TechSpot

Infected Windows 7 infected with win64/patched.b.gen trojan (services.exe)

Solved
By rkbmonk
Jul 21, 2012
  1. Hello

    My laptop seems to be infected with this Virus called win64/patched.b.gen trojan , which the eset antivirus keeps giving a notification on but when I try to delete it , it says error in deleting and the notification keeps coming back .... so pls help on getting this fixed .... thx
  2. Broni

    Broni Malware Annihilator Posts: 46,808   +254

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. rkbmonk

    rkbmonk TS Rookie Topic Starter Posts: 21

    Thx for the quick reply Broni...

    • The Malwarebytes Anti-Malware log :
    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.21.09

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Ramkishen :: RAMKISHEN-HP [administrator]

    22-07-2012 AM 12:19:15
    mbam-log-2012-07-22 (00-19-15).txt

    Scan type: Full scan (C:\|D:\|E:\|Q:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 374394
    Time elapsed: 47 minute(s), 16 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\Installer\{15ed997a-015b-a3dd-c9ad-79cff7e943cd}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

    (end)

    • The GMER Log was Empty

    • DDS logs: DDS.txt
    .
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Ramkishen at 1:21:54 on 2012-07-22
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.91.1033.18.4044.2022 [GMT 5.5:30]
    .
    AV: ESET Smart Security 5.0 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET Smart Security 5.0 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k WbioSvcGroup
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Connectify\ConnectifyService.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Connectify\ConnectifyD.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe
    C:\Program Files (x86)\Reliance 3G\AssistantServices.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Motorola\Bluetooth\obexsrv.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\System32\StikyNot.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    C:\Program Files (x86)\Reliance 3G\UIExec.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Motorola\Bluetooth\audiosrv.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
    C:\Program Files (x86)\Opera\Opera.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: KMP Media Toolbar: {daf5b34c-1aa3-4c33-ae24-766a370635d2} - C:\Program Files (x86)\kmpmediatoolbar\searchresultsDx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: KMP Media Toolbar: {daf5b34c-1aa3-4c33-ae24-766a370635d2} - C:\Program Files (x86)\kmpmediatoolbar\searchresultsDx.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [<NO NAME>]
    mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [UIExec] "C:\Program Files (x86)\Reliance 3G\UIExec.exe"
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxp://mumbai.enerconindia.net/dwa85W.cab
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    TCP: DhcpNameServer = 192.168.43.1
    TCP: Interfaces\{0F4926B1-887D-4CAD-A161-D57BA1A76CC6} : DhcpNameServer = 192.168.42.129
    TCP: Interfaces\{33AC5963-D549-4DE0-8628-47845262A8CA} : DhcpNameServer = 192.168.42.129
    TCP: Interfaces\{8AF95CD4-6361-4B12-BFA6-6F25C56E78D1} : NameServer = 208.67.222.222,208.67.220.220
    TCP: Interfaces\{8AF95CD4-6361-4B12-BFA6-6F25C56E78D1} : DhcpNameServer = 192.168.43.1
    TCP: Interfaces\{8AF95CD4-6361-4B12-BFA6-6F25C56E78D1}\55453547162736F6D6 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{A8C899AC-989A-442A-92B1-D0DC2FDF0CD1} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{D85FD2B1-072B-4E9B-AA96-F8E757BA9084} : DhcpNameServer = 192.168.42.129
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
    BHO-X64: TSBHO Class - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: KMP Media Toolbar: {daf5b34c-1aa3-4c33-ae24-766a370635d2} - C:\Program Files (x86)\kmpmediatoolbar\searchresultsDx.dll
    BHO-X64: KMP Media Toolbar - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: KMP Media Toolbar: {daf5b34c-1aa3-4c33-ae24-766a370635d2} - C:\Program Files (x86)\kmpmediatoolbar\searchresultsDx.dll
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun-x64: [(Default)]
    mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
    mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [UIExec] "C:\Program Files (x86)\Reliance 3G\UIExec.exe"
    IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE-X64: {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Ramkishen\AppData\Roaming\Mozilla\Firefox\Profiles\jo03j4pi.default\
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Ramkishen\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Ramkishen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Ramkishen\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
    R1 cnnctfy2;Connectify LightWeight Filter;C:\Windows\system32\DRIVERS\cnnctfy2.sys --> C:\Windows\system32\DRIVERS\cnnctfy2.sys [?]
    R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-8-5 89600]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files\Motorola\Bluetooth\obexsrv.exe [2011-8-5 680016]
    R2 Connectify;Connectify;C:\Program Files (x86)\Connectify\ConnectifyService.exe [2012-2-25 69632]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
    R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-9-22 974944]
    R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-18 265544]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
    R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
    R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
    R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-10 26680]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-5 13336]
    R2 PanService;PandoraService;C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-1-4 624856]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
    R2 UDisk Monitor;UDisk Monitor;C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe [2012-1-4 405504]
    R2 UI Assistant Service;UI Assistant Service;C:\Program Files (x86)\Reliance 3G\AssistantServices.exe [2012-7-21 270672]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-8-5 2656280]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 Bluetooth Device Manager;Bluetooth Device Manager;C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe [2011-8-5 4151376]
    R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files\Motorola\Bluetooth\audiosrv.exe [2011-8-5 1189968]
    R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-8-5 1028096]
    R3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-16 1071160]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
    S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-3-17 1153368]
    S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
    S3 BTMCOM;Bluetooth Serial Port;C:\Windows\system32\Drivers\btmcom.sys --> C:\Windows\system32\Drivers\btmcom.sys [?]
    S3 BTMUSB;Motorola Bluetooth Radio Service;C:\Windows\system32\Drivers\btmusb.sys --> C:\Windows\system32\Drivers\btmusb.sys [?]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 massfilter;Mass Storage Filter Driver;C:\Windows\system32\drivers\massfilter.sys --> C:\Windows\system32\drivers\massfilter.sys [?]
    S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
    S3 ztemtusbser;ZTEMT Legacy Serial Communication;C:\Windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys --> C:\Windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [?]
    S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-9-5 64952]
    S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-18 655944]
    S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
    .
    =============== Created Last 30 ================
    .
    2012-07-21 15:47:00 -------- d-sh--w- C:\Windows\System32\%APPDATA%
    2012-07-21 15:43:56 -------- d-----w- C:\ProgramData\225932FD815043E2B091B697F875F002
    2012-07-21 12:30:25 123520 ----a-w- C:\Windows\System32\drivers\ZTEusbser6k.sys
    2012-07-21 12:30:25 123520 ----a-w- C:\Windows\System32\drivers\ZTEusbnmea.sys
    2012-07-21 12:30:25 123520 ----a-w- C:\Windows\System32\drivers\ZTEusbmdm6k.sys
    2012-07-21 12:30:25 11776 ----a-w- C:\Windows\System32\drivers\massfilter.sys
    2012-07-21 12:29:54 -------- d-----w- C:\Windows\SysWow64\SupportAppCB
    2012-07-21 12:29:52 -------- d-----w- C:\Program Files (x86)\Reliance 3G
    2012-07-08 15:08:14 13312 ----a-w- C:\Windows\SysWow64\borlndmm.dll
    2012-07-08 15:08:01 -------- d-----w- C:\Users\Ramkishen\AppData\Roaming\LifeSignMini
    2012-07-08 15:08:01 -------- d-----w- C:\Program Files (x86)\LifeSignMini
    2012-07-05 00:25:54 -------- d-----w- C:\Users\Ramkishen\AppData\Roaming\Malwarebytes
    2012-07-05 00:25:42 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-07-05 00:25:41 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-07-05 00:25:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-04 21:15:47 -------- d-----w- C:\Users\Ramkishen\AppData\Local\{A4BAEAC2-2EC3-49D1-AF12-89E40E42895D}
    2012-07-04 21:15:28 -------- d-----w- C:\Users\Ramkishen\AppData\Local\{BBEBDF4A-8FEF-4D6A-B0F2-C3E5CD2153DC}
    2012-07-04 21:15:06 -------- d-----w- C:\Users\Ramkishen\AppData\Local\{E9290719-751C-4D8A-8F5C-8EB71508AF85}
    2012-06-28 19:35:54 -------- d-----w- C:\Users\Ramkishen\AppData\Local\Macromedia
    2012-06-27 21:02:01 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    .
    ==================== Find3M ====================
    .
    2012-06-27 21:02:01 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-05 16:06:07 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
    2012-06-05 16:06:07 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
    2012-06-05 16:06:07 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
    2012-06-05 16:06:07 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
    .
    ============= FINISH: 1:22:48.21 ===============

    • And Attach log
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 30-12-2011 07:25:38 AM
    System Uptime: 22-07-2012 01:08:52 AM (0 hours ago)
    .
    Motherboard: Hewlett-Packard | | 3388
    Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz | CPU1 | 2001/1333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 582 GiB total, 172.543 GiB free.
    D: is FIXED (NTFS) - 14 GiB total, 1.531 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: Lexmark X422
    Device ID: ROOT\IMAGE\0000
    Manufacturer: Lexmark
    Name: Lexmark X422
    PNP Device ID: ROOT\IMAGE\0000
    Service: usbscan
    .
    ==== System Restore Points ===================
    .
    RP35: 18-06-2012 02:39:28 AM - Scheduled Checkpoint
    RP36: 04-07-2012 01:52:26 AM - Scheduled Checkpoint
    RP37: 14-07-2012 03:21:21 AM - Scheduled Checkpoint
    RP38: 21-07-2012 05:59:29 PM - Installed Reliance 3G
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.1) MUI
    Adobe Shockwave Player 11.5
    Agatha Christie - Peril at End House
    Any Video Converter Professional 3.3.2
    Apple Application Support
    Apple Software Update
    Astro-Vision LifeSign Mini version 1.0.5.0
    Batman. Arkham City version 1.0
    Bejeweled 2 Deluxe
    Bejeweled 3
    Bing Bar
    Blackhawk Striker 2
    Blasterball 3
    Bounce Symphony
    Build-a-lot 2
    Cake Mania
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    Catalyst Control Center Profiles Mobile
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Chuzzle Deluxe
    CyberLink YouCam
    D3DX10
    Diner Dash 2 Restaurant Rescue
    DiRT 3
    DiskAid 5.09
    Dora's World Adventure
    Energy Star Digital Logo
    ESU for Microsoft Windows 7
    Evernote v. 4.2.2
    Farm Frenzy
    FATE - The Traitor Soul
    Final Drive Nitro
    Fraps
    Google Talk Plugin
    Hewlett-Packard ACLM.NET v1.1.2.0
    HP Connection Manager
    HP Customer Experience Enhancements
    HP Documentation
    HP Games
    HP On Screen Display
    HP Power Manager
    HP Product Detection
    HP Quick Launch
    HP Setup
    HP Setup Manager
    HP SimplePass 2011
    HP Software Framework
    HP Support Assistant
    IDT Audio
    Intel(R) Display Audio Driver
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    Java Auto Updater
    Java(TM) 6 Update 30
    Junk Mail filter update
    KMP Media Toolbar
    Mah Jong Medley
    Malwarebytes Anti-Malware version 1.62.0.1300
    Mesh Runtime
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox 11.0 (x86 en-US)
    MSVCRT
    MSVCRT_amd64
    Mystery P.I. - Stolen in San Francisco
    Namco All-Stars PAC-MAN
    ooVoo
    OpenAL
    Opera 12.00
    Pandora Service
    Penguins!
    Plants vs. Zombies - Game of the Year
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    PowerISO
    PX Profile Update
    Ralink RT5390 802.11b/g/n WiFi Adapter
    Rapture3D 2.4.8 Game
    Realtek Ethernet Controller Driver
    Realtek PCIE Card Reader
    Recovery Manager
    Reliance 3G
    Renesas Electronics USB 3.0 Host Controller Driver
    Skype™ 5.9
    Slingo Supreme
    SpeedFan (remove only)
    Spybot - Search & Destroy
    The KMPlayer (remove only)
    Update Installer for WildTangent Games App
    Virtual Villagers 4 - The Tree of Life
    VLC media player 2.0.1
    WildTangent Games App (HP Games)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    22-07-2012 01:10:43 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
    22-07-2012 01:09:17 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    22-07-2012 01:09:16 AM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
    22-07-2012 01:09:16 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    22-07-2012 01:09:16 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    21-07-2012 10:09:01 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    21-07-2012 10:07:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service Bluetooth Device Manager with arguments "" in order to run the server: {09D8A98C-9BEF-476E-9450-B8CF74EE8D61}
    21-07-2012 10:04:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    21-07-2012 10:04:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    21-07-2012 10:04:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    21-07-2012 10:03:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    21-07-2012 10:03:47 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ehdrv SCDEmu spldr Wanarpv6
    21-07-2012 10:03:44 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
    21-07-2012 10:03:43 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    21-07-2012 06:00:38 PM, Error: Service Control Manager [7030] - The UI Assistant Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    21-07-2012 04:07:58 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffff880084cf399, 0xfffff8800a6e28a8, 0xfffff8800a6e2100). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 072112-28236-01.
    16-07-2012 02:24:39 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x4), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0xf), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0xe), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0xd), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0xc), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0xb), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0xa), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x9), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x8), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x7), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x6), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x5), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x3b), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x3a), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x39), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x38), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x37), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x36), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x35), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x34), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x33), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x32), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x31), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x30), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x2b), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x2a), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x29), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x28), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x27), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x26), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x25), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x24), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x23), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x22), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x21), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x20), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x1f), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x1e), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x1d), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x1c), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x1b), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x1a), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x19), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x18), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x17), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x16), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x15), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x14), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x13), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x12), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x11), Please contact your system vendor for technical assistance.
    16-07-2012 02:24:38 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x10), Please contact your system vendor for technical assistance.
    .
    ==== End Of File ===========================
  4. Broni

    Broni Malware Annihilator Posts: 46,808   +254

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  5. rkbmonk

    rkbmonk TS Rookie Topic Starter Posts: 21

    Here is the Frst64 Text log

    Scan result of Farbar Recovery Scan Tool Version: 20-07-2012 01
    Ran by SYSTEM at 22-07-2012 02:09:23
    Running from G:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-03-11] (IDT, Inc.)
    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-16] (Synaptics Incorporated)
    HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp [21709904 2011-02-15] (Motorola Solutions, Inc.)
    HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167704 2011-08-08] (Intel Corporation)
    HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-08-08] (Intel Corporation)
    HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-08-08] (Intel Corporation)
    HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [4035152 2011-09-21] (ESET)
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
    HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)
    HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-09-30] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [UIExec] "C:\Program Files (x86)\Reliance 3G\UIExec.exe" [153424 2011-08-09] ()
    HKU\Ramkishen\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
    HKU\Ramkishen\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
    Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
    Tcpip\..\Interfaces\{8AF95CD4-6361-4B12-BFA6-6F25C56E78D1}: [NameServer]208.67.222.222,208.67.220.220

    ==================== Services (Whitelisted) ======

    2 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [69632 2012-02-24] ()
    2 ekrn; "C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe" [974944 2011-09-21] (ESET)
    3 hpCMSrv; "C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe" [1071160 2011-02-15] (Hewlett-Packard Development Company L.P.)
    4 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
    2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [624856 2012-04-14] (Pandora.TV)
    2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    2 UDisk Monitor; C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe [405504 2010-11-08] ()
    2 UI Assistant Service; C:\Program Files (x86)\Reliance 3G\AssistantServices.exe [270672 2011-08-09] ()
    2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2656280 2010-12-22] (Intel Corporation)

    ========================== Drivers (Whitelisted) =============

    1 cnnctfy2; C:\Windows\System32\Drivers\cnnctfy2.sys [31344 2012-01-03] (Connectify)
    2 eamonm; C:\Windows\System32\Drivers\eamonm.sys [202576 2011-08-09] (ESET)
    1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [146432 2011-08-03] (ESET)
    2 epfw; C:\Windows\System32\Drivers\epfw.sys [187632 2011-08-03] (ESET)
    1 EpfwLWF; C:\Windows\System32\Drivers\EpfwLWF.sys [38288 2011-08-03] (ESET)
    0 epfwwfp; C:\Windows\System32\Drivers\epfwwfp.sys [62496 2011-08-03] (ESET)
    3 massfilter; C:\Windows\System32\Drivers\massfilter.sys [11776 2011-03-25] (MBB Incorporated)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
    3 ztemtusbser; C:\Windows\System32\DRIVERS\CT_ZTEMT_U_USBSER.sys [120704 2010-11-03] (ZTEMT Incorporated)

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-21 12:31 - 2012-07-22 02:09 - 00000000 ____D C:\FRST
    2012-07-21 11:50 - 2012-07-21 11:50 - 00000000 ____A C:\Users\Ramkishen\Desktop\lol.log
    2012-07-21 11:49 - 2012-07-21 11:49 - 00000000 ____A C:\Users\Ramkishen\Desktop\gmer.log
    2012-07-21 11:37 - 2012-07-21 11:55 - 00000000 ____D C:\Users\Ramkishen\Desktop\Trojan
    2012-07-21 11:26 - 2012-07-21 11:26 - 00667872 ____A C:\Users\Ramkishen\Desktop\UPDATED 5-step Viruses_Spyware_Malware Preliminary Removal Instructions - TechSpot Forums.mht
    2012-07-21 11:26 - 2012-07-21 11:26 - 00607260 ____R (Swearware) C:\Users\Ramkishen\Desktop\dds.scr
    2012-07-21 11:22 - 2012-07-21 11:22 - 00302592 ____A C:\Users\Ramkishen\Desktop\ufh3ih3c.exe
    2012-07-21 10:26 - 2012-07-21 12:27 - 01437781 ____A (Farbar) C:\Users\Ramkishen\Desktop\FRST64.exe
    2012-07-21 10:12 - 2012-07-21 10:12 - 00000036 ____A C:\Users\Ramkishen\AppData\Local\housecall.guid.cache
    2012-07-21 10:10 - 2012-07-21 10:12 - 02406064 ____A (Trend Micro Inc.) C:\Users\Ramkishen\Desktop\HousecallLauncher64.exe
    2012-07-21 08:43 - 2012-07-21 08:43 - 00000361 ____A C:\rkill.log
    2012-07-21 08:41 - 2012-07-21 08:42 - 01012656 ____A C:\Users\Ramkishen\Downloads\iExplore.exe
    2012-07-21 08:40 - 2012-07-21 08:40 - 00001205 ____A C:\Users\Ramkishen\Downloads\registryfix.reg
    2012-07-21 07:47 - 2012-07-21 07:47 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-07-21 07:43 - 2012-07-21 08:31 - 00000000 ____D C:\Users\All Users\225932FD815043E2B091B697F875F002
    2012-07-21 07:40 - 2012-07-21 07:40 - 00000000 ____D C:\Users\Ramkishen\Desktop\recovery-clockwork-2.5.1.2-galaxys
    2012-07-21 07:39 - 2012-07-21 07:39 - 01804447 ____A C:\Users\Ramkishen\Desktop\recovery-clockwork-2.5.1.2-galaxys.zip
    2012-07-21 06:22 - 2012-07-21 06:22 - 00000000 ____D C:\Users\Ramkishen\Desktop\Phone Backup
    2012-07-21 06:20 - 2012-07-21 06:20 - 01596930 ____A C:\Users\Ramkishen\Desktop\xda-developers - View Single Post - [Firmwares]Official I9000_I9000M Firmwares collection [Latest_ XWJW8, DDJVB, XWJW7].mht
    2012-07-21 06:13 - 2012-07-21 06:13 - 00000000 ____D C:\Users\Ramkishen\Desktop\GT_I9000_ZSJW4_ZSJW1_OZSJW4_Sbl
    2012-07-21 05:30 - 2012-07-21 06:12 - 161403811 ____A C:\Users\Ramkishen\Desktop\GT_I9000_ZSJW4_ZSJW1_OZSJW4_Sbl.7z
    2012-07-21 05:28 - 2012-07-21 05:28 - 00160881 ____A C:\Users\Ramkishen\Desktop\Odin v1.82_and_512.pit_513.pit_803.pit_files.7z
    2012-07-21 05:28 - 2012-07-21 05:28 - 00000000 ____D C:\Users\Ramkishen\Desktop\Odin v1.82_and_512.pit_513.pit_803.pit_files
    2012-07-21 05:05 - 2012-07-21 05:05 - 00000000 ____D C:\Users\Ramkishen\Desktop\Odin3 v1.85
    2012-07-21 05:03 - 2012-07-21 05:04 - 05487403 ____A C:\Users\Ramkishen\Desktop\Odin3 v1.85.rar
    2012-07-21 04:35 - 2012-07-21 04:35 - 00193404 ____A C:\Users\Ramkishen\Desktop\mts.xps
    2012-07-21 04:30 - 2012-07-21 04:30 - 00006215 ____A C:\debug1214.txt
    2012-07-21 04:30 - 2012-07-21 04:30 - 00001940 ____A C:\Users\Public\Desktop\Reliance 3G.lnk
    2012-07-21 04:30 - 2011-03-25 21:07 - 00123520 ____A (ZTE Incorporated) C:\Windows\System32\Drivers\ZTEusbser6k.sys
    2012-07-21 04:30 - 2011-03-25 21:07 - 00123520 ____A (ZTE Incorporated) C:\Windows\System32\Drivers\ZTEusbnmea.sys
    2012-07-21 04:30 - 2011-03-25 21:07 - 00123520 ____A (ZTE Incorporated) C:\Windows\System32\Drivers\ZTEusbmdm6k.sys
    2012-07-21 04:30 - 2011-03-25 21:07 - 00011776 ____A (MBB Incorporated) C:\Windows\System32\Drivers\massfilter.sys
    2012-07-21 04:29 - 2012-07-21 04:31 - 00000000 ____D C:\Program Files (x86)\Reliance 3G
    2012-07-21 04:29 - 2012-07-21 04:30 - 00000000 ____D C:\Windows\SysWOW64\SupportAppCB
    2012-07-20 16:13 - 2012-07-20 16:13 - 00208034 ____A C:\Users\Ramkishen\Desktop\MTS.mht
    2012-07-20 14:37 - 2012-07-20 14:37 - 00262144 ____A C:\Windows\Minidump\072112-28236-01.dmp
    2012-07-20 13:18 - 2012-07-20 13:18 - 00000022 ____A C:\Users\Ramkishen\Desktop\Mts Number.txt
    2012-07-19 12:52 - 2012-07-19 12:52 - 00000000 ____D C:\Users\Ramkishen\Desktop\com.sec.android.app.memo-20120710-220834
    2012-07-19 12:52 - 2012-07-10 14:08 - 00027751 ____A C:\Users\Ramkishen\Desktop\com.sec.android.app.memo-20120710-220834.tar.gz
    2012-07-18 16:32 - 2012-07-21 05:06 - 00000000 ____D C:\Users\Ramkishen\Desktop\clockworkmod
    2012-07-18 15:25 - 2012-07-18 15:26 - 00444684 ____A C:\Users\Ramkishen\Desktop\cm-9-20120718-EXPERIMENTAL-galaxysmtd-stk.zip
    2012-07-18 14:41 - 2012-07-02 07:32 - 00048543 ____A C:\Users\Ramkishen\Desktop\pirate-1341262968465.jpeg
    2012-07-10 14:03 - 2012-07-10 14:03 - 00950058 ____A C:\Users\Ramkishen\Desktop\FULL - DarkyROM v11.0 Black Edition [Android 4.0.4 ICS] _ DarkyROM.mht
    2012-07-10 12:51 - 2012-07-10 12:51 - 00719839 ____A C:\Users\Ramkishen\Desktop\IndianOfficer - [Toppers Interview] Arvind Menon (AIR 201_CSE 2011).mht
    2012-07-08 07:08 - 2012-07-08 07:35 - 00000000 ____D C:\Users\Ramkishen\AppData\Roaming\LifeSignMini
    2012-07-08 07:08 - 2012-07-08 07:08 - 00000000 ____D C:\Program Files (x86)\LifeSignMini
    2012-07-08 07:08 - 2000-01-23 15:31 - 00013312 ____A (Inprise Corporation) C:\Windows\SysWOW64\borlndmm.dll
    2012-07-04 16:25 - 2012-07-18 13:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-04 16:25 - 2012-07-17 18:04 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-04 16:25 - 2012-07-04 16:25 - 00000000 ____D C:\Users\Ramkishen\AppData\Roaming\Malwarebytes
    2012-07-04 16:25 - 2012-07-04 16:25 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-07-04 16:25 - 2012-07-03 00:16 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-04 16:00 - 2012-07-04 16:03 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Ramkishen\Desktop\mbam-setup-1.61.0.1400.exe
    2012-07-04 13:15 - 2012-07-04 13:16 - 00000000 ____D C:\Users\Ramkishen\AppData\Local\{A4BAEAC2-2EC3-49D1-AF12-89E40E42895D}
    2012-07-04 13:15 - 2012-07-04 13:15 - 00000000 ____D C:\Users\Ramkishen\AppData\Local\{E9290719-751C-4D8A-8F5C-8EB71508AF85}
    2012-07-04 13:15 - 2012-07-04 13:15 - 00000000 ____D C:\Users\Ramkishen\AppData\Local\{BBEBDF4A-8FEF-4D6A-B0F2-C3E5CD2153DC}
    2012-07-03 13:24 - 2012-07-03 13:24 - 00060066 ____A C:\Users\Ramkishen\Desktop\lol.xps
    2012-07-03 10:43 - 2012-07-03 10:43 - 00749793 ____A C:\Users\Ramkishen\Desktop\Mrunal.mht
    2012-07-01 13:07 - 2012-07-01 13:07 - 00000000 ____D C:\Users\Ramkishen\Desktop\586643
    2012-07-01 12:58 - 2012-07-01 12:58 - 00029568 ____A C:\Users\Ramkishen\Desktop\586643.zip
    2012-06-28 11:35 - 2012-06-28 11:35 - 00000000 ____D C:\Users\Ramkishen\AppData\Local\Macromedia
    2012-06-27 13:02 - 2012-06-27 13:02 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-06-24 13:56 - 2012-06-24 13:56 - 00001333 ____A C:\Users\Ramkishen\Desktop\Sticky Notes.txt

    ============ 3 Months Modified Files ========================

    2012-07-21 12:31 - 2011-08-04 22:22 - 01971192 ____A C:\Windows\WindowsUpdate.log
    2012-07-21 12:31 - 2009-07-13 21:13 - 00714580 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-21 12:27 - 2012-07-21 10:26 - 01437781 ____A (Farbar) C:\Users\Ramkishen\Desktop\FRST64.exe
    2012-07-21 12:21 - 2012-02-16 15:10 - 00000924 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1930665232-349164325-645168838-1000UA.job
    2012-07-21 11:50 - 2012-07-21 11:50 - 00000000 ____A C:\Users\Ramkishen\Desktop\lol.log
    2012-07-21 11:49 - 2012-07-21 11:49 - 00000000 ____A C:\Users\Ramkishen\Desktop\gmer.log
    2012-07-21 11:49 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-21 11:49 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-21 11:42 - 2012-02-28 08:17 - 01638912 __ASH C:\Users\Ramkishen\Desktop\Thumbs.db
    2012-07-21 11:39 - 2010-11-20 19:47 - 00235206 ____A C:\Windows\PFRO.log
    2012-07-21 11:39 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-21 11:39 - 2009-07-13 20:51 - 00091437 ____A C:\Windows\setupact.log
    2012-07-21 11:26 - 2012-07-21 11:26 - 00667872 ____A C:\Users\Ramkishen\Desktop\UPDATED 5-step Viruses_Spyware_Malware Preliminary Removal Instructions - TechSpot Forums.mht
    2012-07-21 11:26 - 2012-07-21 11:26 - 00607260 ____R (Swearware) C:\Users\Ramkishen\Desktop\dds.scr
    2012-07-21 11:22 - 2012-07-21 11:22 - 00302592 ____A C:\Users\Ramkishen\Desktop\ufh3ih3c.exe
    2012-07-21 10:12 - 2012-07-21 10:12 - 00000036 ____A C:\Users\Ramkishen\AppData\Local\housecall.guid.cache
    2012-07-21 10:12 - 2012-07-21 10:10 - 02406064 ____A (Trend Micro Inc.) C:\Users\Ramkishen\Desktop\HousecallLauncher64.exe
    2012-07-21 08:43 - 2012-07-21 08:43 - 00000361 ____A C:\rkill.log
    2012-07-21 08:42 - 2012-07-21 08:41 - 01012656 ____A C:\Users\Ramkishen\Downloads\iExplore.exe
    2012-07-21 08:40 - 2012-07-21 08:40 - 00001205 ____A C:\Users\Ramkishen\Downloads\registryfix.reg
    2012-07-21 07:39 - 2012-07-21 07:39 - 01804447 ____A C:\Users\Ramkishen\Desktop\recovery-clockwork-2.5.1.2-galaxys.zip
    2012-07-21 06:20 - 2012-07-21 06:20 - 01596930 ____A C:\Users\Ramkishen\Desktop\xda-developers - View Single Post - [Firmwares]Official I9000_I9000M Firmwares collection [Latest_ XWJW8, DDJVB, XWJW7].mht
    2012-07-21 06:12 - 2012-07-21 05:30 - 161403811 ____A C:\Users\Ramkishen\Desktop\GT_I9000_ZSJW4_ZSJW1_OZSJW4_Sbl.7z
    2012-07-21 05:28 - 2012-07-21 05:28 - 00160881 ____A C:\Users\Ramkishen\Desktop\Odin v1.82_and_512.pit_513.pit_803.pit_files.7z
    2012-07-21 05:21 - 2012-02-16 15:10 - 00000872 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1930665232-349164325-645168838-1000Core.job
    2012-07-21 05:04 - 2012-07-21 05:03 - 05487403 ____A C:\Users\Ramkishen\Desktop\Odin3 v1.85.rar
    2012-07-21 04:38 - 2012-02-26 13:53 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2012-07-21 04:38 - 2012-01-07 06:34 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
    2012-07-21 04:35 - 2012-07-21 04:35 - 00193404 ____A C:\Users\Ramkishen\Desktop\mts.xps
    2012-07-21 04:30 - 2012-07-21 04:30 - 00006215 ____A C:\debug1214.txt
    2012-07-21 04:30 - 2012-07-21 04:30 - 00001940 ____A C:\Users\Public\Desktop\Reliance 3G.lnk
    2012-07-20 16:13 - 2012-07-20 16:13 - 00208034 ____A C:\Users\Ramkishen\Desktop\MTS.mht
    2012-07-20 14:37 - 2012-07-20 14:37 - 00262144 ____A C:\Windows\Minidump\072112-28236-01.dmp
    2012-07-20 14:37 - 2012-03-26 11:00 - 517780083 ____A C:\Windows\MEMORY.DMP
    2012-07-20 13:18 - 2012-07-20 13:18 - 00000022 ____A C:\Users\Ramkishen\Desktop\Mts Number.txt
    2012-07-18 15:26 - 2012-07-18 15:25 - 00444684 ____A C:\Users\Ramkishen\Desktop\cm-9-20120718-EXPERIMENTAL-galaxysmtd-stk.zip
    2012-07-17 18:04 - 2012-07-04 16:25 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-14 10:31 - 2012-02-05 03:45 - 00000348 ____A C:\Windows\Tasks\HPCeeScheduleForRamkishen.job
    2012-07-10 14:08 - 2012-07-19 12:52 - 00027751 ____A C:\Users\Ramkishen\Desktop\com.sec.android.app.memo-20120710-220834.tar.gz
    2012-07-10 14:03 - 2012-07-10 14:03 - 00950058 ____A C:\Users\Ramkishen\Desktop\FULL - DarkyROM v11.0 Black Edition [Android 4.0.4 ICS] _ DarkyROM.mht
    2012-07-10 12:51 - 2012-07-10 12:51 - 00719839 ____A C:\Users\Ramkishen\Desktop\IndianOfficer - [Toppers Interview] Arvind Menon (AIR 201_CSE 2011).mht
    2012-07-10 12:35 - 2009-07-13 20:45 - 00280656 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-08 07:49 - 2011-12-29 17:59 - 00062584 ____A C:\Users\Ramkishen\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-07-04 16:03 - 2012-07-04 16:00 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Ramkishen\Desktop\mbam-setup-1.61.0.1400.exe
    2012-07-03 13:24 - 2012-07-03 13:24 - 00060066 ____A C:\Users\Ramkishen\Desktop\lol.xps
    2012-07-03 10:43 - 2012-07-03 10:43 - 00749793 ____A C:\Users\Ramkishen\Desktop\Mrunal.mht
    2012-07-03 00:16 - 2012-07-04 16:25 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-02 07:32 - 2012-07-18 14:41 - 00048543 ____A C:\Users\Ramkishen\Desktop\pirate-1341262968465.jpeg
    2012-07-01 12:58 - 2012-07-01 12:58 - 00029568 ____A C:\Users\Ramkishen\Desktop\586643.zip
    2012-06-30 07:35 - 2009-07-13 21:08 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-06-27 13:02 - 2012-06-27 13:02 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-06-27 13:02 - 2012-01-03 12:55 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-06-24 13:56 - 2012-06-24 13:56 - 00001333 ____A C:\Users\Ramkishen\Desktop\Sticky Notes.txt
    2012-06-05 09:44 - 2012-06-05 09:44 - 00262144 ____A C:\Windows\Minidump\060512-18673-01.dmp
    2012-06-05 08:06 - 2012-06-05 08:06 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
    2012-06-05 08:06 - 2012-06-05 08:06 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
    2012-06-05 08:06 - 2012-06-05 08:06 - 00122904 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
    2012-06-05 08:06 - 2012-06-05 08:06 - 00109080 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
    2012-05-25 14:33 - 2012-05-25 14:33 - 00000041 ____A C:\Users\Ramkishen\ziprecovery.ini
    2012-05-03 11:12 - 2009-07-13 18:34 - 00442904 ___RA C:\Windows\System32\Drivers\etc\hosts.20120531-154536.backup

    ZeroAccess:
    C:\Windows\Installer\{15ed997a-015b-a3dd-c9ad-79cff7e943cd}
    C:\Windows\Installer\{15ed997a-015b-a3dd-c9ad-79cff7e943cd}\@
    C:\Windows\Installer\{15ed997a-015b-a3dd-c9ad-79cff7e943cd}\L
    C:\Windows\Installer\{15ed997a-015b-a3dd-c9ad-79cff7e943cd}\U
    C:\Windows\Installer\{15ed997a-015b-a3dd-c9ad-79cff7e943cd}\U\00000001.@
    C:\Windows\Installer\{15ed997a-015b-a3dd-c9ad-79cff7e943cd}\U\800000cb.@

    ZeroAccess:
    C:\Users\Ramkishen\AppData\Local\{15ed997a-015b-a3dd-c9ad-79cff7e943cd}
    C:\Users\Ramkishen\AppData\Local\{15ed997a-015b-a3dd-c9ad-79cff7e943cd}\@
    C:\Users\Ramkishen\AppData\Local\{15ed997a-015b-a3dd-c9ad-79cff7e943cd}\L
    C:\Users\Ramkishen\AppData\Local\{15ed997a-015b-a3dd-c9ad-79cff7e943cd}\U

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 17%
    Total physical RAM: 4043.86 MB
    Available physical RAM: 3317.14 MB
    Total Pagefile: 4042.01 MB
    Available Pagefile: 3305.16 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:582.17 GB) (Free:172.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive e: (RECOVERY) (Fixed) (Total:13.7 GB) (Free:1.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
    4 Drive g: () (Removable) (Total:13.23 GB) (Free:2.73 GB) FAT32
    7 Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS
    8 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 596 GB 0 B
    Disk 1 Online 13 GB 0 B
    Disk 2 No Media 0 B 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 199 MB 1024 KB
    Partition 2 Primary 582 GB 200 MB
    Partition 3 Primary 13 GB 582 GB
    Partition 4 Primary 103 MB 596 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 582 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E RECOVERY NTFS Partition 13 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 4
    Type : 0C
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    * Partition 1 Primary 13 GB 0 B

    ==================================================================================

    Disk: 1
    There is no partition selected.

    There is no partition selected.
    Please select a partition and try again.

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-18 16:23

    ======================= End Of Log ==========================
  6. Broni

    Broni Malware Annihilator Posts: 46,808   +254

    In Vista or Windows 7: Boot to System Recovery Options and run FRST.
    In Windows XP: Please boot to UBCD and run FRST.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes to your reply.
  7. rkbmonk

    rkbmonk TS Rookie Topic Starter Posts: 21

    Here it is as you guided

    Farbar Recovery Scan Tool Version: 20-07-2012 01
    Ran by SYSTEM at 2012-07-22 02:42:47
    Running from G:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

    ====== End Of Search ======
  8. rkbmonk

    rkbmonk TS Rookie Topic Starter Posts: 21

  9. rkbmonk

    rkbmonk TS Rookie Topic Starter Posts: 21

    Here is one more link to an image http://postimage.org/image/8zd82ctjp/ where in eset nod quarantine , shows the viruses it has quarantined today , which includes win64/sirefef.AL trojan , win64/sirefef.w trojan and win64/Patched.B.gen trojan ..(also one more
    a variant ofwin32/adware.systemSecurity.Al application)
  10. Broni

    Broni Malware Annihilator Posts: 46,808   +254

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

    Attached Files:

  11. rkbmonk

    rkbmonk TS Rookie Topic Starter Posts: 21

    As you guided , here are the logs
    Fixlog
    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-07-2012 01
    Ran by SYSTEM at 2012-07-22 03:39:36 Run:1
    Running from G:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
    C:\Windows\Installer\{15ed997a-015b-a3dd-c9ad-79cff7e943cd} moved successfully.
    C:\Users\Ramkishen\AppData\Local\{15ed997a-015b-a3dd-c9ad-79cff7e943cd} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====

    And Combofix LOG
    ComboFix 12-07-21.01 - Ramkishen 22-07-2012 3:50.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.91.1033.18.4044.2399 [GMT 5.5:30]
    Running from: c:\users\Ramkishen\Desktop\ComboFix.exe
    AV: ESET Smart Security 5.0 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    SP: ESET Smart Security 5.0 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\SysWow64\tmpA821.tmp
    c:\windows\SysWow64\tmpA841.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-21 to 2012-07-21 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-21 20:31 . 2012-07-22 10:09 -------- d-----w- C:\FRST
    2012-07-21 15:47 . 2012-07-21 15:47 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-07-21 15:43 . 2012-07-21 16:31 -------- d-----w- c:\programdata\225932FD815043E2B091B697F875F002
    2012-07-21 12:30 . 2011-03-26 05:07 123520 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
    2012-07-21 12:30 . 2011-03-26 05:07 123520 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
    2012-07-21 12:30 . 2011-03-26 05:07 123520 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
    2012-07-21 12:30 . 2011-03-26 05:07 11776 ----a-w- c:\windows\system32\drivers\massfilter.sys
    2012-07-21 12:29 . 2012-07-21 12:30 -------- d-----w- c:\windows\SysWow64\SupportAppCB
    2012-07-21 12:29 . 2012-07-21 12:31 -------- d-----w- c:\program files (x86)\Reliance 3G
    2012-07-08 15:08 . 2000-01-23 23:31 13312 ----a-w- c:\windows\SysWow64\borlndmm.dll
    2012-07-08 15:08 . 2012-07-08 15:35 -------- d-----w- c:\users\Ramkishen\AppData\Roaming\LifeSignMini
    2012-07-08 15:08 . 2012-07-08 15:08 -------- d-----w- c:\program files (x86)\LifeSignMini
    2012-07-05 00:25 . 2012-07-05 00:25 -------- d-----w- c:\users\Ramkishen\AppData\Roaming\Malwarebytes
    2012-07-05 00:25 . 2012-07-05 00:25 -------- d-----w- c:\programdata\Malwarebytes
    2012-07-05 00:25 . 2012-07-18 21:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-05 00:25 . 2012-07-03 08:16 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-28 19:35 . 2012-06-28 19:35 -------- d-----w- c:\users\Ramkishen\AppData\Local\Macromedia
    2012-06-27 21:02 . 2012-06-27 21:02 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-27 21:02 . 2012-01-03 20:55 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-05 16:06 . 2012-06-05 16:06 466456 ----a-w- c:\windows\system32\wrap_oal.dll
    2012-06-05 16:06 . 2012-06-05 16:06 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
    2012-06-05 16:06 . 2012-06-05 16:06 122904 ----a-w- c:\windows\system32\OpenAL32.dll
    2012-06-05 16:06 . 2012-06-05 16:06 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
    "HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
    "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
    "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-30 343168]
    "UIExec"="c:\program files (x86)\Reliance 3G\UIExec.exe" [2011-08-09 153424]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    .
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-12 36328]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
    R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2011-02-28 1189968]
    R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [2010-06-30 52736]
    R3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [2011-02-09 486144]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
    R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-03-26 11776]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-12 157672]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-12 16872]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-12 177640]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-05 1255736]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
    R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [2010-11-04 120704]
    R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-09-05 64952]
    R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
    R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]
    S1 cnnctfy2;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy2.sys [2012-01-03 31344]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
    S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-30 204288]
    S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2011-02-16 680016]
    S2 Connectify;Connectify;c:\program files (x86)\Connectify\ConnectifyService.exe [2012-02-24 69632]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-27 821664]
    S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
    S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-18 265544]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
    S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-04-14 624856]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]
    S2 UDisk Monitor;UDisk Monitor;c:\program files\MBlaze UI\bin\MonServiceUDisk.exe [2010-11-08 405504]
    S2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\Reliance 3G\AssistantServices.exe [2011-08-09 270672]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-09-30 9981952]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-09-30 310272]
    S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2011-02-09 4151376]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-08-05 1028096]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
    S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-08-09 12289472]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2011-03-07 1353280]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-01-13 333928]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-02 721768]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-02 269672]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-02 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-02 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1930665232-349164325-645168838-1000Core.job
    - c:\users\Ramkishen\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-16 23:10]
    .
    2012-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1930665232-349164325-645168838-1000UA.job
    - c:\users\Ramkishen\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-16 23:10]
    .
    2012-07-14 c:\windows\Tasks\HPCeeScheduleForRamkishen.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448]
    "BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2011-02-16 21709904]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
    TCP: DhcpNameServer = 192.168.43.1
    TCP: Interfaces\{8AF95CD4-6361-4B12-BFA6-6F25C56E78D1}: NameServer = 208.67.222.222,208.67.220.220
    DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxp://mumbai.enerconindia.net/dwa85W.cab
    FF - ProfilePath - c:\users\Ramkishen\AppData\Roaming\Mozilla\Firefox\Profiles\jo03j4pi.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Connectify\ConnectifyD.exe
    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
    c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-22 04:00:39 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-21 22:30
    .
    Pre-Run: 185,032,290,304 bytes free
    Post-Run: 185,709,551,616 bytes free
    .
    - - End Of File - - 3328868CDF96EC08850FF9EA39AECF3E
     
  12. Broni

    Broni Malware Annihilator Posts: 46,808   +254

    Looks good :)

    Any current issues?

    =================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ===================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  13. rkbmonk

    rkbmonk TS Rookie Topic Starter Posts: 21

    No more random Eset Notifications or when I approach services.exe file...
    Thx a TON Broni (y) for your patience and your quick reply ... You are a life saver :D :D:D
  14. Broni

    Broni Malware Annihilator Posts: 46,808   +254

  15. rkbmonk

    rkbmonk TS Rookie Topic Starter Posts: 21

    Hey Broni sry to be bothering you again , but the problem is back :oops::oops::oops:
  16. Broni

    Broni Malware Annihilator Posts: 46,808   +254

    What exactly is happening?
  17. rkbmonk

    rkbmonk TS Rookie Topic Starter Posts: 21

    Again services.exe , randomely popped and while running a malwarebytes full scan , it has already detected one infection , will post the log once it is done with ... And , I was checking under eset quarantine page , it showed me a virus called win64/sirefef.AL trojan , next to the win64/patched.B.Gen trojan
  18. Broni

    Broni Malware Annihilator Posts: 46,808   +254

    What file(s) is indicated and it what location?
    It may be already quarantined by FRST.
  19. rkbmonk

    rkbmonk TS Rookie Topic Starter Posts: 21

    Shall I delete the services.exe manually from the system32 folder ?
    and whats happening is that when I run a quick scan from malware bytes , there is no infection detected , but when I run a full scan , it is then an infection is being detected ... Will post the log as soon as it is done with ...
  20. Broni

    Broni Malware Annihilator Posts: 46,808   +254

    Absolutely not.

    I need you to answer my question:
  21. rkbmonk

    rkbmonk TS Rookie Topic Starter Posts: 21

    you mean which file is being indicated on malware bytes or Eset quarantine page ? ( Malware Bytes full system scan is not showing the file path name of the infected file , will post the infected path soon as the scan is finisht and rebooted (another 10min) )
  22. Broni

    Broni Malware Annihilator Posts: 46,808   +254

    That's fine but what does Eset complain about?
  23. rkbmonk

    rkbmonk TS Rookie Topic Starter Posts: 21

    Eset notification popped up , just the once after we concluded that the problem was solved , but when I clicked delete , it did not give me the error , which it gave earlier of "error deleting , retry " and it cancelled .... Aha done with malware bytes and lol it showing the path of infection as C:\FRST\Quarantine\{15ed997a-015b-a3dd-c9ad-79cff7e943cd}\U\800000cb.@ (Rootkit.0Access) -> , lol , I guess this is not a problem at all .... Removing and restarting .. BRB
  24. Broni

    Broni Malware Annihilator Posts: 46,808   +254

    Yeah, That's not a problem.

    When done with MBAM go ahead with OTL (my reply #12).
    rkbmonk likes this.
  25. rkbmonk

    rkbmonk TS Rookie Topic Starter Posts: 21

    This is the OTL log
    OTL logfile created on: 7/22/2012 5:09:45 AM - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Ramkishen\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

    3.95 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 65.29% Memory free
    7.90 Gb Paging File | 6.37 Gb Available in Paging File | 80.70% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 582.17 Gb Total Space | 173.07 Gb Free Space | 29.73% Space Free | Partition Type: NTFS
    Drive D: | 13.70 Gb Total Space | 1.53 Gb Free Space | 11.18% Space Free | Partition Type: NTFS

    Computer Name: RAMKISHEN-HP | User Name: Ramkishen | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/22 04:19:42 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Ramkishen\Desktop\OTL.exe
    PRC - [2012/04/15 03:01:47 | 000,624,856 | ---- | M] (Pandora.TV) -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
    PRC - [2012/02/25 04:46:56 | 000,278,344 | ---- | M] (Connectify) -- C:\Program Files (x86)\Connectify\Connectifyd.exe
    PRC - [2012/02/25 04:46:40 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Connectify\ConnectifyService.exe
    PRC - [2011/10/01 01:03:32 | 000,343,168 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    PRC - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    PRC - [2011/08/09 16:24:36 | 000,270,672 | ---- | M] () -- C:\Program Files (x86)\Reliance 3G\AssistantServices.exe
    PRC - [2011/08/09 16:24:36 | 000,153,424 | ---- | M] () -- C:\Program Files (x86)\Reliance 3G\UIExec.exe
    PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2011/03/09 00:51:10 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    PRC - [2011/02/25 23:16:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    PRC - [2011/02/18 11:18:24 | 000,265,544 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    PRC - [2011/02/18 11:18:12 | 000,642,888 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
    PRC - [2011/02/18 11:17:58 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
    PRC - [2011/02/16 04:19:04 | 000,094,264 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
    PRC - [2011/02/09 08:33:14 | 001,503,824 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
    PRC - [2011/01/28 01:08:04 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    PRC - [2011/01/13 07:30:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2010/11/17 23:23:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    PRC - [2010/11/10 03:50:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    PRC - [2010/11/10 03:50:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    PRC - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/03/02 05:11:58 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\153c1fa0ba6bf174f7062436f8d2819b\IAStorUtil.ni.dll
    MOD - [2012/03/02 02:08:56 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4d647a4e0ce0b7208caa93682688941d\System.Runtime.Remoting.ni.dll
    MOD - [2012/03/02 02:08:31 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\b53dffac744d13ee946b0ff35fc32936\System.Windows.Forms.ni.dll
    MOD - [2012/03/02 02:08:26 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\35de7085545a1fb86ec40d2da9865258\System.Drawing.ni.dll
    MOD - [2012/03/02 02:08:07 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\300f30d2de5fa69357f9ec5f8b5f4887\System.Xml.ni.dll
    MOD - [2012/03/02 02:08:04 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\63819660962a7c4dc4f2a3eebcf8070c\System.Configuration.ni.dll
    MOD - [2012/03/02 02:08:03 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\4ccd2bbe37da506b69dd689f06d749a2\System.ni.dll
    MOD - [2011/12/31 19:21:18 | 011,491,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\4c2b00c9c2f2109037cd39d7b7a81633\mscorlib.ni.dll
    MOD - [2011/08/09 16:24:36 | 000,153,424 | ---- | M] () -- C:\Program Files (x86)\Reliance 3G\UIExec.exe


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/09/30 22:06:14 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
    SRV:64bit: - [2011/08/05 11:54:45 | 001,028,096 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
    SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
    SRV:64bit: - [2011/03/11 15:53:16 | 000,297,984 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2011/03/01 03:32:30 | 001,189,968 | ---- | M] (Motorola Solutions, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe -- (Bluetooth Media Service)
    SRV:64bit: - [2011/02/16 09:06:28 | 000,680,016 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
    SRV:64bit: - [2011/02/09 08:28:34 | 004,151,376 | ---- | M] (Motorola Solutions, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe -- (Bluetooth Device Manager)
    SRV:64bit: - [2010/11/08 15:47:16 | 000,405,504 | ---- | M] () [Auto | Running] -- C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe -- (UDisk Monitor)
    SRV:64bit: - [2010/10/11 15:18:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
    SRV:64bit: - [2010/09/23 06:40:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/14 07:11:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/03/03 16:12:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
    SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/04/15 03:01:47 | 000,624,856 | ---- | M] (Pandora.TV) [Auto | Running] -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe -- (PanService)
    SRV - [2012/02/25 04:46:40 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Connectify\ConnectifyService.exe -- (Connectify)
    SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2011/09/05 10:04:54 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/08/09 16:24:36 | 000,270,672 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Reliance 3G\AssistantServices.exe -- (UI Assistant Service)
    SRV - [2011/08/05 11:54:44 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2011/03/02 09:53:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/25 23:16:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2011/02/18 11:18:24 | 000,265,544 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
    SRV - [2011/02/16 04:18:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
    SRV - [2011/01/13 07:30:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
    SRV - [2010/12/23 01:55:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2010/12/23 01:54:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2010/11/10 03:50:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
    SRV - [2010/10/12 23:29:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2009/06/11 02:53:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/03/01 12:16:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/01/04 01:11:53 | 000,031,344 | ---- | M] (Connectify) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cnnctfy2.sys -- (cnnctfy2)
    DRV:64bit: - [2011/11/15 09:20:14 | 000,125,376 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
    DRV:64bit: - [2011/10/01 00:58:34 | 009,981,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/09/30 21:28:46 | 000,310,272 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/08/09 14:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
    DRV:64bit: - [2011/08/09 08:32:02 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
    DRV:64bit: - [2011/08/04 09:20:38 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
    DRV:64bit: - [2011/08/04 09:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
    DRV:64bit: - [2011/08/04 09:20:38 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
    DRV:64bit: - [2011/08/04 09:20:38 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
    DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
    DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
    DRV:64bit: - [2011/05/13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
    DRV:64bit: - [2011/05/13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
    DRV:64bit: - [2011/05/13 03:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
    DRV:64bit: - [2011/05/13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
    DRV:64bit: - [2011/03/26 10:37:12 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
    DRV:64bit: - [2011/03/26 10:37:12 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
    DRV:64bit: - [2011/03/26 10:37:12 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
    DRV:64bit: - [2011/03/26 10:37:12 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
    DRV:64bit: - [2011/03/11 15:53:16 | 000,521,728 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2011/03/11 12:11:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 12:11:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/03/07 22:25:00 | 001,353,280 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
    DRV:64bit: - [2011/02/17 06:41:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/02/09 07:32:04 | 000,486,144 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmusb.sys -- (BTMUSB)
    DRV:64bit: - [2011/01/13 07:21:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2011/01/13 05:40:44 | 000,333,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
    DRV:64bit: - [2010/12/17 07:58:38 | 001,403,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010/12/11 03:20:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:64bit: - [2010/12/11 03:20:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:64bit: - [2010/11/21 08:54:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/21 08:53:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/11/21 08:53:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/21 08:53:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/11/11 01:11:50 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
    DRV:64bit: - [2010/11/11 01:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
    DRV:64bit: - [2010/11/11 01:11:50 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
    DRV:64bit: - [2010/11/04 09:40:50 | 000,120,704 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
    DRV:64bit: - [2010/10/20 06:04:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
    DRV:64bit: - [2010/10/15 14:58:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
    DRV:64bit: - [2010/07/28 21:43:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
    DRV:64bit: - [2010/06/30 23:32:30 | 000,052,736 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmcom.sys -- (BTMCOM)
    DRV:64bit: - [2009/12/02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2009/12/02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2009/12/02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2009/12/02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2009/07/14 07:22:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 07:18:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 07:15:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/14 05:39:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
    DRV:64bit: - [2009/06/11 02:31:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/11 02:31:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/11 02:31:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/11 02:05:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
    DRV:64bit: - [2009/06/11 02:04:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2009/06/11 02:04:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/11 02:04:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/11 02:04:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/11 02:01:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV - [2009/07/14 06:49:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/26
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://in.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/26
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://in.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1930665232-349164325-645168838-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/26
    IE - HKU\S-1-5-21-1930665232-349164325-645168838-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-1930665232-349164325-645168838-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-1930665232-349164325-645168838-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE - HKU\S-1-5-21-1930665232-349164325-645168838-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://in.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE - HKU\S-1-5-21-1930665232-349164325-645168838-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKU\S-1-5-21-1930665232-349164325-645168838-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1930665232-349164325-645168838-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Ramkishen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Ramkishen\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ramkishen\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ramkishen\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2012/03/01 21:12:56 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/14 08:45:48 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/03/01 21:12:56 | 000,000,000 | ---D | M]

    [2012/04/14 08:46:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ramkishen\AppData\Roaming\Mozilla\Extensions
    [2012/07/03 23:57:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ramkishen\AppData\Roaming\Mozilla\Firefox\Profiles\jo03j4pi.default\extensions
    [2012/04/15 02:54:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/04/15 02:54:06 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com
    [2012/07/03 23:57:03 | 000,049,880 | ---- | M] () (No name found) -- C:\USERS\RAMKISHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JO03J4PI.DEFAULT\EXTENSIONS\ADMIN@INDIARAILINFO.COM.XPI
    [2012/03/13 10:09:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/03/13 10:08:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/03/13 10:08:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/07/22 03:56:37 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKU\S-1-5-21-1930665232-349164325-645168838-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll (Motorola Solutions, Inc.)
    O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
    O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\Reliance 3G\UIExec.exe ()
    O4 - HKU\S-1-5-21-1930665232-349164325-645168838-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1930665232-349164325-645168838-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1930665232-349164325-645168838-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 32
    O7 - HKU\S-1-5-21-1930665232-349164325-645168838-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9:64bit: - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
    O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
    O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} http://mumbai.enerconindia.net/dwa85W.cab (IBM Lotus iNotes 8.5 Control)
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.43.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F4926B1-887D-4CAD-A161-D57BA1A76CC6}: DhcpNameServer = 192.168.42.129
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33AC5963-D549-4DE0-8628-47845262A8CA}: DhcpNameServer = 192.168.42.129
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AF95CD4-6361-4B12-BFA6-6F25C56E78D1}: DhcpNameServer = 192.168.43.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AF95CD4-6361-4B12-BFA6-6F25C56E78D1}: NameServer = 208.67.222.222,208.67.220.220
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8C899AC-989A-442A-92B1-D0DC2FDF0CD1}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D85FD2B1-072B-4E9B-AA96-F8E757BA9084}: DhcpNameServer = 192.168.42.129
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.