Jump to content

Kshitij2013

Members
  • Posts

    18
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thanx a lot sir for helping me , was there any malware in my system or there were only adwares? Also may I ask , how did you learn how to clean such systems? I am a computer science student and look forward to make a career in the field of cyber security just like you , I would be really grateful to you if you could point me in the right direction and tell me how I could gain knowledge like you . Thanx a lot sir
  2. AdwCleaner[s0].txt : # AdwCleaner v3.201 - Report created 23/04/2014 at 16:09:48 # Updated 22/04/2014 by Xplode# Operating System : Windows 8 Single Language (64 bits)# Username : Kshitij - KSHITIJ-PC# Running from : C:\Users\Kshitij\Desktop\adwcleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\windows\SysWOW64\AI_RecycleBinFile Deleted : C:\ENDFile Deleted : C:\Users\Kshitij\AppData\Roaming\Mozilla\Firefox\Profiles\3lufnsmi.default\user.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}Key Deleted : HKCU\Software\APN PIPKey Deleted : HKLM\Software\PIP ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16537 -\\ Mozilla Firefox v25.0.1 (en-US) [ File : C:\Users\Kshitij\AppData\Roaming\Mozilla\Firefox\Profiles\3lufnsmi.default\prefs.js ] -\\ Google Chrome v34.0.1847.116 [ File : C:\Users\Kshitij\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [1256 octets] - [23/04/2014 16:07:45]AdwCleaner[s0].txt - [1150 octets] - [23/04/2014 16:09:48] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1210 octets] ########## JRT.txt :~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.4 (04.06.2014:1)OS: Windows 8 Single Language x64Ran by Kshitij on 23-04-2014 at 16:14:39.88~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC} ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 23-04-2014 at 16:22:52.12End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checkup.txt: Results of screen317's Security Check version 0.99.82 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Defender WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 55 Adobe Reader XI Mozilla Firefox 25.0.1 Firefox out of Date! Google Chrome 33.0.1750.154 Google Chrome 34.0.1847.116 ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSMpEng.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe Windows Defender MsMpEng.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log``````````````````````
  3. Yes sir I completely disabled my torrent client the time I made my this thread. I feel that there has been a mistake from my side , I guess I was not able to explain you my problem properly , I should tell you what exactly happened in detail now : Before I came here for help my torrent client was open and malwarebytes was constantly blocking malicious IPs with the process name utorrent.exe , this is common because I knew that there are malicious hosts set up in the torrent network so I just ignored this.After some time I disabled my torrent client and the notifications from malwarebytes stopped and after 5 mins I got a notification saying that svchost.exe was trying to access a malicious host and I got the same notification again after 2 mins. In short it was svchost.exe that was trying to access a malicious host when utorrent.exe was completely disabled. I have completely disabled utorrent and I will not enable it until further instructed by you I have followed all your steps and here is the log of ESET online scan: C:\Users\Kshitij\Downloads\Programs\MediaInfo_GUI_0.7.67_Windows.exe Win32/OpenCandy potentially unsafe application
  4. Yes sir I do use Utorrent but I only use it to download movies or TV shows , I have never downloaded any pirated software or games through the torrent network , I am aware that hackers use these kind of networks to distribute malware so I keep myself away from pirated softwares/games all the softwares/games I have are perfectly legit , I have either bought them or they are freely available on their official websites . Also yesterday the process svchost.exe tried to access the remote ip only twice , after that I didn't get any notification from malwarebytes , that's really weird because even after restarting my laptop I didn't get any notification besides that , the scan result of malwarebytes also says that my system is clean then why was svchost.exe trying to access that remote ip? Anyway here are the logs you required : Fixlog.txt : Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-04-2014Ran by Kshitij at 2014-04-22 15:26:05 Run:1Running from C:\Users\Kshitij\DesktopBoot Mode: Normal============================================== Content of fixlist:*****************Task: {FD11945D-43C2-4FB8-8469-F066D4D52B33} - System32\Tasks\Lenovo\sysrun-27783 => C:\Users\Kshitij\AppData\Local\Temp\sysrun-27783.cmd <==== ATTENTIONTask: {FD8DDDC6-13AF-4F91-BFC7-BECFEFFB1612} - System32\Tasks\Lenovo\sysrun-3355 => C:\Users\Kshitij\AppData\Local\Temp\sysrun-3355.cmd <==== ATTENTIONTask: {0B6EAC77-267E-4E62-B8A9-A297B5FECE75} - System32\Tasks\Lenovo\sysrun-28025 => C:\Users\Kshitij\AppData\Local\Temp\sysrun-28025.cmd <==== ATTENTIONTask: {5D253B25-BC40-43D7-B79E-3FCEF8FFBDAA} - System32\Tasks\Lenovo\Lenovo-25760 => C:\ProgramData\Lenovo-25760.vbs [2013-05-11] ()CHR HKCU\...\Chrome\Extension: [ckiffeoeeefajohcpadlcdnkiahkmdfp] - C:\Users\Kshitij\AppData\Local\CRE\ckiffeoeeefajohcpadlcdnkiahkmdfp.crx [2013-05-03]CHR HKLM-x32\...\Chrome\Extension: [ckiffeoeeefajohcpadlcdnkiahkmdfp] - C:\Users\Kshitij\AppData\Local\CRE\ckiffeoeeefajohcpadlcdnkiahkmdfp.crx [2013-05-03] C:\ProgramData\Lenovo-25760.vbsC:\Users\Kshitij\jagex_cl_runescape_LIVE.datC:\Users\Kshitij\random.dat***************** HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD11945D-43C2-4FB8-8469-F066D4D52B33} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD11945D-43C2-4FB8-8469-F066D4D52B33} => Key deleted successfully.C:\Windows\System32\Tasks\Lenovo\sysrun-27783 => Moved successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\sysrun-27783 => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD8DDDC6-13AF-4F91-BFC7-BECFEFFB1612} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD8DDDC6-13AF-4F91-BFC7-BECFEFFB1612} => Key deleted successfully.C:\Windows\System32\Tasks\Lenovo\sysrun-3355 => Moved successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\sysrun-3355 => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B6EAC77-267E-4E62-B8A9-A297B5FECE75} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B6EAC77-267E-4E62-B8A9-A297B5FECE75} => Key deleted successfully.C:\Windows\System32\Tasks\Lenovo\sysrun-28025 => Moved successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\sysrun-28025 => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5D253B25-BC40-43D7-B79E-3FCEF8FFBDAA} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D253B25-BC40-43D7-B79E-3FCEF8FFBDAA} => Key deleted successfully.C:\Windows\System32\Tasks\Lenovo\Lenovo-25760 => Moved successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo-25760 => Key deleted successfully.HKCU\SOFTWARE\Google\Chrome\Extensions\ckiffeoeeefajohcpadlcdnkiahkmdfp => Key deleted successfully.C:\Users\Kshitij\AppData\Local\CRE\ckiffeoeeefajohcpadlcdnkiahkmdfp.crx => Moved successfully.HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ckiffeoeeefajohcpadlcdnkiahkmdfp => Key deleted successfully."C:\Users\Kshitij\AppData\Local\CRE\ckiffeoeeefajohcpadlcdnkiahkmdfp.crx" => File/Directory not found.C:\ProgramData\Lenovo-25760.vbs => Moved successfully.C:\Users\Kshitij\jagex_cl_runescape_LIVE.dat => Moved successfully.C:\Users\Kshitij\random.dat => Moved successfully. ==== End of Fixlog ==== Malwarebytes log:Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 22-04-2014Scan Time: 03:38:39 PMLogfile: Administrator: Yes Version: 2.00.1.1004Malware Database: v2014.04.22.02Rootkit Database: v2014.03.27.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledChameleon: Enabled OS: Windows 8CPU: x64File System: NTFSUser: Kshitij Scan Type: Threat ScanResult: CompletedObjects Scanned: 274397Time Elapsed: 10 min, 55 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledShuriken: EnabledPUP: WarnPUM: Warn Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end)
  5. Hi Marius , thanks for helping me. I did exactly as you said aswMBR.txt :- aswMBR version 0.9.9.1771 Copyright© 2011 AVAST SoftwareRun date: 2014-04-21 20:57:28-----------------------------20:57:28.448 OS Version: Windows x64 6.2.9200 20:57:28.448 Number of processors: 4 586 0x3A0920:57:28.449 ComputerName: KSHITIJ-PC UserName: Kshitij20:57:28.495 Initialze error 1 21:30:34.475 AVAST engine defs: 1404210021:39:09.289 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000003b21:39:09.291 Disk 0 Vendor: ST1000LM024_HN-M101MBB 2AR20002 Size: 953869MB BusType: 1121:39:09.317 Disk 0 MBR read successfully21:39:09.318 Disk 0 MBR scan21:39:09.323 Disk 0 unknown MBR code21:39:09.325 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 121:39:09.331 Disk 0 scanning C:\windows\system32\drivers21:39:09.333 Service scanning21:39:10.139 Modules scanning21:39:10.144 Disk 0 trace - called modules:21:39:10.153 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80056a52c0]<<sptd.sys storport.sys hal.dll iaStorA.sys 21:39:10.159 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b46060]21:39:10.164 3 CLASSPNP.SYS[fffff88000f89e0a] -> nt!IofCallDriver -> \Device\0000003b[0xfffffa80062867f0]21:39:10.173 \Driver\iaStorA[0xfffffa80061b0060] -> IRP_MJ_CREATE -> 0xfffffa80056a52c021:39:10.180 AVAST engine scan C:\windows21:39:10.185 AVAST engine scan C:\windows\system3221:39:10.190 AVAST engine scan C:\windows\system32\drivers21:39:10.194 AVAST engine scan C:\Users\Kshitij21:39:10.198 AVAST engine scan C:\ProgramData21:39:10.201 Scan finished successfully21:39:21.733 Disk 0 MBR has been saved successfully to "C:\Users\Kshitij\Desktop\MBR.dat"21:39:21.737 The log file has been saved successfully to "C:\Users\Kshitij\Desktop\aswMBR.txt"
  6. Hi! Today I got multiple notifications from malwarebytes anti-malware(premium) blocking the windows process svchost.exe from accessing the ip address 89.28.26.217 , this ip address when trace came out to be of Moldova. As per the instructions I have pasted FRST.txt and Addition.txt FRST.txt :- Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2014 02Ran by Kshitij (administrator) on KSHITIJ-PC on 21-04-2014 13:27:10Running from C:\Users\Kshitij\DesktopWindows 8 Single Language (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.wireshark.org) ==================== Restore Points ========================= 06-04-2014 08:07:18 Scheduled Checkpoint10-04-2014 07:38:32 Windows Update13-04-2014 08:20:19 Windows Update20-04-2014 13:32:33 Scheduled Checkpoint ==================== Hosts content: ========================== 2012-07-26 10:56 - 2013-11-20 08:00 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {0B6EAC77-267E-4E62-B8A9-A297B5FECE75} - System32\Tasks\Lenovo\sysrun-28025 => C:\Users\Kshitij\AppData\Local\Temp\sysrun-28025.cmd <==== ATTENTIONTask: {0BA63BBA-6DDE-4B1D-A4A8-73F5A3EFBE9D} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation)Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTaskTask: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsListTask: {403B867D-609E-4391-9902-0F8341CC149B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4008833774-2699350555-1950638099-1002Core => C:\Users\Kshitij\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-01-09] (Facebook Inc.)Task: {5D253B25-BC40-43D7-B79E-3FCEF8FFBDAA} - System32\Tasks\Lenovo\Lenovo-25760 => C:\ProgramData\Lenovo-25760.vbs [2013-05-11] ()Task: {7E80AFDD-2D62-4946-A950-58F47D19AD49} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)Task: {82EC6B04-6976-4729-816A-4E820263449A} - System32\Tasks\Auslogics\BoostSpeed\Scan and Repair => Rundll32.exe TaskSchedulerHelper.dll,RunTask "BoostSpeed.exe" "-UseTray -Schedule"Task: {A0D572F0-99F4-4B07-AECC-2E2D96445708} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [2012-09-01] (Dolby Laboratories Inc.)Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensingTask: {A7FF707F-95C5-4646-A13A-B498C1CFEF80} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4008833774-2699350555-1950638099-1002UA => C:\Users\Kshitij\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-13] (Google Inc.)Task: {BE312D34-9F75-4D97-8B29-26ED4E04F0E7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-30] (Google Inc.)Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryStateTask: {DB7829ED-0156-4E9E-9FFC-E8345BC4F318} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4008833774-2699350555-1950638099-1002UA => C:\Users\Kshitij\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-01-09] (Facebook Inc.)Task: {E6595081-A320-4466-92C9-F39659F10E30} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-03-25] (Synaptics Incorporated)Task: {E7F3AE69-7B1E-43E3-802B-7DBD82CC1A81} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-30] (Google Inc.)Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTaskTask: {EC49DB75-C0DA-4077-8AD8-8938D06ADB06} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4008833774-2699350555-1950638099-1002Core => C:\Users\Kshitij\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-13] (Google Inc.)Task: {FD11945D-43C2-4FB8-8469-F066D4D52B33} - System32\Tasks\Lenovo\sysrun-27783 => C:\Users\Kshitij\AppData\Local\Temp\sysrun-27783.cmd <==== ATTENTIONTask: {FD8DDDC6-13AF-4F91-BFC7-BECFEFFB1612} - System32\Tasks\Lenovo\sysrun-3355 => C:\Users\Kshitij\AppData\Local\Temp\sysrun-3355.cmd <==== ATTENTIONTask: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4008833774-2699350555-1950638099-1002Core.job => C:\Users\Kshitij\AppData\Local\Facebook\Update\FacebookUpdate.exeTask: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4008833774-2699350555-1950638099-1002UA.job => C:\Users\Kshitij\AppData\Local\Facebook\Update\FacebookUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4008833774-2699350555-1950638099-1002Core.job => C:\Users\Kshitij\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4008833774-2699350555-1950638099-1002UA.job => C:\Users\Kshitij\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-02-20 21:12 - 2014-02-09 00:04 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll2014-02-20 21:19 - 2014-02-08 23:12 - 00117024 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll2014-04-14 00:54 - 2014-04-14 00:54 - 00076888 _____ () C:\windows\SysWOW64\PnkBstrA.exe2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF2013-02-22 11:36 - 2012-12-13 06:08 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2012-11-01 02:34 - 2012-11-01 02:34 - 01260184 _____ () F:\VMWare9\libxml2.dll2013-05-11 05:44 - 2012-06-25 23:11 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll2014-04-10 12:32 - 2014-04-02 07:27 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll2014-04-10 12:32 - 2014-04-02 07:27 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll2014-04-10 12:32 - 2014-04-02 07:27 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll2014-02-20 21:12 - 2014-02-09 00:04 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll2014-04-10 12:32 - 2014-04-02 07:27 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll2014-04-10 12:32 - 2014-04-02 07:28 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll2014-04-10 12:32 - 2014-04-02 07:27 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Name: VMware Virtual Ethernet Adapter for VMnet1Description: VMware Virtual Ethernet Adapter for VMnet1Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: VMware, Inc.Service: VMnetAdapterProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: VMware Virtual Ethernet Adapter for VMnet8Description: VMware Virtual Ethernet Adapter for VMnet8Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: VMware, Inc.Service: VMnetAdapterProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Teredo Tunneling Pseudo-InterfaceDescription: Microsoft Teredo Tunneling AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: tunnelProblem: : This device cannot start. (Code10)Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Qualcomm Atheros AR3012 Bluetooth 4.0 + HSDescription: Qualcomm Atheros AR3012 Bluetooth 4.0 + HSClass Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}Manufacturer: Qualcomm Atheros CommunicationsService: BTHUSBProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (04/21/2014 11:15:07 AM) (Source: Application Error) (User: )Description: Faulting application name: chrome.exe, version: 34.0.1847.116, time stamp: 0x533b63bdFaulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000008Fault offset: 0x65cb4c39Faulting process id: 0xe5cFaulting application start time: 0xchrome.exe0Faulting application path: chrome.exe1Faulting module path: chrome.exe2Report Id: chrome.exe3Faulting package full name: chrome.exe4Faulting package-relative application ID: chrome.exe5 Error: (04/21/2014 06:23:14 AM) (Source: Steam Client Service) (User: )Description: Error: Failed to poke open firewall Error: (04/20/2014 08:28:08 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: )Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008] Error: (04/20/2014 07:11:54 PM) (Source: Steam Client Service) (User: )Description: Error: Failed to poke open firewall Error: (04/20/2014 01:17:28 PM) (Source: Application Error) (User: )Description: Faulting application name: GFExperience.exe, version: 11.10.11.1, time stamp: 0x52ddbf87Faulting module name: KERNELBASE.dll, version: 6.2.9200.16815, time stamp: 0x52f2c887Exception code: 0xe0434352Fault offset: 0x00010f22Faulting process id: 0xf80Faulting application start time: 0xGFExperience.exe0Faulting application path: GFExperience.exe1Faulting module path: GFExperience.exe2Report Id: GFExperience.exe3Faulting package full name: GFExperience.exe4Faulting package-relative application ID: GFExperience.exe5 Error: (04/20/2014 01:17:27 PM) (Source: .NET Runtime) (User: )Description: Application: GFExperience.exeFramework Version: v4.0.30319Description: The process was terminated due to an unhandled exception.Exception Info: System.Reflection.TargetInvocationExceptionStack: at System.RuntimeMethodHandle.InvokeMethod(System.Object, System.Object[], System.Signature, Boolean) at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(System.Object, System.Object[], System.Object[]) at System.Reflection.RuntimeMethodInfo.Invoke(System.Object, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object[], System.Globalization.CultureInfo) at GalaSoft.MvvmLight.Helpers.WeakAction`1[[system.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Execute(System.__Canon) at GalaSoft.MvvmLight.Helpers.WeakAction`1[[system.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].ExecuteWithObject(System.Object) at GalaSoft.MvvmLight.Messaging.Messenger.SendToList[[system.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon, System.Collections.Generic.IEnumerable`1<WeakActionAndToken>, System.Type, System.Object) at GalaSoft.MvvmLight.Messaging.Messenger.SendToTargetOrType[[system.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon, System.Type, System.Object) at GalaSoft.MvvmLight.Messaging.Messenger.Send[[system.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon) at GFEClientCore.EasyAPI.Updatus.DaemonNotifier.ScanCompleted() at GFEClientCore.EasyAPI.Updatus.DaemonNotifier.DaemonCallbackFunction(GFEClientCore.EasyAPI.GFE.DaemonStatus) Error: (04/20/2014 00:17:20 PM) (Source: Steam Client Service) (User: )Description: Error: Failed to poke open firewall Error: (04/20/2014 00:14:19 PM) (Source: Steam Client Service) (User: )Description: Error: Failed to poke open firewall Error: (04/20/2014 11:55:05 AM) (Source: Customer Experience Improvement Program) (User: )Description: 80070005 Error: (04/19/2014 01:08:34 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: )Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008] System errors:=============Error: (04/21/2014 06:22:17 AM) (Source: Service Control Manager) (User: )Description: The VMware Workstation Server service terminated with the following service-specific error: %%4294967295 Error: (04/16/2014 04:25:38 PM) (Source: Service Control Manager) (User: )Description: The Steam Client Service service terminated unexpectedly. It has done this 1 time(s). Error: (04/15/2014 06:27:33 PM) (Source: Service Control Manager) (User: )Description: The BitRaider Mini-Support Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (04/15/2014 11:45:08 AM) (Source: Service Control Manager) (User: )Description: The VMware Workstation Server service terminated with the following service-specific error: %%4294967295 Error: (04/13/2014 07:00:14 PM) (Source: DCOM) (User: Kshitij-PC)Description: App.AppX3kc2rkcysz3hxzhmjnfcm5yvfpxveqm7.mca Error: (04/13/2014 07:00:14 PM) (Source: DCOM) (User: Kshitij-PC)Description: App.AppX98wb6g77tn4g47pmhnngvex75z63bw5e.mca Error: (04/13/2014 07:00:14 PM) (Source: DCOM) (User: Kshitij-PC)Description: App.AppX1222w7mnscdhak8wye3bynztq2t5x6q9.mca Error: (04/13/2014 07:00:14 PM) (Source: DCOM) (User: Kshitij-PC)Description: App.AppX6v65ke6xy52mzp48tbdgqddy15h0mcbk.mca Error: (04/13/2014 07:00:14 PM) (Source: DCOM) (User: Kshitij-PC)Description: App.AppX98wb6g77tn4g47pmhnngvex75z63bw5e.mca Error: (04/11/2014 00:00:24 PM) (Source: Service Control Manager) (User: )Description: The Software Protection service failed to start due to the following error: %%1053 Microsoft Office Sessions:=========================Error: (04/21/2014 11:15:07 AM) (Source: Application Error)(User: )Description: chrome.exe34.0.1847.116533b63bdunknown0.0.0.000000000c000000865cb4c39e5c01cf5d24d7f982afC:\Program Files (x86)\Google\Chrome\Application\chrome.exeunknown17a86f22-c918-11e3-bfa8-20898496b1e2 Error: (04/21/2014 06:23:14 AM) (Source: Steam Client Service)(User: )Description: Failed to poke open firewall Error: (04/20/2014 08:28:08 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe)(User: )Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008] Error: (04/20/2014 07:11:54 PM) (Source: Steam Client Service)(User: )Description: Failed to poke open firewall Error: (04/20/2014 01:17:28 PM) (Source: Application Error)(User: )Description: GFExperience.exe11.10.11.152ddbf87KERNELBASE.dll6.2.9200.1681552f2c887e043435200010f22f8001cf5c6c949e6694C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exeC:\windows\SYSTEM32\KERNELBASE.dll049f5c2d-c860-11e3-bfa7-20898496b1e2 Error: (04/20/2014 01:17:27 PM) (Source: .NET Runtime)(User: )Description: Application: GFExperience.exeFramework Version: v4.0.30319Description: The process was terminated due to an unhandled exception.Exception Info: System.Reflection.TargetInvocationExceptionStack: at System.RuntimeMethodHandle.InvokeMethod(System.Object, System.Object[], System.Signature, Boolean) at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(System.Object, System.Object[], System.Object[]) at System.Reflection.RuntimeMethodInfo.Invoke(System.Object, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object[], System.Globalization.CultureInfo) at GalaSoft.MvvmLight.Helpers.WeakAction`1[[system.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Execute(System.__Canon) at GalaSoft.MvvmLight.Helpers.WeakAction`1[[system.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].ExecuteWithObject(System.Object) at GalaSoft.MvvmLight.Messaging.Messenger.SendToList[[system.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon, System.Collections.Generic.IEnumerable`1<WeakActionAndToken>, System.Type, System.Object) at GalaSoft.MvvmLight.Messaging.Messenger.SendToTargetOrType[[system.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon, System.Type, System.Object) at GalaSoft.MvvmLight.Messaging.Messenger.Send[[system.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon) at GFEClientCore.EasyAPI.Updatus.DaemonNotifier.ScanCompleted() at GFEClientCore.EasyAPI.Updatus.DaemonNotifier.DaemonCallbackFunction(GFEClientCore.EasyAPI.GFE.DaemonStatus) Error: (04/20/2014 00:17:20 PM) (Source: Steam Client Service)(User: )Description: Failed to poke open firewall Error: (04/20/2014 00:14:19 PM) (Source: Steam Client Service)(User: )Description: Failed to poke open firewall Error: (04/20/2014 11:55:05 AM) (Source: Customer Experience Improvement Program)(User: )Description: 80070005 Error: (04/19/2014 01:08:34 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe)(User: )Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008] CodeIntegrity Errors:=================================== Date: 2014-04-20 03:25:23.461 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-20 03:25:16.221 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-20 03:25:08.916 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-20 03:25:04.027 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-20 03:24:49.633 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-20 03:24:42.624 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-20 03:24:36.367 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-20 03:24:29.714 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-20 03:24:23.317 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-20 03:24:16.630 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 32%Total physical RAM: 5999.52 MBAvailable physical RAM: 4039.57 MBTotal Pagefile: 6959.52 MBAvailable Pagefile: 4821.76 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.79 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:442.98 GB) (Free:349.54 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.22 GB) NTFSDrive f: (MyDrive) (Fixed) (Total:441.2 GB) (Free:247.07 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 932 GB) (Disk ID: C9B798BE) Partition: GPT Partition Type. ==================== End Of Log ============================
  7. Thank you sir! I hope someday I become as knowledgeable as you
  8. Thanks a lot sir for helping me remove malwares , everything seems fine now but since the time I started having problems one question always intrigued me , actually I am a computer science student and I have a lot of interest in the field of information security and plan to make a future in it , so I try to stay in touch with all this stuff and also follow all the protection recommendations that you told me on a daily basis , I use all legitimate softwares and games , all the softwares and games that I have are either freely available on their official websites or I have bought them , then how did I get infected by those malwares? If I am not wrong one of the malwares that MBAM detected was made through the DarkComet RAT and the other was part of the zeus botnet. I really dont understand how I can get such malwares even after taking so many precautions , is there any way I can find the answer to this? Thanks a lot!
  9. AdwCleaner[s1].txt :- # AdwCleaner v3.012 - Report created 21/11/2013 at 13:44:09# Updated 11/11/2013 by Xplode# Operating System : Windows 8 Single Language (64 bits)# Username : Kshitij - KSHITIJ-PC# Running from : C:\Users\Kshitij\Downloads\Programs\adwcleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16537 -\\ Mozilla Firefox v25.0.1 (en-US) [ File : C:\Users\Kshitij\AppData\Roaming\Mozilla\Firefox\Profiles\3lufnsmi.default\prefs.js ] -\\ Google Chrome v31.0.1650.57 [ File : C:\Users\Kshitij\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [2063 octets] - [19/11/2013 18:39:35]AdwCleaner[R1].txt - [1027 octets] - [21/11/2013 13:41:43]AdwCleaner[R2].txt - [1088 octets] - [21/11/2013 13:42:55]AdwCleaner[s0].txt - [2133 octets] - [19/11/2013 18:46:12]AdwCleaner[s1].txt - [1010 octets] - [21/11/2013 13:44:09] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1070 octets] ########## Checkup.txt :- Results of screen317's Security Check version 0.99.77 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Defender WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 45 Adobe Reader XI Mozilla Firefox (25.0.1) Google Chrome 31.0.1650.48 Google Chrome 31.0.1650.57 ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSMpEng.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe Windows Defender MsMpEng.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Thanks!
  10. ESET online scan: C:\Users\Kshitij\Downloads\Programs\FFSetup3.1.1.0.exe multiple threats
  11. Combofix.txt :- ComboFix 13-11-19.01 - Kshitij 20-11-2013 15:30:55.3.4 - x64Microsoft Windows 8 Single Language 6.2.9200.0.1252.91.1033.18.6000.4764 [GMT 5.5:30]Running from: c:\users\Kshitij\Desktop\ComboFix.exeCommand switches used :: c:\users\Kshitij\Desktop\CFScript.txtAV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2013-10-20 to 2013-11-20 )))))))))))))))))))))))))))))))..2013-11-20 10:07 . 2013-11-20 10:07 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2013-11-20 10:07 . 2013-11-20 10:07 -------- d-----w- c:\users\Default\AppData\Local\temp2013-11-19 14:18 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DDB940B6-2C23-402C-A96B-53F0C18D87FE}\mpengine.dll2013-11-19 13:09 . 2013-11-19 13:09 -------- d-----w- c:\users\Kshitij\AppData\Roaming\dmplogs2013-11-19 13:05 . 2013-11-19 13:16 -------- d-----w- C:\AdwCleaner2013-11-19 13:04 . 2013-11-19 13:04 -------- d-----w- c:\users\ADMINI~12013-11-19 12:59 . 2013-11-19 12:59 -------- d-sh--w- c:\users\Kshitij\AppData\Roaming\msgr2013-11-19 10:41 . 2013-11-19 10:41 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service2013-11-17 22:34 . 2013-11-17 22:34 -------- d-----w- c:\users\Kshitij\AppData\Roaming\.mono2013-11-17 22:34 . 2013-11-17 22:34 -------- d-----w- c:\users\Kshitij\AppData\Local\UWebKit2013-11-16 22:35 . 2013-11-16 22:35 -------- d-----w- c:\users\Kshitij\AppData\Roaming\openvr2013-11-14 06:01 . 2013-11-14 06:01 300720 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10225.bin2013-11-13 22:55 . 2013-08-23 07:22 2062848 ----a-w- c:\windows\system32\d3d11.dll2013-11-13 22:55 . 2013-08-23 01:44 1711616 ----a-w- c:\windows\SysWow64\d3d11.dll2013-11-13 22:55 . 2013-10-01 23:37 2035712 ----a-w- c:\windows\SysWow64\authui.dll2013-11-13 22:55 . 2013-10-01 23:26 2304512 ----a-w- c:\windows\system32\authui.dll2013-11-13 22:18 . 2013-10-01 23:37 1569280 ----a-w- c:\windows\SysWow64\crypt32.dll2013-11-13 15:59 . 2013-11-13 15:59 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex02013-11-13 15:58 . 2013-11-13 15:58 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard2013-11-09 05:08 . 2013-11-07 23:41 174968 ----a-w- c:\windows\system32\drivers\idmwfp.sys2013-11-01 22:23 . 2013-11-02 09:12 -------- d-----w- c:\program files (x86)\Desktop Screen Record 52013-10-26 05:31 . 2013-10-26 05:31 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services2013-10-26 05:30 . 2013-10-26 05:30 -------- d-----w- c:\windows\PCHEALTH2013-10-26 05:30 . 2013-10-26 05:30 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework2013-10-26 05:30 . 2013-10-26 05:30 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition2013-10-26 05:29 . 2013-10-26 05:29 -------- d-----w- c:\program files\Microsoft Office2013-10-26 05:29 . 2013-10-26 05:29 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services2013-10-26 05:28 . 2013-10-26 05:28 -------- d-----r- C:\MSOCache...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-11-15 14:37 . 2013-07-03 05:34 82896128 ----a-w- c:\windows\system32\MRT.exe2013-11-05 22:58 . 2013-09-13 11:39 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-10-08 02:20 . 2013-10-17 21:56 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-09-11 11:52 . 2013-06-30 21:14 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin2013-09-07 09:57 . 2013-09-05 23:30 56072 ----a-w- c:\windows\system32\certsentry.dll2013-08-31 19:30 . 2013-06-30 21:14 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin2013-08-23 05:11 . 2013-10-09 11:51 4040192 ----a-w- c:\windows\system32\win32k.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2013-10-16 759496]"IDMan"="f:\program files (x86)\Internet Download Manager\IDMan.exe" [2013-11-08 3825232]"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-10-30 1820584]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-07-25 20684656]"uTorrent"="c:\users\Kshitij\AppData\Roaming\uTorrent\uTorrent.exe" [2013-09-29 1130576].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2012-04-19 217088]"vmware-tray.exe"="f:\vmware9\vmware-tray.exe" [2012-10-31 104088]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"EnableUIADesktopToggle"= 0 (0x0)"EnableCursorSuppression"= 1 (0x1)"ConsentPromptBehaviorUser"= 3 (0x3)"DisableCAD"= 1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1)"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\progra~2\NVIDIA~1\NVSTRE~1\rxinput.dll.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R2 VMwareHostd;VMware Workstation Server;f:\vmware9\vmware-hostd.exe;f:\vmware9\vmware-hostd.exe [x]R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]R3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]R3 OracleDBConsoleKSHITIJ;OracleDBConsoleKSHITIJ;f:\app\Kshitij\product\11.2.0\dbhome_1\bin\nmesrvc.exe;f:\app\Kshitij\product\11.2.0\dbhome_1\bin\nmesrvc.exe [x]R3 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;f:\app\Kshitij\product\11.2.0\dbhome_1\BIN\TNSLSNR ;f:\app\Kshitij\product\11.2.0\dbhome_1\BIN\TNSLSNR [x]R3 OracleServiceKSHITIJ;OracleServiceKSHITIJ;f:\app\kshitij\product\11.2.0\dbhome_1\bin\ORACLE.EXE KSHITIJ;f:\app\kshitij\product\11.2.0\dbhome_1\bin\ORACLE.EXE KSHITIJ [x]R3 OracleVssWriterKSHITIJ;Oracle KSHITIJ VSS Writer Service;f:\app\kshitij\product\11.2.0\dbhome_1\bin\OraVSSW.exe KSHITIJ;f:\app\kshitij\product\11.2.0\dbhome_1\bin\OraVSSW.exe KSHITIJ [x]R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\System32\drivers\wdcsam64.sys;c:\windows\SYSNATIVE\drivers\wdcsam64.sys [x]R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]R4 OracleJobSchedulerKSHITIJ;OracleJobSchedulerKSHITIJ;f:\app\kshitij\product\11.2.0\dbhome_1\Bin\extjob.exe KSHITIJ;f:\app\kshitij\product\11.2.0\dbhome_1\Bin\extjob.exe KSHITIJ [x]R4 OracleOraDb11g_home1ClrAgent;OracleOraDb11g_home1ClrAgent;f:\app\Kshitij\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe;f:\app\Kshitij\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe [x]S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]S0 vmci;VMware VMCI Bus Driver;c:\windows\System32\drivers\vmci.sys;c:\windows\SYSNATIVE\drivers\vmci.sys [x]S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]S2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [x]S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys;SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]S2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\System32\drivers\AcpiVpc.sys;c:\windows\SYSNATIVE\drivers\AcpiVpc.sys [x]S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]S3 rtsuvc;Lenovo EasyCamera;c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-11-14 23:13 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]2013-09-05 14:04 215416 ----a-w- c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll.Contents of the 'Scheduled Tasks' folder.2013-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-30 07:25].2013-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-30 07:25].2013-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4008833774-2699350555-1950638099-1002Core.job- c:\users\Kshitij\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-30 00:00].2013-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4008833774-2699350555-1950638099-1002UA.job- c:\users\Kshitij\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-30 00:00]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]2012-11-15 23:07 23496 ----a-w- f:\program files (x86)\Internet Download Manager\IDMShellExt64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]@="{A759AFF6-5851-457D-A540-F4ECED148351}"[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-19 172168]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-19 400008]"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-19 441992]"RtsFT"="RTFTrack.exe" [2012-10-17 6334096]"SynLenovoGestureMgr"="c:\program files (x86)\Synaptics\SynTP\SynLenovoGestureMgr.exe" [bU]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-12-07 13262480]"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-12-03 1256080]"OnekeyStudio"="c:\program files\Lenovo\Onekey Theater\OnekeyStudio.exe" [2012-09-14 4196432]"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2013-05-11 17080376]"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2013-05-11 191544]"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 3933496]"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-07-27 1028896].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\progra~1\NVIDIA~1\NVSTRE~1\rxinput.dll.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmIE: Download all links with IDM - f:\program files (x86)\Internet Download Manager\IEGetAll.htmIE: Download with IDM - f:\program files (x86)\Internet Download Manager\IEExt.htmIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105LSP: %windir%\system32\vsocklib.dllTCP: DhcpNameServer = 192.168.1.1DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} - FF - ProfilePath - c:\users\Kshitij\AppData\Roaming\Mozilla\Firefox\Profiles\3lufnsmi.default\FF - ExtSQL: 2013-10-31 06:33; mozilla_cc@internetdownloadmanager.com; c:\users\Kshitij\AppData\Roaming\IDM\idmmzcc5.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\OracleOraDb11g_home1ClrAgent]"ImagePath"="f:\app\Kshitij\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe agent_sid=CLRExtProc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 ENVS=\"EXTPROC_DLLS=ONLY:f:\app\Kshitij\product\11.2.0\dbhome_1\bin\oraclr11.dll\"".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\OracleOraDb11g_home1TNSListener]"ImagePath"="f:\app\Kshitij\product\11.2.0\dbhome_1\BIN\TNSLSNR ".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone)@SACL=(02 0000).Completion time: 2013-11-20 15:39:29ComboFix-quarantined-files.txt 2013-11-20 10:09ComboFix2.txt 2013-11-20 02:45ComboFix3.txt 2013-11-20 02:35.Pre-Run: 403,791,941,632 bytes freePost-Run: 403,575,386,112 bytes free.- - End Of File - - 03385C7A5E950FB4F72835AACC7F127E ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ mbam-log-2013-11-20 (15-40-59).txt :- Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.org Database version: v2013.11.20.06 Windows 8 x64 NTFSInternet Explorer 10.0.9200.16736Kshitij :: KSHITIJ-PC [administrator] Protection: Disabled 20-11-2013 03:40:59 PMmbam-log-2013-11-20 (15-40-59).txt Scan type: Full scan (C:\|D:\|E:\|F:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2PScan options disabled: Objects scanned: 498852Time elapsed: 1 hour(s), 6 minute(s), 17 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 2C:\Qoobox\Quarantine\C\Users\Kshitij\AppData\Roaming\Microsoft\fsfg.exe.vir (Backdoor.DarkKomet) -> Quarantined and deleted successfully.C:\Users\Kshitij\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3IWWHYDG\bit[1].exe (Trojan.Zbot.EDFV) -> Quarantined and deleted successfully. (end)
  12. I have submitted the file. Is that file infected? Should I delete it? Plz answer my questions.....
  13. Here is the combofix log file: ComboFix 13-11-19.01 - Kshitij 20-11-2013 8:09.2.4 - x64Microsoft Windows 8 Single Language 6.2.9200.0.1252.91.1033.18.6000.4511 [GMT 5.5:30]Running from: c:\users\Kshitij\Desktop\ComboFix.exeAV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2013-10-20 to 2013-11-20 )))))))))))))))))))))))))))))))..2013-11-20 02:44 . 2013-11-20 02:44 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2013-11-20 02:44 . 2013-11-20 02:44 -------- d-----w- c:\users\Default\AppData\Local\temp2013-11-19 14:18 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DDB940B6-2C23-402C-A96B-53F0C18D87FE}\mpengine.dll2013-11-19 13:09 . 2013-11-19 13:09 -------- d-----w- c:\users\Kshitij\AppData\Roaming\dmplogs2013-11-19 13:05 . 2013-11-19 13:16 -------- d-----w- C:\AdwCleaner2013-11-19 13:04 . 2013-11-19 13:04 -------- d-----w- c:\users\ADMINI~12013-11-19 12:59 . 2013-11-19 12:59 -------- d-sh--w- c:\users\Kshitij\AppData\Roaming\msgr2013-11-19 10:41 . 2013-11-19 10:41 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service2013-11-17 22:34 . 2013-11-17 22:34 -------- d-----w- c:\users\Kshitij\AppData\Roaming\.mono2013-11-17 22:34 . 2013-11-17 22:34 -------- d-----w- c:\users\Kshitij\AppData\Local\UWebKit2013-11-16 22:35 . 2013-11-16 22:35 -------- d-----w- c:\users\Kshitij\AppData\Roaming\openvr2013-11-14 06:01 . 2013-11-14 06:01 300720 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10225.bin2013-11-13 22:55 . 2013-08-23 07:22 2062848 ----a-w- c:\windows\system32\d3d11.dll2013-11-13 22:55 . 2013-08-23 01:44 1711616 ----a-w- c:\windows\SysWow64\d3d11.dll2013-11-13 22:55 . 2013-10-01 23:37 2035712 ----a-w- c:\windows\SysWow64\authui.dll2013-11-13 22:55 . 2013-10-01 23:26 2304512 ----a-w- c:\windows\system32\authui.dll2013-11-13 22:18 . 2013-10-01 23:37 1569280 ----a-w- c:\windows\SysWow64\crypt32.dll2013-11-13 15:59 . 2013-11-13 15:59 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex02013-11-13 15:58 . 2013-11-13 15:58 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard2013-11-09 05:08 . 2013-11-07 23:41 174968 ----a-w- c:\windows\system32\drivers\idmwfp.sys2013-11-01 22:23 . 2013-11-02 09:12 -------- d-----w- c:\program files (x86)\Desktop Screen Record 52013-10-26 05:31 . 2013-10-26 05:31 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services2013-10-26 05:30 . 2013-10-26 05:30 -------- d-----w- c:\windows\PCHEALTH2013-10-26 05:30 . 2013-10-26 05:30 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework2013-10-26 05:30 . 2013-10-26 05:30 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition2013-10-26 05:29 . 2013-10-26 05:29 -------- d-----w- c:\program files\Microsoft Office2013-10-26 05:29 . 2013-10-26 05:29 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services2013-10-26 05:28 . 2013-10-26 05:28 -------- d-----r- C:\MSOCache...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-11-15 14:37 . 2013-07-03 05:34 82896128 ----a-w- c:\windows\system32\MRT.exe2013-11-05 22:58 . 2013-09-13 11:39 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-10-08 02:20 . 2013-10-17 21:56 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-09-11 11:52 . 2013-06-30 21:14 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin2013-09-07 09:57 . 2013-09-05 23:30 56072 ----a-w- c:\windows\system32\certsentry.dll2013-08-31 19:30 . 2013-06-30 21:14 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin2013-08-23 05:11 . 2013-10-09 11:51 4040192 ----a-w- c:\windows\system32\win32k.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2013-10-16 759496]"IDMan"="f:\program files (x86)\Internet Download Manager\IDMan.exe" [2013-11-08 3825232]"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-10-30 1820584]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-07-25 20684656]"uTorrent"="c:\users\Kshitij\AppData\Roaming\uTorrent\uTorrent.exe" [2013-09-29 1130576].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2012-04-19 217088]"vmware-tray.exe"="f:\vmware9\vmware-tray.exe" [2012-10-31 104088]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"EnableUIADesktopToggle"= 0 (0x0)"EnableCursorSuppression"= 1 (0x1)"ConsentPromptBehaviorUser"= 3 (0x3)"DisableCAD"= 1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1)"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\progra~2\NVIDIA~1\NVSTRE~1\rxinput.dll.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R2 VMwareHostd;VMware Workstation Server;f:\vmware9\vmware-hostd.exe;f:\vmware9\vmware-hostd.exe [x]R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]R3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]R3 OracleDBConsoleKSHITIJ;OracleDBConsoleKSHITIJ;f:\app\Kshitij\product\11.2.0\dbhome_1\bin\nmesrvc.exe;f:\app\Kshitij\product\11.2.0\dbhome_1\bin\nmesrvc.exe [x]R3 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;f:\app\Kshitij\product\11.2.0\dbhome_1\BIN\TNSLSNR ;f:\app\Kshitij\product\11.2.0\dbhome_1\BIN\TNSLSNR [x]R3 OracleServiceKSHITIJ;OracleServiceKSHITIJ;f:\app\kshitij\product\11.2.0\dbhome_1\bin\ORACLE.EXE KSHITIJ;f:\app\kshitij\product\11.2.0\dbhome_1\bin\ORACLE.EXE KSHITIJ [x]R3 OracleVssWriterKSHITIJ;Oracle KSHITIJ VSS Writer Service;f:\app\kshitij\product\11.2.0\dbhome_1\bin\OraVSSW.exe KSHITIJ;f:\app\kshitij\product\11.2.0\dbhome_1\bin\OraVSSW.exe KSHITIJ [x]R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\System32\drivers\wdcsam64.sys;c:\windows\SYSNATIVE\drivers\wdcsam64.sys [x]R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]R4 OracleJobSchedulerKSHITIJ;OracleJobSchedulerKSHITIJ;f:\app\kshitij\product\11.2.0\dbhome_1\Bin\extjob.exe KSHITIJ;f:\app\kshitij\product\11.2.0\dbhome_1\Bin\extjob.exe KSHITIJ [x]R4 OracleOraDb11g_home1ClrAgent;OracleOraDb11g_home1ClrAgent;f:\app\Kshitij\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe;f:\app\Kshitij\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe [x]S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]S0 vmci;VMware VMCI Bus Driver;c:\windows\System32\drivers\vmci.sys;c:\windows\SYSNATIVE\drivers\vmci.sys [x]S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]S2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [x]S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys;SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]S2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\System32\drivers\AcpiVpc.sys;c:\windows\SYSNATIVE\drivers\AcpiVpc.sys [x]S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]S3 rtsuvc;Lenovo EasyCamera;c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-11-14 23:13 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]2013-09-05 14:04 215416 ----a-w- c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll.Contents of the 'Scheduled Tasks' folder.2013-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-30 07:25].2013-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-30 07:25].2013-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4008833774-2699350555-1950638099-1002Core.job- c:\users\Kshitij\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-30 00:00].2013-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4008833774-2699350555-1950638099-1002UA.job- c:\users\Kshitij\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-30 00:00]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]2012-11-15 23:07 23496 ----a-w- f:\program files (x86)\Internet Download Manager\IDMShellExt64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]@="{A759AFF6-5851-457D-A540-F4ECED148351}"[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-19 172168]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-19 400008]"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-19 441992]"RtsFT"="RTFTrack.exe" [2012-10-17 6334096]"SynLenovoGestureMgr"="c:\program files (x86)\Synaptics\SynTP\SynLenovoGestureMgr.exe" [bU]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-12-07 13262480]"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-12-03 1256080]"OnekeyStudio"="c:\program files\Lenovo\Onekey Theater\OnekeyStudio.exe" [2012-09-14 4196432]"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2013-05-11 17080376]"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2013-05-11 191544]"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 3933496]"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-07-27 1028896].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\progra~1\NVIDIA~1\NVSTRE~1\rxinput.dll.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmIE: Download all links with IDM - f:\program files (x86)\Internet Download Manager\IEGetAll.htmIE: Download with IDM - f:\program files (x86)\Internet Download Manager\IEExt.htmIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105LSP: %windir%\system32\vsocklib.dllTCP: DhcpNameServer = 192.168.1.1DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} - FF - ProfilePath - c:\users\Kshitij\AppData\Roaming\Mozilla\Firefox\Profiles\3lufnsmi.default\FF - ExtSQL: 2013-10-31 06:33; mozilla_cc@internetdownloadmanager.com; c:\users\Kshitij\AppData\Roaming\IDM\idmmzcc5..------- File Associations -------.vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*jsefile\shell\open2\command=c:\windows\System32\CScript.exe "%1" %*.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\OracleOraDb11g_home1ClrAgent]"ImagePath"="f:\app\Kshitij\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe agent_sid=CLRExtProc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 ENVS=\"EXTPROC_DLLS=ONLY:f:\app\Kshitij\product\11.2.0\dbhome_1\bin\oraclr11.dll\"".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\OracleOraDb11g_home1TNSListener]"ImagePath"="f:\app\Kshitij\product\11.2.0\dbhome_1\BIN\TNSLSNR ".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-4008833774-2699350555-1950638099-1002_Classes\Wow6432Node\CLSID\{2bc16b7c-1192-4ad4-b547-532b3ed7eec2}]@Denied: (Full) (Everyone)@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (S-1-15-2-1)"Model"=dword:00000100"Therad"=dword:00000007"MData"=hex(0):11,60,01,95,5a,2a,a3,31,9b,28,e7,61,46,3c,fe,9b,00,62,82,78,3b, 9f,1f,90,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\.[HKEY_USERS\S-1-5-21-4008833774-2699350555-1950638099-1002_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]@Denied: (Full) (Everyone)"scansk"=hex(0):da,77,1c,11,be,13,98,f8,4c,85,72,c9,2f,d9,30,a6,20,d6,37,54,a7, 59,54,29,bc,79,52,ab,5e,c1,75,5e,ae,d6,f1,02,35,54,af,cf,00,00,00,00,00,00,\.[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone)@SACL=(02 0000).Completion time: 2013-11-20 08:15:36ComboFix-quarantined-files.txt 2013-11-20 02:45ComboFix2.txt 2013-11-20 02:35.Pre-Run: 403,970,285,568 bytes freePost-Run: 403,893,428,224 bytes free.- - End Of File - - 62B40FD2AF94B1569FCD069F7497931A -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.