Infection: sirefef.r, sirefef.ab, sirefef.ah

Solved
By sapphireX
Jul 8, 2012
Topic Status:
Not open for further replies.
  1. hello, hi Techspot,
    I currently have a problem with the sirefef.r, sirefef.ab and sirefef.ah.
    when windows start it say critical error restart in one minutes.
    I'm using Windows 7, 32-bit. currently I online in Ubuntu 11.04 (dual boot)
    hope these infection can be resolve.
    thank you in advance :)
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.
    Download Farbar Recovery Scan Tool and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there
    • Press Scan button.
    • type exit and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.
  3. sapphireX

    sapphireX Newcomer, in training Topic Starter Posts: 27

    This is the log at FRST.txt

    Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 07-07-2012 03
    Ran by SYSTEM at 08-07-2012 20:17:35
    Running from G:\
    Windows 7 Ultimate (X86) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart [1234216 2010-03-25] (Nero AG)
    HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [135168 2009-09-02] (Intel Corporation)
    HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [167424 2009-09-02] (Intel Corporation)
    HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [144384 2009-09-02] (Intel Corporation)
    HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1352272 2010-10-28] (Logitech, Inc.)
    HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [10828392 2011-08-26] (Realtek Semiconductor)
    HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-12] (Microsoft Corporation)
    HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-26] (Apple Inc.)
    HKLM\...\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe [1163272 2009-06-22] (Dritek System Inc.)
    HKLM\...\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe" [278016 2009-02-27] ()
    HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
    HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-01] (Adobe Systems Incorporated)
    HKLM\...\Run: [Simpo PDF Creator Pro Server] "C:\Program Files\Simpo PDF Creator Pro\SpcProSrv.exe" [101376 2010-12-11] (Simpo Technologies)
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
    HKU\SYAH\...\Run: [Akamai NetSession Interface] "C:\Users\SYAH\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-25] (Akamai Technologies, Inc)
    HKU\SYAH\...\Run: [googletalk] C:\Users\SYAH\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart [3739648 2007-01-01] (Google)
    HKU\SYAH\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet [6591800 2012-02-22] (Yahoo! Inc.)
    HKU\SYAH\...\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot [3437976 2011-10-24] (Tonec Inc.)
    HKU\SYAH\...\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" [718720 2011-07-21] (Microsoft Corporation)
    HKU\SYAH\...\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [3672384 2012-04-11] (DT Soft Ltd)
    HKU\SYAH\...\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart [x]
    HKU\SYAH\...\Run: [Connectify] C:\Program Files\Connectify\Connectify.exe [4116296 2012-05-02] (Connectify)
    HKU\SYAH\...\Run: [XSECVA] C:\Users\SYAH\AppData\Roaming\xsecva\xsecva.exe -s [130048 2012-07-07] ()
    HKU\SYAH\...\CurrentVersion\Windows: [Load] C:\TCWIN45\PIPELINE\remind.exe
    Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Startup: C:\Users\SYAH\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
    ShortcutTarget: Stardock ObjectDock.lnk -> C:\Program Files\Stardock\ObjectDockPlus2\ObjectDock.exe (Stardock)

    ================================ Services (Whitelisted) ==================

    3 1394hub; C:\Windows\System32\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)
    2 AIPS; C:\Program Files\netcut\services\AIPS.exe [262144 2011-07-28] (Arcai.com)
    2 BlueSoleilCS; C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [850432 2009-02-27] ()
    3 BsHelpCS; C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [98407 2009-02-27] ()
    2 BsMobileCS; C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe [143467 2009-02-27] ()
    2 Change Modem Device Service; "C:\Windows\system32\ChgService.exe" -service [135168 2009-04-20] ()
    2 Connectify; C:\Program Files\Connectify\ConnectifyService.exe [65536 2012-05-02] ()
    2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
    2 fsproflt; C:\Windows\system32\fsproflt.exe [73392 2009-03-08] (FSPro Labs)
    2 HFGService; C:\Windows\System32\HFGService.dll [356864 2006-11-19] (CSR, plc)
    2 NAUpdate; "C:\Program Files\Nero\Update\NASvc.exe" [490280 2010-03-24] (Nero AG)
    3 npggsvc; C:\Windows\system32\GameMon.des -service [3739080 2010-08-29] (INCA Internet Co., Ltd.)
    3 ose; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [149352 2010-01-09] (Microsoft Corporation)
    3 osppsvc; "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [4640000 2010-01-09] (Microsoft Corporation)
    2 UCStream; C:\Program Files\UCStream\UCStream.exe [57344 2011-11-16] ()
    2 VMAuthdService; "C:\Program Files\VMware\VMware Player\vmware-authd.exe" [79872 2011-11-13] (VMware, Inc.)
    2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [354416 2011-11-13] (VMware, Inc.)
    2 VMUSBArbService; "C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe" [665200 2011-08-29] (VMware, Inc.)
    2 VMware NAT Service; C:\Windows\system32\vmnat.exe [433264 2011-11-13] (VMware, Inc.)
    2 Akamai; c:\program files\common files\akamai/netsession_win_80c2ffa.dll [x]
    2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
    3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]
    3 rpcapd; "C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini" [x]

    ========================== Drivers (Whitelisted) =============

    3 Andbus; C:\Windows\System32\DRIVERS\lgandbus.sys [14336 2010-12-06] (LG Electronics Inc.)
    3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag.sys [20736 2010-12-06] (LG Electronics Inc.)
    3 AndGps; C:\Windows\System32\DRIVERS\lgandgps.sys [20096 2010-12-06] (LG Electronics Inc.)
    3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem.sys [25088 2010-12-06] (LG Electronics Inc.)
    3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23296 2011-04-08] (LG Electronics Inc.)
    3 AndNetGps; C:\Windows\System32\DRIVERS\lgandnetgps.sys [22400 2011-04-08] (LG Electronics Inc.)
    3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [28160 2011-04-08] (LG Electronics Inc.)
    3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis.sys [72192 2011-04-08] (LG Electronics Inc.)
    3 androidusb; C:\Windows\System32\Drivers\lgandadb.sys [25728 2010-08-02] (Google Inc)
    3 apf001; \??\C:\Windows\system32\apf001.sys [13232 2012-01-24] ()
    1 blbdrive; C:\Windows\System32\DRIVERS\BLBDRIVE.SYS [35328 2011-11-01] ()
    3 Bridge; C:\Windows\System32\DRIVERS\bridge.sys [78336 2009-07-13] (Microsoft Corporation)
    3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [39304 2009-01-03] (IVT Corporation.)
    3 BthAudioHF; C:\Windows\System32\DRIVERS\BthAudioHF.sys [29184 2006-11-19] (CSR, plc)
    3 bthav; C:\Windows\System32\drivers\bthav.sys [36352 2006-10-11] (CSR, plc)
    3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [12800 2006-10-11] (CSR, plc)
    0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [20744 2009-01-07] (IVT Corporation.)
    3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [30088 2008-12-06] ()
    3 BTNetFilter; \??\C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys [22416 2006-11-21] (IVT Corporation.)
    3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [103424 2008-10-31] (Mobile Connector)
    1 cnnctfy2; C:\Windows\System32\DRIVERS\cnnctfy2.sys [27248 2011-10-28] (Connectify)
    3 DKbFltr; C:\Windows\System32\DRIVERS\DKbFltr.sys [21000 2009-03-25] (Dritek System Inc.)
    1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-04-15] (DT Soft Ltd)
    0 FSProFilter; C:\Windows\System32\Drivers\FSPFltd.sys [43792 2008-06-05] (FSPro Labs)
    0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
    2 hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [32496 2011-08-29] (VMware, Inc.)
    3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [102784 2008-12-12] (Huawei Technologies Co., Ltd.)
    3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [103040 2008-12-29] (Huawei Technologies Co., Ltd.)
    2 IDMWFP; C:\Windows\System32\DRIVERS\idmwfp.sys [89376 2011-07-06] (Tonec Inc.)
    3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [26248 2008-07-01] (IVT Corporation.)
    3 JMCR; C:\Windows\System32\DRIVERS\jmcr.sys [116136 2009-07-20] (JMicron Technology Corporation)
    3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-28] (Windows (R) Codename Longhorn DDK provider)
    3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [48640 2009-08-22] (Atheros Communications, Inc.)
    3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtport.sys [12160 2009-09-28] (LG Electronics Inc.)
    3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbus.sys [10496 2009-09-28] (LG Electronics Inc.)
    3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmodem.sys [12928 2009-09-28] (LG Electronics Inc.)
    3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28624 2010-08-24] (Logitech, Inc.)
    0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
    3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-13] (Ralink Technology Corp.)
    3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7430144 2010-11-08] (Intel Corporation)
    2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
    3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [4682 2005-01-03] (INCA Internet Co., Ltd.)
    3 NSNDIS5; \??\C:\Windows\system32\NSNDIS5.SYS [17280 2004-03-23] (Printing Communications Assoc., Inc. (PCAUSA))
    3 pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [16472 2011-05-05] ()
    3 pwdspio; \??\C:\Windows\system32\pwdspio.sys [11104 2011-05-05] ()
    2 Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [76288 2004-05-13] (Rainbow Technologies, Inc.)
    0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
    3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25984 2009-12-11] (The OpenVPN Project)
    3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [14856 2008-01-21] (IVT Corporation.)
    3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [31880 2009-01-07] (IVT Corporation.)
    3 VHidMinidrv; C:\Windows\System32\drivers\VHIDMini.sys [17416 2008-12-21] (IVT Corporation.)
    3 vmkbd; \??\C:\Windows\system32\drivers\VMkbd.sys [25584 2011-11-13] (VMware, Inc.)
    3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16624 2011-11-13] (VMware, Inc.)
    2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [36464 2011-11-13] (VMware, Inc.)
    2 VMnetuserif; \??\C:\Windows\system32\drivers\vmnetuserif.sys [25712 2011-11-13] (VMware, Inc.)
    3 vmusb; C:\Windows\System32\Drivers\vmusb.sys [31280 2011-08-29] (VMware, Inc.)
    2 vmx86; \??\C:\Windows\system32\Drivers\vmx86.sys [55664 2011-11-13] (VMware, Inc.)
    3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
    3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [37704 2010-04-26] (Logitech Inc.)
    3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
    3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
    1 aoxzfpti; \??\C:\Windows\system32\drivers\aoxzfpti.sys [x]
    1 ayeueffp; \??\C:\Windows\system32\drivers\ayeueffp.sys [x]
    3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [x]
    3 BTCOM; C:\Windows\System32\DRIVERS\btcomport.sys [x]
    3 BTCOMBUS; C:\Windows\System32\Drivers\btcombus.sys [x]
    3 BzeekDM; C:\Windows\System32\DRIVERS\drone.sys [x]
    3 BzeekDP; C:\Windows\System32\DRIVERS\drone.sys [x]
    1 cbhhguqg; \??\C:\Windows\system32\drivers\cbhhguqg.sys [x]
    1 ccestdch; \??\C:\Windows\system32\drivers\ccestdch.sys [x]
    3 cpuz135; \??\C:\Users\SYAH\AppData\Local\Temp\cpuz135\cpuz135_x32.sys [x]
    3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
    1 ewvolyvb; \??\C:\Windows\system32\drivers\ewvolyvb.sys [x]
    1 exauhrbn; \??\C:\Windows\system32\drivers\exauhrbn.sys [x]
    1 fiohwgri; \??\C:\Windows\system32\drivers\fiohwgri.sys [x]
    3 GarenaPEngine; \??\C:\Users\SYAH\AppData\Local\Temp\OIRB4B0.tmp [x]
    3 GGSAFERDriver; \??\C:\Program Files\Garena\safedrv.sys [x]
    1 ibwxyqpd; \??\C:\Windows\system32\drivers\ibwxyqpd.sys [x]
    1 irtyrqto; \??\C:\Windows\system32\drivers\irtyrqto.sys [x]
    1 kkfzsvms; \??\C:\Windows\system32\drivers\kkfzsvms.sys [x]
    1 ksdcimkg; \??\C:\Windows\system32\drivers\ksdcimkg.sys [x]
    1 lsgjtsaw; \??\C:\Windows\system32\drivers\lsgjtsaw.sys [x]
    1 mihgearo; \??\C:\Windows\system32\drivers\mihgearo.sys [x]
    1 mxaecdbf; \??\C:\Windows\system32\drivers\mxaecdbf.sys [x]
    3 NANMp50; C:\Windows\System32\Drivers\NANMp50.sys [x]
    3 NANSp50; C:\Windows\System32\Drivers\NANSp50.sys [x]
    1 pityzfbl; \??\C:\Windows\system32\drivers\pityzfbl.sys [x]
    1 pqldacck; \??\C:\Windows\system32\drivers\pqldacck.sys [x]
    1 qstabewh; \??\C:\Windows\system32\drivers\qstabewh.sys [x]
    1 qzpxtvtm; \??\C:\Windows\system32\drivers\qzpxtvtm.sys [x]
    1 scmuoarn; \??\C:\Windows\system32\drivers\scmuoarn.sys [x]
    1 svglmqvw; \??\C:\Windows\system32\drivers\svglmqvw.sys [x]
    3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
    1 tmrwegig; \??\C:\Windows\system32\drivers\tmrwegig.sys [x]
    3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
    1 ucfllsmn; \??\C:\Windows\system32\drivers\ucfllsmn.sys [x]
    1 upqqassd; \??\C:\Windows\system32\drivers\upqqassd.sys [x]
    1 uyupxfrj; \??\C:\Windows\system32\drivers\uyupxfrj.sys [x]
    3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-07 08:24 - 2012-07-07 08:24 - 00000000 ____D C:\Users\S\AppData\Roaming\Macromedia
    2012-07-07 08:24 - 2012-07-07 08:24 - 00000000 ____D C:\Users\S\AppData\Roaming\Adobe
    2012-07-07 08:18 - 2012-07-07 08:18 - 00000000 ____D C:\Users\S\AppData\Roaming\Nero
    2012-07-07 08:18 - 2012-07-07 08:18 - 00000000 ____D C:\Users\S\AppData\Roaming\Logitech
    2012-07-07 08:18 - 2012-07-07 08:18 - 00000000 ____D C:\Users\S\AppData\Roaming\Apple Computer
    2012-07-07 08:18 - 2012-07-07 08:18 - 00000000 ____D C:\Users\S\AppData\Local\bluesoleil
    2012-07-07 08:17 - 2012-07-07 08:17 - 00000020 ___SH C:\Users\S\ntuser.ini
    2012-07-07 08:17 - 2012-07-07 08:17 - 00000000 ____D C:\Users\S\AppData\Local\VirtualStore
    2012-07-07 08:16 - 2012-07-07 08:17 - 00000000 ____D C:\users\S
    2012-07-07 08:16 - 2012-05-08 03:33 - 00000000 ____D C:\Users\S\AppData\LocalGoogle
    2012-07-07 08:16 - 2012-05-08 03:33 - 00000000 ____D C:\Users\S\AppData\Local\Google
    2012-07-07 08:16 - 2011-08-18 07:55 - 00000000 ____D C:\Users\S\AppData\Local\Microsoft Help
    2012-07-07 07:26 - 2012-07-07 07:27 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-07-07 00:52 - 2012-07-07 00:59 - 00000000 ____D C:\Users\SYAH\AppData\Roaming\xsecva
    2012-07-07 00:05 - 2012-07-07 00:12 - 37310580 ____A C:\Users\SYAH\Downloads\JTTK.Kuryu.TH.rar
    2012-07-02 06:55 - 2012-07-02 06:55 - 00000000 ____D C:\Users\SYAH\AppData\Roaming\Edraw Max
    2012-07-02 06:54 - 2012-07-02 06:55 - 00000000 ____D C:\Program Files\Edraw Max
    2012-07-02 06:27 - 2012-07-02 06:33 - 42171536 ____A (EdrawSoft ) C:\Users\SYAH\Downloads\edrawmax.exe
    2012-07-02 05:29 - 2012-07-02 08:02 - 00000000 ____D C:\New folder (2)
    2012-07-02 05:15 - 2012-07-02 05:15 - 01174959 ____A C:\Users\SYAH\Downloads\EzwanDVD.pptx
    2012-06-25 07:09 - 2012-06-25 07:09 - 00029380 ____A C:\Users\SYAH\Downloads\preve150612.zip
    2012-06-25 05:13 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-25 05:13 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-25 05:13 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-25 05:13 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-25 05:13 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-25 05:13 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-25 05:13 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-25 05:13 - 2012-06-01 23:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-25 05:13 - 2012-06-01 23:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-13 05:03 - 2012-07-08 00:26 - 00000000 ____D C:\New folder
    2012-06-13 04:22 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-13 04:22 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-13 04:22 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-13 04:22 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-13 04:22 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-13 04:22 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-13 04:22 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-13 04:22 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-13 04:22 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-13 04:22 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-13 04:22 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-13 04:22 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-13 04:22 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-13 04:22 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-13 04:22 - 2012-04-27 20:41 - 00919040 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
    2012-06-13 04:22 - 2012-04-27 19:17 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-06-13 04:21 - 2012-05-14 17:05 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-13 04:21 - 2012-04-25 20:45 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-06-13 04:21 - 2012-04-25 20:45 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-06-13 04:21 - 2012-04-25 20:41 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-06-12 14:31 - 2012-06-12 14:31 - 02074728 ____A (Acer Inc.) C:\Users\SYAH\Downloads\HWVendorDetection.exe
    2012-06-12 13:41 - 2012-06-12 13:51 - 00000000 ____D C:\Aspire 4315
    2012-06-11 04:08 - 2012-06-11 04:08 - 00000000 ____D C:\Users\SYAH\AppData\Local\Macromedia
    2012-06-10 03:59 - 2012-06-10 04:00 - 08079675 ____A C:\Users\SYAH\Downloads\PYH_IY.rar


    ============ 3 Months Modified Files ========================

    2012-07-08 04:11 - 2011-12-08 10:13 - 00005815 ____A C:\Windows\System32\LOCALSERVICE.INI
    2012-07-08 04:11 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-08 04:11 - 2009-07-13 20:34 - 00023312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-08 04:11 - 2009-07-13 20:34 - 00023312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-08 04:11 - 2009-02-27 01:04 - 00000915 ____A C:\Windows\System32\bscs.ini
    2012-07-08 04:10 - 2011-12-03 07:14 - 00037523 ____A C:\Windows\setupact.log
    2012-07-08 01:43 - 2009-07-13 15:11 - 00259072 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
    2012-07-08 01:41 - 2011-03-15 08:15 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-07-07 15:00 - 2010-07-28 19:41 - 01508132 ____A C:\Windows\WindowsUpdate.log
    2012-07-07 08:17 - 2012-07-07 08:17 - 00000020 ___SH C:\Users\S\ntuser.ini
    2012-07-07 08:14 - 2011-03-15 08:15 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-07-07 07:34 - 2011-07-08 01:19 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1292417973-226250186-4237057250-1000UA.job
    2012-07-07 07:29 - 2010-07-28 04:58 - 00799786 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-07 07:27 - 2011-08-17 02:56 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-07-07 00:57 - 2012-04-25 04:22 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
    2012-07-07 00:57 - 2011-05-19 17:40 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
    2012-07-07 00:12 - 2012-07-07 00:05 - 37310580 ____A C:\Users\SYAH\Downloads\JTTK.Kuryu.TH.rar
    2012-07-07 00:04 - 2010-07-28 07:02 - 00000312 ____A C:\Users\SYAH\.packettracer
    2012-07-06 19:34 - 2011-07-08 01:19 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1292417973-226250186-4237057250-1000Core.job
    2012-07-02 06:33 - 2012-07-02 06:27 - 42171536 ____A (EdrawSoft ) C:\Users\SYAH\Downloads\edrawmax.exe
    2012-07-02 05:15 - 2012-07-02 05:15 - 01174959 ____A C:\Users\SYAH\Downloads\EzwanDVD.pptx
    2012-06-29 05:05 - 2009-07-13 20:53 - 00032652 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-06-25 07:09 - 2012-06-25 07:09 - 00029380 ____A C:\Users\SYAH\Downloads\preve150612.zip
    2012-06-16 08:51 - 2011-07-19 18:59 - 00000600 ____A C:\Users\SYAH\PUTTY.RND
    2012-06-13 04:36 - 2009-07-13 20:33 - 01757696 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-06-13 04:26 - 2010-07-31 08:42 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-12 14:31 - 2012-06-12 14:31 - 02074728 ____A (Acer Inc.) C:\Users\SYAH\Downloads\HWVendorDetection.exe
    2012-06-10 04:00 - 2012-06-10 03:59 - 08079675 ____A C:\Users\SYAH\Downloads\PYH_IY.rar
    2012-06-02 14:19 - 2012-06-25 05:13 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-25 05:13 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-25 05:13 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-25 05:13 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-25 05:13 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:12 - 2012-06-25 05:13 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:12 - 2012-06-25 05:13 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-01 23:19 - 2012-06-25 05:13 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-01 23:12 - 2012-06-25 05:13 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-01 08:37 - 2012-06-01 08:32 - 02275328 ____A C:\Users\SYAH\Downloads\SLA.ppt
    2012-06-01 08:35 - 2012-06-01 08:34 - 00522388 ____A C:\Users\SYAH\Downloads\ITIL Tools.pptx
    2012-06-01 07:45 - 2012-06-01 07:42 - 10288512 ____A (Microsoft Corporation) C:\Users\SYAH\Downloads\mseinstall.exe
    2012-06-01 07:36 - 2012-01-27 18:07 - 00223194 ____A C:\Windows\PFRO.log
    2012-05-23 10:07 - 2012-05-23 10:07 - 00005754 ____A C:\Users\SYAH\Downloads\Pretest Answer_Sashikumaran.txt
    2012-05-19 10:48 - 2012-05-19 10:26 - 76595971 ____A C:\Users\SYAH\Downloads\kucing s01e19.rmvb
    2012-05-19 08:06 - 2012-05-19 08:06 - 00000210 ____A C:\Users\SYAH\Downloads\g5xd5nic00000000.js
    2012-05-19 07:50 - 2012-05-19 07:47 - 09765910 ____A C:\Users\SYAH\Downloads\kucingkilat.S01E20.rar
    2012-05-17 15:11 - 2012-06-13 04:22 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-05-17 14:48 - 2012-06-13 04:22 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-05-17 14:45 - 2012-06-13 04:22 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-05-17 14:36 - 2012-06-13 04:22 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-05-17 14:35 - 2012-06-13 04:22 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-05-17 14:35 - 2012-06-13 04:22 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-17 14:33 - 2012-06-13 04:22 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-05-17 14:31 - 2012-06-13 04:22 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-17 14:29 - 2012-06-13 04:22 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-05-17 14:29 - 2012-06-13 04:22 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-05-17 14:27 - 2012-06-13 04:22 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-05-17 14:25 - 2012-06-13 04:22 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-05-17 14:24 - 2012-06-13 04:22 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-05-17 14:20 - 2012-06-13 04:22 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-05-17 04:34 - 2012-05-17 04:34 - 00001105 ____A C:\Users\Public\Desktop\Yahoo! Messenger.lnk
    2012-05-17 04:19 - 2012-05-17 04:19 - 00424048 ____A (Yahoo! Inc.) C:\Users\SYAH\Downloads\msgr11us.exe
    2012-05-14 17:05 - 2012-06-13 04:21 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-05-10 04:26 - 2012-01-06 10:21 - 00000989 ____A C:\Users\Public\Desktop\Connectify.lnk
    2012-05-06 00:09 - 2012-05-06 00:09 - 00002479 ____A C:\Users\Public\Desktop\Safari.lnk
    2012-04-30 07:41 - 2012-04-30 07:41 - 00001644 ____A C:\Users\SYAH\Desktop\Google Drive.lnk
    2012-04-30 07:30 - 2012-04-30 07:30 - 00740088 ____A (Google Inc.) C:\Users\SYAH\Downloads\googledrivesync.exe
    2012-04-28 07:35 - 2012-04-28 07:35 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    2012-04-27 20:41 - 2012-06-13 04:22 - 00919040 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
    2012-04-27 19:17 - 2012-06-13 04:22 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-25 20:45 - 2012-06-13 04:21 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-04-25 20:45 - 2012-06-13 04:21 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-04-25 20:41 - 2012-06-13 04:21 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-04-23 08:38 - 2012-04-23 08:38 - 00000277 ____A C:\Windows\LkmdfCoInst.log
    2012-04-23 08:38 - 2011-01-01 23:42 - 00016400 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
    2012-04-23 04:46 - 2012-04-23 04:46 - 00000989 ____A C:\Users\SYAH\Desktop\PhotoScape.lnk
    2012-04-23 04:46 - 2012-04-23 04:46 - 00000989 ____A C:\Users\Guest\Desktop\PhotoScape.lnk
    2012-04-22 11:23 - 2012-04-22 11:23 - 00027759 ____A C:\Users\SYAH\Downloads\loe_skil_list (1).ods
    2012-04-15 21:08 - 2012-04-15 21:08 - 00001896 ____A C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
    2012-04-15 21:07 - 2012-04-15 21:07 - 00242240 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
    2012-04-12 23:34 - 2012-01-27 04:13 - 00001984 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
    2012-04-12 22:24 - 2012-04-12 22:24 - 00358912 ____A C:\Users\SYAH\Downloads\Edda+Skill+List+by+Ashla+(Lv.+41+)_1334269434.xls
    2012-04-12 22:24 - 2012-04-12 22:24 - 00027759 ____A C:\Users\SYAH\Downloads\loe_skil_list.ods
    2012-04-11 21:56 - 2009-07-13 18:04 - 00000663 ____A C:\Windows\win.ini


    ZeroAccess:
    C:\Windows\Installer\{6a394af4-d0fb-2174-0b3e-91bc48e8b8ec}
    C:\Windows\Installer\{6a394af4-d0fb-2174-0b3e-91bc48e8b8ec}\@
    C:\Windows\Installer\{6a394af4-d0fb-2174-0b3e-91bc48e8b8ec}\L
    C:\Windows\Installer\{6a394af4-d0fb-2174-0b3e-91bc48e8b8ec}\n
    C:\Windows\Installer\{6a394af4-d0fb-2174-0b3e-91bc48e8b8ec}\U
    C:\Windows\Installer\{6a394af4-d0fb-2174-0b3e-91bc48e8b8ec}\L\00000004.@
    C:\Windows\Installer\{6a394af4-d0fb-2174-0b3e-91bc48e8b8ec}\L\00000008.@
    C:\Windows\Installer\{6a394af4-d0fb-2174-0b3e-91bc48e8b8ec}\U\00000008.@

    ZeroAccess:
    C:\Users\SYAH\AppData\Local\{6a394af4-d0fb-2174-0b3e-91bc48e8b8ec}
    C:\Users\SYAH\AppData\Local\{6a394af4-d0fb-2174-0b3e-91bc48e8b8ec}\@
    C:\Users\SYAH\AppData\Local\{6a394af4-d0fb-2174-0b3e-91bc48e8b8ec}\L
    C:\Users\SYAH\AppData\Local\{6a394af4-d0fb-2174-0b3e-91bc48e8b8ec}\U

    ZeroAccess:
    C:\Windows\assembly\GAC\Desktop.ini

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 15%
    Total physical RAM: 3002.01 MB
    Available physical RAM: 2524.35 MB
    Total Pagefile: 3000.29 MB
    Available Pagefile: 2535.15 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1968.7 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:58.5 GB) (Free:5.89 GB) NTFS
    2 Drive e: (SYAH) (Fixed) (Total:136.72 GB) (Free:2.38 GB) NTFS
    4 Drive g: (KINGSTON) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT32
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 232 GB 1024 KB
    Disk 1 Online 1906 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 58 GB 101 MB
    Partition 3 Primary 136 GB 58 GB
    Partition 0 Extended 37 GB 195 GB
    Partition 4 Logical 3814 MB 195 GB
    Partition 5 Logical 33 GB 199 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System Rese NTFS Partition 100 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 58 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E SYAH NTFS Partition 136 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 4
    Type : 82
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    ==================================================================================

    Disk: 0
    Partition 5
    Type : 83
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    * Partition 1 Primary 1906 MB 0 B

    ==================================================================================

    Disk: 1
    There is no partition selected.

    There is no partition selected.
    Please select a partition and try again.

    ==================================================================================

    ==========================================================

    Last Boot: 2012-06-23 08:22

    ======================= End Of Log ==========================
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Need additional scan

    I forgot this scan, please do this before we continue with fixes, otherwise we'll be wasting our time. :p

    Once again, please boot to the System Recovery Options and run FRST, as done previously.

    Type the following text in the blank box after Search:

    services.exe

    Click: Search file(s)

    [​IMG]

    When done searching, FRST makes a log, Search.txt, on the C:\ drive.

    Please provide the Search.txt in your reply.
  5. sapphireX

    sapphireX Newcomer, in training Topic Starter Posts: 27

    This is from the Search.txt

    Farbar Recovery Scan Tool Version: 07-07-2012 03
    Ran by SYSTEM at 2012-07-09 03:55:21
    Running from G:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
    [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

    C:\Windows\System32\services.exe
    [2009-07-13 15:11] - [2012-07-08 06:59] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9

    === End Of Search ===
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    FRST Fixlist

    Please run the following:

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.


    Virus Removal Tool

    There are way too many drivers in your log that look unknown. We'll run this tool to scan whole files...

    Save these instructions so you can have access to them while in Safe Mode.

    Please click hereto download AVP Tool by Kaspersky.
    • Save it to your desktop.
    • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    • Double click the setup file to run it.
    • Click Next to continue.
    • Accept the License agreement and click on next.
    • It will, by default, install it to your desktop folder. Click Next.
    • It will then open a box There will be a tab that says Automatic scan.
    • Under Automatic scan make sure these are checked.
    • [*]Hidden Startup Objects [*]System Memory [*]Disk Boot Sectors. [*]My Computer. [*]Also any other drives (Removable that you may have)
    Leave the rest of the settings as they appear as default.
    • Then click on Scan at the to right hand Corner.
    • It will automatically Neutralize any objects found.
    • If some objects are left un-neutralized then click the button that says Neutralize all
    • If it says it cannot be neutralized then choose the delete option when prompted.
    • After that is done click on the reports button at the bottom and save it to file name it Kas.
    • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

      Note: This tool will self uninstall when you close it so please save the log before closing it.
  7. sapphireX

    sapphireX Newcomer, in training Topic Starter Posts: 27

    This is the log from Fixlog.txt

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 07-07-2012 03
    Ran by SYSTEM at 2012-07-10 07:09:36 Run:1
    Running from G:\
    ==============================================
    c:\windows\system32\services.exe moved successfully.
    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe copied successfully to c:\windows\system32\services.exe
    C:\Windows\Installer\{6a394af4-d0fb-2174-0b3e-91bc48e8b8ec} moved successfully.
    C:\Users\SYAH\AppData\Local\{6a394af4-d0fb-2174-0b3e-91bc48e8b8ec} moved successfully.
    C:\Windows\assembly\GAC\Desktop.ini moved successfully.
    ==== End of Fixlog ====

    After I reboot normally, my PC is ok (it not have the critical error message).
    The virus removal tool log I will post after I download and scan it, sorry for the late reply.
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    No problems. I look forward to the log. Thanks! (y)
  9. sapphireX

    sapphireX Newcomer, in training Topic Starter Posts: 27

    For the first scan in safe mode using virus removal tool, the laptop auto restart,
    during the auto restart:
    - progress bar still at 5% (scanning just start about half an hour)
    - 5 threat detected
    - I have click quarantine for some of the detected file

    after the auto restart, I enter safe mode again and run the scan again,
    this is the second scan result:

    Status: Deleted (events: 31)
    7/10/2012 9:49:51 PM Deleted Trojan program Trojan.Win32.Scar.glcd C:\Documents and Settings\SYAH\AppData\Roaming\xsecva\xsecva.exe High
    7/10/2012 9:49:51 PM Deleted Trojan program Trojan.Win32.Scar.glcd C:\Documents and Settings\SYAH\AppData\Roaming\xsecva\xsecva.exe//ASPack High
    7/10/2012 10:24:09 PM Deleted Trojan program Trojan.Win32.Miner.dw C:\FRST\Quarantine\{6a394af4-d0fb-2174-0b3e-91bc48e8b8ec}\L\00000008.@ High
    7/10/2012 10:24:28 PM Deleted Trojan program Backdoor.Win32.ZAccess.mbt C:\FRST\Quarantine\{6a394af4-d0fb-2174-0b3e-91bc48e8b8ec}\U\00000004.@ High
    7/10/2012 10:24:38 PM Deleted Trojan program Trojan-Dropper.Win32.Miner.I C:\FRST\Quarantine\{6a394af4-d0fb-2174-0b3e-91bc48e8b8ec}\U\00000008.@ High
    7/10/2012 10:24:39 PM Deleted Trojan program Backdoor.Win32.ZAccess.mbs C:\FRST\Quarantine\{6a394af4-d0fb-2174-0b3e-91bc48e8b8ec}\U\000000cb.@ High
    7/10/2012 10:24:46 PM Deleted Trojan program Trojan.Win32.Small.bmpj C:\FRST\Quarantine\{6a394af4-d0fb-2174-0b3e-91bc48e8b8ec}\U\80000000.@ High
    7/10/2012 10:24:54 PM Deleted Trojan program Backdoor.Win32.ZAccess.ual C:\FRST\Quarantine\{6a394af4-d0fb-2174-0b3e-91bc48e8b8ec}\U\80000032.@ High
    7/11/2012 4:38:55 AM Deleted Trojan program Trojan.Win32.Genome.xufj D:\Games\Flash 2\Flash Games 7 - (36-in-1)\Flash Games 7 - 36in1.exe High
    7/11/2012 4:38:55 AM Deleted Trojan program Trojan.Win32.Genome.xufj D:\Games\Flash 2\Flash Games 7 - (36-in-1)\Flash Games 7 - 36in1.exe/AutoPlay/Docs/Logun S-16s.exe High
    7/11/2012 4:38:56 AM Deleted Trojan program Trojan.Win32.Jorik.Zbot.no D:\Software\Duplicate File Detector 5.0.0\Duplicate.File.Detector.v5.0.0.rar High
    7/11/2012 4:38:56 AM Deleted Trojan program Trojan.Win32.Jorik.Zbot.no D:\Software\Duplicate File Detector 5.0.0\Duplicate.File.Detector.v5.0.0.rar//Duplicate.File.Detector.v5.0.0/Cracked/dfd.exe High
    7/11/2012 4:38:56 AM Deleted Trojan program Trojan.Win32.Jorik.Zbot.no D:\Software\Duplicate File Detector 5.0.0\Duplicate.File.Detector.v5.0.0.rar//Duplicate.File.Detector.v5.0.0/Cracked/dfd.exe//data0013.res High
    7/11/2012 4:38:56 AM Deleted Trojan program Trojan.Win32.Jorik.Zbot.no D:\Software\Duplicate File Detector 5.0.0\Duplicate.File.Detector.v5.0.0.rar//Duplicate.File.Detector.v5.0.0/Cracked/dfd.exe//data0013.res//IMVRHR~1.EXE High
    7/11/2012 4:38:56 AM Deleted Trojan program Trojan.Win32.Jorik.Zbot.no D:\Software\Duplicate File Detector 5.0.0\Duplicate.File.Detector.v5.0.0.rar//Duplicate.File.Detector.v5.0.0/Cracked/dfd.exe//data0000.cab High
    7/11/2012 4:38:56 AM Deleted Trojan program Trojan.Win32.Jorik.Zbot.no D:\Software\Duplicate File Detector 5.0.0\Duplicate.File.Detector.v5.0.0.rar//Duplicate.File.Detector.v5.0.0/dfd_setup.exe High
    7/11/2012 4:38:56 AM Deleted Trojan program Trojan.Win32.Jorik.Zbot.no D:\Software\Duplicate File Detector 5.0.0\Duplicate.File.Detector.v5.0.0.rar//Duplicate.File.Detector.v5.0.0/dfd_setup.exe//data0017.res High
    7/11/2012 4:38:56 AM Deleted Trojan program Trojan.Win32.Jorik.Zbot.no D:\Software\Duplicate File Detector 5.0.0\Duplicate.File.Detector.v5.0.0.rar//Duplicate.File.Detector.v5.0.0/dfd_setup.exe//data0017.res//IFSOYW~1.EXE High
    7/11/2012 4:38:56 AM Deleted Trojan program Trojan.Win32.Jorik.Zbot.no D:\Software\Duplicate File Detector 5.0.0\Duplicate.File.Detector.v5.0.0.rar//Duplicate.File.Detector.v5.0.0/dfd_setup.exe//data0000.cab High
    7/11/2012 4:50:24 AM Deleted Trojan program Trojan.Win32.Swisyn.tpo D:\Software\Ubuntu\U\W7\7Loader for windows 7 Release 4.rar High
    7/11/2012 4:50:24 AM Deleted Trojan program Trojan.Win32.Swisyn.tpo D:\Software\Ubuntu\U\W7\7Loader for windows 7 Release 4.rar//7Loader for windows 7 Release 4/7Loader Release 4.exe High
    7/11/2012 4:50:36 AM Deleted Trojan program HEUR:Trojan.Win32.Generic D:\Software\Update\Add\Anti(rash.rar High
    7/11/2012 4:50:36 AM Deleted Trojan program HEUR:Trojan.Win32.Generic D:\Software\Update\Add\Anti(rash.rar//Anti(rash/Setup.exe High
    7/11/2012 4:50:36 AM Deleted Trojan program HEUR:Trojan.Win32.Generic D:\Software\Update\Add\Anti(rash.rar//Anti(rash/Setup.exe//data0017.res High
    7/11/2012 4:50:36 AM Deleted Trojan program HEUR:Trojan.Win32.Generic D:\Software\Update\Add\Anti(rash.rar//Anti(rash/Setup.exe//data0017.res//ITSOLY~1.EXE High
    7/11/2012 4:50:36 AM Deleted Trojan program HEUR:Trojan.Win32.Generic D:\Software\Update\Add\Anti(rash.rar//Anti(rash/Setup.exe//data0000.cab High
    7/11/2012 5:32:24 AM Deleted malware HackTool.Win32.Hydra.g D:\Software\WN\WifiHack2009_MG4\WifiHack2009.exe Medium
    7/11/2012 5:32:24 AM Deleted malware HackTool.Win32.Hydra.g D:\Software\WN\WifiHack2009_MG4\WifiHack2009.exe/AutoPlay/Docs/THC-Hydra/hydra-5.4-win.zip Medium
    7/11/2012 5:32:24 AM Deleted malware HackTool.Win32.Hydra.g D:\Software\WN\WifiHack2009_MG4\WifiHack2009.exe/AutoPlay/Docs/THC-Hydra/hydra-5.4-win.zip/hydra-5.4-win/hydra.exe Medium
    7/11/2012 6:21:55 AM Deleted Trojan program Exploit.Linux.Lotoor.p D:\SYAH\LG OP1\Root\Root\root.rar High
    7/11/2012 6:21:55 AM Deleted Trojan program Exploit.Linux.Lotoor.p D:\SYAH\LG OP1\Root\Root\root.rar//Exploits/GingerBreak High
    Status: Absent (events: 1)
    7/11/2012 7:13:48 AM Not found Trojan program Trojan.Win32.Scar.glcd C:\Documents and Settings\SYAH\Application Data\xsecva\xsecva.exe//ASPack High
    Status: Disinfected (events: 8)
    7/10/2012 9:50:24 PM Disinfected unknown threat not-a-virus:HEUR:HackTool.AndroidOS.FaceNiff.a C:\Documents and Settings\SYAH\Documents\Downloads\Compressed\FcNf2.1.zip Medium
    7/10/2012 9:50:24 PM Disinfected unknown threat not-a-virus:HEUR:HackTool.AndroidOS.FaceNiff.a C:\Documents and Settings\SYAH\Documents\Downloads\Compressed\FcNf2.1.zip/FaceNiff-2.1b.apk Medium
    7/10/2012 9:50:24 PM Disinfected unknown threat not-a-virus:HEUR:HackTool.AndroidOS.FaceNiff.a C:\Documents and Settings\SYAH\Documents\Downloads\Compressed\FcNf2.1.zip/FaceNiff-2.1b.apk/classes.dex Medium
    7/10/2012 9:50:19 PM Disinfected unknown threat not-a-virus:HEUR:HackTool.AndroidOS.FaceNiff.a C:\Documents and Settings\SYAH\Documents\Downloads\Compressed\FC\FaceNiff-2.1b.apk Medium
    7/10/2012 9:50:19 PM Disinfected unknown threat not-a-virus:HEUR:HackTool.AndroidOS.FaceNiff.a C:\Documents and Settings\SYAH\Documents\Downloads\Compressed\FC\FaceNiff-2.1b.apk/classes.dex Medium
    7/10/2012 9:54:11 PM Disinfected unknown threat not-a-virus:HEUR:HackTool.AndroidOS.FaceNiff.a C:\Documents and Settings\SYAH\Downloads\FaceNiff-2.1b.apk Medium
    7/10/2012 9:54:11 PM Disinfected unknown threat not-a-virus:HEUR:HackTool.AndroidOS.FaceNiff.a C:\Documents and Settings\SYAH\Downloads\FaceNiff-2.1b.apk/classes.dex Medium
    7/10/2012 10:23:47 PM Disinfected virus Virus.Win32.ZAccess.m C:\FRST\Quarantine\services.exe High
    Status: Quarantined (events: 5)
    7/10/2012 10:24:27 PM Quarantined Trojan program HEUR:Trojan.Win32.Generic C:\FRST\Quarantine\{6a394af4-d0fb-2174-0b3e-91bc48e8b8ec}\n High
    7/11/2012 4:55:06 AM Quarantined Trojan program HEUR:Trojan.Win32.Generic D:\Software\Update\Add\Anti(rash\Setup.exe High
    7/11/2012 4:55:06 AM Quarantined Trojan program HEUR:Trojan.Win32.Generic D:\Software\Update\Add\Anti(rash\Setup.exe//data0017.res High
    7/11/2012 4:55:06 AM Quarantined Trojan program HEUR:Trojan.Win32.Generic D:\Software\Update\Add\Anti(rash\Setup.exe//data0017.res//ITSOLY~1.EXE High
    7/11/2012 4:55:06 AM Quarantined Trojan program HEUR:Trojan.Win32.Generic D:\Software\Update\Add\Anti(rash\Setup.exe//data0000.cab High
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Your computer has keygens, which is a form of software piracy. What is so bad about Cracks, Hacks, Pirated software, warez, or Keygens?

    Most popular cracks or keygens I see, are for Adobe CS4 or CS5, a lot of different games, Nero, Kaspersky antivirus, and much more. All of these cracks and keygens have what is called "cloaked malware," which is a form of spyware or viruses or trojans that hide themselves inside the keygen or crack files. Most hacks for games that come in the form of a program or installer, will also be infected. It is the opportunity for attackers to present a seemingly safe situation where the opportunity to steal something is in play, while the malware infects your system in the process. Yes, it will install what you were looking for, but also allow malware to potentially take control of your computer.

    Lastly, it is illegal. I will counsel you that we do not report such incidents. However, it is not good practice to pirate software.


    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death
  11. sapphireX

    sapphireX Newcomer, in training Topic Starter Posts: 27

    Is my computer are clean from sirefef?
    Before this sometime my computer CPU usage are 100% (I look at the CPU meter window gadget, is that normal?)
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Does it stay constantly up there, or occasionally drifts up there?
  13. sapphireX

    sapphireX Newcomer, in training Topic Starter Posts: 27

    It not constatly, that is before the infection occur, Right now the CPU usage is ok, ( I dont run any program right now except the internet browser because im not sure the infection is complete clean or not).
     
  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Run the online scanner again and post a log, please.
  15. sapphireX

    sapphireX Newcomer, in training Topic Starter Posts: 27

    I am sorry, which one did you mean ' the online scanner' , the Farbar Recovery Scan Tool or the Kaspersky virus Removal Tool?
  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    My apologies. Kaspersky's tool appeared like ESET online scanner does. :p

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install
    • Click Start
    • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, you may close the window
    • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic
  17. sapphireX

    sapphireX Newcomer, in training Topic Starter Posts: 27

    The scan is successfull and 10 threat is detected and automatically quarantine but the log file are only have this,

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    That is the only log at: C:\Program Files\EsetOnlineScanner

    Check in that location for any other logs, or re-open log.txt to be sure, please.
  19. sapphireX

    sapphireX Newcomer, in training Topic Starter Posts: 27

    there are only one file log name log.txt locate at C:\Program Files\ESET\ESET Online Scanner
    the content of the log is
    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please scan with FRST again, as above, and post a new log.
  21. sapphireX

    sapphireX Newcomer, in training Topic Starter Posts: 27

    This is the log:

    Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 07-07-2012 03
    Ran by SYSTEM at 17-07-2012 06:38:37
    Running from G:\
    Windows 7 Ultimate (X86) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart [1234216 2010-03-25] (Nero AG)
    HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [135168 2009-09-02] (Intel Corporation)
    HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [167424 2009-09-02] (Intel Corporation)
    HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [144384 2009-09-02] (Intel Corporation)
    HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1352272 2010-10-28] (Logitech, Inc.)
    HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [10828392 2011-08-26] (Realtek Semiconductor)
    HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-12] (Microsoft Corporation)
    HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-26] (Apple Inc.)
    HKLM\...\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe [1163272 2009-06-22] (Dritek System Inc.)
    HKLM\...\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe" [278016 2009-02-27] ()
    HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
    HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-01] (Adobe Systems Incorporated)
    HKLM\...\Run: [Simpo PDF Creator Pro Server] "C:\Program Files\Simpo PDF Creator Pro\SpcProSrv.exe" [101376 2010-12-11] (Simpo Technologies)
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
    HKU\SYAH\...\Run: [Akamai NetSession Interface] "C:\Users\SYAH\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-25] (Akamai Technologies, Inc)
    HKU\SYAH\...\Run: [googletalk] C:\Users\SYAH\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart [3739648 2007-01-01] (Google)
    HKU\SYAH\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet [6591800 2012-02-22] (Yahoo! Inc.)
    HKU\SYAH\...\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot [3437976 2011-10-24] (Tonec Inc.)
    HKU\SYAH\...\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" [718720 2011-07-21] (Microsoft Corporation)
    HKU\SYAH\...\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [3672384 2012-04-11] (DT Soft Ltd)
    HKU\SYAH\...\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart [x]
    HKU\SYAH\...\Run: [Connectify] C:\Program Files\Connectify\Connectify.exe [4116296 2012-05-02] (Connectify)
    HKU\SYAH\...\Run: [Facebook Update] "C:\Users\SYAH\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-15] (Facebook Inc.)
    HKU\SYAH\...\CurrentVersion\Windows: [Load] C:\TCWIN45\PIPELINE\remind.exe
    Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Startup: C:\Users\SYAH\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
    ShortcutTarget: Stardock ObjectDock.lnk -> C:\Program Files\Stardock\ObjectDockPlus2\ObjectDock.exe (Stardock)

    ================================ Services (Whitelisted) ==================

    3 1394hub; C:\Windows\System32\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)
    2 AIPS; C:\Program Files\netcut\services\AIPS.exe [262144 2011-07-28] (Arcai.com)
    2 BlueSoleilCS; C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [850432 2009-02-27] ()
    3 BsHelpCS; C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [98407 2009-02-27] ()
    2 BsMobileCS; C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe [143467 2009-02-27] ()
    2 Change Modem Device Service; "C:\Windows\system32\ChgService.exe" -service [135168 2009-04-20] ()
    2 Connectify; C:\Program Files\Connectify\ConnectifyService.exe [65536 2012-05-02] ()
    2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
    2 fsproflt; C:\Windows\system32\fsproflt.exe [73392 2009-03-08] (FSPro Labs)
    2 HFGService; C:\Windows\System32\HFGService.dll [356864 2006-11-19] (CSR, plc)
    2 NAUpdate; "C:\Program Files\Nero\Update\NASvc.exe" [490280 2010-03-24] (Nero AG)
    3 npggsvc; C:\Windows\system32\GameMon.des -service [3739080 2010-08-29] (INCA Internet Co., Ltd.)
    3 ose; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [149352 2010-01-09] (Microsoft Corporation)
    3 osppsvc; "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [4640000 2010-01-09] (Microsoft Corporation)
    2 UCStream; C:\Program Files\UCStream\UCStream.exe [57344 2011-11-16] ()
    2 VMAuthdService; "C:\Program Files\VMware\VMware Player\vmware-authd.exe" [79872 2011-11-13] (VMware, Inc.)
    2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [354416 2011-11-13] (VMware, Inc.)
    2 VMUSBArbService; "C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe" [665200 2011-08-29] (VMware, Inc.)
    2 VMware NAT Service; C:\Windows\system32\vmnat.exe [433264 2011-11-13] (VMware, Inc.)
    2 Akamai; c:\program files\common files\akamai/netsession_win_4f7fccd.dll [x]
    2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
    3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]
    3 rpcapd; "C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini" [x]

    ========================== Drivers (Whitelisted) =============

    3 Andbus; C:\Windows\System32\DRIVERS\lgandbus.sys [14336 2010-12-06] (LG Electronics Inc.)
    3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag.sys [20736 2010-12-06] (LG Electronics Inc.)
    3 AndGps; C:\Windows\System32\DRIVERS\lgandgps.sys [20096 2010-12-06] (LG Electronics Inc.)
    3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem.sys [25088 2010-12-06] (LG Electronics Inc.)
    3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23296 2011-04-08] (LG Electronics Inc.)
    3 AndNetGps; C:\Windows\System32\DRIVERS\lgandnetgps.sys [22400 2011-04-08] (LG Electronics Inc.)
    3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [28160 2011-04-08] (LG Electronics Inc.)
    3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis.sys [72192 2011-04-08] (LG Electronics Inc.)
    3 androidusb; C:\Windows\System32\Drivers\lgandadb.sys [25728 2010-08-02] (Google Inc)
    3 apf001; \??\C:\Windows\system32\apf001.sys [13232 2012-01-24] ()
    1 blbdrive; C:\Windows\System32\DRIVERS\BLBDRIVE.SYS [35328 2011-11-01] ()
    3 Bridge; C:\Windows\System32\DRIVERS\bridge.sys [78336 2009-07-13] (Microsoft Corporation)
    3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [39304 2009-01-03] (IVT Corporation.)
    3 BthAudioHF; C:\Windows\System32\DRIVERS\BthAudioHF.sys [29184 2006-11-19] (CSR, plc)
    3 bthav; C:\Windows\System32\drivers\bthav.sys [36352 2006-10-11] (CSR, plc)
    3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [12800 2006-10-11] (CSR, plc)
    0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [20744 2009-01-07] (IVT Corporation.)
    3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [30088 2008-12-06] ()
    3 BTNetFilter; \??\C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys [22416 2006-11-21] (IVT Corporation.)
    3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [103424 2008-10-31] (Mobile Connector)
    1 cnnctfy2; C:\Windows\System32\DRIVERS\cnnctfy2.sys [27248 2011-10-28] (Connectify)
    3 DKbFltr; C:\Windows\System32\DRIVERS\DKbFltr.sys [21000 2009-03-25] (Dritek System Inc.)
    1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-04-15] (DT Soft Ltd)
    0 FSProFilter; C:\Windows\System32\Drivers\FSPFltd.sys [43792 2008-06-05] (FSPro Labs)
    0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
    2 hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [32496 2011-08-29] (VMware, Inc.)
    3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [102784 2008-12-12] (Huawei Technologies Co., Ltd.)
    3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [103040 2008-12-29] (Huawei Technologies Co., Ltd.)
    2 IDMWFP; C:\Windows\System32\DRIVERS\idmwfp.sys [89376 2011-07-06] (Tonec Inc.)
    3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [26248 2008-07-01] (IVT Corporation.)
    3 JMCR; C:\Windows\System32\DRIVERS\jmcr.sys [116136 2009-07-20] (JMicron Technology Corporation)
    3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-28] (Windows (R) Codename Longhorn DDK provider)
    3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [48640 2009-08-22] (Atheros Communications, Inc.)
    3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtport.sys [12160 2009-09-28] (LG Electronics Inc.)
    3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbus.sys [10496 2009-09-28] (LG Electronics Inc.)
    3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmodem.sys [12928 2009-09-28] (LG Electronics Inc.)
    3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28624 2010-08-24] (Logitech, Inc.)
    0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
    3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-13] (Ralink Technology Corp.)
    3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7430144 2010-11-08] (Intel Corporation)
    2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
    3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [4682 2005-01-03] (INCA Internet Co., Ltd.)
    3 NSNDIS5; \??\C:\Windows\system32\NSNDIS5.SYS [17280 2004-03-23] (Printing Communications Assoc., Inc. (PCAUSA))
    3 pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [16472 2011-05-05] ()
    3 pwdspio; \??\C:\Windows\system32\pwdspio.sys [11104 2011-05-05] ()
    2 Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [76288 2004-05-13] (Rainbow Technologies, Inc.)
    0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
    3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25984 2009-12-11] (The OpenVPN Project)
    3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [14856 2008-01-21] (IVT Corporation.)
    3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [31880 2009-01-07] (IVT Corporation.)
    3 VHidMinidrv; C:\Windows\System32\drivers\VHIDMini.sys [17416 2008-12-21] (IVT Corporation.)
    3 vmkbd; \??\C:\Windows\system32\drivers\VMkbd.sys [25584 2011-11-13] (VMware, Inc.)
    3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16624 2011-11-13] (VMware, Inc.)
    2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [36464 2011-11-13] (VMware, Inc.)
    2 VMnetuserif; \??\C:\Windows\system32\drivers\vmnetuserif.sys [25712 2011-11-13] (VMware, Inc.)
    3 vmusb; C:\Windows\System32\Drivers\vmusb.sys [31280 2011-08-29] (VMware, Inc.)
    2 vmx86; \??\C:\Windows\system32\Drivers\vmx86.sys [55664 2011-11-13] (VMware, Inc.)
    3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
    3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [37704 2010-04-26] (Logitech Inc.)
    3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
    3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
    1 aoxzfpti; \??\C:\Windows\system32\drivers\aoxzfpti.sys [x]
    1 ayeueffp; \??\C:\Windows\system32\drivers\ayeueffp.sys [x]
    3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [x]
    3 BTCOM; C:\Windows\System32\DRIVERS\btcomport.sys [x]
    3 BTCOMBUS; C:\Windows\System32\Drivers\btcombus.sys [x]
    3 BzeekDM; C:\Windows\System32\DRIVERS\drone.sys [x]
    3 BzeekDP; C:\Windows\System32\DRIVERS\drone.sys [x]
    1 cbhhguqg; \??\C:\Windows\system32\drivers\cbhhguqg.sys [x]
    1 ccestdch; \??\C:\Windows\system32\drivers\ccestdch.sys [x]
    3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
    1 ewvolyvb; \??\C:\Windows\system32\drivers\ewvolyvb.sys [x]
    1 exauhrbn; \??\C:\Windows\system32\drivers\exauhrbn.sys [x]
    1 fiohwgri; \??\C:\Windows\system32\drivers\fiohwgri.sys [x]
    3 GarenaPEngine; \??\C:\Users\SYAH\AppData\Local\Temp\OIRB4B0.tmp [x]
    3 GGSAFERDriver; \??\C:\Program Files\Garena\safedrv.sys [x]
    1 ibwxyqpd; \??\C:\Windows\system32\drivers\ibwxyqpd.sys [x]
    1 irtyrqto; \??\C:\Windows\system32\drivers\irtyrqto.sys [x]
    1 kkfzsvms; \??\C:\Windows\system32\drivers\kkfzsvms.sys [x]
    1 ksdcimkg; \??\C:\Windows\system32\drivers\ksdcimkg.sys [x]
    1 lsgjtsaw; \??\C:\Windows\system32\drivers\lsgjtsaw.sys [x]
    1 mihgearo; \??\C:\Windows\system32\drivers\mihgearo.sys [x]
    1 mxaecdbf; \??\C:\Windows\system32\drivers\mxaecdbf.sys [x]
    3 NANMp50; C:\Windows\System32\Drivers\NANMp50.sys [x]
    3 NANSp50; C:\Windows\System32\Drivers\NANSp50.sys [x]
    1 pityzfbl; \??\C:\Windows\system32\drivers\pityzfbl.sys [x]
    1 pqldacck; \??\C:\Windows\system32\drivers\pqldacck.sys [x]
    1 qstabewh; \??\C:\Windows\system32\drivers\qstabewh.sys [x]
    1 qzpxtvtm; \??\C:\Windows\system32\drivers\qzpxtvtm.sys [x]
    1 scmuoarn; \??\C:\Windows\system32\drivers\scmuoarn.sys [x]
    1 svglmqvw; \??\C:\Windows\system32\drivers\svglmqvw.sys [x]
    3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
    1 tmrwegig; \??\C:\Windows\system32\drivers\tmrwegig.sys [x]
    3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
    1 ucfllsmn; \??\C:\Windows\system32\drivers\ucfllsmn.sys [x]
    1 upqqassd; \??\C:\Windows\system32\drivers\upqqassd.sys [x]
    1 uyupxfrj; \??\C:\Windows\system32\drivers\uyupxfrj.sys [x]
    3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-15 07:43 - 2012-07-15 07:43 - 00000000 ____D C:\Program Files\ESET
    2012-07-10 15:33 - 2012-07-10 15:35 - 88540962 ____A C:\Users\SYAH\Desktop\Kas3.txt
    2012-07-10 15:25 - 2012-07-10 15:32 - 343081786 ____A C:\Users\SYAH\Desktop\Kas2.txt
    2012-07-10 15:22 - 2012-07-10 15:22 - 00007505 ____A C:\Users\SYAH\Desktop\Kas.txt
    2012-07-10 04:22 - 2012-07-10 04:22 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
    2012-07-09 15:17 - 2012-07-09 15:31 - 142592280 ____A C:\Users\SYAH\Desktop\setup_11.0.0.1245.x01_2012_07_10_00_51.exe
    2012-07-08 20:16 - 2012-07-08 20:17 - 00000000 ____D C:\FRST
    2012-07-07 08:24 - 2012-07-07 08:24 - 00000000 ____D C:\Users\S\AppData\Roaming\Macromedia
    2012-07-07 08:24 - 2012-07-07 08:24 - 00000000 ____D C:\Users\S\AppData\Roaming\Adobe
    2012-07-07 08:18 - 2012-07-07 08:18 - 00000000 ____D C:\Users\S\AppData\Roaming\Nero
    2012-07-07 08:18 - 2012-07-07 08:18 - 00000000 ____D C:\Users\S\AppData\Roaming\Logitech
    2012-07-07 08:18 - 2012-07-07 08:18 - 00000000 ____D C:\Users\S\AppData\Roaming\Apple Computer
    2012-07-07 08:18 - 2012-07-07 08:18 - 00000000 ____D C:\Users\S\AppData\Local\bluesoleil
    2012-07-07 08:17 - 2012-07-07 08:17 - 00000020 ___SH C:\Users\S\ntuser.ini
    2012-07-07 08:17 - 2012-07-07 08:17 - 00000000 ____D C:\Users\S\AppData\Local\VirtualStore
    2012-07-07 08:16 - 2012-07-07 08:17 - 00000000 ____D C:\users\S
    2012-07-07 08:16 - 2012-05-08 03:33 - 00000000 ____D C:\Users\S\AppData\LocalGoogle
    2012-07-07 08:16 - 2012-05-08 03:33 - 00000000 ____D C:\Users\S\AppData\Local\Google
    2012-07-07 08:16 - 2011-08-18 07:55 - 00000000 ____D C:\Users\S\AppData\Local\Microsoft Help
    2012-07-07 07:26 - 2012-07-07 07:27 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-07-07 00:52 - 2012-07-10 05:49 - 00000000 ____D C:\Users\SYAH\AppData\Roaming\xsecva
    2012-07-07 00:05 - 2012-07-07 00:12 - 37310580 ____A C:\Users\SYAH\Downloads\JTTK.Kuryu.TH.rar
    2012-07-02 06:55 - 2012-07-02 06:55 - 00000000 ____D C:\Users\SYAH\AppData\Roaming\Edraw Max
    2012-07-02 06:54 - 2012-07-02 06:55 - 00000000 ____D C:\Program Files\Edraw Max
    2012-07-02 06:27 - 2012-07-02 06:33 - 42171536 ____A (EdrawSoft ) C:\Users\SYAH\Downloads\edrawmax.exe
    2012-07-02 05:29 - 2012-07-02 08:02 - 00000000 ____D C:\New folder (2)
    2012-07-02 05:15 - 2012-07-02 05:15 - 01174959 ____A C:\Users\SYAH\Downloads\EzwanDVD.pptx
    2012-06-25 07:09 - 2012-06-25 07:09 - 00029380 ____A C:\Users\SYAH\Downloads\preve150612.zip
    2012-06-25 05:13 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-25 05:13 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-25 05:13 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-25 05:13 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-25 05:13 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-25 05:13 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-25 05:13 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-25 05:13 - 2012-06-01 23:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-25 05:13 - 2012-06-01 23:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

    ============ 3 Months Modified Files ========================

    2012-07-16 04:06 - 2011-12-08 10:13 - 00005815 ____A C:\Windows\System32\LOCALSERVICE.INI
    2012-07-16 04:06 - 2010-07-28 19:41 - 01713779 ____A C:\Windows\WindowsUpdate.log
    2012-07-16 04:03 - 2009-07-13 20:34 - 00023312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-16 04:03 - 2009-07-13 20:34 - 00023312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-16 04:01 - 2010-07-28 04:58 - 00803874 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-16 03:57 - 2011-03-15 08:15 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-07-16 03:56 - 2011-12-03 07:14 - 00038173 ____A C:\Windows\setupact.log
    2012-07-16 03:56 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-16 03:56 - 2009-02-27 01:04 - 00000915 ____A C:\Windows\System32\bscs.ini
    2012-07-15 14:14 - 2011-03-15 08:15 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-07-15 13:40 - 2011-07-08 01:19 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1292417973-226250186-4237057250-1000UA.job
    2012-07-15 10:40 - 2011-07-08 01:19 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1292417973-226250186-4237057250-1000Core.job
    2012-07-10 15:35 - 2012-07-10 15:33 - 88540962 ____A C:\Users\SYAH\Desktop\Kas3.txt
    2012-07-10 15:32 - 2012-07-10 15:25 - 343081786 ____A C:\Users\SYAH\Desktop\Kas2.txt
    2012-07-10 15:22 - 2012-07-10 15:22 - 00007505 ____A C:\Users\SYAH\Desktop\Kas.txt
    2012-07-10 05:54 - 2011-11-18 04:01 - 00468911 ____A C:\Users\SYAH\Downloads\FaceNiff-2.1b.apk
    2012-07-09 15:31 - 2012-07-09 15:17 - 142592280 ____A C:\Users\SYAH\Desktop\setup_11.0.0.1245.x01_2012_07_10_00_51.exe
    2012-07-07 08:17 - 2012-07-07 08:17 - 00000020 ___SH C:\Users\S\ntuser.ini
    2012-07-07 07:27 - 2011-08-17 02:56 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-07-07 00:57 - 2012-04-25 04:22 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
    2012-07-07 00:57 - 2011-05-19 17:40 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
    2012-07-07 00:12 - 2012-07-07 00:05 - 37310580 ____A C:\Users\SYAH\Downloads\JTTK.Kuryu.TH.rar
    2012-07-07 00:04 - 2010-07-28 07:02 - 00000312 ____A C:\Users\SYAH\.packettracer
    2012-07-02 06:33 - 2012-07-02 06:27 - 42171536 ____A (EdrawSoft ) C:\Users\SYAH\Downloads\edrawmax.exe
    2012-07-02 05:15 - 2012-07-02 05:15 - 01174959 ____A C:\Users\SYAH\Downloads\EzwanDVD.pptx
    2012-06-29 05:05 - 2009-07-13 20:53 - 00032652 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-06-25 07:09 - 2012-06-25 07:09 - 00029380 ____A C:\Users\SYAH\Downloads\preve150612.zip
    2012-06-16 08:51 - 2011-07-19 18:59 - 00000600 ____A C:\Users\SYAH\PUTTY.RND
    2012-06-13 04:36 - 2009-07-13 20:33 - 01757696 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-06-13 04:26 - 2010-07-31 08:42 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-12 14:31 - 2012-06-12 14:31 - 02074728 ____A (Acer Inc.) C:\Users\SYAH\Downloads\HWVendorDetection.exe
    2012-06-10 04:00 - 2012-06-10 03:59 - 08079675 ____A C:\Users\SYAH\Downloads\PYH_IY.rar
    2012-06-02 14:19 - 2012-06-25 05:13 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-25 05:13 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-25 05:13 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-25 05:13 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-25 05:13 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:12 - 2012-06-25 05:13 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:12 - 2012-06-25 05:13 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-01 23:19 - 2012-06-25 05:13 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-01 23:12 - 2012-06-25 05:13 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-01 08:37 - 2012-06-01 08:32 - 02275328 ____A C:\Users\SYAH\Downloads\SLA.ppt
    2012-06-01 08:35 - 2012-06-01 08:34 - 00522388 ____A C:\Users\SYAH\Downloads\ITIL Tools.pptx
    2012-06-01 07:45 - 2012-06-01 07:42 - 10288512 ____A (Microsoft Corporation) C:\Users\SYAH\Downloads\mseinstall.exe
    2012-06-01 07:36 - 2012-01-27 18:07 - 00223194 ____A C:\Windows\PFRO.log
    2012-05-23 10:07 - 2012-05-23 10:07 - 00005754 ____A C:\Users\SYAH\Downloads\Pretest Answer_Sashikumaran.txt
    2012-05-19 10:48 - 2012-05-19 10:26 - 76595971 ____A C:\Users\SYAH\Downloads\kucing s01e19.rmvb
    2012-05-19 08:06 - 2012-05-19 08:06 - 00000210 ____A C:\Users\SYAH\Downloads\g5xd5nic00000000.js
    2012-05-19 07:50 - 2012-05-19 07:47 - 09765910 ____A C:\Users\SYAH\Downloads\kucingkilat.S01E20.rar
    2012-05-17 15:11 - 2012-06-13 04:22 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-05-17 14:48 - 2012-06-13 04:22 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-05-17 14:45 - 2012-06-13 04:22 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-05-17 14:36 - 2012-06-13 04:22 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-05-17 14:35 - 2012-06-13 04:22 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-05-17 14:35 - 2012-06-13 04:22 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-17 14:33 - 2012-06-13 04:22 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-05-17 14:31 - 2012-06-13 04:22 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-17 14:29 - 2012-06-13 04:22 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-05-17 14:29 - 2012-06-13 04:22 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-05-17 14:27 - 2012-06-13 04:22 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-05-17 14:25 - 2012-06-13 04:22 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-05-17 14:24 - 2012-06-13 04:22 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-05-17 14:20 - 2012-06-13 04:22 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-05-17 04:34 - 2012-05-17 04:34 - 00001105 ____A C:\Users\Public\Desktop\Yahoo! Messenger.lnk
    2012-05-17 04:19 - 2012-05-17 04:19 - 00424048 ____A (Yahoo! Inc.) C:\Users\SYAH\Downloads\msgr11us.exe
    2012-05-14 17:05 - 2012-06-13 04:21 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-05-10 04:26 - 2012-01-06 10:21 - 00000989 ____A C:\Users\Public\Desktop\Connectify.lnk
    2012-05-06 00:09 - 2012-05-06 00:09 - 00002479 ____A C:\Users\Public\Desktop\Safari.lnk
    2012-04-30 07:41 - 2012-04-30 07:41 - 00001644 ____A C:\Users\SYAH\Desktop\Google Drive.lnk
    2012-04-30 07:30 - 2012-04-30 07:30 - 00740088 ____A (Google Inc.) C:\Users\SYAH\Downloads\googledrivesync.exe
    2012-04-28 07:35 - 2012-04-28 07:35 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    2012-04-27 20:41 - 2012-06-13 04:22 - 00919040 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
    2012-04-27 19:17 - 2012-06-13 04:22 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-25 20:45 - 2012-06-13 04:21 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-04-25 20:45 - 2012-06-13 04:21 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-04-25 20:41 - 2012-06-13 04:21 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-04-23 08:38 - 2012-04-23 08:38 - 00000277 ____A C:\Windows\LkmdfCoInst.log
    2012-04-23 08:38 - 2011-01-01 23:42 - 00016400 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
    2012-04-23 04:46 - 2012-04-23 04:46 - 00000989 ____A C:\Users\SYAH\Desktop\PhotoScape.lnk
    2012-04-23 04:46 - 2012-04-23 04:46 - 00000989 ____A C:\Users\Guest\Desktop\PhotoScape.lnk
    2012-04-22 11:23 - 2012-04-22 11:23 - 00027759 ____A C:\Users\SYAH\Downloads\loe_skil_list (1).ods


    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 15%
    Total physical RAM: 3002.01 MB
    Available physical RAM: 2524.06 MB
    Total Pagefile: 3000.29 MB
    Available Pagefile: 2535.16 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1977.62 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:58.5 GB) (Free:4.12 GB) NTFS
    2 Drive e: (SYAH) (Fixed) (Total:136.72 GB) (Free:2.59 GB) NTFS
    4 Drive g: (KINGSTON) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT32
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 232 GB 1024 KB
    Disk 1 Online 1906 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 58 GB 101 MB
    Partition 3 Primary 136 GB 58 GB
    Partition 0 Extended 37 GB 195 GB
    Partition 4 Logical 3814 MB 195 GB
    Partition 5 Logical 33 GB 199 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System Rese NTFS Partition 100 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 58 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E SYAH NTFS Partition 136 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 4
    Type : 82
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    ==================================================================================

    Disk: 0
    Partition 5
    Type : 83
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    * Partition 1 Primary 1906 MB 0 B

    ==================================================================================

    Disk: 1
    There is no partition selected.

    There is no partition selected.
    Please select a partition and try again.

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-15 11:44

    ======================= End Of Log ==========================
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Awesome sauce! Clean. :D

    If there are no more issues, then we shall clean up!

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advance System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create
    Now we can purge the infected ones
    • Go back to the System and Maintenance page
    • Select Performance Information and Tools
    • On the left select Open Disk Cleanup
    • Select Files from all users and accept the warning if you get one
    • In the drop down box select your main drive I.e. C
    • For a few moments the system will make some calculations:
      [​IMG]
    • Select the More Options tab
      [​IMG]
    • In the System Restore and Shadow Backups select Clean up
      [​IMG]
    • Select Delete on the pop up
    • Select OK
    • Select Delete

    Run OTC to remove our tools

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Purge old temporary files

    Please download TFC by OldTimer to your desktop
    • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • It will close all programs when run, so make sure you have saved all your work before you begin.
    • Click the Start
      button to begin the process. Depending on how often you clean temp
      files, execution time should be anywhere from a few seconds to a minute
      or two. Let it run uninterrupted to completion.
    • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Tell me in your next reply, if you have completed these tasks:
    • Cleaned System Restore
    • Ran OTC
    • Ran TFC
    • Ran Security Check
    Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.
  23. sapphireX

    sapphireX Newcomer, in training Topic Starter Posts: 27

    I have compete the 4 task - Cleaned System Restore, - Ran OTC, - Ran TFC and - Ran Security Check.
    Now my computer are running well. Thank you :)
    This is the content of the checkup:

    Results of screen317's Security Check version 0.99.42
    Windows 7 Service Pack 1 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Security Center service is not running! This report may not be accurate!
    Microsoft Security Essentials
    (On Access scanning disabled!)
    Error obtaining update status for antivirus!
    `````````Anti-malware/Other Utilities Check:`````````
    Trojan Remover 6.8.2
    CCleaner
    Java(TM) 6 Update 26
    Java(TM) 7 Update 1
    Java(TM) SE Development Kit 7
    Java version out of Date!
    Adobe Flash Player 11.3.300.262
    Adobe Reader 9 Adobe Reader out of Date!
    Mozilla Firefox (13.0.1)
    Google Chrome 16.0.912.15
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 3%
    ````````````````````End of Log``````````````````````
  24. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Adobe Reader Update!

    Please download the newest version of Adobe Acrobat Reader from Adobe.com

    Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

    Once old versions are gone, please install the newest version.

    Java Update!

    Please download the newest version of Java from Java.com.

    Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

    Once old versions are gone, please install the newest version.

    Personal Tips on Preventing Malware

    See this page for more info about malware and prevention.

    Any other questions before I mark this topic solved?
  25. sapphireX

    sapphireX Newcomer, in training Topic Starter Posts: 27

    I have update adobe acrobat reader and Java.
    currently my PC is running okay,
    Thank you so much for your helps :)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.