Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win7 not booting after malware removal-Frst log attached

Started by malwareboot_out , Jan 23 2012 11:13 AM

  • This topic is locked This topic is locked

#1
malwareboot_out
Posted 23 January 2012 - 11:13 AM

malwareboot_out

    Member

  • Member
  • PipPip
  • 10 posts
Hi
First of all great site and great work by you guys in helping out people stuck with computer problems . My Sony VaIO laptop infected with the Win 7 2012 fake antivirus along with a combination of google redirect virus.I followed some of the advice on online forums and used TDSSkiller along with Malware Bytes and Combofix. The malwarebytes and TDSSKiller worked well.The combofix seemed to run in compatibility well and then the system crashed . I have access to a Windows 7 CD and tried all three options of system restore,restore through image and startup repair but the system is not able to perform the repair operation or restore.

After searching some of the threads on this forum came across the Farbar system recovery tool and decided to run it from the command prompt. To save time I scanned it using the FRST tool.Below is the scan log.....I realize should not have run the combofix without supervision .Kindly guide me as soon as possible in getting the system to boot and possibly remove any traces of the malware that might be left.

Scan result of Farbar Recovery Tool (FRST written by farbar) Version: 17-01-2012 00
Ran by SYSTEM at 2012-01-22 18:43:09
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10775584 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 [2040352 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] %ProgramFiles%\Apoint\Apoint.exe [212480 2010-05-31] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1931024 2010-07-19] (Intel® Corporation)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-08-26] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-08-26] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-08-26] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup [89080 2010-07-15] (Sony Electronics Corporation)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [258512 2011-09-23] (Avira Operations GmbH & Co. KG)
HKU\Sravanti\...\Run: [Octoshape Streaming Services] "C:\Users\Sravanti\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun [70936 2009-01-

08] (Octoshape ApS)
HKU\Sravanti\...\Run: [gfUomFNvRQL.exe] C:\ProgramData\gfUomFNvRQL.exe [453376 2012-01-17] ()
HKU\Sravanti\...\Policies\system: [disableregistrytools] 0
HKU\vmuser.Sravanti-PC\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-02-07] (Google Inc.)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

==================== Services (Whitelisted) ======

3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [86224 2011-09-23] (Avira Operations GmbH & Co. KG)
2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [110032 2011-09-23] (Avira Operations GmbH & Co. KG)
2 IAStorDataMgrSvc; "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" [13336 2010-03-03] (Intel Corporation)
2 McciCMService; "C:\Program Files (x86)\Common Files\Motive\McciCMService.exe" [319488 2010-11-08] (Alcatel-Lucent)
2 McciCMService64; "C:\Program Files\Common Files\Motive\McciCMService.exe" [517632 2010-11-08] (Alcatel-Lucent)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-07-19] ()
2 PMBDeviceInfoProvider; "C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe" [367456 2010-06-01] (Sony Corporation)
2 SampleCollector; "C:\Program Files\Sony\VAIO Care\VCPerfService.exe" "/service" "/sstates" "/sampleinterval=2000" "/procinterval=5" "/dllinterval=120" "/counter=\Processor

(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1" "/counter=\Network Interface(*)\Bytes Total/sec:1" "/expandcounter=\Processor Information(*)

\Processor Frequency:1" "/expandcounter=\Processor(*)\% Idle Time:1" "/expandcounter=\Processor(*)\% C1 Time:1" "/expandcounter=\Processor(*)\% C2 Time:1"

"/expandcounter=\Processor(*)\% C3 Time:1" "/expandcounter=\Processor(*)\% Processor Time:1" "/directory=inteldata" [252416 2010-05-25] (Sony Corporation)
4 SOHCImp; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe" [108400 2010-06-20] (Sony Corporation)
4 SOHDms; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe" [423280 2010-06-18] (Sony Corporation)
4 SOHDs; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe" [67952 2010-06-20] (Sony Corporation)
3 Sony Ericsson PCCompanion; "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe" [150528 2011-02-10] (Avanquest Software)
3 SpfService; "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe" [304496 2010-06-06] (Sony Corporation)
2 TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [92592 2011-04-22] (TomTom)
2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2320920 2010-05-28] (Intel Corporation)
2 VAIO Event Service; "C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe" [217968 2010-05-31] (Sony Corporation)
2 VAIO Power Management; "C:\Program Files\Sony\VAIO Power Management\SPMService.exe" [575856 2010-06-21] (Sony Corporation)
2 VCFw; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe" [851824 2010-06-17] (Sony Corporation)
2 VcmIAlzMgr; "C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" [537456 2010-06-09] (Sony Corporation)
2 VcmINSMgr; "C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe" [384880 2010-06-09] (Sony Corporation)
3 VcmXmlIfHelper; "C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe" [101232 2010-06-09] (Sony Corporation)
2 VMAuthdService; "C:\Program Files (x86)\VMware\VMware Server\vmware-authd.exe" [121392 2009-10-20] (VMware, Inc.)
2 VMwareHostd; "C:\Program Files (x86)\VMware\VMware Server\vmware-hostd.exe" -u "C:\ProgramData\VMware\VMware Server\hostd\config.xml" [22161 2011-10-01] ()
2 VMwareServerWebAccess; "C:\Program Files (x86)\VMware\VMware Server\tomcat\bin\Tomcat6.exe" //RS//VMwareServerWebAccess [57344 2009-10-20] (Apache Software Foundation)
3 VUAgent; "C:\Program Files\Sony\VAIO Update Common\VUAgent.exe" [1429608 2011-09-23] (Sony Corporation)
2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [x]
2 VMware NAT Service; C:\Windows\system32\vmnat.exe [x]

========================== Drivers (Whitelisted) =============

3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97312 2011-09-15] (Avira GmbH)
1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130760 2012-01-19] (Avira GmbH)
1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-09-15] (Avira GmbH)
3 ggflt; C:\Windows\System32\DRIVERS\ggflt.sys [13352 2011-06-04] (Sony Ericsson Mobile Communications)
3 ggsemc; C:\Windows\System32\DRIVERS\ggsemc.sys [27176 2011-06-04] (Sony Ericsson Mobile Communications)
2 hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [38448 2009-10-20] (VMware, Inc.)
3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2010-11-08] (Printing Communications Assoc., Inc. (PCAUSA))
3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2010-11-08] (Printing Communications Assoc., Inc. (PCAUSA))
2 MySQL55; "C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld" --defaults-file="C:\ProgramData\MySQL\MySQL Server 5.5\my.ini" MySQL55 [8918 2011-11-24] ()
3 NETwNs64; C:\Windows\System32\DRIVERS\NETwNs64.sys [7821312 2010-07-14] (Intel Corporation)
2 rimspci; C:\Windows\System32\drivers\rimssne64.sys [94208 2010-06-23] (REDC)
2 risdsnpe; C:\Windows\System32\drivers\risdsne64.sys [78848 2010-06-23] (REDC)
2 vmci; \??\C:\Windows\system32\drivers\vmci.sys [65072 2009-10-20] (VMware, Inc.)
3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [20016 2009-10-20] (VMware, Inc.)
2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [38960 2009-10-20] (VMware, Inc.)
2 VMnetuserif; \??\C:\Windows\system32\drivers\vmnetuserif.sys [30256 2009-10-20] (VMware, Inc.)
2 vmx86; \??\C:\Windows\system32\drivers\vmx86.sys [76336 2009-10-20] (VMware, Inc.)
3 wdkmd; C:\Windows\System32\DRIVERS\WDKMD.sys [39832 2010-06-18] (Intel Corporation)
3 aspnet_state; [x]
2 MSSQL$DDNI; [x]

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\System32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\System32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\System32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\System32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\System32\drivers\afd.sys D5B031C308A409A0A576BFF4CF083D30
C:\Windows\System32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\System32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\System32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\drivers\Apfiltr.sys 2D45F2DFBC3D8F53DF7EBEFFA8C9BC38
C:\Windows\System32\drivers\appid.sys ==> MD5 is legit
C:\Windows\System32\drivers\arc.sys ==> MD5 is legit
C:\Windows\System32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys C130BC4A51B1382B2BE8E44579EC4C0A
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys CCA705CDF038D5BC243203CE4416B345
C:\Windows\System32\DRIVERS\atikmdag.sys EAEA2CE49DE0CCA80BEB9134107E5DD7
C:\Windows\System32\DRIVERS\avgntflt.sys AA8F79A1BDFC03B3BC70C44AB00589B4
C:\Windows\System32\DRIVERS\avipbb.sys F1C9DB5F7B2A56A0B29667D22BA540FC
C:\Windows\System32\DRIVERS\avkmgr.sys 248DB59FC86DE44D2779F4C7FB1A567D
C:\Windows\System32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\System32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\System32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\System32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 64C198198501F7560EE41D8D1EFA7952
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\cdrom.sys ==> MD5 is legit
C:\Windows\System32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\System32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys C4943B6C962E4B82197542447AD599F4
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\System32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\System32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\System32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\System32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\System32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fssfltr.sys 6C06701BF1DB05405804D7EB610991CE
C:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\System32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ggflt.sys A4198F2BD8AA592CB90476277A81B5E1
C:\Windows\System32\DRIVERS\ggsemc.sys D266350BDAAB9EB6C1AEC370EEAAFF3A
C:\Windows\system32\drivers\hcmon.sys EDB09F2DF76C352B7AF56D0B473049D6
C:\Windows\System32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\System32\drivers\HECIx64.sys B6AC71AAA2B10848F57FC49D55A651AF
C:\Windows\System32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\System32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\System32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\System32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStor.sys ABBF174CB394F5C437410A788B7E404A
C:\Windows\System32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys 31569A2E836C12014148BF7342716946
C:\Windows\System32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Impcd.sys DD587A55390ED2295BCE6D36AD567DA9
C:\Windows\System32\drivers\RTKVHD64.sys 526E482AFB586CB1CDD687869DECF686
C:\Windows\System32\DRIVERS\IntcDAud.sys 03C74719D48056A1078F3A51CEB76BAA
C:\Windows\System32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys DA1E991A61CFDD755A589E206B97644B
C:\Windows\System32\Drivers\ksecpkg.sys 7E33198D956943A4F11A5474C1E9106F
C:\Windows\System32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\System32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\System32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\System32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\System32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\System32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\System32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS 9BD4DCB5412921864A7AACDEDFBD1923
C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS 07C02C892E8E1A72D6BF35004F0E9C5E
C:\Windows\System32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\System32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\System32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\ProgramData\MySQL\MySQL Server 5.5\my.ini 16553899349DCB09A8E7D2135C0F5704
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NETw5s64.sys 18555F48844C2861D9DCE8F2B7223AE5
C:\Windows\System32\DRIVERS\NETwNs64.sys EB43840BABF5589E33186D094DE7381D
C:\Windows\System32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys A2F74975097F52A00745F9637451FDD8
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\System32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\System32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\System32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\System32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\System32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\System32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\drivers\rimssne64.sys FA6ABC06B629DA29634D31F1FE0347BD
C:\Windows\System32\drivers\risdsne64.sys 8F8539A7F5C117D4407B2985995671F2
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\drivers\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\serial.sys ==> MD5 is legit
C:\Windows\System32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\System32\drivers\SFEP.sys 286D3889E6AB5589646FF8A63CB928AE
C:\Windows\System32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\System32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\System32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Sftfslh.sys A40ABFDCB75F835FDF3CE0CC64E4250D
C:\Windows\System32\DRIVERS\Sftplaylh.sys 411769ED1CB12D2B44217734347BDB7A
C:\Windows\System32\DRIVERS\Sftredirlh.sys A14D0DF34BBB00EA94DA16193D0C7957
C:\Windows\System32\DRIVERS\Sftvollh.sys 393B22ADDD89979EB1C60898F51C3648
C:\Windows\System32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\System32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys FC62769E7BFF2896035AEED399108162
C:\Windows\System32\DRIVERS\tcpip.sys FC62769E7BFF2896035AEED399108162
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\System32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\System32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\System32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\System32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\System32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\System32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\System32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmci.sys 69F38919FF1510560D67F9A0B2375B01
C:\Windows\System32\DRIVERS\vmnetadapter.sys 3C37A81C995AEE1802C9D8DD9EA0E835
C:\Windows\System32\DRIVERS\vmnetbridge.sys D3B25ED3A6796FE3078475D8CFCD6024
C:\Windows\system32\drivers\vmnetuserif.sys EA48BEF5BC53D6CB5FEC8F9BE088B337
C:\Windows\system32\drivers\vmx86.sys 1286147733E31FE4E40237EB289CD7A8
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\System32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\System32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WDKMD.sys FE31110E39A0B11ABAE1BA43A2DC94F9
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\yk62x64.sys 5250193EF8E173AA7491250F00EB367F

