scorpian
-
Posts
129 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by scorpian
-
-
Hello Mr.Ron, deleted the DgiVecp but unable to find OUC to delete from the registry. shall i move forward and scan with TDSSKiller. thankyou.
-
Hello Mr.Ron, Avira AV has found something and i am not sure what it is. so i am posting it for your advice. thankyou.
Avira Free AntivirusReport file date: 26 September 2013 19:06The program is running as an unrestricted full version.Online services are available.Licensee : Avira Free AntivirusSerial number : 0000149996-ADJIE-0000001Platform : Windows 7 Home BasicWindows version : (Service Pack 1) [6.1.7601]Boot mode : Normally bootedUsername : SYSTEMComputer name : KISHOREREDDY-PCVersion information:BUILD.DAT : 13.0.0.4052 55009 Bytes 29-08-2013 18:03:00AVSCAN.EXE : 13.6.20.2100 639032 Bytes 17-07-2013 14:07:09AVSCANRC.DLL : 13.6.20.2174 52280 Bytes 06-08-2013 13:24:14LUKE.DLL : 13.6.20.2174 65080 Bytes 31-07-2013 18:31:48AVSCPLR.DLL : 13.6.20.2174 92216 Bytes 31-07-2013 18:22:31AVREG.DLL : 13.6.20.2174 250424 Bytes 31-07-2013 18:21:56avlode.dll : 13.6.20.2174 497720 Bytes 31-07-2013 18:21:22avlode.rdf : 13.0.1.42 26846 Bytes 28-08-2013 07:31:36VBASE000.VDF : 7.11.70.0 66736640 Bytes 04-04-2013 05:30:13VBASE001.VDF : 7.11.74.226 2201600 Bytes 30-04-2013 07:11:13VBASE002.VDF : 7.11.80.60 2751488 Bytes 28-05-2013 04:32:30VBASE003.VDF : 7.11.85.214 2162688 Bytes 21-06-2013 08:10:18VBASE004.VDF : 7.11.91.176 3903488 Bytes 23-07-2013 08:58:27VBASE005.VDF : 7.11.98.186 6822912 Bytes 29-08-2013 06:20:30VBASE006.VDF : 7.11.103.230 2293248 Bytes 24-09-2013 08:18:38VBASE007.VDF : 7.11.103.231 2048 Bytes 24-09-2013 08:18:38VBASE008.VDF : 7.11.103.232 2048 Bytes 24-09-2013 08:18:38VBASE009.VDF : 7.11.103.233 2048 Bytes 24-09-2013 08:18:39VBASE010.VDF : 7.11.103.234 2048 Bytes 24-09-2013 08:18:39VBASE011.VDF : 7.11.103.235 2048 Bytes 24-09-2013 08:18:39VBASE012.VDF : 7.11.103.236 2048 Bytes 24-09-2013 08:18:40VBASE013.VDF : 7.11.103.237 2048 Bytes 24-09-2013 08:18:40VBASE014.VDF : 7.11.103.238 2048 Bytes 24-09-2013 08:18:40VBASE015.VDF : 7.11.103.239 2048 Bytes 24-09-2013 08:18:40VBASE016.VDF : 7.11.103.240 2048 Bytes 24-09-2013 08:18:41VBASE017.VDF : 7.11.103.241 2048 Bytes 24-09-2013 08:18:41VBASE018.VDF : 7.11.103.242 2048 Bytes 24-09-2013 08:18:41VBASE019.VDF : 7.11.103.243 2048 Bytes 24-09-2013 08:18:42VBASE020.VDF : 7.11.103.244 2048 Bytes 24-09-2013 08:18:42VBASE021.VDF : 7.11.103.245 2048 Bytes 24-09-2013 08:18:43VBASE022.VDF : 7.11.103.246 2048 Bytes 24-09-2013 08:18:43VBASE023.VDF : 7.11.103.247 2048 Bytes 24-09-2013 08:18:43VBASE024.VDF : 7.11.103.248 2048 Bytes 24-09-2013 08:18:44VBASE025.VDF : 7.11.103.249 2048 Bytes 24-09-2013 08:18:44VBASE026.VDF : 7.11.103.250 2048 Bytes 24-09-2013 08:18:44VBASE027.VDF : 7.11.103.251 2048 Bytes 24-09-2013 08:18:44VBASE028.VDF : 7.11.103.252 2048 Bytes 24-09-2013 08:18:45VBASE029.VDF : 7.11.103.253 2048 Bytes 24-09-2013 08:18:45VBASE030.VDF : 7.11.103.254 2048 Bytes 24-09-2013 08:18:45VBASE031.VDF : 7.11.104.112 320512 Bytes 25-09-2013 07:34:29Engine version : 8.2.12.122AEVDF.DLL : 8.1.3.4 102774 Bytes 17-06-2013 05:00:27AESCRIPT.DLL : 8.1.4.150 516478 Bytes 25-09-2013 08:19:17AESCN.DLL : 8.1.10.4 131446 Bytes 26-03-2013 11:24:32AESBX.DLL : 8.2.16.26 1245560 Bytes 23-08-2013 09:16:40AERDL.DLL : 8.2.0.128 688504 Bytes 17-06-2013 05:00:27AEPACK.DLL : 8.3.2.28 749945 Bytes 25-09-2013 08:19:15AEOFFICE.DLL : 8.1.2.76 205181 Bytes 08-08-2013 11:31:21AEHEUR.DLL : 8.1.4.648 6525306 Bytes 25-09-2013 08:19:12AEHELP.DLL : 8.1.27.6 266617 Bytes 28-08-2013 07:31:27AEGEN.DLL : 8.1.7.14 446839 Bytes 25-09-2013 08:18:50AEEXP.DLL : 8.4.1.62 328055 Bytes 