Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Removing help of virus "gesellschaft zur verfügung von urheberrechtsverletzungen"
Message
<blockquote data-quote="ashash" data-source="post: 117263" data-attributes="member: 7542"><p>Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-04-2013 (ATTENTION: FRST version is 8 days old)</p><p>Ran by SYSTEM at 19-04-2013 16:32:23</p><p>Running from G:\</p><p>Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) </p><p>The current controlset is ControlSet001</p><p></p><p>==================== Registry (Whitelisted) ===================</p><p></p><p>HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1933584 2010-12-17] (Intel(R) Corporation)</p><p>HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10228224 2010-11-03] (Intel Corporation)</p><p>HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3666800 2011-01-21] (Dell Inc.)</p><p>HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [524800 2010-11-18] (IDT, Inc.)</p><p>HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [483424 2012-02-01] ()</p><p>HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)</p><p>HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1527896 2012-06-21] (McAfee, Inc.)</p><p>HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)</p><p>HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [487562 2010-08-19] (Creative Technology Ltd)</p><p>HKLM-x32\...\Run: [Wipro] "C:\Program Files\Settings\WiproRunReg.vbs" [595 2010-05-07] ()</p><p>HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2012-06-28] (Nullsoft, Inc.)</p><p>HKLM-x32\...\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768 2012-08-15] (SweetIM Technologies Ltd.)</p><p>HKLM-x32\...\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.)</p><p>HKLM-x32\...\Run: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)</p><p>HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)</p><p>HKLM-x32\...\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()</p><p>HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)</p><p>HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)</p><p>HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35768 2012-07-27] (Adobe Systems Incorporated)</p><p>HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)</p><p>HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [2835443 2012-02-01] ()</p><p>HKU\Sanchit\...\Run: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2644992 2011-06-13] (Veoh Networks)</p><p>HKU\Sanchit\...\Run: [SmartVoip] "C:\Program Files (x86)\SmartVoip.com\SmartVoip\smartvoip.exe" -nosplash -minimized [19071960 2013-02-06] (SmartVoip)</p><p>HKU\Sanchit\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.)</p><p>HKU\Sanchit\...\Run: [Messenger (Yahoo!)] ~"C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet [5252408 2010-06-01] (Yahoo! Inc.)</p><p>HKU\Sanchit\...\Run: [Google Update] "C:\Users\Sanchit\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-06-15] (Google Inc.)</p><p>HKU\Sanchit\...\Run: [Facebook Update] "C:\Users\Sanchit\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)</p><p>HKU\Sanchit\...\Winlogon: [Shell] C:\Users\Sanchit\AppData\Roaming\mcafee.ini,explorer.exe</p><p>HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-13] (Dell)</p><p>Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk</p><p>ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.0.189\SSScheduler.exe (McAfee, Inc.)</p><p>Startup: C:\ProgramData\Start Menu\Programs\Startup\Monitor Apache Servers.lnk</p><p>ShortcutTarget: Monitor Apache Servers.lnk -> C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe (Apache Software Foundation)</p><p></p><p>==================== Services (Whitelisted) ===================</p><p></p><p>4 Apache2.2; "C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice [20549 2012-01-28] (Apache Software Foundation)</p><p>4 BrlAPI; C:\cygwin\bin\cygrunsrv.exe [68096 2008-03-18] ()</p><p>4 Giraffic; C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service [2232504 2012-07-02] (Giraffic)</p><p>4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-04-09] (SurfRight B.V.)</p><p>4 McAWFwk; C:\PROGRA~1\mcafee\msc\mcawfwk.exe [220528 2010-08-30] (McAfee, Inc.)</p><p>4 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe" [227232 2010-09-02] (McAfee, Inc.)</p><p>2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-10] (McAfee, Inc.)</p><p>4 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-10] (McAfee, Inc.)</p><p>4 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-10] (McAfee, Inc.)</p><p>4 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-10] (McAfee, Inc.)</p><p>4 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [383608 2012-08-24] (McAfee, Inc.)</p><p>4 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-10] (McAfee, Inc.)</p><p>4 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-10] (McAfee, Inc.)</p><p>2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [237920 2012-06-22] (McAfee, Inc.)</p><p>2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [218320 2012-06-22] (McAfee, Inc.)</p><p>2 mfevtp; "C:\Windows\system32\mfevtps.exe" [177144 2012-06-22] (McAfee, Inc.)</p><p>4 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-10] (McAfee, Inc.)</p><p>4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()</p><p></p><p>==================== Drivers (Whitelisted) =====================</p><p></p><p>3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [69672 2012-06-22] (McAfee, Inc.)</p><p>3 HipShieldK; C:\Windows\System32\Drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)</p><p>3 hitmanpro37; C:\Windows\System32\Drivers\hitmanpro37.sys [32152 2013-04-09] ()</p><p>3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [169320 2012-06-22] (McAfee, Inc.)</p><p>3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [300392 2012-06-22] (McAfee, Inc.)</p><p>3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [513456 2012-06-22] (McAfee, Inc.)</p><p>0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [752672 2012-06-22] (McAfee, Inc.)</p><p>3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [106112 2012-06-22] (McAfee, Inc.)</p><p>0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [335784 2012-06-22] (McAfee, Inc.)</p><p>4 mysql; "C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld" --defaults-file="C:\ProgramData\MySQL\MySQL Server 5.5\my.ini" mysql [9171 2012-02-27] ()</p><p>1 NEOFLTR_719_20893; C:\Windows\System32\Drivers\NEOFLTR_719_20893.sys [99152 2012-05-04] (Juniper Networks)</p><p>3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [x]</p><p>3 mfeavfk01; [x]</p><p>3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]</p><p></p><p>==================== NetSvcs (Whitelisted) ====================</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>2013-04-18 03:29 - 2013-04-18 03:29 - 00009216 ____N C:\bootex.log</p><p>2013-04-17 06:41 - 2013-04-17 06:41 - 00000000 ____D C:\FRST</p><p>2013-04-10 07:01 - 2013-04-14 03:22 - 00000000 ____D C:\Windows\pss</p><p>2013-04-09 14:50 - 2013-04-14 03:33 - 00001823 ____A C:\Users\Public\Desktop\HitmanPro.lnk</p><p>2013-04-09 14:50 - 2013-04-14 03:33 - 00001823 ____A C:\ProgramData\Desktop\HitmanPro.lnk</p><p>2013-04-09 14:50 - 2013-04-09 14:50 - 00032152 ____A C:\Windows\System32\Drivers\hitmanpro37.sys</p><p>2013-04-09 14:50 - 2013-04-09 14:50 - 00000000 ____D C:\Program Files\HitmanPro</p><p>2013-04-09 14:49 - 2013-04-09 14:49 - 00000000 ____D C:\ProgramData\HitmanPro</p><p>2013-04-09 14:49 - 2013-04-09 14:49 - 00000000 ____D C:\ProgramData\Application Data\HitmanPro</p><p>2013-04-09 14:11 - 2013-04-09 14:11 - 00000000 __SHD C:\found.001</p><p>2013-04-09 13:41 - 2013-04-09 13:42 - 09741664 ____A (SurfRight B.V.) C:\Users\Sanchit\Downloads\HitmanPro_x64.exe</p><p>2013-04-09 03:40 - 2013-04-09 03:40 - 00010184 ____N C:\bootsqm.dat</p><p>2013-04-09 03:37 - 2013-04-09 03:37 - 00000000 __SHD C:\found.000</p><p>2013-04-03 07:19 - 2013-04-03 07:19 - 00012737 ____A C:\Users\Sanchit\Desktop\hs_err_pid12100.log</p><p>2013-03-31 03:33 - 2013-03-31 03:33 - 00000000 ____D C:\Users\Sanchit\Local Settings\Application Data\{56247787-5527-4C84-AFF1-526BFB67A65B}</p><p>2013-03-31 03:33 - 2013-03-31 03:33 - 00000000 ____D C:\Users\Sanchit\Local Settings\{56247787-5527-4C84-AFF1-526BFB67A65B}</p><p>2013-03-31 03:33 - 2013-03-31 03:33 - 00000000 ____D C:\Users\Sanchit\AppData\Local\{56247787-5527-4C84-AFF1-526BFB67A65B}</p><p>2013-03-30 08:57 - 2013-03-30 08:57 - 00000000 ____D C:\Users\Sanchit\Local Settings\Application Data\{FD858EF5-6B23-403E-A310-157FA49C236D}</p><p>2013-03-30 08:57 - 2013-03-30 08:57 - 00000000 ____D C:\Users\Sanchit\Local Settings\{FD858EF5-6B23-403E-A310-157FA49C236D}</p><p>2013-03-30 08:57 - 2013-03-30 08:57 - 00000000 ____D C:\Users\Sanchit\AppData\Local\{FD858EF5-6B23-403E-A310-157FA49C236D}</p><p>2013-03-29 04:47 - 2013-03-29 19:10 - 00000000 ____D C:\Users\Sanchit\.android</p><p>2013-03-26 15:24 - 2013-03-26 15:24 - 00000000 ____D C:\Users\Public\Juniper Networks</p><p>2013-03-26 15:24 - 2012-05-04 20:17 - 00590472 ____A (Juniper Networks) C:\Windows\System32\dsNcSmartCardProv.dll</p><p>2013-03-26 15:24 - 2012-05-04 20:17 - 00422024 ____A (Juniper Networks) C:\Windows\System32\dsNcCredProv.dll</p><p>2013-03-26 14:29 - 2013-03-26 14:29 - 00262144 ____A C:\Windows\Minidump\032613-30997-01.dmp</p><p>2013-03-26 14:25 - 2013-03-26 14:25 - 00200531 ____A C:\Users\Sanchit\Downloads\Sanchit (1).rar</p><p>2013-03-26 14:25 - 2013-03-26 12:11 - 00205247 ____A C:\Users\Sanchit\Downloads\Sanchit.apk</p><p>2013-03-26 14:23 - 2013-03-26 14:23 - 00200531 ____A C:\Users\Sanchit\Downloads\Sanchit.rar</p><p>2013-03-25 18:09 - 2013-03-25 18:09 - 00000018 ____A C:\pending.un</p><p>2013-03-25 18:09 - 2012-05-04 20:27 - 00099152 ____A (Juniper Networks) C:\Windows\System32\Drivers\NEOFLTR_719_20893.SYS</p><p>2013-03-22 17:27 - 2013-03-22 17:27 - 01633280 ____A C:\Users\Sanchit\Downloads\NGIN SNEC40 Multidomain ATP for TDE(For TMS import)V0.3.xls</p><p>2013-03-20 15:48 - 2013-02-11 23:12 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys</p><p>2013-03-20 15:28 - 2013-03-20 15:28 - 00000096 ____A C:\Users\Sanchit\Downloads\Menu.txt</p><p>2013-03-20 06:08 - 2013-03-20 06:08 - 00000000 ____D C:\Users\Sanchit\Application Data\Google</p><p>2013-03-20 06:08 - 2013-03-20 06:08 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Google</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>2013-04-18 03:33 - 2009-07-13 23:45 - 00020928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2013-04-18 03:33 - 2009-07-13 23:45 - 00020928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2013-04-18 03:29 - 2013-04-18 03:29 - 00009216 ____N C:\bootex.log</p><p>2013-04-17 06:41 - 2013-04-17 06:41 - 00000000 ____D C:\FRST</p><p>2013-04-17 03:32 - 2011-06-12 06:52 - 00000000 ____D C:\ProgramData\Sonic</p><p>2013-04-17 03:32 - 2011-06-12 06:52 - 00000000 ____D C:\ProgramData\Application Data\Sonic</p><p>2013-04-14 03:33 - 2013-04-09 14:50 - 00001823 ____A C:\Users\Public\Desktop\HitmanPro.lnk</p><p>2013-04-14 03:33 - 2013-04-09 14:50 - 00001823 ____A C:\ProgramData\Desktop\HitmanPro.lnk</p><p>2013-04-14 03:22 - 2013-04-10 07:01 - 00000000 ____D C:\Windows\pss</p><p>2013-04-10 07:57 - 2012-08-24 16:48 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job</p><p>2013-04-10 07:57 - 2011-06-17 14:15 - 00000000 ____D C:\Program Files (x86)\Giraffic</p><p>2013-04-10 07:57 - 2011-06-12 07:02 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup</p><p>2013-04-10 07:56 - 2013-01-19 08:43 - 00007284 ____A C:\Windows\setupact.log</p><p>2013-04-10 07:56 - 2011-06-18 06:48 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2013-04-10 07:56 - 2011-06-12 07:13 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks</p><p>2013-04-10 07:56 - 2011-06-12 07:13 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks</p><p>2013-04-10 07:56 - 2011-06-12 07:13 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks</p><p>2013-04-10 07:56 - 2011-06-12 07:13 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks</p><p>2013-04-10 07:56 - 2011-06-12 07:13 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks</p><p>2013-04-10 07:56 - 2011-06-12 07:13 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks</p><p>2013-04-10 07:56 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT</p><p>2013-04-10 07:51 - 2011-06-12 06:27 - 01171389 ____A C:\Windows\WindowsUpdate.log</p><p>2013-04-10 07:19 - 2009-07-14 00:13 - 00006732 ____A C:\Windows\System32\PerfStringBackup.INI</p><p>2013-04-09 14:50 - 2013-04-09 14:50 - 00032152 ____A C:\Windows\System32\Drivers\hitmanpro37.sys</p><p>2013-04-09 14:50 - 2013-04-09 14:50 - 00000000 ____D C:\Program Files\HitmanPro</p><p>2013-04-09 14:49 - 2013-04-09 14:49 - 00000000 ____D C:\ProgramData\HitmanPro</p><p>2013-04-09 14:49 - 2013-04-09 14:49 - 00000000 ____D C:\ProgramData\Application Data\HitmanPro</p><p>2013-04-09 14:11 - 2013-04-09 14:11 - 00000000 __SHD C:\found.001</p><p>2013-04-09 13:42 - 2013-04-09 13:41 - 09741664 ____A (SurfRight B.V.) C:\Users\Sanchit\Downloads\HitmanPro_x64.exe</p><p>2013-04-09 12:28 - 2011-11-19 13:25 - 00000936 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2092152589-3654524724-1465183675-1000UA.job</p><p>2013-04-09 12:28 - 2011-06-18 06:48 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2013-04-09 12:28 - 2011-06-15 13:07 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2092152589-3654524724-1465183675-1000UA.job</p><p>2013-04-09 03:40 - 2013-04-09 03:40 - 00010184 ____N C:\bootsqm.dat</p><p>2013-04-09 03:37 - 2013-04-09 03:37 - 00000000 __SHD C:\found.000</p><p>2013-04-09 01:08 - 2011-11-19 13:25 - 00000914 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2092152589-3654524724-1465183675-1000Core.job</p><p>2013-04-09 01:01 - 2011-06-18 06:47 - 00000000 ____D C:\Users\Sanchit\Application Data\Skype</p><p>2013-04-09 01:01 - 2011-06-18 06:47 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Skype</p><p>2013-04-08 17:45 - 2011-06-15 06:01 - 00000000 ____D C:\users\Sanchit</p><p>2013-04-08 16:31 - 2011-06-15 13:07 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2092152589-3654524724-1465183675-1000Core.job</p><p>2013-04-08 10:32 - 2011-06-15 07:17 - 00022016 ____A C:\Users\Sanchit\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</p><p>2013-04-08 10:32 - 2011-06-15 07:17 - 00022016 ____A C:\Users\Sanchit\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</p><p>2013-04-08 10:32 - 2011-06-15 07:17 - 00022016 ____A C:\Users\Sanchit\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</p><p>2013-04-07 01:22 - 2012-07-10 15:54 - 00000000 ___RD C:\Program Files (x86)\Skype</p><p>2013-04-07 01:22 - 2011-06-12 06:57 - 00000000 ____D C:\ProgramData\Skype</p><p>2013-04-07 01:22 - 2011-06-12 06:57 - 00000000 ____D C:\ProgramData\Application Data\Skype</p><p>2013-04-03 07:19 - 2013-04-03 07:19 - 00012737 ____A C:\Users\Sanchit\Desktop\hs_err_pid12100.log</p><p>2013-04-02 16:21 - 2011-08-05 12:39 - 00000000 ____D C:\Sandeep</p><p>2013-04-02 07:31 - 2011-06-15 12:25 - 00000000 ____D C:\Users\Sanchit\Application Data\Mozilla</p><p>2013-04-02 07:31 - 2011-06-15 12:25 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Mozilla</p><p>2013-03-31 08:32 - 2011-11-06 11:34 - 00002384 ____A C:\Users\Sanchit\Desktop\Google Chrome.lnk</p><p>2013-03-31 03:33 - 2013-03-31 03:33 - 00000000 ____D C:\Users\Sanchit\Local Settings\Application Data\{56247787-5527-4C84-AFF1-526BFB67A65B}</p><p>2013-03-31 03:33 - 2013-03-31 03:33 - 00000000 ____D C:\Users\Sanchit\Local Settings\{56247787-5527-4C84-AFF1-526BFB67A65B}</p><p>2013-03-31 03:33 - 2013-03-31 03:33 - 00000000 ____D C:\Users\Sanchit\AppData\Local\{56247787-5527-4C84-AFF1-526BFB67A65B}</p><p>2013-03-30 08:57 - 2013-03-30 08:57 - 00000000 ____D C:\Users\Sanchit\Local Settings\Application Data\{FD858EF5-6B23-403E-A310-157FA49C236D}</p><p>2013-03-30 08:57 - 2013-03-30 08:57 - 00000000 ____D C:\Users\Sanchit\Local Settings\{FD858EF5-6B23-403E-A310-157FA49C236D}</p><p>2013-03-30 08:57 - 2013-03-30 08:57 - 00000000 ____D C:\Users\Sanchit\AppData\Local\{FD858EF5-6B23-403E-A310-157FA49C236D}</p><p>2013-03-29 19:10 - 2013-03-29 04:47 - 00000000 ____D C:\Users\Sanchit\.android</p><p>2013-03-29 18:14 - 2011-11-16 18:20 - 00000000 ____D C:\Users\Sanchit\workspace</p><p>2013-03-28 18:07 - 2012-08-24 16:23 - 00000000 ____D C:\Users\Sanchit\My Documents\Software</p><p>2013-03-28 18:07 - 2012-08-24 16:23 - 00000000 ____D C:\Users\Sanchit\Documents\Software</p><p>2013-03-28 10:25 - 2011-10-26 16:00 - 00000000 ____D C:\Users\Sanchit\Local Settings\Windows Live</p><p>2013-03-28 10:25 - 2011-10-26 16:00 - 00000000 ____D C:\Users\Sanchit\Local Settings\Application Data\Windows Live</p><p>2013-03-28 10:25 - 2011-10-26 16:00 - 00000000 ____D C:\Users\Sanchit\AppData\Local\Windows Live</p><p>2013-03-26 15:24 - 2013-03-26 15:24 - 00000000 ____D C:\Users\Public\Juniper Networks</p><p>2013-03-26 15:24 - 2011-11-20 07:22 - 00000000 ____D C:\Program Files (x86)\Juniper Networks</p><p>2013-03-26 15:24 - 2011-11-20 07:21 - 00000000 ____D C:\Users\Sanchit\Application Data\Juniper Networks</p><p>2013-03-26 15:24 - 2011-11-20 07:21 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Juniper Networks</p><p>2013-03-26 14:29 - 2013-03-26 14:29 - 00262144 ____A C:\Windows\Minidump\032613-30997-01.dmp</p><p>2013-03-26 14:29 - 2013-03-19 11:41 - 572101397 ____A C:\Windows\MEMORY.DMP</p><p>2013-03-26 14:29 - 2011-09-14 19:41 - 00000000 ____D C:\Windows\Minidump</p><p>2013-03-26 14:25 - 2013-03-26 14:25 - 00200531 ____A C:\Users\Sanchit\Downloads\Sanchit (1).rar</p><p>2013-03-26 14:23 - 2013-03-26 14:23 - 00200531 ____A C:\Users\Sanchit\Downloads\Sanchit.rar</p><p>2013-03-26 12:11 - 2013-03-26 14:25 - 00205247 ____A C:\Users\Sanchit\Downloads\Sanchit.apk</p><p>2013-03-25 18:09 - 2013-03-25 18:09 - 00000018 ____A C:\pending.un</p><p>2013-03-22 17:27 - 2013-03-22 17:27 - 01633280 ____A C:\Users\Sanchit\Downloads\NGIN SNEC40 Multidomain ATP for TDE(For TMS import)V0.3.xls</p><p>2013-03-20 15:28 - 2013-03-20 15:28 - 00000096 ____A C:\Users\Sanchit\Downloads\Menu.txt</p><p>2013-03-20 06:08 - 2013-03-20 06:08 - 00000000 ____D C:\Users\Sanchit\Application Data\Google</p><p>2013-03-20 06:08 - 2013-03-20 06:08 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Google</p><p>2013-03-20 06:08 - 2011-06-15 13:07 - 00000000 ____D C:\Users\Sanchit\Local Settings\Google</p><p>2013-03-20 06:08 - 2011-06-15 13:07 - 00000000 ____D C:\Users\Sanchit\Local Settings\Application Data\Google</p><p>2013-03-20 06:08 - 2011-06-15 13:07 - 00000000 ____D C:\Users\Sanchit\AppData\Local\Google</p><p></p><p></p><p>==================== Known DLLs (Whitelisted) =================</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>C:\Windows\System32\winlogon.exe => MD5 is legit</p><p>C:\Windows\System32\wininit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\wininit.exe => MD5 is legit</p><p>C:\Windows\explorer.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\explorer.exe => MD5 is legit</p><p>C:\Windows\System32\svchost.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\svchost.exe => MD5 is legit</p><p>C:\Windows\System32\services.exe => MD5 is legit</p><p>C:\Windows\System32\User32.dll => MD5 is legit</p><p>C:\Windows\SysWOW64\User32.dll => MD5 is legit</p><p>C:\Windows\System32\userinit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\userinit.exe => MD5 is legit</p><p>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit</p><p></p><p>==================== EXE ASSOCIATION =====================</p><p></p><p>HKLM\...\.exe: exefile => OK</p><p>HKLM\...\exefile\DefaultIcon: %1 => OK</p><p>HKLM\...\exefile\open\command: "%1" %* => OK</p><p></p><p>==================== Restore Points =========================</p><p></p><p></p><p>==================== Memory info =========================== </p><p></p><p>Percentage of memory in use: 18%</p><p>Total physical RAM: 4003.18 MB</p><p>Available physical RAM: 3276.72 MB</p><p>Total Pagefile: 4001.38 MB</p><p>Available Pagefile: 3267.55 MB</p><p>Total Virtual: 8192 MB</p><p>Available Virtual: 8191.89 MB</p><p></p><p>==================== Partitions =============================</p><p></p><p>1 Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:44.93 GB) NTFS</p><p>3 Drive e: (Recovery) (Fixed) (Total:14.65 GB) (Free:7.44 GB) NTFS ==>[System with boot components (obtained from reading drive)]</p><p>5 Drive g: () (Removable) (Total:29.8 GB) (Free:12.95 GB) FAT32</p><p>6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS</p><p></p><p> Disk ### Status Size Free Dyn Gpt</p><p> -------- ------------- ------- ------- --- ---</p><p> Disk 0 Online 465 GB 0 B </p><p> Disk 1 No Media 0 B 0 B </p><p> Disk 2 Online 29 GB 0 B </p><p></p><p>Partitions of Disk 0:</p><p>===============</p><p></p><p>Disk ID: 825589A0</p><p></p><p> Partition ### Type Size Offset</p><p> ------------- ---------------- ------- -------</p><p> Partition 1 OEM 100 MB 1024 KB</p><p> Partition 2 Primary 14 GB 101 MB</p><p> Partition 3 Primary 451 GB 14 GB</p><p></p><p>==================================================================================</p><p></p><p>Disk: 0</p><p>Partition 1</p><p>Type : DE</p><p>Hidden: Yes</p><p>Active: No</p><p></p><p> Volume ### Ltr Label Fs Type Size Status Info</p><p> ---------- --- ----------- ----- ---------- ------- --------- --------</p><p>* Volume 5 DELLUTILITY FAT Partition 100 MB Healthy Hidden </p><p></p><p>=========================================================</p><p></p><p>Disk: 0</p><p>Partition 2</p><p>Type : 07</p><p>Hidden: No</p><p>Active: Yes</p><p></p><p> Volume ### Ltr Label Fs Type Size Status Info</p><p> ---------- --- ----------- ----- ---------- ------- --------- --------</p><p>* Volume 1 E Recovery NTFS Partition 14 GB Healthy </p><p></p><p>=========================================================</p><p></p><p>Disk: 0</p><p>Partition 3</p><p>Type : 07</p><p>Hidden: No</p><p>Active: No</p><p></p><p> Volume ### Ltr Label Fs Type Size Status Info</p><p> ---------- --- ----------- ----- ---------- ------- --------- --------</p><p>* Volume 2 C OS NTFS Partition 451 GB Healthy </p><p></p><p>=========================================================</p><p></p><p>Partitions of Disk 2:</p><p>===============</p><p></p><p>Disk ID: 00000000</p><p></p><p> Partition ### Type Size Offset</p><p> ------------- ---------------- ------- -------</p><p> Partition 1 Primary 29 GB 16 KB</p><p></p><p>==================================================================================</p><p></p><p>Disk: 2</p><p>Partition 1</p><p>Type : 0C</p><p>Hidden: No</p><p>Active: No</p><p></p><p> Volume ### Ltr Label Fs Type Size Status Info</p><p> ---------- --- ----------- ----- ---------- ------- --------- --------</p><p>* Volume 4 G FAT32 Removable 29 GB Healthy </p><p></p><p>=========================================================</p><p>============================== MBR Partition Table ==================</p><p></p><p>==============================</p><p>Partitions of Disk 0:</p><p>===============</p><p>Disk ID: 825589A0</p><p></p><p>Partition 1:</p><p>=========</p><p>Hex: 00202100DEDF130C0008000000200300</p><p>Active: NO</p><p>Type: DE</p><p>Size: 100 MB</p><p></p><p>Partition 2:</p><p>=========</p><p>Hex: 80DF140C07FEFFFF0028030000C0D401</p><p>Active: YES</p><p>Type: 07 (NTFS)</p><p>Size: 15 GB</p><p></p><p>Partition 3:</p><p>=========</p><p>Hex: 00FEFFFF07FEFFFF00E8D70130706038</p><p>Active: NO</p><p>Type: 07 (NTFS)</p><p>Size: 451 GB</p><p></p><p>==============================</p><p>Partitions of Disk 2:</p><p>===============</p><p>Disk ID: 00000000</p><p></p><p>Partition 1:</p><p>=========</p><p>Hex: 000021000CFEFFFF200000002024BA03</p><p>Active: NO</p><p>Type: 0C</p><p>Size: 30 GB</p><p></p><p></p><p>Last Boot: 2013-04-04 01:46</p><p></p><p>==================== End Of Log =============================</p></blockquote><p></p>
[QUOTE="ashash, post: 117263, member: 7542"] Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-04-2013 (ATTENTION: FRST version is 8 days old) Ran by SYSTEM at 19-04-2013 16:32:23 Running from G:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1933584 2010-12-17] (Intel(R) Corporation) HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10228224 2010-11-03] (Intel Corporation) HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3666800 2011-01-21] (Dell Inc.) HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [524800 2010-11-18] (IDT, Inc.) HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [483424 2012-02-01] () HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.) HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1527896 2012-06-21] (McAfee, Inc.) HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation) HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [487562 2010-08-19] (Creative Technology Ltd) HKLM-x32\...\Run: [Wipro] "C:\Program Files\Settings\WiproRunReg.vbs" [595 2010-05-07] () HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2012-06-28] (Nullsoft, Inc.) HKLM-x32\...\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768 2012-08-15] (SweetIM Technologies Ltd.) HKLM-x32\...\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.) HKLM-x32\...\Run: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions) HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation) HKLM-x32\...\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] () HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.) HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35768 2012-07-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [2835443 2012-02-01] () HKU\Sanchit\...\Run: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2644992 2011-06-13] (Veoh Networks) HKU\Sanchit\...\Run: [SmartVoip] "C:\Program Files (x86)\SmartVoip.com\SmartVoip\smartvoip.exe" -nosplash -minimized [19071960 2013-02-06] (SmartVoip) HKU\Sanchit\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.) HKU\Sanchit\...\Run: [Messenger (Yahoo!)] ~"C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet [5252408 2010-06-01] (Yahoo! Inc.) HKU\Sanchit\...\Run: [Google Update] "C:\Users\Sanchit\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-06-15] (Google Inc.) HKU\Sanchit\...\Run: [Facebook Update] "C:\Users\Sanchit\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.) HKU\Sanchit\...\Winlogon: [Shell] C:\Users\Sanchit\AppData\Roaming\mcafee.ini,explorer.exe HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-13] (Dell) Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.0.189\SSScheduler.exe (McAfee, Inc.) Startup: C:\ProgramData\Start Menu\Programs\Startup\Monitor Apache Servers.lnk ShortcutTarget: Monitor Apache Servers.lnk -> C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe (Apache Software Foundation) ==================== Services (Whitelisted) =================== 4 Apache2.2; "C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice [20549 2012-01-28] (Apache Software Foundation) 4 BrlAPI; C:\cygwin\bin\cygrunsrv.exe [68096 2008-03-18] () 4 Giraffic; C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service [2232504 2012-07-02] (Giraffic) 4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-04-09] (SurfRight B.V.) 4 McAWFwk; C:\PROGRA~1\mcafee\msc\mcawfwk.exe [220528 2010-08-30] (McAfee, Inc.) 4 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe" [227232 2010-09-02] (McAfee, Inc.) 2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-10] (McAfee, Inc.) 4 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-10] (McAfee, Inc.) 4 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-10] (McAfee, Inc.) 4 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-10] (McAfee, Inc.) 4 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [383608 2012-08-24] (McAfee, Inc.) 4 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-10] (McAfee, Inc.) 4 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-10] (McAfee, Inc.) 2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [237920 2012-06-22] (McAfee, Inc.) 2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [218320 2012-06-22] (McAfee, Inc.) 2 mfevtp; "C:\Windows\system32\mfevtps.exe" [177144 2012-06-22] (McAfee, Inc.) 4 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-10] (McAfee, Inc.) 4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] () ==================== Drivers (Whitelisted) ===================== 3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [69672 2012-06-22] (McAfee, Inc.) 3 HipShieldK; C:\Windows\System32\Drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.) 3 hitmanpro37; C:\Windows\System32\Drivers\hitmanpro37.sys [32152 2013-04-09] () 3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [169320 2012-06-22] (McAfee, Inc.) 3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [300392 2012-06-22] (McAfee, Inc.) 3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [513456 2012-06-22] (McAfee, Inc.) 0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [752672 2012-06-22] (McAfee, Inc.) 3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [106112 2012-06-22] (McAfee, Inc.) 0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [335784 2012-06-22] (McAfee, Inc.) 4 mysql; "C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld" --defaults-file="C:\ProgramData\MySQL\MySQL Server 5.5\my.ini" mysql [9171 2012-02-27] () 1 NEOFLTR_719_20893; C:\Windows\System32\Drivers\NEOFLTR_719_20893.sys [99152 2012-05-04] (Juniper Networks) 3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [x] 3 mfeavfk01; [x] 3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x] ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2013-04-18 03:29 - 2013-04-18 03:29 - 00009216 ____N C:\bootex.log 2013-04-17 06:41 - 2013-04-17 06:41 - 00000000 ____D C:\FRST 2013-04-10 07:01 - 2013-04-14 03:22 - 00000000 ____D C:\Windows\pss 2013-04-09 14:50 - 2013-04-14 03:33 - 00001823 ____A C:\Users\Public\Desktop\HitmanPro.lnk 2013-04-09 14:50 - 2013-04-14 03:33 - 00001823 ____A C:\ProgramData\Desktop\HitmanPro.lnk 2013-04-09 14:50 - 2013-04-09 14:50 - 00032152 ____A C:\Windows\System32\Drivers\hitmanpro37.sys 2013-04-09 14:50 - 2013-04-09 14:50 - 00000000 ____D C:\Program Files\HitmanPro 2013-04-09 14:49 - 2013-04-09 14:49 - 00000000 ____D C:\ProgramData\HitmanPro 2013-04-09 14:49 - 2013-04-09 14:49 - 00000000 ____D C:\ProgramData\Application Data\HitmanPro 2013-04-09 14:11 - 2013-04-09 14:11 - 00000000 __SHD C:\found.001 2013-04-09 13:41 - 2013-04-09 13:42 - 09741664 ____A (SurfRight B.V.) C:\Users\Sanchit\Downloads\HitmanPro_x64.exe 2013-04-09 03:40 - 2013-04-09 03:40 - 00010184 ____N C:\bootsqm.dat 2013-04-09 03:37 - 2013-04-09 03:37 - 00000000 __SHD C:\found.000 2013-04-03 07:19 - 2013-04-03 07:19 - 00012737 ____A C:\Users\Sanchit\Desktop\hs_err_pid12100.log 2013-03-31 03:33 - 2013-03-31 03:33 - 00000000 ____D C:\Users\Sanchit\Local Settings\Application Data\{56247787-5527-4C84-AFF1-526BFB67A65B} 2013-03-31 03:33 - 2013-03-31 03:33 - 00000000 ____D C:\Users\Sanchit\Local Settings\{56247787-5527-4C84-AFF1-526BFB67A65B} 2013-03-31 03:33 - 2013-03-31 03:33 - 00000000 ____D C:\Users\Sanchit\AppData\Local\{56247787-5527-4C84-AFF1-526BFB67A65B} 2013-03-30 08:57 - 2013-03-30 08:57 - 00000000 ____D C:\Users\Sanchit\Local Settings\Application Data\{FD858EF5-6B23-403E-A310-157FA49C236D} 2013-03-30 08:57 - 2013-03-30 08:57 - 00000000 ____D C:\Users\Sanchit\Local Settings\{FD858EF5-6B23-403E-A310-157FA49C236D} 2013-03-30 08:57 - 2013-03-30 08:57 - 00000000 ____D C:\Users\Sanchit\AppData\Local\{FD858EF5-6B23-403E-A310-157FA49C236D} 2013-03-29 04:47 - 2013-03-29 19:10 - 00000000 ____D C:\Users\Sanchit\.android 2013-03-26 15:24 - 2013-03-26 15:24 - 00000000 ____D C:\Users\Public\Juniper Networks 2013-03-26 15:24 - 2012-05-04 20:17 - 00590472 ____A (Juniper Networks) C:\Windows\System32\dsNcSmartCardProv.dll 2013-03-26 15:24 - 2012-05-04 20:17 - 00422024 ____A (Juniper Networks) C:\Windows\System32\dsNcCredProv.dll 2013-03-26 14:29 - 2013-03-26 14:29 - 00262144 ____A C:\Windows\Minidump\032613-30997-01.dmp 2013-03-26 14:25 - 2013-03-26 14:25 - 00200531 ____A C:\Users\Sanchit\Downloads\Sanchit (1).rar 2013-03-26 14:25 - 2013-03-26 12:11 - 00205247 ____A C:\Users\Sanchit\Downloads\Sanchit.apk 2013-03-26 14:23 - 2013-03-26 14:23 - 00200531 ____A C:\Users\Sanchit\Downloads\Sanchit.rar 2013-03-25 18:09 - 2013-03-25 18:09 - 00000018 ____A C:\pending.un 2013-03-25 18:09 - 2012-05-04 20:27 - 00099152 ____A (Juniper Networks) C:\Windows\System32\Drivers\NEOFLTR_719_20893.SYS 2013-03-22 17:27 - 2013-03-22 17:27 - 01633280 ____A C:\Users\Sanchit\Downloads\NGIN SNEC40 Multidomain ATP for TDE(For TMS import)V0.3.xls 2013-03-20 15:48 - 2013-02-11 23:12 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys 2013-03-20 15:28 - 2013-03-20 15:28 - 00000096 ____A C:\Users\Sanchit\Downloads\Menu.txt 2013-03-20 06:08 - 2013-03-20 06:08 - 00000000 ____D C:\Users\Sanchit\Application Data\Google 2013-03-20 06:08 - 2013-03-20 06:08 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Google ==================== One Month Modified Files and Folders ======= 2013-04-18 03:33 - 2009-07-13 23:45 - 00020928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-04-18 03:33 - 2009-07-13 23:45 - 00020928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-04-18 03:29 - 2013-04-18 03:29 - 00009216 ____N C:\bootex.log 2013-04-17 06:41 - 2013-04-17 06:41 - 00000000 ____D C:\FRST 2013-04-17 03:32 - 2011-06-12 06:52 - 00000000 ____D C:\ProgramData\Sonic 2013-04-17 03:32 - 2011-06-12 06:52 - 00000000 ____D C:\ProgramData\Application Data\Sonic 2013-04-14 03:33 - 2013-04-09 14:50 - 00001823 ____A C:\Users\Public\Desktop\HitmanPro.lnk 2013-04-14 03:33 - 2013-04-09 14:50 - 00001823 ____A C:\ProgramData\Desktop\HitmanPro.lnk 2013-04-14 03:22 - 2013-04-10 07:01 - 00000000 ____D C:\Windows\pss 2013-04-10 07:57 - 2012-08-24 16:48 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-04-10 07:57 - 2011-06-17 14:15 - 00000000 ____D C:\Program Files (x86)\Giraffic 2013-04-10 07:57 - 2011-06-12 07:02 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2013-04-10 07:56 - 2013-01-19 08:43 - 00007284 ____A C:\Windows\setupact.log 2013-04-10 07:56 - 2011-06-18 06:48 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-04-10 07:56 - 2011-06-12 07:13 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks 2013-04-10 07:56 - 2011-06-12 07:13 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks 2013-04-10 07:56 - 2011-06-12 07:13 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks 2013-04-10 07:56 - 2011-06-12 07:13 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks 2013-04-10 07:56 - 2011-06-12 07:13 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks 2013-04-10 07:56 - 2011-06-12 07:13 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks 2013-04-10 07:56 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-04-10 07:51 - 2011-06-12 06:27 - 01171389 ____A C:\Windows\WindowsUpdate.log 2013-04-10 07:19 - 2009-07-14 00:13 - 00006732 ____A C:\Windows\System32\PerfStringBackup.INI 2013-04-09 14:50 - 2013-04-09 14:50 - 00032152 ____A C:\Windows\System32\Drivers\hitmanpro37.sys 2013-04-09 14:50 - 2013-04-09 14:50 - 00000000 ____D C:\Program Files\HitmanPro 2013-04-09 14:49 - 2013-04-09 14:49 - 00000000 ____D C:\ProgramData\HitmanPro 2013-04-09 14:49 - 2013-04-09 14:49 - 00000000 ____D C:\ProgramData\Application Data\HitmanPro 2013-04-09 14:11 - 2013-04-09 14:11 - 00000000 __SHD C:\found.001 2013-04-09 13:42 - 2013-04-09 13:41 - 09741664 ____A (SurfRight B.V.) C:\Users\Sanchit\Downloads\HitmanPro_x64.exe 2013-04-09 12:28 - 2011-11-19 13:25 - 00000936 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2092152589-3654524724-1465183675-1000UA.job 2013-04-09 12:28 - 2011-06-18 06:48 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-04-09 12:28 - 2011-06-15 13:07 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2092152589-3654524724-1465183675-1000UA.job 2013-04-09 03:40 - 2013-04-09 03:40 - 00010184 ____N C:\bootsqm.dat 2013-04-09 03:37 - 2013-04-09 03:37 - 00000000 __SHD C:\found.000 2013-04-09 01:08 - 2011-11-19 13:25 - 00000914 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2092152589-3654524724-1465183675-1000Core.job 2013-04-09 01:01 - 2011-06-18 06:47 - 00000000 ____D C:\Users\Sanchit\Application Data\Skype 2013-04-09 01:01 - 2011-06-18 06:47 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Skype 2013-04-08 17:45 - 2011-06-15 06:01 - 00000000 ____D C:\users\Sanchit 2013-04-08 16:31 - 2011-06-15 13:07 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2092152589-3654524724-1465183675-1000Core.job 2013-04-08 10:32 - 2011-06-15 07:17 - 00022016 ____A C:\Users\Sanchit\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-04-08 10:32 - 2011-06-15 07:17 - 00022016 ____A C:\Users\Sanchit\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-04-08 10:32 - 2011-06-15 07:17 - 00022016 ____A C:\Users\Sanchit\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-04-07 01:22 - 2012-07-10 15:54 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-04-07 01:22 - 2011-06-12 06:57 - 00000000 ____D C:\ProgramData\Skype 2013-04-07 01:22 - 2011-06-12 06:57 - 00000000 ____D C:\ProgramData\Application Data\Skype 2013-04-03 07:19 - 2013-04-03 07:19 - 00012737 ____A C:\Users\Sanchit\Desktop\hs_err_pid12100.log 2013-04-02 16:21 - 2011-08-05 12:39 - 00000000 ____D C:\Sandeep 2013-04-02 07:31 - 2011-06-15 12:25 - 00000000 ____D C:\Users\Sanchit\Application Data\Mozilla 2013-04-02 07:31 - 2011-06-15 12:25 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Mozilla 2013-03-31 08:32 - 2011-11-06 11:34 - 00002384 ____A C:\Users\Sanchit\Desktop\Google Chrome.lnk 2013-03-31 03:33 - 2013-03-31 03:33 - 00000000 ____D C:\Users\Sanchit\Local Settings\Application Data\{56247787-5527-4C84-AFF1-526BFB67A65B} 2013-03-31 03:33 - 2013-03-31 03:33 - 00000000 ____D C:\Users\Sanchit\Local Settings\{56247787-5527-4C84-AFF1-526BFB67A65B} 2013-03-31 03:33 - 2013-03-31 03:33 - 00000000 ____D C:\Users\Sanchit\AppData\Local\{56247787-5527-4C84-AFF1-526BFB67A65B} 2013-03-30 08:57 - 2013-03-30 08:57 - 00000000 ____D C:\Users\Sanchit\Local Settings\Application Data\{FD858EF5-6B23-403E-A310-157FA49C236D} 2013-03-30 08:57 - 2013-03-30 08:57 - 00000000 ____D C:\Users\Sanchit\Local Settings\{FD858EF5-6B23-403E-A310-157FA49C236D} 2013-03-30 08:57 - 2013-03-30 08:57 - 00000000 ____D C:\Users\Sanchit\AppData\Local\{FD858EF5-6B23-403E-A310-157FA49C236D} 2013-03-29 19:10 - 2013-03-29 04:47 - 00000000 ____D C:\Users\Sanchit\.android 2013-03-29 18:14 - 2011-11-16 18:20 - 00000000 ____D C:\Users\Sanchit\workspace 2013-03-28 18:07 - 2012-08-24 16:23 - 00000000 ____D C:\Users\Sanchit\My Documents\Software 2013-03-28 18:07 - 2012-08-24 16:23 - 00000000 ____D C:\Users\Sanchit\Documents\Software 2013-03-28 10:25 - 2011-10-26 16:00 - 00000000 ____D C:\Users\Sanchit\Local Settings\Windows Live 2013-03-28 10:25 - 2011-10-26 16:00 - 00000000 ____D C:\Users\Sanchit\Local Settings\Application Data\Windows Live 2013-03-28 10:25 - 2011-10-26 16:00 - 00000000 ____D C:\Users\Sanchit\AppData\Local\Windows Live 2013-03-26 15:24 - 2013-03-26 15:24 - 00000000 ____D C:\Users\Public\Juniper Networks 2013-03-26 15:24 - 2011-11-20 07:22 - 00000000 ____D C:\Program Files (x86)\Juniper Networks 2013-03-26 15:24 - 2011-11-20 07:21 - 00000000 ____D C:\Users\Sanchit\Application Data\Juniper Networks 2013-03-26 15:24 - 2011-11-20 07:21 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Juniper Networks 2013-03-26 14:29 - 2013-03-26 14:29 - 00262144 ____A C:\Windows\Minidump\032613-30997-01.dmp 2013-03-26 14:29 - 2013-03-19 11:41 - 572101397 ____A C:\Windows\MEMORY.DMP 2013-03-26 14:29 - 2011-09-14 19:41 - 00000000 ____D C:\Windows\Minidump 2013-03-26 14:25 - 2013-03-26 14:25 - 00200531 ____A C:\Users\Sanchit\Downloads\Sanchit (1).rar 2013-03-26 14:23 - 2013-03-26 14:23 - 00200531 ____A C:\Users\Sanchit\Downloads\Sanchit.rar 2013-03-26 12:11 - 2013-03-26 14:25 - 00205247 ____A C:\Users\Sanchit\Downloads\Sanchit.apk 2013-03-25 18:09 - 2013-03-25 18:09 - 00000018 ____A C:\pending.un 2013-03-22 17:27 - 2013-03-22 17:27 - 01633280 ____A C:\Users\Sanchit\Downloads\NGIN SNEC40 Multidomain ATP for TDE(For TMS import)V0.3.xls 2013-03-20 15:28 - 2013-03-20 15:28 - 00000096 ____A C:\Users\Sanchit\Downloads\Menu.txt 2013-03-20 06:08 - 2013-03-20 06:08 - 00000000 ____D C:\Users\Sanchit\Application Data\Google 2013-03-20 06:08 - 2013-03-20 06:08 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Google 2013-03-20 06:08 - 2011-06-15 13:07 - 00000000 ____D C:\Users\Sanchit\Local Settings\Google 2013-03-20 06:08 - 2011-06-15 13:07 - 00000000 ____D C:\Users\Sanchit\Local Settings\Application Data\Google 2013-03-20 06:08 - 2011-06-15 13:07 - 00000000 ____D C:\Users\Sanchit\AppData\Local\Google ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 18% Total physical RAM: 4003.18 MB Available physical RAM: 3276.72 MB Total Pagefile: 4001.38 MB Available Pagefile: 3267.55 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ==================== Partitions ============================= 1 Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:44.93 GB) NTFS 3 Drive e: (Recovery) (Fixed) (Total:14.65 GB) (Free:7.44 GB) NTFS ==>[System with boot components (obtained from reading drive)] 5 Drive g: () (Removable) (Total:29.8 GB) (Free:12.95 GB) FAT32 6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 465 GB 0 B Disk 1 No Media 0 B 0 B Disk 2 Online 29 GB 0 B Partitions of Disk 0: =============== Disk ID: 825589A0 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 100 MB 1024 KB Partition 2 Primary 14 GB 101 MB Partition 3 Primary 451 GB 14 GB ================================================================================== Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 5 DELLUTILITY FAT Partition 100 MB Healthy Hidden ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 E Recovery NTFS Partition 14 GB Healthy ========================================================= Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C OS NTFS Partition 451 GB Healthy ========================================================= Partitions of Disk 2: =============== Disk ID: 00000000 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 29 GB 16 KB ================================================================================== Disk: 2 Partition 1 Type : 0C Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 G FAT32 Removable 29 GB Healthy ========================================================= ============================== MBR Partition Table ================== ============================== Partitions of Disk 0: =============== Disk ID: 825589A0 Partition 1: ========= Hex: 00202100DEDF130C0008000000200300 Active: NO Type: DE Size: 100 MB Partition 2: ========= Hex: 80DF140C07FEFFFF0028030000C0D401 Active: YES Type: 07 (NTFS) Size: 15 GB Partition 3: ========= Hex: 00FEFFFF07FEFFFF00E8D70130706038 Active: NO Type: 07 (NTFS) Size: 451 GB ============================== Partitions of Disk 2: =============== Disk ID: 00000000 Partition 1: ========= Hex: 000021000CFEFFFF200000002024BA03 Active: NO Type: 0C Size: 30 GB Last Boot: 2013-04-04 01:46 ==================== End Of Log ============================= [/QUOTE]
Insert quotes…
Verification
Post reply
Top