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-01-22 18:43 - 2012-01-22 18:43 - 0000000 ____D C:\FRST
2012-01-19 18:21 - 2012-01-19 20:06 - 0000000 ____D C:\Users\All Users\HitmanPro
2012-01-19 18:21 - 2012-01-19 20:06 - 0000000 ____D C:\ProgramData\HitmanPro
2012-01-19 16:06 - 2012-01-19 16:06 - 0023204 ____A C:\ComboFix.txt
2012-01-19 14:24 - 2012-01-19 14:24 - 0358144 ____A C:\Users\All Users\Bc8XwRrNlH7q4F.exe
2012-01-19 14:24 - 2012-01-19 14:24 - 0358144 ____A C:\ProgramData\Bc8XwRrNlH7q4F.exe
2012-01-19 14:24 - 2012-01-19 14:24 - 0000653 ____A C:\Users\Sravanti\Desktop\System Check.lnk
2012-01-19 13:55 - 2012-01-19 13:55 - 0002050 ____A C:\Users\Sravanti\Desktop\Avira Free Antivirus Profile Complete system scan.LNK
2012-01-19 13:33 - 2012-01-19 13:33 - 0000000 ____D C:\Users\Sravanti\AppData\Roaming\Avira
2012-01-19 13:32 - 2012-01-20 17:39 - 0000000 ____D C:\Program Files (x86)\Avira
2012-01-19 13:32 - 2012-01-19 13:37 - 0130760 ____A (Avira GmbH) C:\Windows\System32\Drivers\avipbb.sys
2012-01-19 13:32 - 2011-09-15 23:55 - 0097312 ____A (Avira GmbH) C:\Windows\System32\Drivers\avgntflt.sys
2012-01-19 13:32 - 2011-09-15 23:55 - 0027760 ____A (Avira GmbH) C:\Windows\System32\Drivers\avkmgr.sys
2012-01-19 13:14 - 2012-01-20 17:47 - 0000000 ___HD C:\Users\All Users\Avira
2012-01-19 13:14 - 2012-01-20 17:47 - 0000000 ___HD C:\ProgramData\Avira
2012-01-19 13:07 - 2012-01-19 13:10 - 82885256 ___AH C:\Users\Sravanti\Downloads\avira_free_antivirus_en.exe
2012-01-19 12:57 - 2012-01-19 12:57 - 0092696 ____A C:\Windows\ntbtlog.txt
2012-01-17 15:00 - 2012-01-17 14:57 - 0453376 ___AH C:\Users\All Users\gfUomFNvRQL.exe
2012-01-17 15:00 - 2012-01-17 14:57 - 0453376 ___AH C:\ProgramData\gfUomFNvRQL.exe
2012-01-16 16:48 - 2011-11-16 22:49 - 0152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-01-16 16:48 - 2011-11-16 22:49 - 0095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-01-16 16:48 - 2011-11-16 22:44 - 0459232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-01-16 16:48 - 2011-11-16 22:35 - 1447936 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-01-16 16:48 - 2011-11-16 22:35 - 0395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2012-01-16 16:48 - 2011-11-16 22:35 - 0340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-01-16 16:48 - 2011-11-16 22:35 - 0136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2012-01-16 16:48 - 2011-11-16 22:35 - 0029184 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2012-01-16 16:48 - 2011-11-16 22:35 - 0028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2012-01-16 16:48 - 2011-11-16 22:33 - 0031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2012-01-16 16:48 - 2011-11-16 21:35 - 0314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2012-01-16 16:48 - 2011-11-16 21:34 - 0224768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-01-16 16:48 - 2011-11-16 21:34 - 0022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-01-16 16:48 - 2011-11-16 21:28 - 0096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-01-15 20:46 - 2012-01-20 18:10 - 0000000 ___HD C:\ComboFix
2012-01-15 20:42 - 2012-01-20 18:10 - 0000000 ___SD C:\32788R22FWJFW
2012-01-15 20:37 - 2012-01-15 20:37 - 0065536 __ASH C:\Windows\System32\config\components{256bf9f0-3ffb-11e1-8f62-005056c00008}.TxR.blf
2012-01-15 19:56 - 2011-11-19 06:58 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2012-01-15 19:56 - 2011-11-19 06:01 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2012-01-15 19:56 - 2011-11-16 22:41 - 1731920 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2012-01-15 19:56 - 2011-11-16 21:38 - 1292080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2012-01-15 19:56 - 2011-10-25 21:25 - 1572864 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2012-01-15 19:56 - 2011-10-25 21:25 - 0366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-01-15 19:56 - 2011-10-25 20:32 - 1328128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2012-01-15 19:56 - 2011-10-25 20:32 - 0514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-01-15 18:05 - 2012-01-15 20:46 - 0000000 ____D C:\Windows\ERDNT
2012-01-15 18:04 - 2012-01-19 16:06 - 0000000 ____D C:\Qoobox
2012-01-15 18:01 - 2012-01-19 16:15 - 0001630 ____A C:\Users\Sravanti\Desktop\GooredFix.txt
2012-01-15 18:01 - 2012-01-19 16:15 - 0000000 ____D C:\Users\Sravanti\Desktop\GooredFix Backups
2012-01-14 17:54 - 2012-01-15 19:39 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-14 17:54 - 2012-01-14 17:54 - 0000000 ____D C:\Users\Sravanti\AppData\Roaming\Malwarebytes
2012-01-14 17:54 - 2012-01-14 17:54 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-01-14 17:54 - 2012-01-14 17:54 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-01-14 17:48 - 2012-01-19 16:13 - 0000395 ____A C:\rkill.log
2012-01-14 17:09 - 2012-01-14 17:19 - 0006018 __ASH C:\Users\Sravanti\AppData\Local\566b42m18naieo4r8gdr3q
2012-01-14 17:09 - 2012-01-14 17:19 - 0006018 __ASH C:\Users\All Users\566b42m18naieo4r8gdr3q
2012-01-14 17:09 - 2012-01-14 17:19 - 0006018 __ASH C:\ProgramData\566b42m18naieo4r8gdr3q
2012-01-08 23:22 - 2012-01-08 23:22 - 0465605 ____A C:\Users\Sravanti\Downloads\Perfect_2.mp3
2012-01-06 19:25 - 2012-01-06 19:25 - 0000000 ____A C:\Users\Sravanti\tkcon.hst
2012-01-06 16:38 - 2012-01-15 19:30 - 0000000 ____D C:\Tcl
2012-01-06 10:23 - 2012-01-15 19:32 - 0000000 ____D C:\Users\Sravanti\AppData\Roaming\Yahoo!
2012-01-06 10:05 - 2012-01-20 17:48 - 0000000 ___HD C:\Users\Sravanti\AppData\Local\Facebook
2011-12-26 00:46 - 2011-12-26 00:47 - 0424072 ___AH (Yahoo! Inc.) C:\Users\Sravanti\Downloads\msgr11us(1).exe
2011-12-26 00:36 - 2011-12-26 00:36 - 0000000 ____D C:\Users\All Users\ArcSoft
2011-12-26 00:36 - 2011-12-26 00:36 - 0000000 ____D C:\ProgramData\ArcSoft
2011-12-23 16:23 - 2012-01-20 18:13 - 0000000 ____D C:\Windows\System32\Macromed

============ 3 Months Modified Files and Folders =============

2012-01-22 18:43 - 2012-01-22 18:43 - 0000000 ____D C:\FRST
2012-01-22 18:43 - 2010-11-28 19:52 - 0000000 ____D C:\users\boinc_master
2012-01-20 18:13 - 2011-12-23 16:23 - 0000000 ____D C:\Windows\System32\Macromed
2012-01-20 18:13 - 2011-11-17 17:32 - 0000000 ___HD C:\users\vmuser.Sravanti-PC
2012-01-20 18:13 - 2011-09-28 22:47 - 0000000 ____D C:\users\vmuser
2012-01-20 18:13 - 2011-08-08 22:35 - 0000000 ____D C:\Windows\SysWOW64\URTTEMP
2012-01-20 18:13 - 2011-07-11 11:31 - 0000000 ____D C:\Windows\System32\SPReview
2012-01-20 18:13 - 2011-07-11 11:30 - 0000000 ____D C:\Windows\System32\EventProviders
2012-01-20 18:13 - 2011-06-01 21:51 - 0000000 ____D C:\Windows\SysWOW64\TVUAx
2012-01-20 18:13 - 2011-02-07 13:21 - 0000000 ____D C:\Windows\SysWOW64\VAIO Startup Setting Tool
2012-01-20 18:13 - 2011-02-07 13:21 - 0000000 ____D C:\Windows\pss
2012-01-20 18:13 - 2011-02-07 13:20 - 0000000 ___HD C:\users\Sravanti
2012-01-20 18:13 - 2010-11-28 19:29 - 0000000 ____D C:\Windows\Sonysys
2012-01-20 18:13 - 2010-11-28 19:19 - 0000000 ____D C:\Windows\SysWOW64\RTCOM
2012-01-20 18:13 - 2010-11-03 15:33 - 0000000 ____D C:\Windows\SysWOW64\SDA
2012-01-20 18:13 - 2010-11-03 14:36 - 0000000 ____D C:\Windows\InstDrvs
2012-01-20 18:13 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-01-20 18:13 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-01-20 18:13 - 2009-07-13 20:45 - 0000000 ____D C:\Windows\Setup
2012-01-20 18:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\TAPI
2012-01-20 18:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Recovery
2012-01-20 18:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\oobe
2012-01-20 18:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-01-20 18:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\oobe
2012-01-20 18:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-01-20 18:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Msdtc
2012-01-20 18:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\system
2012-01-20 18:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\security
2012-01-20 18:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Resources
2012-01-20 18:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-01-20 18:12 - 2011-12-19 15:26 - 0000000 ___HD C:\Users\Sravanti\AppData\Roaming\SpinTop
2012-01-20 18:12 - 2011-10-24 01:34 - 0000000 ___HD C:\Users\Sravanti\AppData\Roaming\SmartDraw
2012-01-20 18:12 - 2011-10-24 00:03 - 0000000 ___HD C:\Users\Sravanti\AppData\Local\UML Lab Modeling IDE
2012-01-20 18:12 - 2011-10-03 17:49 - 0000000 __RHD C:\Users\Sravanti\Desktop\Dropbox
2012-01-20 18:12 - 2011-10-02 21:50 - 0000000 ___HD C:\Users\Sravanti\AppData\Roaming\TeamViewer
2012-01-20 18:12 - 2011-09-11 12:32 - 0000000 ___HD C:\Users\Sravanti\AppData\Roaming\gtk-2.0
2012-01-20 18:12 - 2011-08-08 22:36 - 0000000 ___HD C:\Users\Sravanti\AppData\Local\{4A943398-A046-488D-B198-25A8DEF59F1B}
2012-01-20 18:12 - 2011-07-17 22:08 - 0000000 ___HD C:\Users\Sravanti\AppData\Local\{2D1D5390-30CD-44E5-BC85-DB4134620734}
2012-01-20 18:12 - 2011-03-25 11:51 - 0000000 ___HD C:\Users\Sravanti\AppData\Roaming\Skype
2012-01-20 18:12 - 2011-02-10 21:58 - 0000000 ___HD C:\Users\Sravanti\AppData\Roaming\VMware
2012-01-20 18:12 - 2011-02-07 22:19 - 0000000 ___HD C:\Users\Sravanti\AppData\Roaming\ArcSoft
2012-01-20 18:12 - 2011-02-07 13:29 - 0000000 ___HD C:\Users\Sravanti\AppData\Roaming\Mozilla
2012-01-20 18:12 - 2011-02-07 13:20 - 0000000 ___HD C:\Users\Sravanti\AppData\LocalLow
2012-01-20 18:12 - 2010-11-28 20:28 - 0000000 ____D C:\Windows\en
2012-01-20 18:12 - 2010-11-28 19:50 - 0000000 ____D C:\Windows\Downloaded Installations
2012-01-20 18:12 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-01-20 18:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Help
2012-01-20 18:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-01-20 18:11 - 2011-11-24 13:20 - 0000000 ____D C:\Program Files (x86)\Windows Installer Clean Up
2012-01-20 18:11 - 2011-11-22 12:28 - 0000000 ____D C:\Program Files\NetBeans 7.0.1
2012-01-20 18:11 - 2011-10-24 00:57 - 0000000 ___HD C:\Users\All Users\Altova
2012-01-20 18:11 - 2011-10-24 00:57 - 0000000 ___HD C:\ProgramData\Altova
2012-01-20 18:11 - 2011-09-20 21:31 - 0000000 ____D C:\Program Files (x86)\TomTom International B.V
2012-01-20 18:11 - 2011-09-20 21:31 - 0000000 ____D C:\Program Files (x86)\TomTom HOME 2
2012-01-20 18:11 - 2011-08-08 22:36 - 0000000 ___HD C:\Users\Sravanti\AppData\Local\ApplicationHistory
2012-01-20 18:11 - 2011-08-06 06:18 - 0000000 ____D C:\Program Files (x86)\WinRAR
2012-01-20 18:11 - 2011-06-12 19:41 - 0000000 ___HD C:\Users\All Users\Apple Computer
2012-01-20 18:11 - 2011-06-12 19:41 - 0000000 ___HD C:\ProgramData\Apple Computer
2012-01-20 18:11 - 2011-06-08 21:56 - 0000000 ___HD C:\Users\Sravanti\AppData\Local\Sony
2012-01-20 18:11 - 2011-06-08 21:55 - 0000000 ___HD C:\Users\Sravanti\AppData\Local\Downloaded Installations
2012-01-20 18:11 - 2011-06-04 20:27 - 0000000 ___HD C:\Users\All Users\Real
2012-01-20 18:11 - 2011-06-04 20:27 - 0000000 ___HD C:\ProgramData\Real
2012-01-20 18:11 - 2011-06-04 20:27 - 0000000 ____D C:\Program Files (x86)\Real
2012-01-20 18:11 - 2011-05-23 17:49 - 0000000 ___HD C:\Users\Sravanti\AppData\Local\Citrix
2012-01-20 18:11 - 2011-05-17 19:26 - 0000000 ____D C:\Program Files\Common Files\Motive
2012-01-20 18:11 - 2011-05-17 19:26 - 0000000 ____D C:\Program Files\ATT-HSI
2012-01-20 18:11 - 2011-05-08 18:34 - 0000000 ___HD C:\Users\All Users\Microsoft Help
2012-01-20 18:11 - 2011-05-08 18:34 - 0000000 ___HD C:\ProgramData\Microsoft Help
2012-01-20 18:11 - 2011-03-14 09:18 - 0000000 __HDC C:\Users\All Users\{F77EE8EF-305B-4394-A018-C1A57D2D66B5}
2012-01-20 18:11 - 2011-03-14 09:18 - 0000000 __HDC C:\ProgramData\{F77EE8EF-305B-4394-A018-C1A57D2D66B5}
2012-01-20 18:11 - 2011-03-13 14:00 - 0000000 ___HD C:\Users\Sravanti\AppData\Local\Eclipse
2012-01-20 18:11 - 2011-02-11 11:38 - 0000000 ___HD C:\Users\All Users\Yahoo!
2012-01-20 18:11 - 2011-02-11 11:38 - 0000000 ___HD C:\ProgramData\Yahoo!
2012-01-20 18:11 - 2011-02-11 11:35 - 0000000 ____D C:\Program Files (x86)\Yahoo!
2012-01-20 18:11 - 2011-02-08 22:51 - 0000000 ___HD C:\Users\All Users\Intel
2012-01-20 18:11 - 2011-02-08 22:51 - 0000000 ___HD C:\ProgramData\Intel
2012-01-20 18:11 - 2011-02-08 22:43 - 0000000 ___HD C:\Update
2012-01-20 18:11 - 2011-02-07 22:32 - 0000000 ____D C:\Program Files\Google
2012-01-20 18:11 - 2010-11-28 20:35 - 0000000 ___HD C:\Users\All Users\Norton
2012-01-20 18:11 - 2010-11-28 20:35 - 0000000 ___HD C:\ProgramData\Norton
2012-01-20 18:11 - 2010-11-28 20:27 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-01-20 18:11 - 2010-11-28 20:26 - 0000000 ____D C:\Program Files\Windows Live
2012-01-20 18:11 - 2010-11-28 19:55 - 0000000 ___HD C:\SPLASH.SYS
2012-01-20 18:11 - 2010-11-28 19:44 - 0000000 ____D C:\Program Files (x86)\Sony
2012-01-20 18:11 - 2010-11-28 19:43 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-01-20 18:11 - 2010-11-28 19:42 - 0000000 ___HD C:\Users\All Users\Skype
2012-01-20 18:11 - 2010-11-28 19:42 - 0000000 ___HD C:\ProgramData\Skype
2012-01-20 18:11 - 2010-11-28 19:41 - 0000000 ___AD C:\Program Files\Shutterfly
2012-01-20 18:11 - 2010-11-28 19:38 - 0000000 ____D C:\Program Files\Sony
2012-01-20 18:11 - 2010-11-28 19:20 - 0000000 ____D C:\Program Files\Apoint
2012-01-20 18:11 - 2010-11-28 19:19 - 0000000 ____D C:\Program Files\Realtek
2012-01-20 18:11 - 2010-11-28 19:19 - 0000000 ____D C:\Program Files (x86)\Realtek
2012-01-20 18:11 - 2010-11-03 16:24 - 0000000 ___HD C:\Users\All Users\Sony Corporation
2012-01-20 18:11 - 2010-11-03 16:24 - 0000000 ___HD C:\ProgramData\Sony Corporation
2012-01-20 18:11 - 2010-11-03 14:59 - 0000000 ____D C:\Program Files\Common Files\Intel
2012-01-20 18:11 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Microsoft Games
2012-01-20 18:11 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-01-20 18:10 - 2012-01-15 20:46 - 0000000 ___HD C:\ComboFix
2012-01-20 18:10 - 2012-01-15 20:42 - 0000000 ___SD C:\32788R22FWJFW
2012-01-20 18:10 - 2011-11-23 20:40 - 0000000 ____D C:\Program Files (x86)\MySQL
2012-01-20 18:10 - 2011-11-16 15:53 - 0000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2012-01-20 18:10 - 2011-09-29 06:42 - 0000000 ____D C:\Program Files (x86)\Glary Utilities
2012-01-20 18:10 - 2011-06-12 19:41 - 0000000 ____D C:\Program Files (x86)\QuickTime
2012-01-20 18:10 - 2011-05-17 19:26 - 0000000 ___HD C:\Program Files (x86)\ATT-HSI
2012-01-20 18:10 - 2011-04-09 19:51 - 0000000 ____D C:\Program Files (x86)\Jagannatha Hora
2012-01-20 18:10 - 2011-02-24 20:54 - 0000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-01-20 18:10 - 2011-02-07 22:36 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-01-20 18:10 - 2011-02-07 22:32 - 0000000 ____D C:\Program Files (x86)\Google
2012-01-20 18:10 - 2010-11-28 20:24 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-01-20 18:10 - 2010-11-28 19:54 - 0000000 ____D C:\Program Files (x86)\Downloaded Installations
2012-01-20 18:10 - 2010-11-28 19:50 - 0000000 ____D C:\Program Files (x86)\BOINC
2012-01-20 18:10 - 2010-11-03 15:36 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-01-20 18:10 - 2010-11-03 14:56 - 0000000 ___HD C:\Intel
2012-01-20 18:10 - 2009-07-13 19:18 - 0000000 __SHD C:\$Recycle.Bin
2012-01-20 18:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-01-20 18:07 - 2010-11-28 19:26 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2012-01-20 18:07 - 2010-11-28 19:11 - 0000000 ____D C:\Windows\SysWOW64\winrm
2012-01-20 18:07 - 2010-11-28 19:11 - 0000000 ____D C:\Windows\SysWOW64\WCN
2012-01-20 18:07 - 2010-11-28 19:11 - 0000000 ____D C:\Windows\SysWOW64\slmgr
2012-01-20 18:07 - 2010-11-28 19:11 - 0000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2012-01-20 18:07 - 2010-11-28 19:11 - 0000000 ____D C:\Windows\System32\winrm
2012-01-20 18:07 - 2010-11-28 19:11 - 0000000 ____D C:\Windows\System32\WCN
2012-01-20 18:07 - 2010-11-28 19:11 - 0000000 ____D C:\Windows\System32\slmgr
2012-01-20 18:07 - 2010-11-28 19:11 - 0000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2012-01-20 18:07 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
2012-01-20 18:07 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\WindowsPowerShell
2012-01-20 18:07 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\WinBioPlugIns
2012-01-20 18:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Web
2012-01-20 18:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Vss
2012-01-20 18:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\spp
2012-01-20 18:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Speech
2012-01-20 18:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\NetworkList
2012-01-20 18:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\MUI
2012-01-20 18:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Msdtc
2012-01-20 18:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2012-01-20 18:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\InstallShield
2012-01-20 18:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\IME
2012-01-20 18:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2012-01-20 18:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\com
2012-01-20 18:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\spp
2012-01-20 18:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\spool
2012-01-20 18:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Speech
2012-01-20 18:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\SMI
2012-01-20 18:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NetworkList
2012-01-20 18:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\MUI
2012-01-20 18:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\migwiz
2012-01-20 18:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\IME
2012-01-20 18:06 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Performance
2012-01-20 18:06 - 2009-07-13 20:45 - 0000000 ____D C:\Windows\ServiceProfiles
2012-01-20 18:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Dism
2012-01-20 18:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\com
2012-01-20 18:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Speech
2012-01-20 18:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\schemas
2012-01-20 18:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-01-20 18:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PLA
2012-01-20 18:00 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\IME
2012-01-20 18:00 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Globalization
2012-01-20 17:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Branding
2012-01-20 17:56 - 2011-10-24 00:20 - 0000000 ___HD C:\Users\Sravanti\Workspaces
2012-01-20 17:56 - 2011-10-24 00:02 - 0000000 ___HD C:\Users\Sravanti\workspace1
2012-01-20 17:56 - 2011-09-30 09:48 - 0000000 __RHD C:\Users\Sravanti\Dropbox
2012-01-20 17:56 - 2011-08-17 18:09 - 0000000 ___HD C:\VMDataStore
2012-01-20 17:56 - 2011-03-13 14:00 - 0000000 ___HD C:\Users\Sravanti\workspace
2012-01-20 17:55 - 2011-11-28 21:38 - 0000000 ___HD C:\Users\Sravanti\Downloads\rmi_c
2012-01-20 17:53 - 2011-11-27 23:56 - 0000000 ___HD C:\Users\Sravanti\Downloads\basic-jgroups
2012-01-20 17:53 - 2011-11-27 23:56 - 0000000 ___HD C:\Users\Sravanti\Downloads\__MACOSX
2012-01-20 17:53 - 2011-11-22 12:46 - 0000000 ___HD C:\Users\Sravanti\Documents\NetBeansProjects
2012-01-20 17:53 - 2011-10-24 01:01 - 0000000 ___HD C:\Users\Sravanti\Documents\Altova
2012-01-20 17:53 - 2011-09-14 23:04 - 0000000 ___HD C:\Users\Sravanti\Downloads\eclipse-jee-indigo-win32-x86_64
2012-01-20 17:53 - 2011-03-13 13:59 - 0000000 ___HD C:\Users\Sravanti\Downloads\eclipse-cpp-helios-SR1-win32-x86_64
2012-01-20 17:52 - 2011-11-16 15:55 - 0000000 ___HD C:\Users\Sravanti\AppData\Roaming\OpenOffice.org
2012-01-20 17:52 - 2011-10-14 15:03 - 0000000 ___HD C:\Users\Sravanti\AppData\Roaming\Oberon Media
2012-01-20 17:52 - 2011-09-30 09:46 - 0000000 ___HD C:\Users\Sravanti\AppData\Roaming\Dropbox
2012-01-20 17:52 - 2011-09-20 21:31 - 0000000 ___HD C:\Users\Sravanti\AppData\Roaming\TomTom
2012-01-20 17:52 - 2011-09-20 21:31 - 0000000 ___HD C:\Users\Sravanti\AppData\Local\TomTom
2012-01-20 17:52 - 2011-08-17 16:33 - 0000000 ___HD C:\Users\Sravanti\AppData\Roaming\GlarySoft
2012-01-20 17:52 - 2011-06-04 20:27 - 0000000 ___HD C:\Users\Sravanti\AppData\Roaming\Real
2012-01-20 17:52 - 2011-06-01 21:46 - 0000000 ___HD C:\Users\Sravanti\AppData\Roaming\Octoshape
2012-01-20 17:52 - 2011-02-24 20:54 - 0000000 ___HD C:\Users\Sravanti\AppData\Roaming\SoftGrid Client
2012-01-20 17:52 - 2011-02-07 13:27 - 0000000 ___HD C:\Users\Sravanti\AppData\Roaming\Adobe
2012-01-20 17:52 - 2011-02-07 13:24 - 0000000 ___HD C:\Users\Sravanti\AppData\Roaming\Intel
2012-01-20 17:52 - 2011-02-07 13:21 - 0000000 ___HD C:\Users\Sravanti\AppData\Roaming\Sony Corporation
2012-01-20 17:52 - 2011-02-07 13:21 - 0000000 ___HD C:\Users\Sravanti\AppData\Local\VirtualStore
2012-01-20 17:51 - 2011-02-07 22:36 - 0000000 ___HD C:\Users\Sravanti\AppData\Local\Mozilla
2012-01-20 17:51 - 2011-02-07 13:32 - 0000000 ___HD C:\Users\Sravanti\AppData\Local\Sony Corporation
2012-01-20 17:48 - 2012-01-06 10:05 - 0000000 ___HD C:\Users\Sravanti\AppData\Local\Facebook
2012-01-20 17:48 - 2011-11-22 12:41 - 0000000 ___HD C:\Users\Sravanti\.netbeans
2012-01-20 17:48 - 2011-10-24 00:01 - 0000000 ___HD C:\Users\Sravanti\.eclipse
2012-01-20 17:48 - 2011-10-01 12:17 - 0000000 ___HD C:\Users\All Users\VMware
2012-01-20 17:48 - 2011-10-01 12:17 - 0000000 ___HD C:\ProgramData\VMware
2012-01-20 17:48 - 2011-05-19 21:54 - 0000000 ___HD C:\Users\All Users\Sony Ericsson
2012-01-20 17:48 - 2011-05-19 21:54 - 0000000 ___HD C:\ProgramData\Sony Ericsson
2012-01-20 17:48 - 2011-02-07 22:44 - 0000000 ___HD C:\Users\Sravanti\AppData\Local\Microsoft Games
2012-01-20 17:48 - 2011-02-07 22:32 - 0000000 ___HD C:\Users\Sravanti\AppData\Local\Google
2012-01-20 17:48 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Public
2012-01-20 17:48 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Default
2012-01-20 17:47 - 2012-01-19 13:14 - 0000000 ___HD C:\Users\All Users\Avira
2012-01-20 17:47 - 2012-01-19 13:14 - 0000000 ___HD C:\ProgramData\Avira
2012-01-20 17:47 - 2011-11-23 20:40 - 0000000 ___HD C:\Users\All Users\MySQL
2012-01-20 17:47 - 2011-11-23 20:40 - 0000000 ___HD C:\ProgramData\MySQL
2012-01-20 17:47 - 2011-07-17 22:09 - 0000000 ___HD C:\Users\All Users\Boson
2012-01-20 17:47 - 2011-07-17 22:09 - 0000000 ___HD C:\ProgramData\Boson
2012-01-20 17:47 - 2011-02-07 22:32 - 0000000 ___HD C:\Users\All Users\Google
2012-01-20 17:47 - 2011-02-07 22:32 - 0000000 ___HD C:\ProgramData\Google
2012-01-20 17:47 - 2010-11-28 19:27 - 0000000 ___HD C:\Users\All Users\Adobe
2012-01-20 17:47 - 2010-11-28 19:27 - 0000000 ___HD C:\ProgramData\Adobe
2012-01-20 17:47 - 2010-11-28 19:17 - 0000000 ___HD C:\Users\All Users\DDNi
2012-01-20 17:47 - 2010-11-28 19:17 - 0000000 ___HD C:\ProgramData\DDNi
2012-01-20 17:46 - 2011-09-29 13:44 - 0000000 ____D C:\Program Files\Oracle
2012-01-20 17:46 - 2010-11-04 16:28 - 0000000 ____D C:\Program Files\Windows Journal
2012-01-20 17:46 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2012-01-20 17:46 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Defender
2012-01-20 17:46 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Reference Assemblies
2012-01-20 17:46 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Windows NT
2012-01-20 17:45 - 2011-11-23 20:42 - 0000000 ____D C:\Program Files\MySQL
2012-01-20 17:45 - 2010-11-28 19:36 - 0000000 ____D C:\Program Files\Microsoft Office
2012-01-20 17:45 - 2010-11-28 19:31 - 0000000 ____D C:\Program Files\Java
2012-01-20 17:45 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\MSBuild
2012-01-20 17:44 - 2010-11-28 19:26 - 0000000 ____D C:\Program Files\Common Files\Sony Shared
2012-01-20 17:44 - 2010-11-28 19:20 - 0000000 ____D C:\Program Files\Intel
2012-01-20 17:44 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\DVD Maker
2012-01-20 17:44 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-01-20 17:44 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Defender
2012-01-20 17:44 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2012-01-20 17:44 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\SpeechEngines
2012-01-20 17:44 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files (x86)\Windows NT
2012-01-20 17:43 - 2011-10-02 21:48 - 0000000 ____D C:\Program Files (x86)\TeamViewer
2012-01-20 17:43 - 2011-10-01 12:17 - 0000000 ____D C:\Program Files (x86)\VMware
2012-01-20 17:42 - 2011-05-19 21:54 - 0000000 ____D C:\Program Files (x86)\Sony Ericsson
2012-01-20 17:42 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Reference Assemblies
2012-01-20 17:41 - 2011-06-04 10:40 - 0000000 ____D C:\Program Files (x86)\Java
2012-01-20 17:41 - 2011-04-18 22:52 - 0000000 ____D C:\Program Files (x86)\MSECache
2012-01-20 17:41 - 2010-11-28 19:35 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2012-01-20 17:41 - 2010-11-03 14:56 - 0000000 ____D C:\Program Files (x86)\Intel
2012-01-20 17:41 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\MSBuild
2012-01-20 17:40 - 2010-11-28 19:55 - 0000000 ____D C:\Program Files (x86)\Evernote
2012-01-20 17:40 - 2010-11-28 19:31 - 0000000 ____D C:\Program Files (x86)\Intel Corporation
2012-01-20 17:40 - 2010-11-28 19:17 - 0000000 ____D C:\Program Files (x86)\DDNi
2012-01-20 17:39 - 2012-01-19 13:32 - 0000000 ____D C:\Program Files (x86)\Avira
2012-01-20 17:39 - 2011-02-12 10:01 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-01-20 17:39 - 2011-02-08 22:50 - 0000000 ____D C:\Program Files (x86)\Cisco
2012-01-20 17:39 - 2010-11-28 19:57 - 0000000 ____D C:\Program Files (x86)\ArcSoft
2012-01-19 20:06 - 2012-01-19 18:21 - 0000000 ____D C:\Users\All Users\HitmanPro
2012-01-19 20:06 - 2012-01-19 18:21 - 0000000 ____D C:\ProgramData\HitmanPro
2012-01-19 16:15 - 2012-01-15 18:01 - 0001630 ____A C:\Users\Sravanti\Desktop\GooredFix.txt
2012-01-19 16:15 - 2012-01-15 18:01 - 0000000 ____D C:\Users\Sravanti\Desktop\GooredFix Backups
2012-01-19 16:13 - 2012-01-14 17:48 - 0000395 ____A C:\rkill.log
2012-01-19 16:06 - 2012-01-19 16:06 - 0023204 ____A C:\ComboFix.txt
2012-01-19 16:06 - 2012-01-15 18:04 - 0000000 ____D C:\Qoobox
2012-01-19 14:40 - 2011-02-07 13:15 - 2955485184 __ASH C:\hiberfil.sys
2012-01-19 14:27 - 2010-12-25 14:41 - 1435675 ____A C:\Windows\WindowsUpdate.log
2012-01-19 14:24 - 2012-01-19 14:24 - 0358144 ____A C:\Users\All Users\Bc8XwRrNlH7q4F.exe
2012-01-19 14:24 - 2012-01-19 14:24 - 0358144 ____A C:\ProgramData\Bc8XwRrNlH7q4F.exe
2012-01-19 14:24 - 2012-01-19 14:24 - 0000653 ____A C:\Users\Sravanti\Desktop\System Check.lnk
2012-01-19 14:23 - 2011-10-01 11:37 - 0000330 ____A C:\Windows\Tasks\GlaryInitialize.job
2012-01-19 14:23 - 2011-08-22 07:05 - 0014748 ____A C:\Windows\setupact.log
2012-01-19 14:23 - 2011-02-07 22:32 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-01-19 14:23 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-01-19 14:22 - 2009-07-13 20:45 - 0013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-01-19 14:22 - 2009-07-13 20:45 - 0013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-01-19 14:12 - 2009-07-13 21:13 - 0745992 ____A C:\Windows\System32\PerfStringBackup.INI
2012-01-19 13:55 - 2012-01-19 13:55 - 0002050 ____A C:\Users\Sravanti\Desktop\Avira Free Antivirus Profile Complete system scan.LNK
2012-01-19 13:47 - 2011-08-22 07:05 - 0362298 ____A C:\Windows\PFRO.log
2012-01-19 13:40 - 2011-02-07 22:32 - 0000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-01-19 13:37 - 2012-01-19 13:32 - 0130760 ____A (Avira GmbH) C:\Windows\System32\Drivers\avipbb.sys
2012-01-19 13:33 - 2012-01-19 13:33 - 0000000 ____D C:\Users\Sravanti\AppData\Roaming\Avira
2012-01-19 13:30 - 2011-07-29 15:17 - 0000920 ___AH C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3562534644-70929150-3015409922-1005UA.job
2012-01-19 13:10 - 2012-01-19 13:07 - 82885256 ___AH C:\Users\Sravanti\Downloads\avira_free_antivirus_en.exe
2012-01-19 12:59 - 2011-07-29 15:17 - 0000868 ___AH C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3562534644-70929150-3015409922-1005Core.job
2012-01-19 12:57 - 2012-01-19 12:57 - 0092696 ____A C:\Windows\ntbtlog.txt
2012-01-17 14:57 - 2012-01-17 15:00 - 0453376 ___AH C:\Users\All Users\gfUomFNvRQL.exe
2012-01-17 14:57 - 2012-01-17 15:00 - 0453376 ___AH C:\ProgramData\gfUomFNvRQL.exe
2012-01-15 22:30 - 2011-12-04 19:33 - 0000000 ____D C:\Users\Sravanti\AppData\Local\ElevatedDiagnostics
2012-01-15 22:01 - 2011-06-18 13:55 - 0044579 ____A C:\test.xml
2012-01-15 20:46 - 2012-01-15 18:05 - 0000000 ____D C:\Windows\ERDNT
2012-01-15 20:43 - 2011-03-13 11:15 - 54008112 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-01-15 20:41 - 2011-04-08 12:03 - 0000000 ____D C:\Users\Sravanti\AppData\Local\CrashDumps
2012-01-15 20:37 - 2012-01-15 20:37 - 0065536 __ASH C:\Windows\System32\config\components{256bf9f0-3ffb-11e1-8f62-005056c00008}.TxR.blf
2012-01-15 20:37 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-01-15 19:39 - 2012-01-14 17:54 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-15 19:32 - 2012-01-06 10:23 - 0000000 ____D C:\Users\Sravanti\AppData\Roaming\Yahoo!
2012-01-15 19:30 - 2012-01-06 16:38 - 0000000 ____D C:\Tcl
2012-01-15 18:54 - 2011-12-20 15:58 - 0000000 __SHD C:\Users\Sravanti\AppData\Local\64b5e28e
2012-01-14 17:54 - 2012-01-14 17:54 - 0000000 ____D C:\Users\Sravanti\AppData\Roaming\Malwarebytes
2012-01-14 17:54 - 2012-01-14 17:54 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-01-14 17:54 - 2012-01-14 17:54 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-01-14 17:19 - 2012-01-14 17:09 - 0006018 __ASH C:\Users\Sravanti\AppData\Local\566b42m18naieo4r8gdr3q
2012-01-14 17:19 - 2012-01-14 17:09 - 0006018 __ASH C:\Users\All Users\566b42m18naieo4r8gdr3q
2012-01-14 17:19 - 2012-01-14 17:09 - 0006018 __ASH C:\ProgramData\566b42m18naieo4r8gdr3q
2012-01-08 23:22 - 2012-01-08 23:22 - 0465605 ____A C:\Users\Sravanti\Downloads\Perfect_2.mp3
2012-01-08 10:40 - 2011-03-25 11:52 - 0000000 ____D C:\Users\Sravanti\AppData\Roaming\skypePM
2012-01-06 19:25 - 2012-01-06 19:25 - 0000000 ____A C:\Users\Sravanti\tkcon.hst
2012-01-06 19:14 - 2011-10-27 17:25 - 0005429 ____A C:\WirelessDiagLog.csv
2011-12-26 00:48 - 2011-05-17 22:00 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-12-26 00:47 - 2011-12-26 00:46 - 0424072 ___AH (Yahoo! Inc.) C:\Users\Sravanti\Downloads\msgr11us(1).exe
2011-12-26 00:36 - 2011-12-26 00:36 - 0000000 ____D C:\Users\All Users\ArcSoft
2011-12-26 00:36 - 2011-12-26 00:36 - 0000000 ____D C:\ProgramData\ArcSoft
2011-12-23 16:27 - 2011-09-14 22:16 - 0000600 ____A C:\Users\Sravanti\AppData\Local\PUTTY.RND
2011-12-20 20:05 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\servicing
2011-12-20 19:52 - 2011-08-19 06:48 - 0000000 ____D C:\Windows\Minidump
2011-12-20 18:55 - 2011-12-20 18:55 - 0000000 ____D C:\Windows\SysWOW64\%LOCALAPPDATA%
2011-12-20 17:50 - 2011-12-20 17:50 - 0000000 ____D C:\Users\Sravanti\AppData\Roaming\Tific
2011-12-20 17:49 - 2011-12-20 17:49 - 0000000 ____D C:\Users\Sravanti\AppData\Local\Symantec
2011-12-20 13:14 - 2011-12-20 13:14 - 0000000 ____D C:\Users\Sravanti\AppData\Roaming\OpenCandy
2011-12-19 23:05 - 2011-10-26 11:16 - 0000000 ____D C:\Users\Sravanti\AppData\Roaming\Meridian93
2011-12-19 23:02 - 2011-12-19 23:01 - 93344995 ___AH (Meridian'93 ) C:\Users\Sravanti\Downloads\mf2.exe
2011-12-15 00:16 - 2009-07-13 20:45 - 0336472 ____A C:\Windows\System32\FNTCACHE.DAT
2011-12-14 00:02 - 2011-12-14 00:02 - 0001522 ____A C:\Users\Sravanti\Downloads\CMPE207FinalPaper.txt
2011-12-08 15:09 - 2011-12-08 15:09 - 1266612 ___AH C:\Users\Sravanti\Downloads\viperclientsetup_aca.exe
2011-12-08 15:08 - 2011-12-08 15:08 - 0463080 ___AH (CNET Download.com) C:\Users\Sravanti\Downloads\cnet2_viperclientsetup_aca_exe.exe
2011-12-08 12:05 - 2011-02-07 13:24 - 0077456 ____A C:\Users\Sravanti\AppData\Local\GDIPFONTCACHEV1.DAT
2011-12-08 12:04 - 2009-07-13 21:38 - 0067584 ___AS C:\Windows\bootstat(27).dat
2011-12-07 16:22 - 2011-12-07 16:22 - 0032216 ____A C:\Users\Sravanti\Downloads\StudentDetails.java
2011-12-07 16:22 - 2011-12-07 16:22 - 0023015 ____A C:\Users\Sravanti\Downloads\StudentDetails.form
2011-12-07 12:20 - 2011-12-07 12:20 - 0009901 ____A C:\Users\Sravanti\Downloads\DeleteCourseStdnt(1).java
2011-12-07 12:20 - 2011-12-07 12:20 - 0007575 ____A C:\Users\Sravanti\Downloads\DeleteCourseStdnt(1).form
2011-12-06 23:15 - 2011-12-06 23:14 - 13620852 ____A C:\Users\Sravanti\Downloads\P3_Mobile.zip
2011-12-06 01:54 - 2011-12-06 01:54 - 0017572 ____A C:\Users\Sravanti\Downloads\graph info.xlsx
2011-12-06 01:20 - 2011-12-06 01:20 - 0179200 ____A C:\Users\Sravanti\Downloads\Client_Server_chat.doc
2011-12-05 03:26 - 2011-12-05 03:26 - 1612288 ____A C:\Users\Sravanti\Downloads\LoadBalancing.ppt
2011-12-05 02:53 - 2011-12-05 02:53 - 2921472 ____A C:\Users\Sravanti\Downloads\intermachine-parallelism-lecture.ppt
2011-12-05 00:25 - 2011-12-05 00:25 - 0007270 ____A C:\Users\Sravanti\Downloads\MonteCarlo(1).java
2011-12-04 19:37 - 2009-07-13 19:20 - 0000000 __RHD C:\Users\Public\Libraries
2011-12-04 19:08 - 2011-12-04 19:08 - 0010099 ____A C:\Users\Sravanti\Downloads\components-FileChooserDemoProject.zip
2011-12-04 17:27 - 2011-12-04 17:27 - 0009787 ____A C:\Users\Sravanti\Downloads\PayFees.java
2011-12-04 17:27 - 2011-12-04 17:27 - 0009315 ____A C:\Users\Sravanti\Downloads\PostFees.java
2011-12-04 17:27 - 2011-12-04 17:27 - 0007050 ____A C:\Users\Sravanti\Downloads\PayFees.form
2011-12-04 17:27 - 2011-12-04 17:27 - 0006935 ____A C:\Users\Sravanti\Downloads\PostFees.form
2011-12-04 17:24 - 2011-12-04 17:24 - 0001160 ___AH C:\Users\Sravanti\Downloads\Downloads - Shortcut.lnk
2011-12-04 17:23 - 2011-12-04 17:23 - 0010398 ____A C:\Users\Sravanti\Downloads\ViewScheduleStudent.java
2011-12-04 17:23 - 2011-12-04 17:23 - 0006860 ____A C:\Users\Sravanti\Downloads\ViewScheduleStudent.form
2011-12-04 17:11 - 2011-12-04 17:11 - 0010399 ____A C:\Users\Sravanti\Downloads\ViewSchedule.java
2011-12-04 17:11 - 2011-12-04 17:11 - 0006860 ____A C:\Users\Sravanti\Downloads\ViewSchedule.form
2011-12-04 17:03 - 2011-12-04 17:03 - 0010333 ____A C:\Users\Sravanti\Downloads\AddCourseStudent.java
2011-12-04 17:03 - 2011-12-04 17:03 - 0007951 ____A C:\Users\Sravanti\Downloads\AddCourseStudent.form
2011-12-04 01:00 - 2011-12-04 01:00 - 0001235 ____A C:\Users\Sravanti\Downloads\Direct.java
2011-12-04 00:58 - 2011-12-04 00:58 - 0006332 ____A C:\Users\Sravanti\Downloads\MonteCarlo.java
2011-12-04 00:58 - 2011-12-04 00:58 - 0001173 ____A C:\Users\Sravanti\Downloads\MonteMove.java
2011-12-04 00:58 - 2011-12-04 00:58 - 0000992 ____A C:\Users\Sravanti\Downloads\SimulationNode.java
2011-12-04 00:58 - 2011-12-04 00:58 - 0000676 ____A C:\Users\Sravanti\Downloads\Nodes.java
2011-12-03 19:25 - 2011-12-03 19:25 - 0010733 ____A C:\Users\Sravanti\Downloads\PostGrade.java
2011-12-03 19:25 - 2011-12-03 19:25 - 0008971 ____A C:\Users\Sravanti\Downloads\DeleteCourseStdnt.java
2011-12-03 19:25 - 2011-12-03 19:25 - 0008098 ____A C:\Users\Sravanti\Downloads\PostGrade.form
2011-12-03 19:25 - 2011-12-03 19:25 - 0006483 ____A C:\Users\Sravanti\Downloads\DeleteCourseStdnt.form
2011-12-03 18:52 - 2011-11-28 16:00 - 0000000 ____D C:\Users\Sravanti\Documents\dumps
2011-12-01 16:24 - 2011-12-01 16:24 - 0017653 ____A C:\Users\Sravanti\Downloads\hdfsarchitecture.gif
2011-11-29 23:26 - 2011-11-29 23:26 - 0548952 ___AH C:\Users\Sravanti\Downloads\smartdraw_11E_POYOZ_setup.exe
2011-11-29 23:14 - 2011-11-29 23:14 - 0243200 ____A C:\Users\Sravanti\Downloads\lec2-mapred.ppt
2011-11-28 21:56 - 2011-11-28 21:56 - 0004622 ____A C:\Users\Sravanti\Downloads\JGroupRandomWalk.java
2011-11-28 21:38 - 2011-11-28 21:38 - 0993194 ____A C:\Users\Sravanti\Downloads\rmi_c.rar
2011-11-23 22:03 - 2011-11-23 22:03 - 1767172 ____A C:\Users\Sravanti\Downloads\jgroups-3.0.0.Final.jar
2011-11-23 20:52 - 2011-12-14 09:50 - 3145216 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-11-23 20:45 - 2011-11-23 20:45 - 0000000 ____D C:\Users\Sravanti\AppData\Roaming\MySQL
2011-11-23 20:43 - 2011-02-10 21:16 - 0762690 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2011-11-23 20:42 - 2011-11-23 20:42 - 0000232 ____A C:\Windows\ODBCINST.INI
2011-11-22 12:40 - 2011-11-22 12:26 - 0000000 ____D C:\Users\Sravanti\.nbi
2011-11-22 12:23 - 2011-11-22 12:16 - 255885010 ___AH C:\Users\Sravanti\Downloads\netbeans-7.0.1-ml-windows.exe
2011-11-19 06:58 - 2012-01-15 19:56 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2011-11-19 06:01 - 2012-01-15 19:56 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2011-11-17 17:34 - 2011-11-17 17:34 - 0000000 ____D C:\Users\vmuser.Sravanti-PC\AppData\Roaming\Google
2011-11-17 17:34 - 2011-11-17 17:34 - 0000000 ____D C:\Users\vmuser.Sravanti-PC\AppData\Local\Google
2011-11-17 17:34 - 2011-11-17 17:32 - 0000000 ____D C:\Users\vmuser.Sravanti-PC\AppData\Roaming\Sony Corporation
2011-11-17 17:33 - 2011-11-17 17:33 - 0076872 ____A C:\Users\vmuser.Sravanti-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2011-11-17 17:33 - 2011-11-17 17:33 - 0000174 __ASH C:\Users\vmuser.Sravanti-PC\Start Menu\Programs\Startup\desktop.ini
2011-11-17 17:33 - 2011-11-17 17:33 - 0000174 __ASH C:\Users\vmuser.Sravanti-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2011-11-17 17:33 - 2011-11-17 17:33 - 0000000 ____D C:\Users\vmuser.Sravanti-PC\AppData\Roaming\Intel Corporation
2011-11-17 17:33 - 2011-11-17 17:33 - 0000000 ____D C:\Users\vmuser.Sravanti-PC\AppData\Roaming\Intel
2011-11-17 17:33 - 2011-11-17 17:32 - 0000000 ____D C:\Users\vmuser.Sravanti-PC\AppData\LocalLow
2011-11-17 17:32 - 2011-11-17 17:32 - 0000020 __ASH C:\Users\vmuser.Sravanti-PC\ntuser.ini
2011-11-17 17:32 - 2011-11-17 17:32 - 0000000 __SHD C:\Users\vmuser.Sravanti-PC\Templates
2011-11-17 17:32 - 2011-11-17 17:32 - 0000000 __SHD C:\Users\vmuser.Sravanti-PC\Start Menu
2011-11-17 17:32 - 2011-11-17 17:32 - 0000000 __SHD C:\Users\vmuser.Sravanti-PC\PrintHood
2011-11-17 17:32 - 2011-11-17 17:32 - 0000000 __SHD C:\Users\vmuser.Sravanti-PC\NetHood
2011-11-17 17:32 - 2011-11-17 17:32 - 0000000 __SHD C:\Users\vmuser.Sravanti-PC\My Documents
2011-11-17 17:32 - 2011-11-17 17:32 - 0000000 __SHD C:\Users\vmuser.Sravanti-PC\Documents\My Videos
2011-11-17 17:32 - 2011-11-17 17:32 - 0000000 __SHD C:\Users\vmuser.Sravanti-PC\Documents\My Pictures
2011-11-17 17:32 - 2011-11-17 17:32 - 0000000 __SHD C:\Users\vmuser.Sravanti-PC\Documents\My Music
2011-11-17 17:32 - 2011-11-17 17:32 - 0000000 __SHD C:\Users\vmuser.Sravanti-PC\AppData\Local\Temporary Internet Files
2011-11-17 17:32 - 2011-11-17 17:32 - 0000000 __SHD C:\Users\vmuser.Sravanti-PC\AppData\Local\History
2011-11-17 17:32 - 2011-11-17 17:32 - 0000000 ____D C:\Users\vmuser.Sravanti-PC\AppData\Local\VirtualStore
2011-11-16 22:49 - 2012-01-16 16:48 - 0152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2011-11-16 22:49 - 2012-01-16 16:48 - 0095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2011-11-16 22:44 - 2012-01-16 16:48 - 0459232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2011-11-16 22:41 - 2012-01-15 19:56 - 1731920 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2011-11-16 22:35 - 2012-01-16 16:48 - 1447936 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2011-11-16 22:35 - 2012-01-16 16:48 - 0395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2011-11-16 22:35 - 2012-01-16 16:48 - 0340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2011-11-16 22:35 - 2012-01-16 16:48 - 0136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2011-11-16 22:35 - 2012-01-16 16:48 - 0029184 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2011-11-16 22:35 - 2012-01-16 16:48 - 0028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2011-11-16 22:33 - 2012-01-16 16:48 - 0031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2011-11-16 21:38 - 2012-01-15 19:56 - 1292080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2011-11-16 21:35 - 2012-01-16 16:48 - 0314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2011-11-16 21:34 - 2012-01-16 16:48 - 0224768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2011-11-16 21:34 - 2012-01-16 16:48 - 0022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2011-11-16 21:28 - 2012-01-16 16:48 - 0096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2011-11-15 16:29 - 2011-11-15 16:29 - 0024004 ____A C:\Users\Sravanti\Downloads\english
2011-11-15 14:29 - 2011-03-11 03:02 - 0270720 ____A (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2011-11-14 23:58 - 2011-11-14 23:58 - 0606552 ___AH (Google Inc.) C:\Users\Sravanti\Downloads\GoogleEarthPluginSetup(1).exe
2011-11-09 17:03 - 2011-11-09 17:03 - 0007179 ____A C:\Users\Sravanti\Downloads\lab4.zip
2011-11-07 14:33 - 2011-11-07 14:33 - 0000000 ____D C:\Users\Sravanti\AppData\Local\Oberon Games
2011-11-04 21:32 - 2011-12-14 09:50 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2011-11-04 20:26 - 2011-12-14 09:50 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2011-11-04 10:49 - 2011-11-04 10:49 - 3191696 ___AH (TeamViewer GmbH) C:\Users\Sravanti\Downloads\TeamViewer_Setup_en.exe
2011-11-03 23:24 - 2011-11-03 22:58 - 1578679 ____A C:\Users\Sravanti\Downloads\CMPE207_Lab3_007471685_007522801.docx
2011-11-03 18:38 - 2011-12-15 00:11 - 17786368 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-11-03 17:59 - 2011-12-15 00:11 - 10886656 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-11-03 17:53 - 2011-12-15 00:11 - 2309120 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2011-11-03 17:46 - 2011-12-15 00:11 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-11-03 17:44 - 2011-12-15 00:11 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-11-03 17:44 - 2011-12-15 00:11 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-11-03 17:43 - 2011-12-15 00:11 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-11-03 17:41 - 2011-12-15 00:11 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-11-03 17:39 - 2011-12-15 00:11 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2011-11-03 17:36 - 2011-12-15 00:11 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-11-03 17:35 - 2011-12-15 00:11 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-11-03 17:34 - 2011-12-15 00:11 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-11-03 17:30 - 2011-12-15 00:11 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-11-03 15:02 - 2011-12-15 00:11 - 12279808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-11-03 14:47 - 2011-12-15 00:11 - 1798144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2011-11-03 14:46 - 2011-12-15 00:11 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-11-03 14:40 - 2011-12-15 00:11 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2011-11-03 14:40 - 2011-12-15 00:11 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-11-03 14:39 - 2011-12-15 00:11 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-11-03 14:38 - 2011-12-15 00:11 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-11-03 14:37 - 2011-12-15 00:11 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-11-03 14:34 - 2011-12-15 00:11 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2011-11-03 14:32 - 2011-12-15 00:11 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-11-03 14:32 - 2011-12-15 00:11 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-11-03 14:31 - 2011-12-15 00:11 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-11-03 14:28 - 2011-12-15 00:11 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-11-02 21:43 - 2011-08-21 21:38 - 0000000 ____A C:\Windows\Model.log
2011-11-02 21:43 - 2011-02-08 22:48 - 0000021 ____A C:\Windows\Model.txt
2011-10-31 09:27 - 2009-07-13 21:08 - 0032562 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2011-10-25 21:25 - 2012-01-15 19:56 - 1572864 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2011-10-25 21:25 - 2012-01-15 19:56 - 0366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2011-10-25 21:21 - 2011-12-14 09:51 - 0043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2011-10-25 20:32 - 2012-01-15 19:56 - 1328128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2011-10-25 20:32 - 2012-01-15 19:56 - 0514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 16%
Total physical RAM: 3758.1 MB
Available physical RAM: 3154.89 MB
Total Pagefile: 3756.25 MB
Available Pagefile: 3146.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:455.24 GB) (Free:294.31 GB) NTFS
2 Drive e: (Recovery) (Fixed) (Total:10.42 GB) (Free:0.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (GRMCULXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
4 Drive g: (TRAVELDRIVE) (Removable) (Total:1.92 GB) (Free:1 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 1968 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 10 GB 1024 KB
Partition 2 Primary 100 MB 10 GB
Partition 3 Primary 455 GB 10 GB

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Recovery NTFS Partition 10 GB Healthy Hidden

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 455 GB Healthy

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1967 MB 16 KB

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G TRAVELDRIVE FAT32 Removable 1967 MB Healthy

==========================================================

Last Boot: 2012-01-12 14:53

======================= End Of Log ==========================
  • 0

Advertisements

#2
JSntgRvr
Posted 23 January 2012 - 02:05 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
:welcome:

Download the enclosed file. [attachment=55610:fixlist.txt]

Save it in the USB drive. Insert the USB drive into the ailing computer and run FRST as you did before, except that this time around click on the FIX button and wait.

The tool will make a log in the flashdrive (Fixlog.txt). Please post it in your next reply.
  • 0

#3
malwareboot_out
Posted 23 January 2012 - 04:11 PM

malwareboot_out

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thanks a ton JSntgRvr for the extremely quick reply,really really appreciate it. I will run this as soon as I get back home from work.

Will attach the Fixlog.txt with my reply once that happens.
  • 0

#4
JSntgRvr
Posted 23 January 2012 - 05:39 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
:thumbsup:
  • 0

#5
malwareboot_out
Posted 23 January 2012 - 11:43 PM

malwareboot_out

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
JSntgRvr

Please find the fixlog.txt the tool created below.

Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 17-01-2012 00
Ran by SYSTEM at 2012-01-23 21:40:03 R:1
Running from G:\

==============================================

HKEY_USERS\Sravanti\Software\Microsoft\Windows\CurrentVersion\Run\\gfUomFNvRQL.exe Value deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore Value deleted successfully.
C:\Users\All Users\Bc8XwRrNlH7q4F.exe moved successfully.
C:\ProgramData\Bc8XwRrNlH7q4F.exe not found.
C:\Users\All Users\gfUomFNvRQL.exe moved successfully.
C:\ProgramData\gfUomFNvRQL.exe not found.
C:\Users\Sravanti\AppData\Local\566b42m18naieo4r8gdr3q moved successfully.
C:\Users\All Users\566b42m18naieo4r8gdr3q moved successfully.
C:\ProgramData\566b42m18naieo4r8gdr3q not found.

========= bcdedit /enum all /v =========


Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=Y:
path \bootmgr
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
default {83ba4fa1-fb66-11df-b9ca-54424963d88f}
resumeobject {83ba4fa0-fb66-11df-b9ca-54424963d88f}
displayorder {83ba4fa1-fb66-11df-b9ca-54424963d88f}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30

Windows Boot Loader
-------------------
identifier {83ba4fa1-fb66-11df-b9ca-54424963d88f}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {83ba4fa2-fb66-11df-b9ca-54424963d88f}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {83ba4fa0-fb66-11df-b9ca-54424963d88f}
nx OptIn

Windows Boot Loader
-------------------
identifier {83ba4fa2-fb66-11df-b9ca-54424963d88f}
device ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{83ba4fa3-fb66-11df-b9ca-54424963d88f}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
osdevice ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{83ba4fa3-fb66-11df-b9ca-54424963d88f}
systemroot \windows
nx OptIn
winpe Yes
custom:46000010 Yes

Resume from Hibernate
---------------------
identifier {83ba4fa0-fb66-11df-b9ca-54424963d88f}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=Y:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes

EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
custom:26000022 Yes

Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}

Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
{7ff607e0-4395-11db-b0de-0800200c9a66}

Hypervisor Settings
-------------------
identifier {7ff607e0-4395-11db-b0de-0800200c9a66}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Device options
--------------
identifier {83ba4fa3-fb66-11df-b9ca-54424963d88f}
description Ramdisk Options
ramdisksdidevice partition=E:
ramdisksdipath \Recovery\WindowsRE\boot.sdi

========= End of CMD: =========


==== End of Fixlog ====
  • 0

#6
JSntgRvr
Posted 24 January 2012 - 05:46 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
The BCD has an entry created by malware.

Download the enclosed file. [attachment=55629:fixlist.txt]

Save it in the USB drive overwriting the existing one. Insert the USB drive into the ailing computer and run FRST as you did before, except that this time around click on the FIX button and wait.

The tool will make a log in the flashdrive (Fixlog.txt). Please post it in your next reply.

If successful, boot in Normal Mode and run Combofix as follows:

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.
  • 0

#7
malwareboot_out
Posted 24 January 2012 - 09:56 AM

malwareboot_out

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
JSntgRvr

Thanks for the detailed instructions again and the laptop is now able to boot normally. I will split up both logs into two separate posts.

First the Fix log.

Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 17-01-2012 00
Ran by SYSTEM at 2012-01-24 07:02:21 R:2
Running from G:\

==============================================


========= bcdedit /deletevalue {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9} custom:26000022 =========

The operation completed successfully.

========= End of CMD: =========


========= bcdedit /set {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9} bootems Yes =========

The operation completed successfully.

========= End of CMD: =========


==== End of Fixlog ====
  • 0

#8
malwareboot_out
Posted 24 January 2012 - 09:57 AM

malwareboot_out

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Please find the Combofix log below

ComboFix 12-01-21.02 - Sravanti 01/24/2012 7:11.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3758.2089 [GMT -8:00]
Running from: c:\users\Sravanti\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Sravanti\Desktop\System Check.lnk
c:\windows\system32\java.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-24 to 2012-01-24 )))))))))))))))))))))))))))))))
.
.
2012-01-24 15:24 . 2012-01-24 15:24 -------- d-----w- c:\users\vmuser\AppData\Local\temp
2012-01-24 15:24 . 2012-01-24 15:24 -------- d-----w- c:\users\vmuser.Sravanti-PC\AppData\Local\temp
2012-01-24 15:24 . 2012-01-24 15:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-24 15:08 . 2012-01-24 15:08 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9515EEFD-BBEE-475E-B47F-51869BCA788C}\offreg.dll
2012-01-24 15:03 . 2012-01-24 15:03 -------- d-----w- c:\programdata\Motive
2012-01-23 02:43 . 2012-01-23 02:44 -------- d-----w- C:\FRST
2012-01-20 02:21 . 2012-01-20 04:06 -------- d-----w- c:\programdata\HitmanPro
2012-01-19 21:33 . 2012-01-19 21:33 -------- d-----w- c:\users\Sravanti\AppData\Roaming\Avira
2012-01-19 21:32 . 2012-01-19 21:37 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-01-19 21:32 . 2011-09-16 07:55 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-01-19 21:32 . 2012-01-21 01:39 -------- d-----w- c:\program files (x86)\Avira
2012-01-19 21:32 . 2011-09-16 07:55 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-01-19 21:14 . 2012-01-21 01:47 -------- d--h--w- c:\programdata\Avira
2012-01-19 05:54 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9515EEFD-BBEE-475E-B47F-51869BCA788C}\mpengine.dll
2012-01-16 05:10 . 2011-12-21 07:24 121816 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-01-16 03:56 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-16 03:56 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-16 03:56 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-16 03:56 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-16 03:56 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-16 03:56 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-16 03:56 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-16 03:56 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-15 01:54 . 2012-01-15 01:54 -------- d-----w- c:\users\Sravanti\AppData\Roaming\Malwarebytes
2012-01-15 01:54 . 2012-01-15 01:54 -------- d-----w- c:\programdata\Malwarebytes
2012-01-15 01:54 . 2012-01-16 03:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-07 00:38 . 2012-01-16 03:30 -------- d-----w- C:\Tcl
2012-01-06 18:23 . 2012-01-16 03:32 -------- d-----w- c:\users\Sravanti\AppData\Roaming\Yahoo!
2012-01-06 18:05 . 2012-01-21 01:48 -------- d--h--w- c:\users\Sravanti\AppData\Local\Facebook
2011-12-26 08:36 . 2011-12-26 08:36 -------- d-----w- c:\programdata\ArcSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-26 08:48 . 2011-05-18 06:00 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 21:20 . 2011-11-24 21:20 3584 ---ha-r- c:\users\Sravanti\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2011-11-24 04:52 . 2011-12-14 17:50 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-15 22:29 . 2011-03-11 11:02 270720 ----a-w- c:\windows\system32\MpSigStub.exe
2011-11-05 05:32 . 2011-12-14 17:50 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-14 17:50 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-15 08:11 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-15 08:11 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-15 08:11 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-15 08:11 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-15 08:11 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-15 08:11 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-15 08:11 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-15 08:11 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
c:\program files (x86)\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ---ha-w- c:\users\Sravanti\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ---ha-w- c:\users\Sravanti\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ---ha-w- c:\users\Sravanti\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Octoshape Streaming Services"="c:\users\Sravanti\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2010-07-15 89080]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"PMBVolumeWatcher"=c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-08 136176]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-08 136176]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-07-20 340240]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-02-10 150528]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-06-09 101232]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-06-21 108400]
R4 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-06-18 423280]
R4 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-06-21 67952]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-09-24 86224]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-11-08 517632]
S2 MySQL55;MySQL55;c:\program files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.5\my.ini MySQL55 [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-06-01 367456]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2010-05-25 252416]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-05-28 2320920]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-22 575856]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-06-17 851824]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-06-09 537456]
S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-06-09 384880]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S2 VMwareHostd;VMware Host Agent;c:\program files (x86)\VMware\VMware Server\vmware-hostd.exe [2009-10-20 322096]
S2 VMwareServerWebAccess;VMware Server Web Access;c:\program files (x86)\VMware\VMware Server\tomcat\bin\Tomcat6.exe [2009-10-20 57344]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-06-07 304496]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-09-23 1429608]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-24 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2011-10-01 01:47]
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-08 06:32]
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-08 06:32]
.
2012-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3562534644-70929150-3015409922-1005Core.job
- c:\users\Sravanti\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-29 01:54]
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3562534644-70929150-3015409922-1005UA.job
- c:\users\Sravanti\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-29 01:54]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ---ha-w- c:\users\Sravanti\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ---ha-w- c:\users\Sravanti\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ---ha-w- c:\users\Sravanti\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ---ha-w- c:\users\Sravanti\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-31 10775584]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-05-31 2040352]
"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-20 1931024]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: c:\program files (x86)\VMware\VMware Server\vsocklib.dll
Trusted Zone: sravanti-pc
DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574}
FF - ProfilePath - c:\users\Sravanti\AppData\Roaming\Mozilla\Firefox\Profiles\cpvwwp38.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,BuzzdockTease,DropDownDeals,
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=2000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL55]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.5\my.ini\" MySQL55"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-01-24 07:49:37
ComboFix-quarantined-files.txt 2012-01-24 15:49
ComboFix2.txt 2012-01-20 00:06
ComboFix3.txt 2012-01-16 03:21
.
Pre-Run: 323,373,322,240 bytes free
Post-Run: 323,159,871,488 bytes free
.
- - End Of File - - 93C84E890A9E7BFC411B811F67E36394
  • 0

#9
JSntgRvr
Posted 24 January 2012 - 11:56 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Congratulations.

Lets check for remnants:

Launch and update Malwarebytes Antimalware:

  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner.
  • Select the option YES, I accept the Terms of Use then click on Start.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:

    Scan for potentially unwanted applications
    Scan for potentially unsafe applications
    Enable Anti-Stealth Technology

  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

  • 0

#10
malwareboot_out
Posted 24 January 2012 - 11:41 PM

malwareboot_out

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
JSntgRvr

I managed to run both Malware antibytes and Eset scanner with the instructions you had specified.As usual am splitting up the logs

ESET first

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=cb34d8c0812c0546a29b5b86c02c02db
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-25 05:35:25
# local_time=2012-01-24 09:35:25 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 0 79006657 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=197582
# found=6
# cleaned=0
# scan_time=6517
C:\FRST\Quarantine\gfUomFNvRQL.exe a variant of Win32/Kryptik.ZCG trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\ProgramData\gfUomFNvRQL.exe.vir a variant of Win32/Kryptik.ZCG trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Sravanti\AppData\Local\64b5e28e\U\[email protected] Win64/Sirefef.P trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Sravanti\AppData\Local\64b5e28e\U\[email protected] Win64/Sirefef.M trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Sravanti\AppData\Local\64b5e28e\U\[email protected] Win64/Sirefef.O trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Sravanti\Downloads\cnet2_viperclientsetup_aca_exe.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I
  • 0

Advertisements

#11
JSntgRvr
Posted 24 January 2012 - 11:44 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
The detections are quarantined items. How is the computer doing?
  • 0

#12
malwareboot_out
Posted 24 January 2012 - 11:46 PM

malwareboot_out

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Malware log below.

As you can see the ESET said it detected 6 items.

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.25.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Sravanti :: SRAVANTI-PC [administrator]

1/24/2012 7:21:00 PM
mbam-log-2012-01-24 (19-21-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231202
Time elapsed: 3 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#13
malwareboot_out
Posted 24 January 2012 - 11:47 PM

malwareboot_out

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
The system is actually doing fine.I am able to browse the net also without redirection .

Should I delete the quarantine items.
  • 0

#14
JSntgRvr
Posted 24 January 2012 - 11:52 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Rename Combofix to Uninstall and click on it. That will remove the application and its quarantine. Then Delete the C:\FRST folder.

Lets check the system for weaknesses.

Download and run Security Check and post its report.
  • 0

#15
malwareboot_out
Posted 25 January 2012 - 12:02 AM

malwareboot_out

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Yup I went ahead and uninstalled Combofix and deleted the FRST folder.

Please find the security check report below

Results of screen317's Security Check version 0.99.30
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Avira Free Antivirus
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Java™ 6 Update 22
Java™ 6 Update 25
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (9.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````
  • 0
Back to Computer Won't Boot - Malware Related · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Computer Won't Boot - Malware Related

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP