GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

Successfully blocked access to a potentially malicious website

View previous topic View next topic Go down

Successfully blocked access to a potentially malicious website

Post by Lazilion on Sat Jul 28, 2012 3:56 am

My computer was infected with viruses yesterday. I fixed this with a combination of malwarebytes and combofix. There are no longer any messages about the viruses, I don't get redirected to unknown websites ad the computer is running as fast as it used to be. However, this message still seems to appear through malwarebytes.

Successfully blocked access to a potentially malicious website

Any help in this matter would be appreciated.
Thank You

After a couple more hours of using the computer I've realised that game content now runs much slower than before. Everything else seems to be perfectly normal and fast enough but if I open a game the fps has declined majorly in comparison to before.

Thank You

Lazilion
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2009-04-17
OS : Windows 7 Home Premium 64bit

View user profile

Back to top Go down

Re: Successfully blocked access to a potentially malicious website

Post by Dr Jay on Sat Jul 28, 2012 6:06 pm

Hi

ComboFix

Please download ComboFix by sUBs
[You must be registered and logged in to see this link.]

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:

  • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  • It is important to rename ComboFix before the download.
  • Please do not rename ComboFix to other names, but only the one indicated.

After the download:

  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". [You must be registered and logged in to see this link.] if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

  • Double click on svchost.exe & follow the prompts.
  • It will attempt to install the Recovery Console:


  • When ComboFix finishes, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Successfully blocked access to a potentially malicious website

Post by Lazilion on Sun Jul 29, 2012 10:51 pm

Here's the log


ComboFix 12-07-29.02 - Sachin 29/07/2012 23:19:59.3.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.6038.2859 [GMT 10:00]
Running from: c:\users\Sachin\Downloads\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-29 )))))))))))))))))))))))))))))))
.
.
2012-07-29 13:35 . 2012-07-29 13:35 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-29 13:35 . 2012-07-29 13:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-28 10:47 . 2012-07-28 10:47 -------- d-----w- c:\users\Sachin\AppData\Roaming\AVG2012
2012-07-28 10:47 . 2012-07-28 10:47 -------- d-----w- c:\users\Sachin\AppData\Local\AVG Secure Search
2012-07-28 10:46 . 2012-07-28 10:47 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-28 10:46 . 2012-07-28 10:46 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-07-28 10:46 . 2012-07-28 10:46 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-07-28 10:46 . 2012-07-28 10:46 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-07-28 10:46 . 2012-07-28 10:46 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-07-28 10:45 . 2012-07-28 10:45 -------- d-----w- C:\$AVG
2012-07-28 10:45 . 2012-07-29 09:58 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-28 10:45 . 2012-07-28 11:15 -------- d-----w- c:\programdata\AVG2012
2012-07-28 03:43 . 2012-07-28 03:43 388096 ----a-r- c:\users\Sachin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-28 03:43 . 2012-07-28 03:43 -------- d-----w- c:\program files (x86)\Trend Micro
2012-07-28 03:16 . 2012-07-02 17:19 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-28 02:30 . 2012-07-28 02:30 -------- d-----w- c:\users\Sachin\AppData\Roaming\addpcs
2012-07-28 02:30 . 2012-07-28 02:30 -------- d-----w- c:\program files\Temp File Cleaner
2012-07-28 01:20 . 2012-07-28 01:20 -------- d-----w- c:\users\Sachin\AppData\Roaming\Malwarebytes
2012-07-28 01:19 . 2012-07-28 01:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-28 01:19 . 2012-07-28 01:19 -------- d-----w- c:\programdata\Malwarebytes
2012-07-28 01:19 . 2012-07-03 03:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-28 01:12 . 2012-07-28 01:12 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-27 07:08 . 2012-07-27 07:08 -------- d-----w- c:\program files\WinRAR
2012-07-24 07:34 . 2012-07-27 12:58 -------- d-----w- c:\users\Sachin\AppData\Roaming\Tropico 3
2012-07-22 08:33 . 2012-07-23 23:06 -------- d-----w- c:\program files (x86)\PricePeep
2012-07-22 08:33 . 2012-07-22 08:33 -------- d-----w- c:\program files (x86)\WhiteSmoke_US
2012-07-22 08:33 . 2012-07-22 08:32 649624 ----a-w- c:\program files (x86)\Uninstall Information\ib_uninst_0\uninstall.exe
2012-07-22 08:33 . 2012-07-28 01:24 -------- d-----w- c:\programdata\UpdaterService
2012-07-22 04:35 . 2012-07-22 04:35 -------- d-----w- c:\programdata\Age of Empires 3
2012-07-19 16:38 . 2012-07-19 16:38 0 ----a-w- c:\windows\SysWow64\shoE11C.tmp
2012-07-18 09:40 . 2012-07-18 09:40 -------- d-----w- c:\users\Sachin\AppData\Roaming\The Creative Assembly
2012-07-12 17:04 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 08:55 . 2009-05-18 03:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-07-02 08:55 . 2008-04-17 02:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-07-02 08:55 . 2008-04-17 02:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-07-02 08:55 . 2012-07-02 08:55 -------- d-----w- c:\program files\iPod
2012-07-02 08:55 . 2012-07-02 08:55 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-07-02 08:55 . 2012-07-02 08:55 -------- d-----w- c:\program files\iTunes
2012-07-02 08:55 . 2012-07-02 08:55 -------- d-----w- c:\program files (x86)\iTunes
2012-07-02 08:53 . 2012-07-02 08:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-07-02 08:53 . 2012-07-02 08:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-07-02 08:53 . 2012-07-02 08:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-07-02 08:53 . 2012-07-02 08:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-07-02 08:53 . 2012-07-02 08:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-07-02 08:53 . 2012-07-02 08:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-07-02 08:53 . 2012-07-02 08:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-07-02 08:53 . 2012-07-02 08:53 -------- d-----w- c:\program files (x86)\QuickTime
2012-07-02 08:51 . 2012-07-02 08:51 -------- d-----w- c:\program files (x86)\Safari
2012-07-02 08:50 . 2012-07-02 08:54 -------- d-----w- c:\program files\Common Files\Apple
2012-07-02 08:50 . 2012-07-02 08:50 -------- d-----w- c:\program files\Bonjour
2012-07-02 08:50 . 2012-07-02 08:50 -------- d-----w- c:\program files (x86)\Bonjour
2012-07-02 07:14 . 2012-07-02 07:14 -------- d-----w- c:\users\Sachin\AppData\Local\THQ
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 10:16 . 2012-04-21 23:56 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 10:16 . 2012-01-19 01:17 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-21 02:40 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 02:40 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 02:40 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 02:40 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 02:40 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 02:40 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 02:40 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 05:19 . 2012-06-21 02:40 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 05:15 . 2012-06-21 02:40 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-11 06:30 . 2012-05-11 06:33 715038 ----a-w- c:\windows\unins000.exe
2012-05-04 11:06 . 2012-06-14 03:30 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 03:30 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 03:30 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-04 09:29 . 2012-06-14 22:36 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-04 09:29 . 2012-01-19 01:33 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-01 05:40 . 2012-06-14 03:30 209920 ----a-w- c:\windows\system32\profsvc.dll
.
.
((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
- 2012-07-28 03:03 . 2012-07-28 03:03 14197 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2012-07-29 03:28 . 2012-07-29 03:28 14197 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2012-07-28 01:10 . 2012-07-29 03:30 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-07-28 01:10 . 2012-07-28 02:42 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-21 03:09 . 2012-07-29 03:32 68344 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-29 03:32 41828 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-03-01 10:28 . 2012-07-29 03:32 14544 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3155437634-2107215997-1005474797-1001_UserData.bin
- 2009-07-14 05:30 . 2012-07-02 08:54 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-07-28 10:46 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2012-01-30 18:46 . 2012-01-30 18:46 36944 c:\windows\system32\drivers\avgrkx64.sys
+ 2011-12-23 03:32 . 2011-12-23 03:32 47696 c:\windows\system32\drivers\avgmfx64.sys
+ 2012-04-18 18:50 . 2012-04-18 18:50 28480 c:\windows\system32\drivers\avgidsha.sys
+ 2011-12-23 03:32 . 2011-12-23 03:32 29776 c:\windows\system32\drivers\avgidsfiltera.sys
+ 2011-05-22 15:03 . 2011-05-22 15:03 48992 c:\windows\system32\drivers\avgfwd6a.sys
+ 2012-01-19 03:10 . 2012-07-29 03:28 1859 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2012-01-19 03:10 . 2012-07-28 03:03 1859 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2012-07-29 03:29 . 2012-07-29 03:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-28 03:04 . 2012-07-28 03:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-28 03:04 . 2012-07-28 03:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-29 03:29 . 2012-07-29 03:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-07-29 03:30 753664 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-28 02:42 753664 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-29 03:30 393216 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-28 02:42 393216 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 02:36 . 2012-07-28 10:35 665232 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-03 08:06 665232 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-28 10:35 125678 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-03 08:06 125678 c:\windows\system32\perfc009.dat
- 2009-07-14 05:30 . 2012-07-02 08:54 239616 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-07-28 10:46 239616 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-07-02 08:54 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-07-28 10:46 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2012-03-18 19:17 . 2012-03-18 19:17 383808 c:\windows\system32\drivers\avgtdia.sys
+ 2012-02-21 19:25 . 2012-02-21 19:25 289872 c:\windows\system32\drivers\avgldx64.sys
+ 2011-12-23 03:31 . 2011-12-23 03:31 124496 c:\windows\system32\drivers\avgidsdrivera.sys
+ 2012-06-20 14:49 . 2012-07-29 03:28 506208 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-06-20 14:49 . 2012-07-28 02:45 506208 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2012-07-29 03:28 519832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-28 03:03 519832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-07-28 10:42 . 2012-07-28 10:42 8452608 c:\windows\Installer\19957bf.msi
+ 2012-07-28 10:44 . 2012-07-28 10:44 2871808 c:\windows\Installer\19957bb.msi
+ 2012-07-28 03:43 . 2012-07-28 03:43 1402880 c:\windows\Installer\176f68.msi
+ 2012-03-02 17:26 . 2012-07-29 03:28 26555702 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3155437634-2107215997-1005474797-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{656461ef-40f6-4115-9ff1-bced9812ccbb}"= "c:\program files (x86)\BitTorrentBar2\prxtbBitT.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{656461ef-40f6-4115-9ff1-bced9812ccbb}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{656461ef-40f6-4115-9ff1-bced9812ccbb}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\BitTorrentBar2\prxtbBitT.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-28 10:46 2086496 ----a-w- c:\program files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}]
2012-07-10 00:10 483696 ----a-w- c:\program files (x86)\PricePeep\pricepeep.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{656461ef-40f6-4115-9ff1-bced9812ccbb}"= "c:\program files (x86)\BitTorrentBar2\prxtbBitT.dll" [2011-05-09 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll" [2012-07-28 2086496]
.
[HKEY_CLASSES_ROOT\clsid\{656461ef-40f6-4115-9ff1-bced9812ccbb}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Sachin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Sachin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Sachin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-03-01 1242448]
"WirelessManager"="c:\program files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe" [2010-07-28 194600]
"Facebook Update"="c:\users\Sachin\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2011-08-19 96240]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-02-06 66872]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-04 241789]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"HPUsageTrackingLEDM"="c:\program files (x86)\HP\HP UT LEDM\bin\hppusg.exe" [2009-08-04 30264]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"FAStartup"="" [BU]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-04 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-28 1147488]
.
c:\users\Sachin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Sachin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-25 27112840]
Intel(R) Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-30 204288]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2012-3-3 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2011-08-19 17:34 153584 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-10-19 195072]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-03-03 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-01-19 79360]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-08-01 52584]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-12-15 174168]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2010-03-06 20480]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-01 340240]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [2010-12-12 121960]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2012-01-19 79360]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-03 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-18 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-30 36944]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-02-10 28992]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2011-05-22 48992]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-21 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-18 383808]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-07-28 31080]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2012-02-10 249152]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-06-12 2321560]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-13 193288]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-21 135440]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2011-08-19 2451440]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2009-06-24 136704]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2010-04-07 127800]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 NvtlService;NovaCore SDK Service;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2009-12-29 83456]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
S2 QDLService2kDell;Qualcomm Gobi 2000 Download Service (Dell);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe [2010-06-25 331512]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-09-30 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-09-22 1692480]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [2012-07-28 830048]
S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-10-19 195072]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-05-19 51712]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-08-29 53760]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-10-10 288768]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-10-11 59904]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-16 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-12-02 8615936]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-13 29288]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-09-30 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-09-30 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-09-30 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-09-30 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-09-30 219496]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 10:16]
.
2012-07-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3155437634-2107215997-1005474797-1001Core.job
- c:\users\Sachin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-09 02:13]
.
2012-07-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3155437634-2107215997-1005474797-1001UA.job
- c:\users\Sachin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-09 02:13]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3155437634-2107215997-1005474797-1001Core.job
- c:\users\Sachin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-28 05:55]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3155437634-2107215997-1005474797-1001UA.job
- c:\users\Sachin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-28 05:55]
.
2012-07-03 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-07-29 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~2\SMARTD~1\Messages\SDNotify.exe [2012-05-01 18:22]
.
2012-07-29 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Sachin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Sachin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Sachin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Sachin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTMasterOnOffMonitor"="CTMWatch.dll StartCTMasterOnOffWatch" [X]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-05 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-05 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-05 416024]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-10-18 10357008]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-11-01 1935120]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-03 446392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = [You must be registered and logged in to see this link.] 14:02&v=11.1.0.12&sap=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{656461EF-40F6-4115-9FF1-BCED9812CCBB} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3155437634-2107215997-1005474797-1001\Software\SecuROM\License information*]
"datasecu"=hex:ea,59,db,be,2d,5f,37,d6,46,cc,a9,08,16,65,14,0b,d8,f0,fb,e9,50,
39,d0,bc,64,62,25,5b,37,9f,91,be,ea,90,6d,7e,81,6e,bd,2f,5d,df,8d,65,83,dc,\
"rkeysecu"=hex:db,3b,c2,23,52,43,a6,c8,b7,58,d9,1d,26,f8,6d,43
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-30 00:08:50
ComboFix-quarantined-files.txt 2012-07-29 14:08
ComboFix2.txt 2012-07-28 03:15
.
Pre-Run: 337,930,846,208 bytes free
Post-Run: 337,543,761,920 bytes free
.
- - End Of File - - F0CC15DCD1504B6A750D4C9786D67DF6

Thanks for Helping

Lazilion
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2009-04-17
OS : Windows 7 Home Premium 64bit

View user profile

Back to top Go down

Re: Successfully blocked access to a potentially malicious website

Post by Lazilion on Mon Jul 30, 2012 6:53 am

Btw the problem still hasn't been fixed.

Lazilion
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2009-04-17
OS : Windows 7 Home Premium 64bit

View user profile

Back to top Go down

Re: Successfully blocked access to a potentially malicious website

Post by Dr Jay on Mon Jul 30, 2012 10:03 am

I wouldn't think the problem be fixed just from running one tool.

ComboFix Script

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the codebox below into it:
    File::
    c:\windows\SysWow64\shoE11C.tmp
    c:\windows\Installer\19957bf.msi
    c:\windows\Installer\19957bb.msi
    c:\windows\Installer\176f68.msi

    Folder::
    c:\program files (x86)\BitTorrentBar2
    c:\program files (x86)\PricePeep

    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{656461ef-40f6-4115-9ff1-bced9812ccbb}"=-
    [-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}]
  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Successfully blocked access to a potentially malicious website

Post by Lazilion on Mon Jul 30, 2012 11:47 am

ComboFix 12-07-30.01 - Sachin 30/07/2012 21:25:10.4.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.6038.3376 [GMT 10:00]
Running from: c:\users\Sachin\Desktop\Sachin\System Settings\ComboFix.exe
Command switches used :: c:\users\Sachin\Desktop\Sachin\System Settings\CFScript.txt.txt
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\Installer\176f68.msi"
"c:\windows\Installer\19957bb.msi"
"c:\windows\Installer\19957bf.msi"
"c:\windows\SysWow64\shoE11C.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\BitTorrentBar2
c:\program files (x86)\BitTorrentBar2\BitTorrentBar2ToolbarHelper.exe
c:\program files (x86)\BitTorrentBar2\GottenAppsContextMenu.xml
c:\program files (x86)\BitTorrentBar2\ldrtbBitT.dll
c:\program files (x86)\BitTorrentBar2\OtherAppsContextMenu.xml
c:\program files (x86)\BitTorrentBar2\prxtbBitT.dll
c:\program files (x86)\BitTorrentBar2\SharedAppsContextMenu.xml
c:\program files (x86)\BitTorrentBar2\tbBitT.dll
c:\program files (x86)\BitTorrentBar2\toolbar.cfg
c:\program files (x86)\BitTorrentBar2\ToolbarContextMenu.xml
c:\program files (x86)\BitTorrentBar2\uninstall.exe
c:\program files (x86)\PricePeep
c:\program files (x86)\PricePeep\installer.ico
c:\program files (x86)\PricePeep\pricepeep.crx
c:\program files (x86)\PricePeep\pricepeep.dll
c:\windows\Installer\176f68.msi
c:\windows\Installer\19957bb.msi
c:\windows\Installer\19957bf.msi
c:\windows\SysWow64\shoE11C.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 )))))))))))))))))))))))))))))))
.
.
2012-07-30 11:34 . 2012-07-30 11:34 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-30 11:34 . 2012-07-30 11:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-28 10:47 . 2012-07-28 10:47 -------- d-----w- c:\users\Sachin\AppData\Roaming\AVG2012
2012-07-28 10:47 . 2012-07-28 10:47 -------- d-----w- c:\users\Sachin\AppData\Local\AVG Secure Search
2012-07-28 10:46 . 2012-07-28 10:47 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-28 10:46 . 2012-07-28 10:46 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-07-28 10:46 . 2012-07-28 10:46 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-07-28 10:46 . 2012-07-28 10:46 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-07-28 10:46 . 2012-07-28 10:46 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-07-28 10:45 . 2012-07-28 10:45 -------- d-----w- C:\$AVG
2012-07-28 10:45 . 2012-07-30 09:58 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-28 10:45 . 2012-07-28 11:15 -------- d-----w- c:\programdata\AVG2012
2012-07-28 03:43 . 2012-07-28 03:43 388096 ----a-r- c:\users\Sachin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-28 03:43 . 2012-07-28 03:43 -------- d-----w- c:\program files (x86)\Trend Micro
2012-07-28 03:16 . 2012-07-02 17:19 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-28 02:30 . 2012-07-28 02:30 -------- d-----w- c:\users\Sachin\AppData\Roaming\addpcs
2012-07-28 02:30 . 2012-07-28 02:30 -------- d-----w- c:\program files\Temp File Cleaner
2012-07-28 01:20 . 2012-07-28 01:20 -------- d-----w- c:\users\Sachin\AppData\Roaming\Malwarebytes
2012-07-28 01:19 . 2012-07-28 01:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-28 01:19 . 2012-07-28 01:19 -------- d-----w- c:\programdata\Malwarebytes
2012-07-28 01:19 . 2012-07-03 03:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-28 01:12 . 2012-07-28 01:12 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-27 07:08 . 2012-07-27 07:08 -------- d-----w- c:\program files\WinRAR
2012-07-24 07:34 . 2012-07-27 12:58 -------- d-----w- c:\users\Sachin\AppData\Roaming\Tropico 3
2012-07-22 08:33 . 2012-07-22 08:33 -------- d-----w- c:\program files (x86)\WhiteSmoke_US
2012-07-22 08:33 . 2012-07-22 08:32 649624 ----a-w- c:\program files (x86)\Uninstall Information\ib_uninst_0\uninstall.exe
2012-07-22 08:33 . 2012-07-28 01:24 -------- d-----w- c:\programdata\UpdaterService
2012-07-22 04:35 . 2012-07-22 04:35 -------- d-----w- c:\programdata\Age of Empires 3
2012-07-18 09:40 . 2012-07-18 09:40 -------- d-----w- c:\users\Sachin\AppData\Roaming\The Creative Assembly
2012-07-12 17:04 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 08:55 . 2009-05-18 03:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-07-02 08:55 . 2008-04-17 02:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-07-02 08:55 . 2008-04-17 02:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-07-02 08:55 . 2012-07-02 08:55 -------- d-----w- c:\program files\iPod
2012-07-02 08:55 . 2012-07-02 08:55 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-07-02 08:55 . 2012-07-02 08:55 -------- d-----w- c:\program files\iTunes
2012-07-02 08:55 . 2012-07-02 08:55 -------- d-----w- c:\program files (x86)\iTunes
2012-07-02 08:53 . 2012-07-02 08:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-07-02 08:53 . 2012-07-02 08:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-07-02 08:53 . 2012-07-02 08:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-07-02 08:53 . 2012-07-02 08:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-07-02 08:53 . 2012-07-02 08:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-07-02 08:53 . 2012-07-02 08:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-07-02 08:53 . 2012-07-02 08:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-07-02 08:53 . 2012-07-02 08:53 -------- d-----w- c:\program files (x86)\QuickTime
2012-07-02 08:51 . 2012-07-02 08:51 -------- d-----w- c:\program files (x86)\Safari
2012-07-02 08:50 . 2012-07-02 08:54 -------- d-----w- c:\program files\Common Files\Apple
2012-07-02 08:50 . 2012-07-02 08:50 -------- d-----w- c:\program files\Bonjour
2012-07-02 08:50 . 2012-07-02 08:50 -------- d-----w- c:\program files (x86)\Bonjour
2012-07-02 07:14 . 2012-07-02 07:14 -------- d-----w- c:\users\Sachin\AppData\Local\THQ
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 10:16 . 2012-04-21 23:56 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 10:16 . 2012-01-19 01:17 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-21 02:40 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 02:40 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 02:40 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 02:40 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 02:40 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 02:40 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 02:40 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 05:19 . 2012-06-21 02:40 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 05:15 . 2012-06-21 02:40 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-11 06:30 . 2012-05-11 06:33 715038 ----a-w- c:\windows\unins000.exe
2012-05-04 11:06 . 2012-06-14 03:30 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 03:30 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 03:30 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-04 09:29 . 2012-06-14 22:36 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-04 09:29 . 2012-01-19 01:33 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-29 03:28 . 2012-07-29 03:28 14197 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-07-28 03:03 . 2012-07-28 03:03 14197 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2012-07-28 01:10 . 2012-07-30 02:42 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-07-28 01:10 . 2012-07-28 02:42 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-21 03:09 . 2012-07-29 03:32 68344 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-30 08:10 41876 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-03-01 10:28 . 2012-07-30 08:10 14560 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3155437634-2107215997-1005474797-1001_UserData.bin
- 2009-07-14 05:30 . 2012-07-02 08:54 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-07-28 10:46 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2012-01-30 18:46 . 2012-01-30 18:46 36944 c:\windows\system32\drivers\avgrkx64.sys
+ 2011-12-23 03:32 . 2011-12-23 03:32 47696 c:\windows\system32\drivers\avgmfx64.sys
+ 2012-04-18 18:50 . 2012-04-18 18:50 28480 c:\windows\system32\drivers\avgidsha.sys
+ 2011-12-23 03:32 . 2011-12-23 03:32 29776 c:\windows\system32\drivers\avgidsfiltera.sys
+ 2011-05-22 15:03 . 2011-05-22 15:03 48992 c:\windows\system32\drivers\avgfwd6a.sys
+ 2012-01-19 03:10 . 2012-07-29 03:28 1859 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2012-01-19 03:10 . 2012-07-28 03:03 1859 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2012-07-29 03:29 . 2012-07-30 08:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-28 03:04 . 2012-07-28 03:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-29 03:29 . 2012-07-30 08:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-28 03:04 . 2012-07-28 03:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-07-28 02:42 753664 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-30 02:42 753664 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-30 02:42 393216 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-28 02:42 393216 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-01 10:30 . 2012-07-30 06:39 350480 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-07-03 08:06 665232 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-28 10:35 665232 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-28 10:35 125678 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-03 08:06 125678 c:\windows\system32\perfc009.dat
- 2009-07-14 05:30 . 2012-07-02 08:54 239616 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-07-28 10:46 239616 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-07-02 08:54 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-07-28 10:46 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2012-03-18 19:17 . 2012-03-18 19:17 383808 c:\windows\system32\drivers\avgtdia.sys
+ 2012-02-21 19:25 . 2012-02-21 19:25 289872 c:\windows\system32\drivers\avgldx64.sys
+ 2011-12-23 03:31 . 2011-12-23 03:31 124496 c:\windows\system32\drivers\avgidsdrivera.sys
- 2012-06-20 14:49 . 2012-07-28 02:45 506208 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-06-20 14:49 . 2012-07-29 03:28 506208 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-07-28 03:03 519832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-29 03:28 519832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-02 17:26 . 2012-07-29 03:28 26555702 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3155437634-2107215997-1005474797-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-28 10:46 2086496 ----a-w- c:\program files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll" [2012-07-28 2086496]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Sachin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Sachin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Sachin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-03-01 1242448]
"WirelessManager"="c:\program files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe" [2010-07-28 194600]
"Facebook Update"="c:\users\Sachin\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2011-08-19 96240]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-02-06 66872]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-04 241789]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"HPUsageTrackingLEDM"="c:\program files (x86)\HP\HP UT LEDM\bin\hppusg.exe" [2009-08-04 30264]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"FAStartup"="" [BU]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-04 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-28 1147488]
.
c:\users\Sachin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Sachin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-25 27112840]
Intel(R) Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-30 204288]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2012-3-3 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2011-08-19 17:34 153584 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-10-19 195072]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-03-03 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-01-19 79360]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-08-01 52584]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-12-15 174168]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2010-03-06 20480]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-01 340240]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [2010-12-12 121960]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2012-01-19 79360]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-03 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-18 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-30 36944]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-02-10 28992]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2011-05-22 48992]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-21 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-18 383808]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-07-28 31080]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2012-02-10 249152]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-06-12 2321560]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-13 193288]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-21 135440]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2011-08-19 2451440]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2009-06-24 136704]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2010-04-07 127800]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 NvtlService;NovaCore SDK Service;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2009-12-29 83456]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
S2 QDLService2kDell;Qualcomm Gobi 2000 Download Service (Dell);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe [2010-06-25 331512]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-09-30 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-09-22 1692480]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [2012-07-28 830048]
S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-10-19 195072]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-05-19 51712]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-08-29 53760]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-10-10 288768]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-10-11 59904]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-16 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-12-02 8615936]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-13 29288]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-09-30 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-09-30 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-09-30 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-09-30 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-09-30 219496]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 10:16]
.
2012-07-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3155437634-2107215997-1005474797-1001Core.job
- c:\users\Sachin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-09 02:13]
.
2012-07-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3155437634-2107215997-1005474797-1001UA.job
- c:\users\Sachin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-09 02:13]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3155437634-2107215997-1005474797-1001Core.job
- c:\users\Sachin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-28 05:55]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3155437634-2107215997-1005474797-1001UA.job
- c:\users\Sachin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-28 05:55]
.
2012-07-03 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-07-30 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~2\SMARTD~1\Messages\SDNotify.exe [2012-05-01 18:22]
.
2012-07-30 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Sachin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Sachin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Sachin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Sachin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTMasterOnOffMonitor"="CTMWatch.dll StartCTMasterOnOffWatch" [X]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-05 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-05 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-05 416024]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-10-18 10357008]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-11-01 1935120]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-03 446392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = [You must be registered and logged in to see this link.] 14:02&v=11.1.0.12&sap=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{656461ef-40f6-4115-9ff1-bced9812ccbb} - c:\program files (x86)\BitTorrentBar2\prxtbBitT.dll
Toolbar-Locked - (no file)
Toolbar-{656461ef-40f6-4115-9ff1-bced9812ccbb} - c:\program files (x86)\BitTorrentBar2\prxtbBitT.dll
WebBrowser-{656461EF-40F6-4115-9FF1-BCED9812CCBB} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-BitTorrentBar2 Toolbar - c:\program files (x86)\BitTorrentBar2\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3155437634-2107215997-1005474797-1001\Software\SecuROM\License information*]
"datasecu"=hex:ea,59,db,be,2d,5f,37,d6,46,cc,a9,08,16,65,14,0b,d8,f0,fb,e9,50,
39,d0,bc,64,62,25,5b,37,9f,91,be,ea,90,6d,7e,81,6e,bd,2f,5d,df,8d,65,83,dc,\
"rkeysecu"=hex:db,3b,c2,23,52,43,a6,c8,b7,58,d9,1d,26,f8,6d,43
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-30 21:36:20
ComboFix-quarantined-files.txt 2012-07-30 11:36
ComboFix2.txt 2012-07-29 14:09
ComboFix3.txt 2012-07-28 03:15
.
Pre-Run: 337,581,162,496 bytes free
Post-Run: 337,754,251,264 bytes free
.
- - End Of File - - 02B9DA42DC3151BAB3252E4B3FE2EE90

Lazilion
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2009-04-17
OS : Windows 7 Home Premium 64bit

View user profile

Back to top Go down

Re: Successfully blocked access to a potentially malicious website

Post by Dr Jay on Tue Jul 31, 2012 11:19 am

ESET Online Scan

Please run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Successfully blocked access to a potentially malicious website

Post by Lazilion on Tue Jul 31, 2012 11:57 pm

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1fc1483d639d484fb6112d7f809bf77b
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-31 03:56:48
# local_time=2012-08-01 01:56:48 (+1000, E. Australia Standard Time)
# country="Australia"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1024 16777215 100 0 8874188 8874188 0 0
# compatibility_mode=5893 16776574 100 94 52583391 95371652 0 0
# compatibility_mode=8192 67108863 100 0 1102 1102 0 0
# scanned=426211
# found=9
# cleaned=9
# scan_time=8405
C:\Program Files (x86)\Uninstall Information\ib_uninst_0\uninstall.exe a variant of Win32/Obfuscated.NEU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\Installer\{9c8cf76b-eb35-1c4e-2e7e-70870fe2278b}\U\00000008.@.vir Win64/Agent.BA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\Installer\{9c8cf76b-eb35-1c4e-2e7e-70870fe2278b}\U\000000cb.@.vir Win64/Conedex.B trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\Installer\{9c8cf76b-eb35-1c4e-2e7e-70870fe2278b}\U\80000000.@.vir Win64/Sirefef.AP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\Installer\{9c8cf76b-eb35-1c4e-2e7e-70870fe2278b}\U\80000032.@.vir a variant of Win32/Sirefef.FD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win64/Patched.A.Gen trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Sachin\Downloads\installer_jdownloader (1).exe Win32/Vittalia.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Sachin\Downloads\installer_jdownloader.exe Win32/Vittalia.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Sachin\Downloads\setup.exe a variant of Win32/InstallCore.AC application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Lazilion
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2009-04-17
OS : Windows 7 Home Premium 64bit

View user profile

Back to top Go down

Re: Successfully blocked access to a potentially malicious website

Post by Dr Jay on Wed Aug 01, 2012 5:24 pm

ComboFix Script


  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the codebox below into it:
    ClearJavaCache::
  • Save this as CFScript.txt, in the same location as ComboFix.exe


  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Successfully blocked access to a potentially malicious website

Post by Lazilion on Thu Aug 02, 2012 10:31 am

ComboFix 12-07-31.03 - Sachin 02/08/2012 19:21:35.5.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.6038.3674 [GMT 10:00]
Running from: c:\users\Sachin\Desktop\Sachin\System Settings\ComboFix.exe
Command switches used :: c:\users\Sachin\Desktop\Sachin\System Settings\CFScript.txt.txt
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5907\Downloads\140239b3-d59a-46fa-b856-17682a46cb44.dll
c:\programdata\PCDr\5907\Downloads\f0fc9c9c-10ba-435b-8365-dadb523644ff.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))
.
.
2012-08-02 09:36 . 2012-08-02 09:36 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-02 09:36 . 2012-08-02 09:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-01 08:53 . 2012-08-01 09:10 -------- d-----w- c:\users\Sachin\AppData\Local\Ubisoft Game Launcher
2012-08-01 08:53 . 2012-08-01 08:53 -------- d-----w- c:\program files (x86)\Ubisoft
2012-07-31 13:18 . 2012-07-31 13:18 -------- d-----w- c:\program files (x86)\ESET
2012-07-31 10:18 . 2012-07-31 10:23 -------- d-----w- c:\users\Sachin\AppData\Local\Darksiders
2012-07-31 08:39 . 2012-07-31 08:39 -------- d-----w- c:\program files (x86)\THQ
2012-07-28 10:47 . 2012-07-28 10:47 -------- d-----w- c:\users\Sachin\AppData\Roaming\AVG2012
2012-07-28 10:47 . 2012-07-28 10:47 -------- d-----w- c:\users\Sachin\AppData\Local\AVG Secure Search
2012-07-28 10:46 . 2012-07-28 10:47 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-28 10:46 . 2012-07-28 10:46 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-07-28 10:46 . 2012-07-28 10:46 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-07-28 10:46 . 2012-07-28 10:46 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-07-28 10:46 . 2012-07-28 10:46 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-07-28 10:45 . 2012-07-28 10:45 -------- d-----w- C:\$AVG
2012-07-28 10:45 . 2012-08-01 21:42 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-28 10:45 . 2012-07-28 11:15 -------- d-----w- c:\programdata\AVG2012
2012-07-28 03:43 . 2012-07-28 03:43 388096 ----a-r- c:\users\Sachin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-28 03:43 . 2012-07-28 03:43 -------- d-----w- c:\program files (x86)\Trend Micro
2012-07-28 03:16 . 2012-07-02 17:19 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-28 02:30 . 2012-07-28 02:30 -------- d-----w- c:\users\Sachin\AppData\Roaming\addpcs
2012-07-28 02:30 . 2012-07-28 02:30 -------- d-----w- c:\program files\Temp File Cleaner
2012-07-28 01:20 . 2012-07-28 01:20 -------- d-----w- c:\users\Sachin\AppData\Roaming\Malwarebytes
2012-07-28 01:19 . 2012-07-28 01:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-28 01:19 . 2012-07-28 01:19 -------- d-----w- c:\programdata\Malwarebytes
2012-07-28 01:19 . 2012-07-03 03:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-28 01:12 . 2012-07-28 01:12 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-27 07:08 . 2012-07-27 07:08 -------- d-----w- c:\program files\WinRAR
2012-07-24 07:34 . 2012-07-27 12:58 -------- d-----w- c:\users\Sachin\AppData\Roaming\Tropico 3
2012-07-22 08:33 . 2012-07-22 08:33 -------- d-----w- c:\program files (x86)\WhiteSmoke_US
2012-07-22 08:33 . 2012-07-28 01:24 -------- d-----w- c:\programdata\UpdaterService
2012-07-22 04:35 . 2012-07-22 04:35 -------- d-----w- c:\programdata\Age of Empires 3
2012-07-18 09:40 . 2012-07-18 09:40 -------- d-----w- c:\users\Sachin\AppData\Roaming\The Creative Assembly
2012-07-12 17:04 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 10:16 . 2012-04-21 23:56 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 10:16 . 2012-01-19 01:17 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-21 02:40 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 02:40 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 02:40 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 02:40 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 02:40 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 02:40 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 02:40 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 05:19 . 2012-06-21 02:40 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 05:15 . 2012-06-21 02:40 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-11 06:30 . 2012-05-11 06:33 715038 ----a-w- c:\windows\unins000.exe
2012-05-04 11:06 . 2012-06-14 03:30 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 03:30 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 03:30 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
- 2012-03-13 05:17 . 2012-02-10 04:13 61248 c:\windows\SysWOW64\OpenCL.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 61248 c:\windows\SysWOW64\OpenCL.dll
+ 2012-08-01 13:27 . 2012-08-01 13:27 14197 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-07-28 03:03 . 2012-07-28 03:03 14197 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2012-07-28 01:10 . 2012-08-02 04:48 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-07-28 01:10 . 2012-07-28 02:42 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-21 03:09 . 2012-08-01 10:43 69558 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-01 21:41 41980 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-03-01 10:28 . 2012-08-01 21:41 15226 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3155437634-2107215997-1005474797-1001_UserData.bin
- 2012-03-13 05:17 . 2012-02-10 04:13 68928 c:\windows\system32\OpenCL.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 68928 c:\windows\system32\OpenCL.dll
- 2011-04-22 04:35 . 2012-02-10 03:07 63296 c:\windows\system32\nvshext.dll
+ 2011-04-22 04:35 . 2012-02-29 20:59 63296 c:\windows\system32\nvshext.dll
- 2011-04-22 02:35 . 2012-02-10 03:07 55616 c:\windows\system32\nv3dappshextr.dll
+ 2011-04-22 02:35 . 2012-02-29 20:59 55616 c:\windows\system32\nv3dappshextr.dll
+ 2009-07-14 05:30 . 2012-08-01 01:54 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2012-07-02 08:54 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2012-08-01 01:53 . 2012-01-17 12:46 31040 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_6c95c0b9e91efef4\nvhdap64.dll
- 2012-03-13 05:17 . 2012-01-17 12:46 31040 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_6c95c0b9e91efef4\nvhdap64.dll
- 2012-03-13 05:17 . 2012-01-17 12:45 72512 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_6c95c0b9e91efef4\nvapo64v.dll
+ 2012-08-01 01:53 . 2012-01-17 12:45 72512 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_6c95c0b9e91efef4\nvapo64v.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 68928 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_31cccaa0c50bc5cd\OpenCL64.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 61248 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_31cccaa0c50bc5cd\OpenCL.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 28992 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_31cccaa0c50bc5cd\nvpciflt.sys
+ 2012-08-01 01:53 . 2012-03-01 00:02 28992 c:\windows\system32\drivers\nvpciflt.sys
- 2012-03-13 05:17 . 2012-02-10 04:13 28992 c:\windows\system32\drivers\nvpciflt.sys
+ 2012-01-30 18:46 . 2012-01-30 18:46 36944 c:\windows\system32\drivers\avgrkx64.sys
+ 2011-12-23 03:32 . 2011-12-23 03:32 47696 c:\windows\system32\drivers\avgmfx64.sys
+ 2012-04-18 18:50 . 2012-04-18 18:50 28480 c:\windows\system32\drivers\avgidsha.sys
+ 2011-12-23 03:32 . 2011-12-23 03:32 29776 c:\windows\system32\drivers\avgidsfiltera.sys
+ 2011-05-22 15:03 . 2011-05-22 15:03 48992 c:\windows\system32\drivers\avgfwd6a.sys
+ 2009-07-14 04:46 . 2012-08-01 10:42 93232 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-07-31 08:39 . 2012-07-31 08:39 53248 c:\windows\Installer\{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}\ARPPRODUCTICON.exe
+ 2012-08-01 08:51 . 2012-08-01 08:51 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2012-07-27 12:43 . 2012-07-27 12:43 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2012-07-27 12:43 . 2012-07-27 12:43 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2012-08-01 08:51 . 2012-08-01 08:51 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 4096 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_31cccaa0c50bc5cd\nvdetx.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 4096 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_31cccaa0c50bc5cd\nvdet.dll
+ 2012-01-19 03:10 . 2012-08-01 13:27 1859 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2012-01-19 03:10 . 2012-07-28 03:03 1859 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2012-07-28 03:04 . 2012-07-28 03:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-01 21:38 . 2012-08-01 21:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-01 21:38 . 2012-08-01 21:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-28 03:04 . 2012-07-28 03:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-19 02:29 . 2012-02-10 04:13 812352 c:\windows\SysWOW64\nvumdshim.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 812352 c:\windows\SysWOW64\nvumdshim.dll
- 2012-02-09 10:05 . 2012-02-09 10:05 416064 c:\windows\SysWOW64\nvStreaming.exe
+ 2012-02-29 03:26 . 2012-02-29 03:26 416064 c:\windows\SysWOW64\nvStreaming.exe
+ 2012-08-01 01:53 . 2012-03-01 00:02 215360 c:\windows\SysWOW64\nvinit.dll
- 2012-01-19 02:28 . 2012-02-10 04:13 215360 c:\windows\SysWOW64\nvinit.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 301376 c:\windows\SysWOW64\nvdecodemft.dll
- 2012-03-13 05:17 . 2012-02-10 04:13 301376 c:\windows\SysWOW64\nvdecodemft.dll
- 2012-01-19 01:11 . 2012-02-10 04:13 812352 c:\windows\SysWOW64\NV\igdumdx32.dll
+ 2012-01-19 01:11 . 2012-03-01 00:02 812352 c:\windows\SysWOW64\NV\igdumdx32.dll
- 2012-01-19 01:11 . 2012-02-10 04:13 812352 c:\windows\SysWOW64\NV\igd10umd32.dll
+ 2012-01-19 01:11 . 2012-03-01 00:02 812352 c:\windows\SysWOW64\NV\igd10umd32.dll
+ 2009-07-14 04:54 . 2012-08-02 04:48 753664 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-28 02:42 753664 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-28 02:42 393216 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-02 04:48 393216 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-01 10:30 . 2012-08-02 08:26 352894 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-07-03 08:06 665232 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-28 10:35 665232 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-28 10:35 125678 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-03 08:06 125678 c:\windows\system32\perfc009.dat
- 2011-04-22 02:35 . 2012-02-10 03:07 889664 c:\windows\system32\nvvsvc.exe
+ 2011-04-22 02:35 . 2012-02-29 20:59 889664 c:\windows\system32\nvvsvc.exe
+ 2012-01-19 02:29 . 2012-03-01 00:02 962368 c:\windows\system32\nvumdshimx.dll
- 2012-01-19 02:29 . 2012-02-10 04:13 962368 c:\windows\system32\nvumdshimx.dll
+ 2011-04-22 02:35 . 2012-02-29 20:59 118080 c:\windows\system32\nvmctray.dll
- 2011-04-22 02:35 . 2012-02-10 03:07 118080 c:\windows\system32\nvmctray.dll
- 2012-01-19 02:28 . 2012-02-10 04:13 260416 c:\windows\system32\nvinitx.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 260416 c:\windows\system32\nvinitx.dll
- 2012-03-13 05:17 . 2012-02-10 04:13 364352 c:\windows\system32\nvdecodemft.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 364352 c:\windows\system32\nvdecodemft.dll
- 2011-04-22 02:35 . 2012-02-10 03:07 849728 c:\windows\system32\nv3dappshext.dll
+ 2011-04-22 02:35 . 2012-02-29 20:59 849728 c:\windows\system32\nv3dappshext.dll
+ 2012-01-19 01:11 . 2012-03-01 00:02 962368 c:\windows\system32\NV\igdumd64.dll
- 2012-01-19 01:11 . 2012-02-10 04:13 962368 c:\windows\system32\NV\igdumd64.dll
- 2012-01-19 01:11 . 2012-02-10 04:13 962368 c:\windows\system32\NV\igd10umd64.dll
+ 2012-01-19 01:11 . 2012-03-01 00:02 962368 c:\windows\system32\NV\igd10umd64.dll
+ 2009-07-14 05:30 . 2012-08-01 01:54 239616 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-07-02 08:54 239616 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-08-01 01:54 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2012-07-02 08:54 143360 c:\windows\system32\DriverStore\infstor.dat
- 2012-03-13 05:17 . 2012-01-17 12:45 188224 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_6c95c0b9e91efef4\nvhda64v.sys
+ 2012-08-01 01:53 . 2012-01-17 12:45 188224 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_6c95c0b9e91efef4\nvhda64v.sys
+ 2012-08-01 01:53 . 2012-01-17 12:45 156480 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_6c95c0b9e91efef4\nvhda64.sys
- 2012-03-13 05:17 . 2012-01-17 12:45 156480 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_6c95c0b9e91efef4\nvhda64.sys
+ 2012-08-01 01:53 . 2012-03-01 00:02 962368 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_31cccaa0c50bc5cd\nvumdshimx.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 812352 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_31cccaa0c50bc5cd\nvumdshim.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 310592 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_31cccaa0c50bc5cd\nvml.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 249152 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_31cccaa0c50bc5cd\nvkflt.sys
+ 2012-08-01 01:53 . 2012-03-01 00:02 260416 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_31cccaa0c50bc5cd\nvinitx.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 215360 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_31cccaa0c50bc5cd\nvinit.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 201024 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_31cccaa0c50bc5cd\nvidia-smi.exe
+ 2012-08-01 01:53 . 2012-03-01 00:02 202752 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_31cccaa0c50bc5cd\nvdxgiwrapx.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 182080 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_31cccaa0c50bc5cd\nvdxgiwrap.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 325888 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_31cccaa0c50bc5cd\nvdrsdb.bin
+ 2012-08-01 01:53 . 2012-03-01 00:02 301376 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_31cccaa0c50bc5cd\nvdecodemft32.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 364352 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_31cccaa0c50bc5cd\nvdecodemft.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 261120 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_31cccaa0c50bc5cd\Nvd3d9wrapx.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 236352 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_31cccaa0c50bc5cd\Nvd3d9wrap.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 224064 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_31cccaa0c50bc5cd\dbInstaller.exe
- 2012-03-13 05:17 . 2012-02-10 04:13 249152 c:\windows\system32\drivers\nvkflt.sys
+ 2012-08-01 01:53 . 2012-03-01 00:02 249152 c:\windows\system32\drivers\nvkflt.sys
+ 2012-03-18 19:17 . 2012-03-18 19:17 383808 c:\windows\system32\drivers\avgtdia.sys
+ 2012-02-21 19:25 . 2012-02-21 19:25 289872 c:\windows\system32\drivers\avgldx64.sys
+ 2011-12-23 03:31 . 2011-12-23 03:31 124496 c:\windows\system32\drivers\avgidsdrivera.sys
+ 2009-07-14 05:01 . 2012-08-01 13:27 519832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-28 03:03 519832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-07-31 08:39 . 2012-07-31 08:39 221184 c:\windows\Installer\{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}\NewShortcut3_017E5C45DD354BA28142E7E72C99A9D0.exe
+ 2012-07-31 08:39 . 2012-07-31 08:39 221184 c:\windows\Installer\{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}\NewShortcut2_C143FA2028B64CC890A6E52B0DA5D475.exe
+ 2012-07-31 08:39 . 2012-07-31 08:39 221184 c:\windows\Installer\{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}\NewShortcut1_DD5F286D70C44700989D754E99D800A3.exe
+ 2012-07-31 08:39 . 2012-07-31 08:39 221184 c:\windows\Installer\{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}\Darksiders_Comic.p_3E05F0DCF4C74476BB6ADA8EB89D7388.exe
- 2012-07-27 12:43 . 2012-07-27 12:43 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2012-08-01 08:51 . 2012-08-01 08:51 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2012-08-01 08:51 . 2012-08-01 08:51 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2012-07-27 12:43 . 2012-07-27 12:43 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2012-07-27 12:43 . 2012-07-27 12:43 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2012-08-01 08:51 . 2012-08-01 08:51 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2012-08-01 08:51 . 2012-08-01 08:51 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2012-07-27 12:43 . 2012-07-27 12:43 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2012-07-27 12:43 . 2012-07-27 12:43 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2012-08-01 08:51 . 2012-08-01 08:51 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2012-07-27 12:43 . 2012-07-27 12:43 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-08-01 08:51 . 2012-08-01 08:51 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-07-27 12:43 . 2012-07-27 12:43 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-08-01 08:51 . 2012-08-01 08:51 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-07-27 12:43 . 2012-07-27 12:43 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-08-01 08:51 . 2012-08-01 08:51 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-07-27 12:43 . 2012-07-27 12:43 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-08-01 08:51 . 2012-08-01 08:51 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-08-01 08:51 . 2012-08-01 08:51 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-07-27 12:43 . 2012-07-27 12:43 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-07-27 12:43 . 2012-07-27 12:43 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-08-01 08:51 . 2012-08-01 08:51 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-07-27 12:43 . 2012-07-27 12:43 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-08-01 08:51 . 2012-08-01 08:51 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-08-01 08:51 . 2012-08-01 08:51 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-07-27 12:43 . 2012-07-27 12:43 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-08-01 08:51 . 2012-08-01 08:51 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2012-07-27 12:43 . 2012-07-27 12:43 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 7713088 c:\windows\SysWOW64\nvwgf2um.dll
- 2012-03-13 05:17 . 2012-02-10 04:13 7713088 c:\windows\SysWOW64\nvwgf2um.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 2517312 c:\windows\SysWOW64\nvcuvid.dll
- 2012-03-13 05:17 . 2012-02-10 04:13 2517312 c:\windows\SysWOW64\nvcuvid.dll
- 2012-03-13 05:17 . 2012-02-10 04:13 2437440 c:\windows\SysWOW64\nvcuvenc.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 2437440 c:\windows\SysWOW64\nvcuvenc.dll
- 2012-03-13 05:17 . 2012-02-10 04:13 5892928 c:\windows\SysWOW64\nvcuda.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 5892928 c:\windows\SysWOW64\nvcuda.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 2301248 c:\windows\SysWOW64\nvapi.dll
- 2012-01-19 02:28 . 2012-02-10 04:13 2301248 c:\windows\SysWOW64\nvapi.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 9717568 c:\windows\system32\nvwgf2umx.dll
- 2012-03-13 05:17 . 2012-02-10 04:13 9717568 c:\windows\system32\nvwgf2umx.dll
+ 2011-04-22 02:35 . 2012-02-29 20:59 2561856 c:\windows\system32\nvsvcr.dll
- 2011-04-22 02:35 . 2012-02-10 03:07 2561856 c:\windows\system32\nvsvcr.dll
- 2011-04-22 02:35 . 2012-02-10 03:14 3089728 c:\windows\system32\nvsvc64.dll
+ 2011-04-22 02:35 . 2012-02-29 21:00 3089728 c:\windows\system32\nvsvc64.dll
- 2012-03-13 05:17 . 2012-02-10 04:13 1466176 c:\windows\system32\nvgenco64.dll
+ 2012-03-13 05:17 . 2012-03-01 00:02 1466176 c:\windows\system32\nvgenco64.dll
- 2012-03-13 05:17 . 2012-02-10 04:13 1737536 c:\windows\system32\nvdispco64.dll
+ 2012-03-13 05:17 . 2012-03-01 00:02 1737536 c:\windows\system32\nvdispco64.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 2672448 c:\windows\system32\nvcuvid.dll
- 2012-03-13 05:17 . 2012-02-10 04:13 2672448 c:\windows\system32\nvcuvid.dll
- 2012-03-13 05:17 . 2012-02-10 04:13 2872640 c:\windows\system32\nvcuvenc.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 2872640 c:\windows\system32\nvcuvenc.dll
- 2012-03-13 05:17 . 2012-02-10 04:13 8008000 c:\windows\system32\nvcuda.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 8008000 c:\windows\system32\nvcuda.dll
+ 2011-04-22 02:35 . 2012-02-29 21:00 6074176 c:\windows\system32\nvcpl.dll
- 2011-04-22 02:35 . 2012-02-10 03:14 6074176 c:\windows\system32\nvcpl.dll
+ 2011-04-22 04:35 . 2012-02-29 20:59 2515790 c:\windows\system32\nvcoproc.bin
+ 2012-01-19 02:28 . 2012-03-01 00:02 2660160 c:\windows\system32\nvapi64.dll
- 2012-01-19 02:28 . 2012-02-10 04:13 2660160 c:\windows\system32\nvapi64.dll
- 2012-03-13 05:17 . 2012-01-17 12:45 1451840 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_6c95c0b9e91efef4\nvgenco64.dll
+ 2012-08-01 01:53 . 2012-01-17 12:45 1451840 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_6c95c0b9e91efef4\nvgenco64.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 9717568 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_31cccaa0c50bc5cd\nvwgf2umx.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 7713088 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_31cccaa0c50bc5cd\nvwgf2um.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 1466176 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_31cccaa0c50bc5cd\nvgenco64.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 1737536 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_31cccaa0c50bc5cd\nvdispco64.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 2517312 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_31cccaa0c50bc5cd\nvcuvid32.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 2672448 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_31cccaa0c50bc5cd\nvcuvid.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 2872640 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_31cccaa0c50bc5cd\nvcuvenc64.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 2437440 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_31cccaa0c50bc5cd\nvcuvenc.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 5892928 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_31cccaa0c50bc5cd\nvcuda32.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 8008000 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_31cccaa0c50bc5cd\nvcuda.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 2660160 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_31cccaa0c50bc5cd\nvapi64.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 2301248 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_31cccaa0c50bc5cd\nvapi.dll
+ 2009-07-14 04:45 . 2012-08-01 02:01 7187735 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-07-14 00:19 7187735 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-06-20 14:49 . 2012-08-01 13:27 1078256 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-03-02 17:26 . 2012-08-01 01:56 8135120 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3155437634-2107215997-1005474797-1001-12288.dat
- 2012-03-02 17:26 . 2012-07-28 02:36 8135120 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3155437634-2107215997-1005474797-1001-12288.dat
+ 2009-07-11 16:35 . 2009-07-11 16:35 2736640 c:\windows\Installer\234b55a.msi
+ 2012-08-01 08:51 . 2012-08-01 08:51 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-07-27 12:43 . 2012-07-27 12:43 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-07-27 12:43 . 2012-07-27 12:43 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-08-01 08:51 . 2012-08-01 08:51 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 19444544 c:\windows\SysWOW64\nvoglv32.dll
- 2012-01-19 02:28 . 2012-02-10 04:13 15009600 c:\windows\SysWOW64\nvd3dum.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 15009600 c:\windows\SysWOW64\nvd3dum.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 17543488 c:\windows\SysWOW64\nvcompiler.dll
- 2012-03-13 05:17 . 2012-02-10 04:13 17543488 c:\windows\SysWOW64\nvcompiler.dll
+ 2012-01-19 01:11 . 2012-03-01 00:02 19444544 c:\windows\SysWOW64\NV\ig4icd32.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 25543488 c:\windows\system32\nvoglv64.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 17642816 c:\windows\system32\nvd3dumx.dll
- 2012-03-13 05:17 . 2012-02-10 04:13 17642816 c:\windows\system32\nvd3dumx.dll
- 2012-03-13 05:17 . 2012-02-10 04:13 25222976 c:\windows\system32\nvcompiler.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 25222976 c:\windows\system32\nvcompiler.dll
+ 2012-01-19 01:11 . 2012-03-01 00:02 25543488 c:\windows\system32\NV\ig4icd64.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 25543488 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_31cccaa0c50bc5cd\nvoglv64.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 19444544 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_31cccaa0c50bc5cd\nvoglv32.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 13626688 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_31cccaa0c50bc5cd\nvlddmkm.sys
+ 2012-08-01 01:53 . 2012-03-01 00:02 17642816 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_31cccaa0c50bc5cd\nvd3dumx.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 15009600 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_31cccaa0c50bc5cd\nvd3dum.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 71582120 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_31cccaa0c50bc5cd\NvCplSetupInt.exe
+ 2012-08-01 01:53 . 2012-03-01 00:02 17543488 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_31cccaa0c50bc5cd\nvcompiler32.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 25222976 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_31cccaa0c50bc5cd\nvcompiler.dll
+ 2012-08-01 01:53 . 2012-03-01 00:02 13626688 c:\windows\system32\drivers\nvlddmkm.sys
+ 2012-03-02 17:26 . 2012-08-01 13:27 26559916 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3155437634-2107215997-1005474797-1001-8192.dat
+ 2012-02-13 16:57 . 2012-02-13 16:57 30412800 c:\windows\Installer\5e97c96.msi
+ 2012-07-31 08:39 . 2012-07-31 08:39 161944064 c:\windows\Installer\234b55f.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{656461ef-40f6-4115-9ff1-bced9812ccbb}]
c:\program files (x86)\BitTorrentBar2\prxtbBitT.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-28 10:46 2086496 ----a-w- c:\program files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{656461ef-40f6-4115-9ff1-bced9812ccbb}"= "c:\program files (x86)\BitTorrentBar2\prxtbBitT.dll" [BU]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll" [2012-07-28 2086496]
.
[HKEY_CLASSES_ROOT\clsid\{656461ef-40f6-4115-9ff1-bced9812ccbb}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Sachin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Sachin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Sachin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-03-01 1242448]
"WirelessManager"="c:\program files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe" [2010-07-28 194600]
"Facebook Update"="c:\users\Sachin\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2011-08-19 96240]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-02-06 66872]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-04 241789]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"HPUsageTrackingLEDM"="c:\program files (x86)\HP\HP UT LEDM\bin\hppusg.exe" [2009-08-04 30264]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"FAStartup"="" [BU]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-04 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-28 1147488]
.
c:\users\Sachin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Sachin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-25 27112840]
Intel(R) Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-30 204288]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2012-3-3 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2011-08-19 17:34 153584 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-10-19 195072]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-03-03 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-01-19 79360]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-08-01 52584]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-12-15 174168]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2010-03-06 20480]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-01 340240]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [2010-12-12 121960]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2012-01-19 79360]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-03 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-18 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-30 36944]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-03-01 28992]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2011-05-22 48992]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-21 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-18 383808]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-07-28 31080]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2012-03-01 249152]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-06-12 2321560]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-13 193288]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-21 135440]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2011-08-19 2451440]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2009-06-24 136704]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2010-04-07 127800]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 NvtlService;NovaCore SDK Service;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2009-12-29 83456]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 QDLService2kDell;Qualcomm Gobi 2000 Download Service (Dell);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe [2010-06-25 331512]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-09-30 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-09-22 1692480]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [2012-07-28 830048]
S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-10-19 195072]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-05-19 51712]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-08-29 53760]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-10-10 288768]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-10-11 59904]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-16 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-12-02 8615936]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-13 29288]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-09-30 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-09-30 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-09-30 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-09-30 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-09-30 219496]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 10:16]
.
2012-08-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3155437634-2107215997-1005474797-1001Core.job
- c:\users\Sachin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-09 02:13]
.
2012-08-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3155437634-2107215997-1005474797-1001UA.job
- c:\users\Sachin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-09 02:13]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3155437634-2107215997-1005474797-1001Core.job
- c:\users\Sachin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-28 05:55]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3155437634-2107215997-1005474797-1001UA.job
- c:\users\Sachin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-28 05:55]
.
2012-08-02 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-08-02 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~2\SMARTD~1\Messages\SDNotify.exe [2012-05-01 18:22]
.
2012-08-02 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Sachin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Sachin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Sachin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Sachin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTMasterOnOffMonitor"="CTMWatch.dll StartCTMasterOnOffWatch" [X]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-05 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-05 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-05 416024]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-10-18 10357008]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-11-01 1935120]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-03 446392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = [You must be registered and logged in to see this link.] 14:02&v=11.1.0.12&sap=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3155437634-2107215997-1005474797-1001\Software\SecuROM\License information*]
"datasecu"=hex:ea,59,db,be,2d,5f,37,d6,46,cc,a9,08,16,65,14,0b,d8,f0,fb,e9,50,
39,d0,bc,64,62,25,5b,37,9f,91,be,ea,90,6d,7e,81,6e,bd,2f,5d,df,8d,65,83,dc,\
"rkeysecu"=hex:db,3b,c2,23,52,43,a6,c8,b7,58,d9,1d,26,f8,6d,43
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-02 20:10:11
ComboFix-quarantined-files.txt 2012-08-02 10:10
ComboFix2.txt 2012-07-30 11:36
ComboFix3.txt 2012-07-29 14:09
ComboFix4.txt 2012-07-28 03:15
.
Pre-Run: 337,109,045,248 bytes free
Post-Run: 337,059,074,048 bytes free
.
- - End Of File - - 20BD1BD7460C903B2BED286B3BA812B8

Lazilion
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2009-04-17
OS : Windows 7 Home Premium 64bit

View user profile

Back to top Go down

Re: Successfully blocked access to a potentially malicious website

Post by Dr Jay on Thu Aug 02, 2012 11:39 am

ESET Online Scan

Please run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Successfully blocked access to a potentially malicious website

Post by Lazilion on Wed Aug 08, 2012 8:54 am

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1fc1483d639d484fb6112d7f809bf77b
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-31 03:56:48
# local_time=2012-08-01 01:56:48 (+1000, E. Australia Standard Time)
# country="Australia"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1024 16777215 100 0 8874188 8874188 0 0
# compatibility_mode=5893 16776574 100 94 52583391 95371652 0 0
# compatibility_mode=8192 67108863 100 0 1102 1102 0 0
# scanned=426211
# found=9
# cleaned=9
# scan_time=8405
C:\Program Files (x86)\Uninstall Information\ib_uninst_0\uninstall.exe a variant of Win32/Obfuscated.NEU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\Installer\{9c8cf76b-eb35-1c4e-2e7e-70870fe2278b}\U\00000008.@.vir Win64/Agent.BA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\Installer\{9c8cf76b-eb35-1c4e-2e7e-70870fe2278b}\U\000000cb.@.vir Win64/Conedex.B trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\Installer\{9c8cf76b-eb35-1c4e-2e7e-70870fe2278b}\U\80000000.@.vir Win64/Sirefef.AP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\Installer\{9c8cf76b-eb35-1c4e-2e7e-70870fe2278b}\U\80000032.@.vir a variant of Win32/Sirefef.FD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win64/Patched.A.Gen trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Sachin\Downloads\installer_jdownloader (1).exe Win32/Vittalia.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Sachin\Downloads\installer_jdownloader.exe Win32/Vittalia.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Sachin\Downloads\setup.exe a variant of Win32/InstallCore.AC application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Lazilion
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2009-04-17
OS : Windows 7 Home Premium 64bit

View user profile

Back to top Go down

Re: Successfully blocked access to a potentially malicious website

Post by Lazilion on Wed Aug 08, 2012 8:55 am

Actually sorry no. That was from the previous scan. No errors were detected so I'm not sure if there was a log for the scan i just conducted.

Lazilion
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2009-04-17
OS : Windows 7 Home Premium 64bit

View user profile

Back to top Go down

Re: Successfully blocked access to a potentially malicious website

Post by Dr Jay on Wed Aug 08, 2012 11:44 am

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Successfully blocked access to a potentially malicious website

Post by Lazilion on Sat Aug 11, 2012 6:13 am

The computer itself has been slightly slower and there are still messages of my antivirus blocking something whenever i use google chrome. Other than that the main problem that I've been experiencing is the speed of my computer when playing games. The frames per second has reduced to a minimum and I'm unable to play quite a few of my games. I'm not sure why this is happening but this started happening as soon as i downloaded a virus from a phising website that resembled youtube.

Thanks

Lazilion
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2009-04-17
OS : Windows 7 Home Premium 64bit

View user profile

Back to top Go down

Re: Successfully blocked access to a potentially malicious website

Post by Dr Jay on Mon Aug 13, 2012 10:36 am

Please download [You must be registered and logged in to see this link.] and run it on the computer with the issue.
  • Check the following options: Internet Services, Windows Firewall, System restore, Security Center/Action Center, Windows Update, and Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Successfully blocked access to a potentially malicious website

Post by Lazilion on Tue Aug 14, 2012 1:18 am

Farbar Service Scanner Version: 06-08-2012
Ran by Sachin (administrator) on 14-08-2012 at 11:17:23
Running from "C:\Users\Sachin\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


Action Center:
============

Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Lazilion
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2009-04-17
OS : Windows 7 Home Premium 64bit

View user profile

Back to top Go down

Re: Successfully blocked access to a potentially malicious website

Post by Dr Jay on Tue Aug 14, 2012 8:27 am

Go to Start > type in CMD and right-click on Command Prompt in the results pane and hit Run as administrator...

Type the following in Command Prompt and hit enter:

sc create BITS binpath= "c:\windows\system32\svchost.exe -k netsvcs" start= delayed-auto

Once done, tell me how it's working.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Successfully blocked access to a potentially malicious website

Post by Lazilion on Wed Aug 15, 2012 8:38 am

No it didnt make a difference. I initially typed it into run and there was no difference int the computer. I later tried it again and typed into the command prompt and it would just come up with

"[SC] OpenSCManager FAILED 5:"
"Access is denied"

Thanks

Lazilion
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2009-04-17
OS : Windows 7 Home Premium 64bit

View user profile

Back to top Go down

Re: Successfully blocked access to a potentially malicious website

Post by Dr Jay on Wed Aug 15, 2012 4:04 pm

You did "Run as administrator...", correct?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Successfully blocked access to a potentially malicious website

Post by Lazilion on Thu Aug 16, 2012 8:46 am

Yeah I just checked under user accounts and family safety. I'm definitely running as a administrator.

Lazilion
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2009-04-17
OS : Windows 7 Home Premium 64bit

View user profile

Back to top Go down

Re: Successfully blocked access to a potentially malicious website

Post by Dr Jay on Thu Aug 16, 2012 8:01 pm

That's not what that means.

In my instructions...

"right-click on Command Prompt in the results pane and hit Run as administrator..."

This is how you gain elevated system access in Windows. It is all about the new access control in Windows.

Please try again, by re-following the instructions please.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Successfully blocked access to a potentially malicious website

Post by Lazilion on Thu Aug 23, 2012 10:36 am

Sorry for the late reply. There hasn't been any difference in the performance of the computer.

Lazilion
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2009-04-17
OS : Windows 7 Home Premium 64bit

View user profile

Back to top Go down

Re: Successfully blocked access to a potentially malicious website

Post by Dr Jay on Thu Aug 23, 2012 11:24 am

That's fine and all, but is Windows Update working or not?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Successfully blocked access to a potentially malicious website

Post by Lazilion on Thu Aug 23, 2012 11:41 am

Yeah windows update is working.

Lazilion
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2009-04-17
OS : Windows 7 Home Premium 64bit

View user profile

Back to top Go down

Re: Successfully blocked access to a potentially malicious website

Post by Dr Jay on Fri Aug 24, 2012 5:28 pm

ESET Online Scan

Please run a free online scan with the [You must be registered and logged in to see this link.]

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Successfully blocked access to a potentially malicious website

Post by Lazilion on Sat Aug 25, 2012 5:24 am

The log file

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined

Lazilion
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2009-04-17
OS : Windows 7 Home Premium 64bit

View user profile

Back to top Go down

Re: Successfully blocked access to a potentially malicious website

Post by Lazilion on Sat Aug 25, 2012 12:18 pm

I was thinking of reinstalling windows. Do you think that this is a viable option or should I continue to attempt to recover the computer by other means?

Lazilion
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2009-04-17
OS : Windows 7 Home Premium 64bit

View user profile

Back to top Go down

Re: Successfully blocked access to a potentially malicious website

Post by Dr Jay on Sat Aug 25, 2012 5:59 pm

It should be in good hands without restoring the computer. We should be about done.

Please download [You must be registered and logged in to see this link.] by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


Last edited by DragonMaster Jay on Sun Aug 26, 2012 7:15 pm; edited 1 time in total


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Successfully blocked access to a potentially malicious website

Post by Lazilion on Sun Aug 26, 2012 12:53 am

# AdwCleaner v1.801 - Logfile created 08/26/2012 at 10:52:46
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Sachin - SACHIN-PC
# Boot Mode : Normal
# Running from : C:\Users\Sachin\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Sachin\AppData\Local\APN
Folder Found : C:\Users\Sachin\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Sachin\AppData\Local\Conduit
Folder Found : C:\Users\Sachin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngmmcbedgcbfghamlghhpbpifnbhhpik
Folder Found : C:\Users\Sachin\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\Sachin\AppData\LocalLow\BitTorrentBar2
Folder Found : C:\Users\Sachin\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Sachin\AppData\LocalLow\Conduit
Folder Found : C:\Users\Sachin\AppData\LocalLow\WhiteSmoke_US
Folder Found : C:\Users\Sachin\AppData\Roaming\Babylon
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\Program Files (x86)\AVG Secure Search
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\WhiteSmoke_US
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
File Found : C:\user.js

***** [Registry] *****

[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3045275
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3198785
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\PricePeep
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\Google\Chrome\Extensions\ngmmcbedgcbfghamlghhpbpifnbhhpik
Key Found : HKCU\Software\IGearSettings
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\BitTorrentBar2
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ngmmcbedgcbfghamlghhpbpifnbhhpik
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrentBar2 Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_US Toolbar
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\WhiteSmoke_US
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
[x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit
[x64] Key Found : HKCU\Software\AppDataLow\Software\PricePeep
[x64] Key Found : HKCU\Software\AppDataLow\Software\SmartBar
[x64] Key Found : HKCU\Software\AppDataLow\Toolbar
[x64] Key Found : HKCU\Software\AVG Secure Search
[x64] Key Found : HKCU\Software\Conduit
[x64] Key Found : HKCU\Software\Cr_Installer
[x64] Key Found : HKCU\Software\Google\Chrome\Extensions\ngmmcbedgcbfghamlghhpbpifnbhhpik
[x64] Key Found : HKCU\Software\IGearSettings
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
[x64] Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
[x64] Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[x64] Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[x64] Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[x64] Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{656461EF-40F6-4115-9FF1-BCED9812CCBB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{70B469C4-47B1-48BD-8149-D2749E4B8832}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E3CB8E43-F1A0-472F-9663-7D280B3219B2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8A9354E5-1832-44D0-BE1B-04C4892DC3FC}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E4F5C7C5-9B78-406F-A90F-FECC4811FF00}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{657793C0-8DEB-40F8-B7A1-B8C184DEFB30}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{19A84CDE-532D-4138-BEE1-AABE5100B782}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{656461EF-40F6-4115-9FF1-BCED9812CCBB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{70B469C4-47B1-48BD-8149-D2749E4B8832}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E3CB8E43-F1A0-472F-9663-7D280B3219B2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{656461EF-40F6-4115-9FF1-BCED9812CCBB}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{656461EF-40F6-4115-9FF1-BCED9812CCBB}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CCE665DD-F6DD-4808-968E-EAEC971F70EF}]
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = [You must be registered and logged in to see this link.] 14:02:40&v=11.1.0.12&sap=hp

-\\ Google Chrome v21.0.1180.83

File : C:\Users\Sachin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found : "description": "AVG Secure Search",
Found : "name": "AVG Secure Search",
Found : "description": "The fastest way to search the web.",
Found : "scriptable_host": [ "hxxp://*/*", "hxxp://cap1.conduit-apps.com/Apps/jdownloader/jdC[...]
Found : "matches": [ "hxxp://cap1.conduit-apps.com/Apps/jdownloader/jdController.html*", "[...]
Found : "path": "plugins/ConduitChromeApiPlugin.dll",
Found : "update_url": "hxxp://autoupdate.chromewebtb.conduit-services.com/?productId=CT304527[...]

*************************

AdwCleaner[R1].txt - [12517 octets] - [26/08/2012 10:52:46]

########## EOF - C:\AdwCleaner[R1].txt - [12646 octets] ##########

Lazilion
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2009-04-17
OS : Windows 7 Home Premium 64bit

View user profile

Back to top Go down

Re: Successfully blocked access to a potentially malicious website

Post by Dr Jay on Sun Aug 26, 2012 7:17 pm

Getting anymore alerts? How is the computer running altogether?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Successfully blocked access to a potentially malicious website

Post by Lazilion on Tue Aug 28, 2012 2:37 am

There are no more alerts and the computer is running slightly faster. In general though most of my games and programs run at the same speed as after the virus infected my computer.

Thank You

Lazilion
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2009-04-17
OS : Windows 7 Home Premium 64bit

View user profile

Back to top Go down

Re: Successfully blocked access to a potentially malicious website

Post by Dr Jay on Wed Aug 29, 2012 11:37 am

Hi! Your logs appear to be clean. If there are no more issues, then we shall clean up!

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point

  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advance System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create
Now we can purge the infected ones
  • Go back to the System and Maintenance page
  • Select Performance Information and Tools
  • On the left select Open Disk Cleanup
  • Select Files from all users and accept the warning if you get one
  • In the drop down box select your main drive i.e. C
  • For a few moments the system will make some calculations:

  • Select the More Options tab

  • In the System Restore and Shadow Backups select Clean up

  • Select Delete on the pop up
  • Select OK
  • Select Delete


Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download [You must be registered and logged in to see this link.] by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Download [You must be registered and logged in to see this link.] and save it to your Desktop - [You must be registered and logged in to see this link.]

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

* Double-click the CCleaner shortcut on the desktop to start the program.
* Click on the Options block on the left, then choose Cookies.
* Under Cookies to Delete, highlight any cookies you would like to retain permanently
* Click the right arrow > to move them to the Cookies to Keep window.
* Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
* Click Cleaner on the left then Run Cleaner on the right to run the program.
* Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Tell me in your next reply, if you have completed these tasks:
  • Cleaned System Restore
  • Ran OTC
  • Ran CCleaner
  • Ran Security Check

Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Successfully blocked access to a potentially malicious website

Post by Lazilion on Fri Aug 31, 2012 9:36 am

There's no visible change to the system.

Here's the log


Results of screen317's Security Check version 0.99.49
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG Internet Security 2012
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
AVG PC Tuneup
JavaFX 2.1.1
Java(TM) 7 Update 5
Java version out of Date!
Adobe Flash Player 11.3.300.271 Flash Player out of Date!
Adobe Reader X (10.1.4)
Google Chrome 21.0.1180.79
Google Chrome 21.0.1180.83
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Lazilion
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2009-04-17
OS : Windows 7 Home Premium 64bit

View user profile

Back to top Go down

Re: Successfully blocked access to a potentially malicious website

Post by Dr Jay on Fri Aug 31, 2012 11:47 am

What do you mean no physical change?

Adobe Flash Player Update!

Please download the newest version of Adobe Flash Player from [You must be registered and logged in to see this link.]

Before installing: it is important to remove older versions of Flash Player since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Flash Player. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.



Update Java

Please download the newest version of Java from [You must be registered and logged in to see this link.].

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

[You must be registered and logged in to see this link.]


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Successfully blocked access to a potentially malicious website

Post by Lazilion on Sun Sep 02, 2012 1:02 am

Yeah it's working much better now. There's definitely an improvement. It's still not as good as it used to be, at least I don't think it is, but it's working fine at the moment.

Thanks for all the help. You've really saved me a lot of time and effort. I'm pretty clueless about computers so it would have taken at least 6months to get it fixed. Thanks again, I really appreciate the help.

Lazilion
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2009-04-17
OS : Windows 7 Home Premium 64bit

View user profile

Back to top Go down

Re: Successfully blocked access to a potentially malicious website

Post by Dr Jay on Sun Sep 02, 2012 10:32 pm

You're welcome.

Personal Tips on Preventing Malware

See [You must be registered and logged in to see this link.] for more info about malware and prevention.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum