HKU\AFSHEEN KHAN\...\Run: [Windows Update Server] C:\Users\AFSHEEN KHAN\f50313d9-5762.exe [x]
C:\Users\AFSHEEN KHAN\f50313d9-5762.exe
2012-08-26 12:11 - 2012-08-26 12:11 - 00462848 ____A C:\Users\AFSHEEN KHAN\AppData\Local\vewcnmov.exe
2012-08-28 10:41 - 2011-06-15 18:14 - 00000318 __ASH C:\Windows\Tasks\Thnqb.job
0 d85819b532b8f062; C:\Windows\System32\Drivers\d85819b532b8f062.sys [68864 2012-08-05] () ATTENTION =====> Rootkit?
2012-08-05 08:41 - 2012-08-05 12:41 - 00000368 ____A C:\Users\All Users\lpSv5bowgfReTj
2012-08-05 08:41 - 2012-08-05 12:41 - 00000072 ____A C:\Users\All Users\-lpSv5bowgfReTjr
2012-08-05 08:41 - 2012-08-05 12:41 - 00000072 ____A C:\Users\All Users\-lpSv5bowgfReTj
2012-08-05 07:23 - 2012-08-05 07:23 - 00068864 ____A C:\Windows\System32\Drivers\d85819b532b8f062.sys
2012-08-03 22:31 - 2012-08-03 22:31 - 00000368 ____A C:\Users\All Users\eftt3Gi6riJKnq
2012-08-03 22:31 - 2012-08-03 22:31 - 00000072 ____A C:\Users\All Users\-eftt3Gi6riJKnqr
2012-08-03 22:31 - 2012-08-03 22:31 - 00000072 ____A C:\Users\All Users\-eftt3Gi6riJKnq
2012-07-22 21:27 - 2012-07-22 21:09 - 00000112 ____A C:\Users\All Users\lKoZb6nps1b8zh
2012-07-22 21:18 - 2012-07-22 21:09 - 00000096 ____A C:\Users\All Users\-lKoZb6nps1b8zhr
2012-07-22 21:18 - 2012-07-22 21:09 - 00000096 ____A C:\Users\All Users\-lKoZb6nps1b8zh
2012-07-22 21:09 - 2012-07-22 21:09 - 00000607 ____A C:\Users\AFSHEEN KHAN\Desktop\File_Recovery.lnk
C:\Windows\Installer\{8aae17e6-5e51-4061-d77f-f0b85161e693}
C:\Users\AFSHEEN KHAN\AppData\Local\{8aae17e6-5e51-4061-d77f-f0b85161e693}
C:\Users\Guest\AppData\Local\{8aae17e6-5e51-4061-d77f-f0b85161e693}
C:\Windows\assembly\GAC\Desktop.ini
Replace: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe C:\Windows\System32\services.exe
custom