25-09-2013 08:19:18AEEMU.DLL : 8.1.3.2 393587 Bytes 29-11-2012 06:56:05AECORE.DLL : 8.1.32.0 201081 Bytes 23-08-2013 09:16:38AEBB.DLL : 8.1.1.4 53619 Bytes 29-11-2012 06:56:05AVWINLL.DLL : 13.6.20.2174 23608 Bytes 31-07-2013 18:23:24AVPREF.DLL : 13.6.20.2174 48184 Bytes 31-07-2013 18:21:46AVREP.DLL : 13.6.20.2174 175672 Bytes 31-07-2013 18:22:20AVARKT.DLL : 13.6.20.2174 258104 Bytes 31-07-2013 18:19:34AVEVTLOG.DLL : 13.6.20.2174 165432 Bytes 31-07-2013 18:20:38SQLITE3.DLL : 3.7.0.1 394824 Bytes 31-07-2013 16:24:53AVSMTP.DLL : 13.6.20.2174 60472 Bytes 31-07-2013 18:23:03NETNT.DLL : 13.6.20.2174 13368 Bytes 31-07-2013 18:32:20RCIMAGE.DLL : 13.6.20.2174 4788792 Bytes 31-07-2013 18:41:15RCTEXT.DLL : 13.6.20.2175 66616 Bytes 22-08-2013 13:35:19Configuration settings for the scan:Jobname.............................: Complete system scanConfiguration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avpReporting...........................: defaultPrimary action......................: InteractiveSecondary action....................: IgnoreScan master boot sector.............: onScan boot sector....................: onBoot sectors........................: C:, Q:,Process scan........................: onExtended process scan...............: onScan registry.......................: onSearch for rootkits.................: onIntegrity checking of system files..: offScan all files......................: All filesScan archives.......................: onLimit recursion depth...............: 20Smart extensions....................: onMacrovirus heuristic................: onFile heuristic......................: extendedStart of the scan: 26 September 2013 19:06Starting master boot sector scan:Master boot sector HD0[iNFO] No virus was found!Start scanning boot sectors:Boot sector 'C:\'[iNFO] No virus was found!Starting search for hidden objects.Hidden driver[NOTE] A memory modification has been detected, which could potentially be used to hide file access attempts.The scan of running processes will be started:Scan process 'svchost.exe' - '52' Module(s) have been scannedScan process 'svchost.exe' - '39' Module(s) have been scannedScan process 'svchost.exe' - '76' Module(s) have been scannedScan process 'svchost.exe' - '100' Module(s) have been scannedScan process 'svchost.exe' - '63' Module(s) have been scannedScan process 'svchost.exe' - '167' Module(s) have been scannedScan process 'svchost.exe' - '28' Module(s) have been scannedScan process 'SbieSvc.exe' - '31' Module(s) have been scannedScan process 'svchost.exe' - '89' Module(s) have been scannedScan process 'svchost.exe' - '80' Module(s) have been scannedScan process 'WLANExt.exe' - '32' Module(s) have been scannedScan process 'conhost.exe' - '14' Module(s) have been scannedScan process 'spoolsv.exe' - '83' Module(s) have been scannedScan process 'sched.exe' - '46' Module(s) have been scannedScan process 'taskhost.exe' - '54' Module(s) have been scannedScan process 'Dwm.exe' - '31' Module(s) have been scannedScan process 'Explorer.EXE' - '163' Module(s) have been scannedScan process 'armsvc.exe' - '28' Module(s) have been scannedScan process 'igfxtray.exe' - '28' Module(s) have been scannedScan process 'psi_tray.exe' - '27' Module(s) have been scannedScan process 'ouc.exe' - '32' Module(s) have been scannedScan process 'avguard.exe' - '106' Module(s) have been scannedScan process 'btwdins.exe' - '33' Module(s) have been scannedScan process 'dirmngr.exe' - '38' Module(s) have been scannedScan process 'dsiwmis.exe' - '44' Module(s) have been scannedScan process 'ePowerSvc.exe' - '30' Module(s) have been scannedScan process 'GREGsvc.exe' - '15' Module(s) have been scannedScan process 'HWDeviceService64.exe' - '32' Module(s) have been scannedScan process 'LMS.exe' - '33' Module(s) have been scannedScan process 'DCSHelper.exe' - '32' Module(s) have been scannedScan process 'mbamscheduler.exe' - '37' Module(s) have been scannedScan process 'IScheduleSvc.exe' - '71' Module(s) have been scannedScan process 'PSIA.exe' - '84' Module(s) have been scannedScan process 'sftvsa.exe' - '32' Module(s) have been scannedScan process 'svchost.exe' - '32' Module(s) have been scannedScan process 'svchost.exe' - '34' Module(s) have been scannedScan process 'UpdaterService.exe' - '27' Module(s) have been scannedScan process 'sftlist.exe' - '77' Module(s) have been scannedScan process 'CVHSVC.EXE' - '82' Module(s) have been scannedScan process 'avshadow.exe' - '29' Module(s) have been scannedScan process 'AVWEBGRD.EXE' - '72' Module(s) have been scannedScan process 'SearchIndexer.exe' - '50' Module(s) have been scannedScan process 'KeyScrambler.exe' - '54' Module(s) have been scannedScan process 'LManager.exe' - '73' Module(s) have been scannedScan process 'IAStorIcon.exe' - '51' Module(s) have been scannedScan process 'avgnt.exe' - '95' Module(s) have been scannedScan process 'MMDx64Fx.exe' - '27' Module(s) have been scannedScan process 'LMworker.exe' - '26' Module(s) have been scannedScan process 'unsecapp.exe' - '28' Module(s) have been scannedScan process 'KeyScrambler.exe' - '28' Module(s) have been scannedScan process 'wmiprvse.exe' - '33' Module(s) have been scannedScan process 'svchost.exe' - '34' Module(s) have been scannedScan process 'GoogleUpdate.exe' - '55' Module(s) have been scannedScan process 'IAStorDataMgrSvc.exe' - '50' Module(s) have been scannedScan process 'GoogleCrashHandler.exe' - '34' Module(s) have been scannedScan process 'GoogleCrashHandler64.exe' - '29' Module(s) have been scannedScan process 'UNS.exe' - '59' Module(s) have been scannedScan process 'wuauclt.exe' - '37' Module(s) have been scannedScan process 'DCSHelper.exe' - '39' Module(s) have been scannedScan process 'Aircel.exe' - '151' Module(s) have been scannedScan process 'WUDFHost.exe' - '34' Module(s) have been scannedScan process 'MailWasher.exe' - '152' Module(s) have been scannedScan process 'avcenter.exe' - '105' Module(s) have been scannedScan process 'avscan.exe' - '122' Module(s) have been scannedScan process 'vssvc.exe' - '47' Module(s) have been scannedScan process 'svchost.exe' - '28' Module(s) have been scannedScan process 'smss.exe' - '2' Module(s) have been scannedScan process 'csrss.exe' - '18' Module(s) have been scannedScan process 'csrss.exe' - '18' Module(s) have been scannedScan process 'wininit.exe' - '26' Module(s) have been scannedScan process 'winlogon.exe' - '31' Module(s) have been scannedScan process 'services.exe' - '36' Module(s) have been scannedScan process 'lsass.exe' - '63' Module(s) have been scannedScan process 'lsm.exe' - '16' Module(s) have been scannedStarting to scan executable files (registry):The registry was scanned ( '5137' files ).Starting the file scan:Begin scan in 'C:\' <Acer>Begin scan in 'Q:\'Search path Q:\ could not be opened!System error [5]: Access is denied.End of the scan: 26 September 2013 20:47Used time: 1:41:16 Hour(s)The scan has been done completely.34098 Scanned directories638583 Files were scanned0 Viruses and/or unwanted programs were found0 Files were classified as suspicious0 Files were deleted0 Viruses and unwanted programs were repaired0 Files were moved to quarantine0 Files were renamed0 Files cannot be scanned638583 Files not concerned9829 Archives were scanned0 Warnings1 Notes1101447 Objects were scanned with rootkit scan1 Hidden objects were found -
Okay, thankyou.
-
Mr.Ron, the required log is as follows:
Vino's Event Viewer v01c run on Windows 2008 in EnglishReport run at 26/09/2013 14:12:57Note: All dates below are in the format dd/mm/yyyy~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'Application' Log - Critical Type~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'Application' Log - Error Type~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Log: 'Application' Date/Time: 24/09/2013 21:50:38Type: Error Category: 1Event: 100 Source: CVHSVCInformation only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.Log: 'Application' Date/Time: 24/09/2013 21:03:23Type: Error Category: 1Event: 100 Source: CVHSVCInformation only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.Log: 'Application' Date/Time: 24/09/2013 19:23:53Type: Error Category: 0Event: 80 Source: SideBySideActivation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.Log: 'Application' Date/Time: 24/09/2013 15:15:20Type: Error Category: 1Event: 100 Source: CVHSVCInformation only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.Log: 'Application' Date/Time: 24/09/2013 14:56:37Type: Error Category: 0Event: 80 Source: SideBySideActivation context generation failed for "C:\Users\Kishore Reddy\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.Log: 'Application' Date/Time: 24/09/2013 08:17:02Type: Error Category: 1Event: 100 Source: CVHSVCInformation only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.Log: 'Application' Date/Time: 24/09/2013 07:56:38Type: Error Category: 1Event: 100 Source: CVHSVCInformation only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.Log: 'Application' Date/Time: 24/09/2013 07:32:27Type: Error Category: 0Event: 80 Source: SideBySideActivation context generation failed for "C:\Users\Kishore Reddy\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.Log: 'Application' Date/Time: 24/09/2013 05:46:12Type: Error Category: 1Event: 100 Source: CVHSVCInformation only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.Log: 'Application' Date/Time: 23/09/2013 21:44:16Type: Error Category: 1Event: 100 Source: CVHSVCInformation only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'System' Log - Critical Type~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'System' Log - Error Type~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Log: 'System' Date/Time: 26/09/2013 08:38:01Type: Error Category: 0Event: 7000 Source: Service Control ManagerThe DgiVecp service failed to start due to the following error: The system cannot find the device specified.Log: 'System' Date/Time: 26/09/2013 08:38:00Type: Error Category: 0Event: 7000 Source: Service Control ManagerThe Aircel. OUC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.Log: 'System' Date/Time: 26/09/2013 08:38:00Type: Error Category: 0Event: 7009 Source: Service Control ManagerA timeout was reached (30000 milliseconds) while waiting for the Aircel. OUC service to connect.Log: 'System' Date/Time: 26/09/2013 07:09:25Type: Error Category: 0Event: 7000 Source: Service Control ManagerThe DgiVecp service failed to start due to the following error: The system cannot find the device specified.Log: 'System' Date/Time: 26/09/2013 07:09:25Type: Error Category: 0Event: 7000 Source: Service Control ManagerThe Aircel. OUC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.Log: 'System' Date/Time: 26/09/2013 07:09:25Type: Error Category: 0Event: 7009 Source: Service Control ManagerA timeout was reached (30000 milliseconds) while waiting for the Aircel. OUC service to connect.Log: 'System' Date/Time: 26/09/2013 06:57:43Type: Error Category: 0Event: 7000 Source: Service Control ManagerThe DgiVecp service failed to start due to the following error: The system cannot find the device specified.Log: 'System' Date/Time: 26/09/2013 06:57:43Type: Error Category: 0Event: 7000 Source: Service Control ManagerThe Aircel. OUC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.Log: 'System' Date/Time: 26/09/2013 06:57:43Type: Error Category: 0Event: 7009 Source: Service Control ManagerA timeout was reached (30000 milliseconds) while waiting for the Aircel. OUC service to connect.Log: 'System' Date/Time: 25/09/2013 13:33:46Type: Error Category: 0Event: 7000 Source: Service Control ManagerThe DgiVecp service failed to start due to the following error: The system cannot find the device specified. -
Hello Mr.Ron, i have 1 important windows update and 3 adobe updates on standby. can i go ahead and update. waiting for your advice. thankyou.
-
Thankyou Mr.Ron. will be waiting to hear from you tomorrow.
-
Mr.Ron, the result is same as the earlier one. the log is attached.will be waiting for your instructions. thankyou.
-
Mr.Ron, just wanted to ask you whether i need to install avira toolbar(opted not to install).It is showing that web protection is inactive due to not installing avira toolbar. thankyou.
-
Mr.Ron, its done and the Result.txt is attached. thankyou.
-
Mr.Ron, can i use the previous day copy of MiniToolBox and can i download the avast removal tool before uninstalling avast antivirus. thankyou.
-
Mr.Ron, the combofix log is posted for further analysis. it only took half the time than the earlier scans. thankyou.
ComboFix 13-09-24.02 - Kishore Reddy 25-09-2013 11:29:41.11.4 - x64Microsoft Windows 7 Home Basic 6.1.7601.1.1252.91.1033.18.2807.1624 [GMT 5.5:30]Running from: c:\users\Kishore Reddy\Desktop\ComboFix.exeAV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2013-08-25 to 2013-09-25 )))))))))))))))))))))))))))))))..2013-09-25 06:04 . 2013-09-25 06:04 -------- d-----w- c:\users\Default\AppData\Local\temp2013-09-24 08:27 . 2013-08-30 07:48 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys2013-09-24 08:27 . 2013-08-30 07:48 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys2013-09-24 08:27 . 2013-08-30 07:48 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys2013-09-24 08:27 . 2013-08-30 07:48 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys2013-09-24 08:27 . 2013-08-30 07:48 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys2013-09-24 08:27 . 2013-08-30 07:48 204880 ----a-w- c:\windows\system32\drivers\aswVmm.sys2013-09-24 08:27 . 2013-08-30 07:48 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys2013-09-24 08:27 . 2013-08-30 07:48 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys2013-09-24 08:26 . 2013-08-30 07:47 41664 ----a-w- c:\windows\avastSS.scr2013-09-24 08:03 . 2013-09-24 08:03 -------- d-s---w- c:\windows\SysWow64\Microsoft2013-09-24 07:36 . 2013-09-24 19:27 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A0939623-FEFE-4AC6-9581-8886E73E27E1}\offreg.dll2013-09-24 05:50 . 2013-09-15 19:20 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A0939623-FEFE-4AC6-9581-8886E73E27E1}\mpengine.dll2013-09-22 07:25 . 2013-08-30 07:47 287840 ----a-w- c:\windows\system32\aswBoot.exe2013-09-22 07:24 . 2013-09-24 08:26 -------- d-----w- c:\program files\AVAST Software2013-09-22 07:23 . 2013-09-24 08:26 -------- d-----w- c:\programdata\AVAST Software2013-09-20 06:37 . 2013-09-23 20:56 -------- d-----w- C:\AdwCleaner2013-09-20 05:21 . 2013-09-20 05:21 -------- d-----w- c:\windows\ERUNT2013-09-12 08:06 . 2013-09-25 06:04 -------- d-----w- c:\users\Kishore Reddy\AppData\Local\temp2013-09-12 06:38 . 2013-08-10 05:22 1084928 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll2013-09-12 06:38 . 2013-08-10 05:21 53248 ----a-w- c:\windows\system32\jsproxy.dll2013-09-12 06:38 . 2013-08-10 03:59 1767936 ----a-w- c:\windows\SysWow64\wininet.dll2013-09-12 06:38 . 2013-08-10 05:22 2241024 ----a-w- c:\windows\system32\wininet.dll2013-09-12 06:38 . 2013-08-10 05:20 15404544 ----a-w- c:\windows\system32\ieframe.dll2013-09-12 06:38 . 2013-08-10 05:21 19246592 ----a-w- c:\windows\system32\mshtml.dll2013-09-07 15:33 . 2013-09-17 07:44 -------- d-----w- C:\FRST2013-09-06 09:37 . 2013-09-13 15:25 -------- d-----w- c:\users\Kishore Reddy\Doctor Web2013-08-29 14:07 . 2013-08-29 14:07 -------- d-----w- c:\programdata\Kaspersky Lab2013-08-29 14:05 . 2013-08-29 11:01 460888 ----a-w- c:\windows\system32\drivers\97771742.sys...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-09-12 06:32 . 2011-09-10 10:04 79143768 ----a-w- c:\windows\system32\MRT.exe2013-08-19 07:30 . 2012-04-02 15:46 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-08-19 07:30 . 2012-03-11 09:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-08-06 22:52 . 2011-09-16 07:01 278800 ------w- c:\windows\system32\MpSigStub.exe2013-08-02 01:48 . 2013-09-11 07:38 44032 ----a-w- c:\windows\apppatch\acwow64.dll2013-07-25 09:25 . 2013-08-15 03:19 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL2013-07-25 08:57 . 2013-08-15 03:19 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL2013-07-19 01:58 . 2013-08-15 03:19 2048 ----a-w- c:\windows\system32\tzres.dll2013-07-19 01:41 . 2013-08-15 03:19 2048 ----a-w- c:\windows\SysWow64\tzres.dll2013-07-09 05:52 . 2013-08-15 03:20 224256 ----a-w- c:\windows\system32\wintrust.dll2013-07-09 05:51 . 2013-08-15 03:18 1217024 ----a-w- c:\windows\system32\rpcrt4.dll2013-07-09 05:46 . 2013-08-15 03:20 184320 ----a-w- c:\windows\system32\cryptsvc.dll2013-07-09 05:46 . 2013-08-15 03:20 1472512 ----a-w- c:\windows\system32\crypt32.dll2013-07-09 05:46 . 2013-08-15 03:20 139776 ----a-w- c:\windows\system32\cryptnet.dll2013-07-09 04:52 . 2013-08-15 03:18 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll2013-07-09 04:52 . 2013-08-15 03:21 175104 ----a-w- c:\windows\SysWow64\wintrust.dll2013-07-09 04:46 . 2013-08-15 03:21 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll2013-07-09 04:46 . 2013-08-15 03:21 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll2013-07-09 04:46 . 2013-08-15 03:21 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll2013-07-06 06:03 . 2013-08-15 05:38 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-05-07 14:33 . 2013-03-19 06:51 10965504 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-04-04 22:12 130736 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-04-04 22:12 130736 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-04-04 22:12 130736 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"KeyScrambler"="c:\program files (x86)\KeyScrambler\keyscrambler.exe" [2013-03-26 534160]"LManager"="c:\program files (x86)\launch manager\lmanager.exe" [2010-08-10 975952]"IAStorIcon"="c:\program files (x86)\intel\intel® rapid storage technology\iastoricon.exe" [2010-04-13 284696]"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"mixer2"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe""vProt"=c:\program files (x86)\avg secure search\vprot.exe"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe".R2 Aircel. RunOuc;Aircel. OUC;c:\program files (x86)\Aircel\UpdateDog\ouc.exe;c:\program files (x86)\Aircel\UpdateDog\ouc.exe [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [x]R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys;c:\windows\SYSNATIVE\DRIVERS\CT_ZTEMT_U_USBSER.sys [x]R4 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]S0 aswRvrt;aswRvrt; [x]S0 aswVmm;aswVmm; [x]S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]S1 aswSnx;aswSnx; [x]S1 aswSP;aswSP; [x]S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]S2 aswFsBlk;aswFsBlk; [x]S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys;c:\windows\SYSNATIVE\drivers\keyscrambler.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-09-20 03:38 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2013-08-30 07:47 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-04-04 22:12 164016 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-04-04 22:12 164016 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-04-04 22:12 164016 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2013-04-04 22:12 164016 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 417560]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 392984]"ETDWare"="c:\program files (x86)\elantech\etdctrl.exe" [bU].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmIE: Free YouTube Download - c:\users\Kishore Reddy\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htmIE: Free YouTube to MP3 Converter - c:\users\Kishore Reddy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htmIE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htmTCP: Interfaces\{F893701F-8C69-4B7A-9239-8A552C12ECDE}: NameServer = 101.223.255.141 101.223.255.142FF - ProfilePath - c:\users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\FF - ExtSQL: 2013-09-03 13:38; firefox@ghostery.com; c:\users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\firefox@ghostery.com.xpi.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]@Denied: (2) (LocalSystem)"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7"{2B9F5787-88A5-4945-90E7-C4B18563BC5E}"=hex:51,66,7a,6c,4c,1d,38,12,e9,54,8c,2f,97,c6,2b,0c,ef,f1,87,f1,80,3d,f8,4a"{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}"=hex:51,66,7a,6c,4c,1d,38,12,81,2d,20,35,ad,85,e1,00,d0,fd,90,4e,9f,38,f2,ae"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,94,30,02,d1,0f,f1,da,12,24,73,56,27,d2"{CC59E0F9-7E43-44FA-9FAA-8377850BF205}"=hex:51,66,7a,6c,4c,1d,38,12,97,e3,4a,c8,71,30,94,01,e0,bc,c0,37,80,55,b6,11"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]@Denied: (2) (LocalSystem)"Timestamp"=hex:e6,1e,6f,07,11,c4,cd,01.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (LocalSystem)"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,60,ce,f5,dc,1a,92,4a,98,22,81,\"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,60,ce,f5,dc,1a,92,4a,98,22,81,\.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-09-25 11:38:14ComboFix-quarantined-files.txt 2013-09-25 06:08ComboFix2.txt 2013-09-23 18:37ComboFix3.txt 2013-09-23 07:03ComboFix4.txt 2013-09-21 01:58ComboFix5.txt 2013-09-25 05:58.Pre-Run: 421,452,816,384 bytes freePost-Run: 421,373,657,088 bytes free.- - End Of File - - 355C0481048EBED2906784D9C4B41E04 -
Okay. will get back to you with the log. thankyou.
-
Mr.Ron, the log is posted for your analysis. thankyou.
HitmanPro 3.7.7.205www.hitmanpro.com Computer name . . . . : KISHOREREDDY-PC Windows . . . . . . . : 6.1.1.7601.X64/4 User name . . . . . . : KishoreReddy-PC\Kishore Reddy UAC . . . . . . . . . : Enabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2013-09-25 10:29:24 Scan mode . . . . . . : Normal Scan duration . . . . : 4m 23s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 1,712,540 Files scanned . . . . : 27,888 Remnants scanned . . : 346,441 files / 1,338,211 keys
-
Mr.Ron, i have Hitman Pro on my system, shall update and scan. thankyou.
-
Mr.Ron,i have copied & pasted one log and the other log is attached. thankyou.
Farbar Service Scanner Version: 13-09-2013Ran by Kishore Reddy (administrator) on 25-09-2013 at 02:39:46Running from "C:\Users\Kishore Reddy\Desktop"Microsoft Windows 7 Home Basic Service Pack 1 (X64)Boot Mode: Normal****************************************************************Internet Services:============Connection Status:==============Localhost is accessible.LAN connected.Attempt to access Google IP returned error. Other errorsAttempt to access Google.com returned error: Other errorsAttempt to access Yahoo.com returned error: Other errorsWindows Firewall:=============Firewall Disabled Policy:==================System Restore:============System Restore Disabled Policy:========================Action Center:============Windows Update:============Windows Autoupdate Disabled Policy:============================Windows Defender:==============Other Services:==============File Check:========C:\Windows\System32\nsisvc.dll => MD5 is legitC:\Windows\System32\drivers\nsiproxy.sys => MD5 is legitC:\Windows\System32\dhcpcore.dll => MD5 is legitC:\Windows\System32\drivers\afd.sys => MD5 is legitC:\Windows\System32\drivers\tdx.sys => MD5 is legitC:\Windows\System32\Drivers\tcpip.sys => MD5 is legitC:\Windows\System32\dnsrslvr.dll => MD5 is legitC:\Windows\System32\mpssvc.dll => MD5 is legitC:\Windows\System32\bfe.dll => MD5 is legitC:\Windows\System32\drivers\mpsdrv.sys => MD5 is legitC:\Windows\System32\SDRSVC.dll => MD5 is legitC:\Windows\System32\vssvc.exe => MD5 is legitC:\Windows\System32\wscsvc.dll => MD5 is legitC:\Windows\System32\wbem\WMIsvc.dll => MD5 is legitC:\Windows\System32\wuaueng.dll => MD5 is legitC:\Windows\System32\qmgr.dll => MD5 is legitC:\Windows\System32\es.dll => MD5 is legitC:\Windows\System32\cryptsvc.dll => MD5 is legitC:\Program Files\Windows Defender\MpSvc.dll => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legit**** End of log **** -
Mr.Ron, the DDS logs are attached and will be waiting for your instructions. thankyou. at last.
-
Mr.Ron, i have uninstalled three programs(Notepad+, Mozilla Thunderbird & Threatfire). may be any one of these is the responsible for the problem or the three combined. Do you want me to go ahead and run the DDS tool. thankyou.
-
Hello Mr.Ron, it seems you have solved the problem. the new MBAM quick scan log is attached for further analysis. thankyou.
-
Mr.Ron, i have run the MBAM scan in safe mode and no threats were shown. the log is posted below. thankyou.
Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.09.23.12Windows 7 Service Pack 1 x64 NTFS (Safe Mode)Internet Explorer 10.0.9200.16686Kishore Reddy :: KISHOREREDDY-PC [administrator]24-09-2013 14:55:00mbam-log-2013-09-24 (14-55-00).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2PScan options disabled:Objects scanned: 205109Time elapsed: 4 minute(s), 46 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) -
Hello Mr.Ron, done as per your instructions and the problem still continues even after uninstalling threatfire and avast antivirus. thankyou.
-
Hello Mr.Ron, the remaining scans are completed and the logs are attached. It seems the problem still continues. thankyou.
-
Mr.Ron, i have attached the logs, please take a look. I will get back as soon as the remaining scans are completed. i just noticed that Windows Defender was running on my machine and i don't know how it started suddenly. thankyou.
-
Mr.Ron, its done and the log is attached. thankyou.
-
Mr.Ron, the combofix was run as per your advice and the combofix log is attached for your analysis. thankyou.
system running slow.
in Resolved Malware Removal Logs
Posted
Mr.Ron, gone forward and done the TDSSKiller scan and no threats were found. the screen shot is attached. i do not require the samsung printer driver as i last used the printer 3 months back and coming to the OUC (online update service of the internet provider or the Dongle soft updater)problem may be sorted if i uninstall and reinstall the internet provider service software.Please let me know If you want me to merge DgiVecp back into the Registry. will be waiting for your instructions. thankyou.