2012-07-25 21:25] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

 

[Jay Pfoutz]

Hello, and welcome to TechSpot.

Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information

• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
• If you have already asked for help somewhere, please post the link to the topic you were helped.
• We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

FRST64 Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
SubSystems: [Windows] ==> ZeroAccess
2012-07-26 01:27 - 2012-07-26 01:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2AA0020DA9B48E90
2012-07-26 01:27 - 2012-07-26 01:27 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cxstwfio.sys
2012-07-26 01:24 - 2012-07-26 01:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C8B7CA4A5C52A336
2012-07-26 01:21 - 2012-07-26 01:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.71122D9373C8F96A
2012-07-26 01:18 - 2012-07-26 01:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.560347A70CA17B92
2012-07-26 01:18 - 2012-07-26 01:18 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hmxulcyz.sys
2012-07-25 23:26 - 2012-07-25 23:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.161FAE6AE96E0C11
2012-07-25 21:41 - 2012-07-25 21:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3341FE63FE88642B
2012-07-25 21:39 - 2012-07-25 21:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B8F78FA34D89C3E1
2012-07-25 21:36 - 2012-07-25 21:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DC52FBDFC5BEB716
2012-07-25 21:22 - 2012-07-25 21:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1393E2475C0089EB
2012-07-25 21:19 - 2012-07-25 21:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.09969574390F3329
C:\Windows\Installer\{847eeb52-e810-69e1-b2e3-a4591c763952}
C:\Users\sid\AppData\Local\{847eeb52-e810-69e1-b2e3-a4591c763952}
Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.

 

[Goatb0y]

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-26 21:54:42 Run:1
Running from H:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\services.exe.2AA0020DA9B48E90 moved successfully.
C:\Windows\System32\Drivers\cxstwfio.sys moved successfully.
C:\Windows\System32\services.exe.C8B7CA4A5C52A336 moved successfully.
C:\Windows\System32\services.exe.71122D9373C8F96A moved successfully.
C:\Windows\System32\services.exe.560347A70CA17B92 moved successfully.
C:\Windows\System32\Drivers\hmxulcyz.sys moved successfully.
C:\Windows\System32\services.exe.161FAE6AE96E0C11 moved successfully.
C:\Windows\System32\services.exe.3341FE63FE88642B moved successfully.
C:\Windows\System32\services.exe.B8F78FA34D89C3E1 moved successfully.
C:\Windows\System32\services.exe.DC52FBDFC5BEB716 moved successfully.
C:\Windows\System32\services.exe.1393E2475C0089EB moved successfully.
C:\Windows\System32\services.exe.09969574390F3329 moved successfully.
C:\Windows\Installer\{847eeb52-e810-69e1-b2e3-a4591c763952} moved successfully.
C:\Users\sid\AppData\Local\{847eeb52-e810-69e1-b2e3-a4591c763952} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====



Thanx a tonne DragonMasterJay! The restarting has stopped
Now posting from Win7
instead of from Ubuntu..

Thanx again Man! ! !

 

[Jay Pfoutz]

ComboFix

Please download ComboFix

by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:

• Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
• It is important to rename ComboFix before the download.
• Please do not rename ComboFix to other names, but only the one indicated.

After the download:

• Close any open browsers.
• Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
• If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

• Double click on svchost.exe & follow the prompts.
• It will attempt to install the Recovery Console:

• When ComboFix finishes, it will produce a report for you.
• Please post the "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

 

[Goatb0y]

ComboFix 12-07-27.03 - sid 27-Jul-12 20:55:47.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3990.2274 [GMT 5.5:30]
Running from: c:\users\sid\Desktop\ComboFix.exe
AV: Microsoft Security Essentials Prerelease *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials Prerelease *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\sid\AppData\Local\datos.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-06-27 to 2012-07-27 )))))))))))))))))))))))))))))))
.
.
2012-07-27 15:42 . 2012-07-27 15:4269000----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A682B785-B3F1-4681-9F18-E91F835EF502}\offreg.dll
2012-07-27 04:13 . 2012-07-27 04:14--------d-----w-C:\FRST
2012-07-26 05:17 . 2012-07-15 21:109133488----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A682B785-B3F1-4681-9F18-E91F835EF502}\mpengine.dll
2012-07-26 04:58 . 2012-02-09 08:47927800----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{41CC4F44-05B1-4C1B-B47F-852CC81C82FD}\gapaengine.dll
2012-07-26 04:57 . 2012-02-09 08:47927800----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-07-26 04:39 . 2012-07-26 04:39--------d-----w-c:\program files (x86)\Microsoft Security Client
2012-07-26 04:39 . 2012-07-26 04:39--------d-----w-c:\program files\Microsoft Security Client
2012-07-12 05:10 . 2012-07-12 05:10--------d-----w-c:\program files (x86)\Gophoto.it
2012-07-12 05:08 . 2012-07-12 05:10--------d-----w-c:\program files (x86)\1ClickDownload
2012-07-12 03:24 . 2012-07-12 03:24--------d-sh--w-c:\windows\system32\%APPDATA%
2012-07-11 16:34 . 2012-07-11 16:34--------d-----w-c:\programdata\Intel
2012-07-11 16:33 . 2012-07-11 16:33--------d-----w-c:\program files (x86)\Cisco
2012-07-11 16:32 . 2012-07-11 16:32--------d--h--w-c:\windows\system32\WLANProfiles
2012-07-11 16:11 . 2012-07-11 16:11--------d-----w-c:\users\sid\AppData\Roaming\SystemRequirementsLab
2012-07-11 15:25 . 2012-06-12 03:083148800----a-w-c:\windows\system32\win32k.sys
2012-07-11 05:50 . 2012-07-11 05:51--------d-----w-c:\users\sid\AppData\Local\NVIDIA Corporation
2012-07-11 03:47 . 2012-06-06 06:062004480----a-w-c:\windows\system32\msxml6.dll
2012-07-11 03:47 . 2012-06-06 06:061881600----a-w-c:\windows\system32\msxml3.dll
2012-07-11 03:47 . 2012-06-06 05:051390080----a-w-c:\windows\SysWow64\msxml6.dll
2012-07-11 03:47 . 2012-06-06 05:051236992----a-w-c:\windows\SysWow64\msxml3.dll
2012-07-11 03:47 . 2010-06-26 03:552048----a-w-c:\windows\system32\msxml3r.dll
2012-07-11 03:47 . 2010-06-26 03:242048----a-w-c:\windows\SysWow64\msxml3r.dll
2012-07-11 03:47 . 2012-06-09 05:4314172672----a-w-c:\windows\system32\shell32.dll
2012-07-11 03:46 . 2012-06-02 05:50458704----a-w-c:\windows\system32\drivers\cng.sys
2012-07-11 03:46 . 2012-06-02 05:4895600----a-w-c:\windows\system32\drivers\ksecdd.sys
2012-07-11 03:46 . 2012-06-02 05:48151920----a-w-c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 03:46 . 2012-06-02 05:45340992----a-w-c:\windows\system32\schannel.dll
2012-07-11 03:46 . 2012-06-02 05:44307200----a-w-c:\windows\system32\ncrypt.dll
2012-07-11 03:46 . 2012-06-02 04:40225280----a-w-c:\windows\SysWow64\schannel.dll
2012-07-11 03:46 . 2012-06-02 04:39219136----a-w-c:\windows\SysWow64\ncrypt.dll
2012-07-11 03:46 . 2012-06-02 04:4022016----a-w-c:\windows\SysWow64\secur32.dll
2012-07-11 03:46 . 2012-06-02 04:3496768----a-w-c:\windows\SysWow64\sspicli.dll
2012-07-11 03:41 . 2012-06-06 06:05495616----a-w-c:\program files\Common Files\System\ado\msadox.dll
2012-07-11 03:41 . 2012-06-06 06:0561440----a-w-c:\program files\Common Files\System\ado\msador15.dll
2012-07-11 03:41 . 2012-06-06 06:05466944----a-w-c:\program files\Common Files\System\ado\msadomd.dll
2012-07-11 03:41 . 2012-06-06 06:051499136----a-w-c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 03:41 . 2012-06-06 06:05258048----a-w-c:\program files\Common Files\System\msadc\msadco.dll
2012-07-11 03:41 . 2012-06-06 05:05143360----a-w-c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-07-11 03:41 . 2012-06-06 05:05372736----a-w-c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-07-11 03:41 . 2012-06-06 05:0557344----a-w-c:\program files (x86)\Common Files\System\ado\msador15.dll
2012-07-11 03:41 . 2012-06-06 05:05352256----a-w-c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-07-11 03:41 . 2012-06-06 05:05212992----a-w-c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-07-11 03:41 . 2012-06-06 05:051019904----a-w-c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-11 03:41 . 2012-06-06 05:03805376----a-w-c:\windows\SysWow64\cdosys.dll
2012-07-11 03:40 . 2012-06-06 06:021133568----a-w-c:\windows\system32\cdosys.dll
2012-07-07 04:26 . 1998-10-29 11:15306688----a-w-c:\windows\IsUninst.exe
2012-07-06 04:06 . 2012-07-06 04:06--------d-----w-c:\users\sid\AppData\Local\NeoSmart_Technologies
2012-07-06 04:04 . 2012-07-06 04:04--------d-----w-C:\NST
2012-07-06 04:03 . 2012-07-06 04:03--------d-----w-c:\program files (x86)\NeoSmart Technologies
2012-07-04 09:13 . 2012-07-04 09:13--------d-----w-C:\DriveKey
2012-07-04 09:13 . 2001-09-04 22:48225280----a-w-c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-07-04 09:13 . 2001-09-04 22:4877824----a-w-c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-07-04 09:13 . 2001-09-04 22:44176128----a-w-c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-07-04 09:13 . 2001-09-04 22:4332768----a-w-c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-07-04 09:13 . 2001-09-04 21:54610436----a-w-c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-07-02 08:57 . 2012-07-02 08:57--------d-----w-c:\users\sid\AppData\Local\NokiaAccount
2012-07-02 07:44 . 2012-07-02 07:44--------d-----w-c:\users\sid\AppData\Roaming\Nokia Suite
2012-07-02 07:44 . 2012-07-02 09:14--------d-----w-c:\users\sid\AppData\Roaming\Nokia
2012-06-30 03:29 . 2012-06-30 03:44--------d-----w-C:\Recovered Files
2012-06-30 03:25 . 2012-06-30 03:26--------d-----w-c:\program files (x86)\Data Recover-Center
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 04:56 . 2012-04-08 13:13426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 04:56 . 2011-12-02 08:1870344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 14:58 . 2011-12-02 08:5059701280----a-w-c:\windows\system32\MRT.exe
2012-06-20 06:36 . 2012-06-20 06:36722782----a-w-c:\windows\unins000.exe
2012-06-02 22:19 . 2012-06-21 07:0838424----a-w-c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 07:082428952----a-w-c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 07:0844056----a-w-c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 07:0857880----a-w-c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 07:08701976----a-w-c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 07:082622464----a-w-c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 07:0899840----a-w-c:\windows\system32\wudriver.dll
2012-06-02 09:49 . 2012-06-21 07:08186752----a-w-c:\windows\system32\wuwebv.dll
2012-06-02 09:45 . 2012-06-21 07:0836864----a-w-c:\windows\system32\wuapp.exe
2012-05-24 11:38 . 2012-01-19 03:22737072----a-w-c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-05-24 11:38 . 2012-01-19 03:224283672----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-05-24 10:56 . 2012-01-19 03:1142776----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-05-24 10:56 . 2012-01-19 03:11539984----a-w-c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-05-15 10:48 . 2012-05-28 12:118105280----a-w-c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2012-05-28 12:11364352----a-w-c:\windows\system32\nvdecodemft.dll
2012-05-15 10:48 . 2012-05-28 12:11301376----a-w-c:\windows\SysWow64\nvdecodemft.dll
2012-05-15 10:48 . 2012-05-28 12:1128992----a-w-c:\windows\system32\drivers\nvpciflt.sys
2012-05-15 10:48 . 2012-05-28 12:1125743168----a-w-c:\windows\system32\nvoglv64.dll
2012-05-15 10:48 . 2012-05-28 12:11249152----a-w-c:\windows\system32\drivers\nvkflt.sys
2012-05-15 10:48 . 2012-05-28 12:1119607872----a-w-c:\windows\SysWow64\nvoglv32.dll
2012-05-15 10:48 . 2012-05-28 12:1114298944----a-w-c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:48 . 2012-05-28 12:1110194752----a-w-c:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2012-05-28 12:118139072----a-w-c:\windows\system32\nvcuda.dll
2012-05-15 10:48 . 2012-05-28 12:115982528----a-w-c:\windows\SysWow64\nvcuda.dll
2012-05-15 10:48 . 2012-05-28 12:112881856----a-w-c:\windows\system32\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-28 12:112681664----a-w-c:\windows\system32\nvcuvid.dll
2012-05-15 10:48 . 2012-05-28 12:112524992----a-w-c:\windows\SysWow64\nvcuvid.dll
2012-05-15 10:48 . 2012-05-28 12:1125248064----a-w-c:\windows\system32\nvcompiler.dll
2012-05-15 10:48 . 2012-05-28 12:112445120----a-w-c:\windows\SysWow64\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-28 12:1117551680----a-w-c:\windows\SysWow64\nvcompiler.dll
2012-05-15 10:48 . 2012-02-23 03:3768928----a-w-c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-02-23 03:3761248----a-w-c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-02-23 03:3718044224----a-w-c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2012-02-23 03:3715322432----a-w-c:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2011-12-02 14:32818496----a-w-c:\windows\SysWow64\nvumdshim.dll
2012-05-15 10:48 . 2011-12-02 14:322368832----a-w-c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2011-12-02 14:321738048----a-w-c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2011-12-02 14:321468224----a-w-c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2011-12-01 16:01949056----a-w-c:\windows\system32\nvumdshimx.dll
2012-05-15 10:48 . 2011-12-01 16:01246592----a-w-c:\windows\system32\nvinitx.dll
2012-05-15 10:48 . 2011-12-01 16:01202048----a-w-c:\windows\SysWow64\nvinit.dll
2012-05-15 10:48 . 2011-12-01 16:012741568----a-w-c:\windows\system32\nvapi64.dll
2012-05-15 09:29 . 2011-04-21 15:05889664----a-w-c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2011-04-21 15:05858944----a-w-c:\windows\system32\nv3dappshext.dll
2012-05-15 09:29 . 2011-04-21 15:0563296----a-w-c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2011-04-21 15:0555616----a-w-c:\windows\system32\nv3dappshextr.dll
2012-05-15 09:29 . 2011-04-21 15:052561856----a-w-c:\windows\system32\nvsvcr.dll
2012-05-15 09:29 . 2011-04-21 15:05118080----a-w-c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2011-04-21 15:052621723----a-w-c:\windows\system32\nvcoproc.bin
2012-05-15 09:29 . 2011-04-21 15:053149632----a-w-c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2011-04-21 15:056151488----a-w-c:\windows\system32\nvcpl.dll
2012-05-14 20:51 . 2012-05-14 20:51423744----a-w-c:\windows\SysWow64\nvStreaming.exe
2012-05-04 11:06 . 2012-06-13 09:445559664----a-w-c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 09:443968368----a-w-c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 09:443913072----a-w-c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 09:44209920----a-w-c:\windows\system32\profsvc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-05-16 1084840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-03-01 659976]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-03-08 135952]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-02 136176]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2012-03-01 195584]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-14 327168]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-02-18 1431888]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-02 136176]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 114304]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-09 60416]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-12-15 174168]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2012-04-17 273168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-11 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-05-15 28992]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-02 272448]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2012-05-15 249152]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-04-10 542552]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-04-02 329544]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-14 382272]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2012-04-17 2671376]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2012-03-01 195584]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-06-07 174848]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\Netwsw00.sys [2012-03-12 11471872]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-09-13 95744]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-09-13 212992]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 42088]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-02 29288]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 04:56]
.
2012-07-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-644134914-3384040744-1973889131-1000Core.job
- c:\users\sid\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-20 05:01]
.
2012-07-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-644134914-3384040744-1973889131-1000UA.job
- c:\users\sid\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-20 05:01]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-02 09:35]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-02 09:35]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-644134914-3384040744-1973889131-1000Core.job
- c:\users\sid\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-02 09:48]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-644134914-3384040744-1973889131-1000UA.job
- c:\users\sid\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-02 09:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2012-04-02 18:47287048----a-w-c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-01-25 4479648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-12-14 6561384]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-12-10 2186856]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.in/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
LSP: c:\program files (x86)\TrafficCompressor\TCompLsp.dll
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-644134914-3384040744-1973889131-1000\Software\SecuROM\License information*]
"datasecu"=hex:cb,55,f3,07,1a,7d,79,82,19,72,d7,cf,56,05,6f,31,6b,1a,5a,6f,06,
01,19,5e,2d,6f,c5,c7,81,a7,fd,d5,f1,6b,01,11,41,99,f1,ff,7e,31,ff,11,7a,ae,\
"rkeysecu"=hex:88,ac,ab,d8,81,ea,b8,a1,98,8d,51,8e,e9,95,88,3a
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\07A7D4FBD98D1D111AD7000A9CA05BF0\7D2F387510089040102000060BECB6AB]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="Global_Vba_VbRuntime_f0.1E64E430_36E0_11D2_A794_0060089A724B"
"ComponentVersion"="6.0.89.64"
"ProductVersion"="18.0.55"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1B1D70235E082D119BD50006794CED42\7D2F387510089040102000060BECB6AB]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="Global_Controls_COMCATDLL_f0.3207D1B0_80E5_11D2_B95D_006097C4DE24"
"ComponentVersion"="4.71.1460.1"
"ProductVersion"="18.0.55"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1F16F47424372D111A99000A9CA05BF0\7D2F387510089040102000060BECB6AB]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="Global_System_STDOLE_f1.8C0C59A0_7DC8_11D2_B95D_006097C4DE24"
"ComponentVersion"="2.40.4275.1"
"ProductVersion"="18.0.55"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\269AF799760E1D113969000A9CF0729F\7D2F387510089040102000060BECB6AB]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="Global_System_OLEAUT32_f3.8C0C59A0_7DC8_11D2_B95D_006097C4DE24"
"ComponentVersion"="2.40.4275.1"
"ProductVersion"="18.0.55"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\3178400169C22D11A9790006794C4E25\7D2F387510089040102000060BECB6AB]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="Global_System_OLEPRO32_f0.8C0C59A0_7DC8_11D2_B95D_006097C4DE24"
"ComponentVersion"="5.0.4275.1"
"ProductVersion"="18.0.55"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\5B94A7F282EE3DFAB59EA0B25C612AAD\7D2F387510089040112000060BECB6AB]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="_F5A31E7BBC774475A49CF363C6C05AB6.D5955B9CA4DD4C1197BDAB88FAFFCD9E"
"ComponentVersion"="2.2.0.0"
"ProductVersion"="18.0.55"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\DEE1EA864502FF1657156D9CE8722FBE\7D2F387510089040112000060BECB6AB]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="_52A6679D04554A008411F937A937C447.D5955B9CA4DD4C1197BDAB88FAFFCD9E"
"ComponentVersion"="2.2.0.0"
"ProductVersion"="18.0.55"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-07-27 21:15:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-27 15:45
.
Pre-Run: 39,143,137,280 bytes free
Post-Run: 39,039,401,984 bytes free
.
- - End Of File - - 414BAF5B7309EB5B8756239A0C9B6DF0

 

[Jay Pfoutz]

Good! (y)

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
• Click Start
• When asked, allow the ActiveX control to install
• Click Start
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
• Click Scan (This scan can take several hours, so please be patient)
• Once the scan is completed, you may close the window
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
• Copy and paste that log as a reply to this topic

 

[Goatb0y]

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=55b229d0f7e86b4fa91413a251930c11
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-07-29 07:26:58
# local_time=2012-07-29 12:56:58 (+0530, India Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 11607824 95166294 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=325385
# found=4
# cleaned=4
# scan_time=11564
C:\Program Files (x86)\1ClickDownload\1ClickSettingsManager.exeWin32/Adware.1ClickDownload.E application (cleaned by deleting - quarantined)00000000000000000000000000000000C
C:\Program Files (x86)\1ClickDownload\ocmainpack.exeWin32/Adware.1ClickDownload.E application (cleaned by deleting - quarantined)00000000000000000000000000000000C
C:\Users\sid\Downloads\Carl_Sagan_-_The_Demon-Haunted_World-_Science_as_a_Candle_in.exeWin32/Adware.1ClickDownload.C application (cleaned by deleting - quarantined)00000000000000000000000000000000C
D:\Music\New folder\AutoHide.IP.5.1.0.2.rara variant of Win32/HackTool.Patcher.T application (deleted - quarantined)00000000000000000000000000000000C
MSE detected Sirefef and Injector.CB. while the eset scan was ongoing..

 

[Goatb0y]

MSE detected Sirefef and Injector.CB. while the eset scan was ongoing..
its the quarantined files. except the 3rd one

Sirefef.Y
Category: Trojan

Items:
file:C:\FRST\Quarantine\services.exe

Siefef.M
Items:
file:C:\FRST\Quarantine\{847eeb52-e810-69e1-b2e3-a4591c763952}\n
Virtool.win32/injector.cb
Items:
file:C:\Users\sid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\2625e357-2fceffe1

 

[Jay Pfoutz]

The ones in quarantine are reliably disabled anyway. Otherwise, we'll take care of that Java exploit there...

ComboFix Script

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the codebox below into it:
  

  clearjavacache::

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
• Please post the contents of the log in your next reply.

 

[Goatb0y]

ComboFix 12-07-29.02 - sid 30-Jul-12 7:58.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3990.2177 [GMT 5.5:30]
Running from: c:\users\sid\Desktop\ComboFix.exe
Command switches used :: c:\users\sid\Desktop\CFscript.txt
AV: Microsoft Security Essentials Prerelease *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials Prerelease *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 )))))))))))))))))))))))))))))))
.
.
2012-07-30 02:32 . 2012-07-30 02:32--------d-----w-c:\users\UpdatusUser\AppData\Local\temp
2012-07-30 02:32 . 2012-07-30 02:32--------d-----w-c:\users\Default\AppData\Local\temp
2012-07-30 02:08 . 2012-07-30 02:0869000----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CB8A4904-90A9-4133-87EB-B294DE915203}\offreg.dll
2012-07-29 04:02 . 2012-07-29 04:02--------d-----w-c:\program files (x86)\ESET
2012-07-29 03:51 . 2012-07-15 21:109133488----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CB8A4904-90A9-4133-87EB-B294DE915203}\mpengine.dll
2012-07-28 11:41 . 2012-07-28 11:419821896----a-w-c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-07-27 04:13 . 2012-07-27 04:14--------d-----w-C:\FRST
2012-07-26 04:58 . 2012-02-09 08:47927800----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{41CC4F44-05B1-4C1B-B47F-852CC81C82FD}\gapaengine.dll
2012-07-26 04:57 . 2012-02-09 08:47927800----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-07-26 04:39 . 2012-07-26 04:39--------d-----w-c:\program files (x86)\Microsoft Security Client
2012-07-26 04:39 . 2012-07-26 04:39--------d-----w-c:\program files\Microsoft Security Client
2012-07-12 05:10 . 2012-07-12 05:10--------d-----w-c:\program files (x86)\Gophoto.it
2012-07-12 05:08 . 2012-07-29 04:35--------d-----w-c:\program files (x86)\1ClickDownload
2012-07-12 03:24 . 2012-07-12 03:24--------d-sh--w-c:\windows\system32\%APPDATA%
2012-07-11 16:34 . 2012-07-11 16:34--------d-----w-c:\programdata\Intel
2012-07-11 16:33 . 2012-07-11 16:33--------d-----w-c:\program files (x86)\Cisco
2012-07-11 16:32 . 2012-07-11 16:32--------d--h--w-c:\windows\system32\WLANProfiles
2012-07-11 16:11 . 2012-07-11 16:11--------d-----w-c:\users\sid\AppData\Roaming\SystemRequirementsLab
2012-07-11 15:25 . 2012-06-12 03:083148800----a-w-c:\windows\system32\win32k.sys
2012-07-11 05:50 . 2012-07-11 05:51--------d-----w-c:\users\sid\AppData\Local\NVIDIA Corporation
2012-07-11 03:47 . 2012-06-06 06:062004480----a-w-c:\windows\system32\msxml6.dll
2012-07-11 03:47 . 2012-06-06 06:061881600----a-w-c:\windows\system32\msxml3.dll
2012-07-11 03:47 . 2012-06-06 05:051390080----a-w-c:\windows\SysWow64\msxml6.dll
2012-07-11 03:47 . 2012-06-06 05:051236992----a-w-c:\windows\SysWow64\msxml3.dll
2012-07-11 03:47 . 2010-06-26 03:552048----a-w-c:\windows\system32\msxml3r.dll
2012-07-11 03:47 . 2010-06-26 03:242048----a-w-c:\windows\SysWow64\msxml3r.dll
2012-07-11 03:47 . 2012-06-09 05:4314172672----a-w-c:\windows\system32\shell32.dll
2012-07-11 03:46 . 2012-06-02 05:50458704----a-w-c:\windows\system32\drivers\cng.sys
2012-07-11 03:46 . 2012-06-02 05:4895600----a-w-c:\windows\system32\drivers\ksecdd.sys
2012-07-11 03:46 . 2012-06-02 05:48151920----a-w-c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 03:46 . 2012-06-02 05:45340992----a-w-c:\windows\system32\schannel.dll
2012-07-11 03:46 . 2012-06-02 05:44307200----a-w-c:\windows\system32\ncrypt.dll
2012-07-11 03:46 . 2012-06-02 04:40225280----a-w-c:\windows\SysWow64\schannel.dll
2012-07-11 03:46 . 2012-06-02 04:39219136----a-w-c:\windows\SysWow64\ncrypt.dll
2012-07-11 03:46 . 2012-06-02 04:4022016----a-w-c:\windows\SysWow64\secur32.dll
2012-07-11 03:46 . 2012-06-02 04:3496768----a-w-c:\windows\SysWow64\sspicli.dll
2012-07-11 03:41 . 2012-06-06 06:05495616----a-w-c:\program files\Common Files\System\ado\msadox.dll
2012-07-11 03:41 . 2012-06-06 06:0561440----a-w-c:\program files\Common Files\System\ado\msador15.dll
2012-07-11 03:41 . 2012-06-06 06:05466944----a-w-c:\program files\Common Files\System\ado\msadomd.dll
2012-07-11 03:41 . 2012-06-06 06:051499136----a-w-c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 03:41 . 2012-06-06 06:05258048----a-w-c:\program files\Common Files\System\msadc\msadco.dll
2012-07-11 03:41 . 2012-06-06 05:05143360----a-w-c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-07-11 03:41 . 2012-06-06 05:05372736----a-w-c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-07-11 03:41 . 2012-06-06 05:0557344----a-w-c:\program files (x86)\Common Files\System\ado\msador15.dll
2012-07-11 03:41 . 2012-06-06 05:05352256----a-w-c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-07-11 03:41 . 2012-06-06 05:05212992----a-w-c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-07-11 03:41 . 2012-06-06 05:051019904----a-w-c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-11 03:41 . 2012-06-06 05:03805376----a-w-c:\windows\SysWow64\cdosys.dll
2012-07-11 03:40 . 2012-06-06 06:021133568----a-w-c:\windows\system32\cdosys.dll
2012-07-07 04:26 . 1998-10-29 11:15306688----a-w-c:\windows\IsUninst.exe
2012-07-06 04:06 . 2012-07-06 04:06--------d-----w-c:\users\sid\AppData\Local\NeoSmart_Technologies
2012-07-06 04:04 . 2012-07-06 04:04--------d-----w-C:\NST
2012-07-06 04:03 . 2012-07-06 04:03--------d-----w-c:\program files (x86)\NeoSmart Technologies
2012-07-04 09:13 . 2012-07-04 09:13--------d-----w-C:\DriveKey
2012-07-04 09:13 . 2001-09-04 22:48225280----a-w-c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-07-04 09:13 . 2001-09-04 22:4877824----a-w-c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-07-04 09:13 . 2001-09-04 22:44176128----a-w-c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-07-04 09:13 . 2001-09-04 22:4332768----a-w-c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-07-04 09:13 . 2001-09-04 21:54610436----a-w-c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-07-02 08:57 . 2012-07-02 08:57--------d-----w-c:\users\sid\AppData\Local\NokiaAccount
2012-07-02 07:44 . 2012-07-02 07:44--------d-----w-c:\users\sid\AppData\Roaming\Nokia Suite
2012-07-02 07:44 . 2012-07-02 09:14--------d-----w-c:\users\sid\AppData\Roaming\Nokia
2012-06-30 03:29 . 2012-06-30 03:44--------d-----w-C:\Recovered Files
2012-06-30 03:25 . 2012-06-30 03:26--------d-----w-c:\program files (x86)\Data Recover-Center
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-28 11:41 . 2012-04-08 13:13426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-28 11:41 . 2011-12-02 08:1870344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 14:58 . 2011-12-02 08:5059701280----a-w-c:\windows\system32\MRT.exe
2012-06-20 06:36 . 2012-06-20 06:36722782----a-w-c:\windows\unins000.exe
2012-06-02 22:19 . 2012-06-21 07:0838424----a-w-c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 07:082428952----a-w-c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 07:0844056----a-w-c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 07:0857880----a-w-c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 07:08701976----a-w-c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 07:082622464----a-w-c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 07:0899840----a-w-c:\windows\system32\wudriver.dll
2012-06-02 09:49 . 2012-06-21 07:08186752----a-w-c:\windows\system32\wuwebv.dll
2012-06-02 09:45 . 2012-06-21 07:0836864----a-w-c:\windows\system32\wuapp.exe
2012-05-24 11:38 . 2012-01-19 03:22737072----a-w-c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-05-24 11:38 . 2012-01-19 03:224283672----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-05-24 10:56 . 2012-01-19 03:1142776----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-05-24 10:56 . 2012-01-19 03:11539984----a-w-c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-05-15 10:48 . 2012-05-28 12:118105280----a-w-c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2012-05-28 12:11364352----a-w-c:\windows\system32\nvdecodemft.dll
2012-05-15 10:48 . 2012-05-28 12:11301376----a-w-c:\windows\SysWow64\nvdecodemft.dll
2012-05-15 10:48 . 2012-05-28 12:1128992----a-w-c:\windows\system32\drivers\nvpciflt.sys
2012-05-15 10:48 . 2012-05-28 12:1125743168----a-w-c:\windows\system32\nvoglv64.dll
2012-05-15 10:48 . 2012-05-28 12:11249152----a-w-c:\windows\system32\drivers\nvkflt.sys
2012-05-15 10:48 . 2012-05-28 12:1119607872----a-w-c:\windows\SysWow64\nvoglv32.dll
2012-05-15 10:48 . 2012-05-28 12:1114298944----a-w-c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:48 . 2012-05-28 12:1110194752----a-w-c:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2012-05-28 12:118139072----a-w-c:\windows\system32\nvcuda.dll
2012-05-15 10:48 . 2012-05-28 12:115982528----a-w-c:\windows\SysWow64\nvcuda.dll
2012-05-15 10:48 . 2012-05-28 12:112881856----a-w-c:\windows\system32\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-28 12:112681664----a-w-c:\windows\system32\nvcuvid.dll
2012-05-15 10:48 . 2012-05-28 12:112524992----a-w-c:\windows\SysWow64\nvcuvid.dll
2012-05-15 10:48 . 2012-05-28 12:1125248064----a-w-c:\windows\system32\nvcompiler.dll
2012-05-15 10:48 . 2012-05-28 12:112445120----a-w-c:\windows\SysWow64\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-28 12:1117551680----a-w-c:\windows\SysWow64\nvcompiler.dll
2012-05-15 10:48 . 2012-02-23 03:3768928----a-w-c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-02-23 03:3761248----a-w-c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-02-23 03:3718044224----a-w-c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2012-02-23 03:3715322432----a-w-c:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2011-12-02 14:32818496----a-w-c:\windows\SysWow64\nvumdshim.dll
2012-05-15 10:48 . 2011-12-02 14:322368832----a-w-c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2011-12-02 14:321738048----a-w-c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2011-12-02 14:321468224----a-w-c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2011-12-01 16:01949056----a-w-c:\windows\system32\nvumdshimx.dll
2012-05-15 10:48 . 2011-12-01 16:01246592----a-w-c:\windows\system32\nvinitx.dll
2012-05-15 10:48 . 2011-12-01 16:01202048----a-w-c:\windows\SysWow64\nvinit.dll
2012-05-15 10:48 . 2011-12-01 16:012741568----a-w-c:\windows\system32\nvapi64.dll
2012-05-15 09:29 . 2011-04-21 15:05889664----a-w-c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2011-04-21 15:05858944----a-w-c:\windows\system32\nv3dappshext.dll
2012-05-15 09:29 . 2011-04-21 15:0563296----a-w-c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2011-04-21 15:0555616----a-w-c:\windows\system32\nv3dappshextr.dll
2012-05-15 09:29 . 2011-04-21 15:052561856----a-w-c:\windows\system32\nvsvcr.dll
2012-05-15 09:29 . 2011-04-21 15:05118080----a-w-c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2011-04-21 15:052621723----a-w-c:\windows\system32\nvcoproc.bin
2012-05-15 09:29 . 2011-04-21 15:053149632----a-w-c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2011-04-21 15:056151488----a-w-c:\windows\system32\nvcpl.dll
2012-05-14 20:51 . 2012-05-14 20:51423744----a-w-c:\windows\SysWow64\nvStreaming.exe
2012-05-04 11:06 . 2012-06-13 09:445559664----a-w-c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 09:443968368----a-w-c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 09:443913072----a-w-c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 09:44209920----a-w-c:\windows\system32\profsvc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-27_15.43.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-07-30 02:0816384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-27 15:4216384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-27 15:4232768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-30 02:0832768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-27 15:4216384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-30 02:0816384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-07-30 02:1065306 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-30 02:1038754 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-12-01 11:14 . 2012-07-27 15:1516944 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-644134914-3384040744-1973889131-1000_UserData.bin
+ 2011-12-01 11:14 . 2012-07-30 02:1016944 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-644134914-3384040744-1973889131-1000_UserData.bin
+ 2011-12-01 16:03 . 2012-07-28 12:5212928 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2011-12-01 16:03 . 2012-07-27 05:2912928 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2012-07-27 15:42 . 2012-07-27 15:422048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-30 02:07 . 2012-07-30 02:072048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-30 02:07 . 2012-07-30 02:072048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-27 15:42 . 2012-07-27 15:422048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-28 11:41 . 2012-07-28 11:41686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_Plugin.exe
+ 2012-07-28 10:37 . 2012-07-28 10:37686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe
+ 2012-07-28 10:37 . 2012-07-28 10:37466632 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.dll
+ 2012-04-08 13:13 . 2012-07-28 11:41250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
- 2012-04-08 13:13 . 2012-07-12 04:56250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2011-12-02 17:03 . 2012-07-29 04:19432144 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
- 2009-07-14 02:36 . 2012-07-26 16:30662532 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-29 11:53662532 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-29 11:53122328 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-26 16:30122328 c:\windows\system32\perfc009.dat
+ 2012-07-28 11:41 . 2012-07-28 11:41417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_268_Plugin.exe
+ 2012-07-28 10:37 . 2012-07-28 10:37417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_268_ActiveX.exe
+ 2012-07-28 10:37 . 2012-07-28 10:37513224 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_268_ActiveX.dll
- 2011-12-02 00:28 . 2012-07-26 04:57180224 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-02 00:28 . 2012-07-28 11:41180224 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 05:01 . 2012-07-27 15:41587776 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-29 18:01587776 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-07-28 11:41 . 2012-07-28 11:419465032 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
+ 2012-07-28 11:41 . 2012-07-28 11:411536712 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
- 2011-12-02 00:28 . 2012-07-26 04:572146304 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-02 00:28 . 2012-07-28 11:412146304 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-28 11:412899968 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-26 04:572899968 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-04 13:10 . 2012-07-29 08:168179540 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-644134914-3384040744-1973889131-1000-8192.dat
- 2011-12-04 13:10 . 2012-07-26 04:358179540 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-644134914-3384040744-1973889131-1000-8192.dat
+ 2012-07-28 11:41 . 2012-07-28 11:4112315336 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-05-16 1084840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-02 136176]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-28 250056]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2012-03-01 195584]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-14 327168]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-02-18 1431888]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-02 136176]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 114304]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-09 60416]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-12-15 174168]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2012-04-17 273168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-11 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-05-15 28992]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-02 272448]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2012-05-15 249152]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-03-01 659976]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-03-08 135952]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-04-10 542552]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-04-02 329544]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-14 382272]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2012-04-17 2671376]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2012-03-01 195584]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-06-07 174848]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\Netwsw00.sys [2012-03-12 11471872]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-09-13 95744]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-09-13 212992]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 42088]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-02 29288]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 11:41]
.
2012-07-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-644134914-3384040744-1973889131-1000Core.job
- c:\users\sid\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-20 05:01]
.
2012-07-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-644134914-3384040744-1973889131-1000UA.job
- c:\users\sid\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-20 05:01]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-02 09:35]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-02 09:35]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-644134914-3384040744-1973889131-1000Core.job
- c:\users\sid\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-02 09:48]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-644134914-3384040744-1973889131-1000UA.job
- c:\users\sid\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-02 09:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-12-14 6561384]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-12-10 2186856]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.in/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
LSP: c:\program files (x86)\TrafficCompressor\TCompLsp.dll
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-644134914-3384040744-1973889131-1000\Software\SecuROM\License information*]
"datasecu"=hex:cb,55,f3,07,1a,7d,79,82,19,72,d7,cf,56,05,6f,31,6b,1a,5a,6f,06,
01,19,5e,2d,6f,c5,c7,81,a7,fd,d5,f1,6b,01,11,41,99,f1,ff,7e,31,ff,11,7a,ae,\
"rkeysecu"=hex:88,ac,ab,d8,81,ea,b8,a1,98,8d,51,8e,e9,95,88,3a
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\07A7D4FBD98D1D111AD7000A9CA05BF0\7D2F387510089040102000060BECB6AB]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="Global_Vba_VbRuntime_f0.1E64E430_36E0_11D2_A794_0060089A724B"
"ComponentVersion"="6.0.89.64"
"ProductVersion"="18.0.55"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1B1D70235E082D119BD50006794CED42\7D2F387510089040102000060BECB6AB]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="Global_Controls_COMCATDLL_f0.3207D1B0_80E5_11D2_B95D_006097C4DE24"
"ComponentVersion"="4.71.1460.1"
"ProductVersion"="18.0.55"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1F16F47424372D111A99000A9CA05BF0\7D2F387510089040102000060BECB6AB]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="Global_System_STDOLE_f1.8C0C59A0_7DC8_11D2_B95D_006097C4DE24"
"ComponentVersion"="2.40.4275.1"
"ProductVersion"="18.0.55"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\269AF799760E1D113969000A9CF0729F\7D2F387510089040102000060BECB6AB]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="Global_System_OLEAUT32_f3.8C0C59A0_7DC8_11D2_B95D_006097C4DE24"
"ComponentVersion"="2.40.4275.1"
"ProductVersion"="18.0.55"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\3178400169C22D11A9790006794C4E25\7D2F387510089040102000060BECB6AB]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="Global_System_OLEPRO32_f0.8C0C59A0_7DC8_11D2_B95D_006097C4DE24"
"ComponentVersion"="5.0.4275.1"
"ProductVersion"="18.0.55"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\5B94A7F282EE3DFAB59EA0B25C612AAD\7D2F387510089040112000060BECB6AB]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="_F5A31E7BBC774475A49CF363C6C05AB6.D5955B9CA4DD4C1197BDAB88FAFFCD9E"
"ComponentVersion"="2.2.0.0"
"ProductVersion"="18.0.55"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\DEE1EA864502FF1657156D9CE8722FBE\7D2F387510089040112000060BECB6AB]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="_52A6679D04554A008411F937A937C447.D5955B9CA4DD4C1197BDAB88FAFFCD9E"
"ComponentVersion"="2.2.0.0"
"ProductVersion"="18.0.55"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-30 08:04:00
ComboFix-quarantined-files.txt 2012-07-30 02:34
ComboFix2.txt 2012-07-27 15:45
.
Pre-Run: 38,078,590,976 bytes free
Post-Run: 38,107,848,704 bytes free
.
- - End Of File - - 1A00F7BB7711EE1CE74B8B901BF7A354

 

[Jay Pfoutz]

Hi! Your logs appear to be clean. If there are no more issues, then we shall clean up!

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point

• Go to Control Panel and select System and Maintenance
• Select System
• On the left select Advance System Settings and accept the warning if you get one
• Select System Protection Tab
• Select Create at the bottom
• Type in a name I.e. Clean
• Select Create

Now we can purge the infected ones

• Go back to the System and Maintenance page
• Select Performance Information and Tools
• On the left select Open Disk Cleanup
• Select Files from all users and accept the warning if you get one
• In the drop down box select your main drive I.e. C
• For a few moments the system will make some calculations:
  
  
• Select the More Options tab
  
  
• In the System Restore and Shadow Backups select Clean up
  
  
• Select Delete on the pop up
• Select OK
• Select Delete

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

• Save it to your Desktop.
• Double click OTC.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Please download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• It will close all programs when run, so make sure you have saved all your work before you begin.
• Click the Start
  button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Tell me in your next reply, if you have completed these tasks:

• Cleaned System Restore
• Ran OTC
• Ran TFC
• Ran Security Check

Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.

 

[Goatb0y]

• Cleaned System Restore (y)
• Ran OTC(y)
• Ran TFC(y)
• Ran Security Check(y)

Results of screen317's Security Check version 0.99.43

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

Windows Firewall Enabled!

Microsoft Security Essentials Prerelease

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Java(TM) 6 Update 31

Java version out of Date!

Adobe Reader X (10.1.3)

Google Chrome 20.0.1132.47

Google Chrome 20.0.1132.57

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe



Microsoft Security Essentials msseces.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````


Computer is running perfectly fine! No issues..

 

[Goatb0y]

xcept cant seem to update MSE

 

[Jay Pfoutz]

Microsoft Security Essentials Prerelease

Any reason why you have the prerelease?

Java Update!

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

Read more about Java exploit problems

 

[Goatb0y]

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials Prerelease
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java(TM) 7 Update 5
Adobe Reader X (10.1.3)
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


Somethings up with MSE..
I took out the Prerelease long back.

 

[Goatb0y]

CAnt turn on Windows Defender too..
Access is denied Error 0x80070005

 

[Jay Pfoutz]

[SIZE="4"]Please reinstall MSE using the following method:

1. Check and see if MSE is installed correctly...

A. Find the install logs from this path:

%systemdrive%\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Security Essentials\Support\msseInstall.log

B. Open the log and search for "return value 3", which you should also see other errors above that item. If you see the same items within the log, continue to the next step. If you do not see it, then go on to Step 2 below to uninstall Microsoft Security Essentials.

SAMPLE LOGFILE:::

MSI (s) (CC:2C) [13:27:24:987]: Hello, I'm your 32bit Elevated custom action server.

MSI (s) (CC:E0) [13:27:25:283]: User policy value 'DisableRollback' is 0

MSI (s) (CC:E0) [13:27:25:283]: Machine policy value 'DisableRollback' is 0

Action ended 13:27:25: InstallFinalize. Return value 3.

C. Click Start then click Run

D. Give everyone permission to the desktop by typing the following command:

CACLS “c:\documents and settings\all users\desktop” /t /g everyone:f

E. Give everyone permission to the Program menu by typing the following command:

CACLS “C:\Documents and Settings\All Users\Start Menu\Programs” /t /g everyone:f


2. Follow the uninstall routine from here:

Please go to Start > Control Panel > Add or Remove Programs and remove Microsoft Security Essentials.


How to manually uninstall Microsoft Security Essentials 1.0.1963 if you cannot uninstall it by using the Add or Remove Programs item

3. Download and reinstall Microsoft Security Essentials

Virus, Spyware & Malware Protection | Microsoft Security Essentials[/SIZE][SIZE="4"][/size][SIZE="4"][/size]

 

[Goatb0y]

Access was denied to Documents and settings was denied, when I edited the permissions
it became a shortcut folder!!

Same with the 'Application Data' folde
When I open application Data folder, there seems to be an infinite number of Application data folders inside of em '

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data !!!!!!!!!!!!!!!!!!!!

Managed to find this log file..

Dosnt contain 'return value 3'

C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Security Client\Support\MSSecurityClient_Setup_epp_Install.log

 

[Jay Pfoutz]

Please try to manually reinstall MSE.

Uninstall it, and then download it again from here: http://windows.microsoft.com/en-US/windows/products/security-essentials

 

[Goatb0y]

MSE fine now ..
updates (y)
Protects (y)
Defender woorkin too (y)
Thanx alot for yor time DMJ!

The folders are still acting funny tho..

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java(TM) 7 Update 5
Adobe Reader X (10.1.3)
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

[Jay Pfoutz]

You're welcome!

Personal Tips on Preventing Malware

See this page for more info about malware and prevention.

Any other questions before I mark this topic solved?

 

[Goatb0y]

Apologies for the delayed reply,

Thanx for the link!
I was about to ask for some info resources on malware and their intentions!

access to few folders are denied..
thts it

No sign of any infection tho(y)

 

[Jay Pfoutz]

Since this issue appears to be resolved, it will now be locked and marked as solved.