Jump to content

prabir_rio

Members
  • Posts

    8
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi Marius, Thanks a ton. Its a relief to hear that the system is clean. I will run all the updates as you suggested. Please tell me what I should do with my external drives. Should I use them or throw them away. Can I copy data stored in them safely now!! Also please whats the best way to clean an external drive in future without getting the system effected like this time... Regards, Prabir
  2. Marius, The files deleted as suggested. Please find the logs below: ADwCleaner log: # AdwCleaner v3.004 - Report created 22/09/2013 at 08:43:44 # Updated 15/09/2013 by Xplode # Operating System : Windows 7 Ultimate (32 bits) # Username : user - USER-PC # Running from : C:\Users\user\Desktop\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Program Files\1ClickDownload Folder Deleted : C:\Program Files\Conduit Folder Deleted : C:\users\user\AppData\LocalLow\uTorrentBar ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2542127 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AC0BA97-F4FC-4100-AC01-A81E717CFC8A} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1AC0BA97-F4FC-4100-AC01-A81E717CFC8A} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B241C2AB-2D84-4273-8CA5-4C2BE8DA4D32} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9332A984-F9A9-4246-8039-5DF22EF70A43} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}] Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\conduitEngine Key Deleted : HKLM\Software\uTorrentBar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.7600.16385 -\\ Google Chrome v [ File : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [4025 octets] - [22/09/2013 08:39:13] AdwCleaner[s0].txt - [3928 octets] - [22/09/2013 08:43:44] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3988 octets] ########## Checkup log: Results of screen317's Security Check version 0.99.73 Windows 7 x86 (UAC is enabled) Out of date service pack!! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Firewall Disabled! Quick Heal Total Security 13.00 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` CCleaner Java 7 Update 25 Adobe Reader 9 Adobe Reader out of Date! Google Chrome 29.0.1547.62 Google Chrome 29.0.1547.66 ````````Process Check: objlist.exe by Laurent```````` Quick Heal Quick Heal Total Security onlinent.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` With Regards, Prabir
  3. Please see the Eset log below: C:\Users\user\Desktop - Copy\LaunchManager_Dritek_2.0.00_Vistax64Vistax86_A.zip multiple threatsF:\26.03.2012\Desktop\LaunchManager_Dritek_2.0.00_Vistax64Vistax86_A.zip multiple threatsF:\Programs\LaunchManager_Dritek_2.0.00_Vistax64Vistax86_A.zip multiple threats With RegardsPrabir
  4. Please see the logs below: Combofix.txt ComboFix 13-09-14.01 - user 16-09-2013 21:50:14.3.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.91.1033.18.3002.1694 [GMT 5.5:30] Running from: c:\users\user\Desktop\ComboFix.exe Command switches used :: c:\users\user\Desktop\CFScript.txt AV: Quick Heal Total Security 13.00 *Disabled/Updated* {D8418B0E-EE80-1320-B172-3D5DEB3CE14F} FW: Quick Heal Firewall *Disabled* {E07A0A2B-A4EF-1278-9A2D-946815EFA634} SP: Quick Heal Total Security 13.00 *Disabled/Updated* {63206AEA-C8BA-1CAE-8BC2-062F90BBABF2} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\users\user\Desktop - Copy\LaunchManager_Dritek_2.0.00_Vistax64Vistax86_A.zip" "f:\26.03.2012\Desktop\LaunchManager_Dritek_2.0.00_Vistax64Vistax86_A.zip" "f:\programs\LaunchManager_Dritek_2.0.00_Vistax64Vistax86_A.zip" "h:\prabir\Personal\Movies\English\BSPlayer Pro 2.56 Build 1043\keygen.rar" . . ((((((((((((((((((((((((( Files Created from 2013-08-16 to 2013-09-16 ))))))))))))))))))))))))))))))) . . 2013-09-16 16:26 . 2013-09-16 16:26 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-09-12 09:00 . 2013-09-12 09:00 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes 2013-09-12 08:59 . 2013-09-12 08:59 -------- d-----w- c:\programdata\Malwarebytes 2013-09-12 08:59 . 2013-09-12 15:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-09-11 16:28 . 2013-09-11 16:28 -------- d-----w- c:\users\user\AppData\Roaming\337 Wallpaper 2013-09-11 16:20 . 2013-09-12 04:11 -------- d-----w- c:\programdata\Freemake 2013-09-11 16:20 . 2013-09-12 04:11 -------- d-----w- c:\program files\Freemake 2013-09-11 15:46 . 2013-09-11 15:46 -------- d-----w- c:\users\user\AppData\Roaming\EurekaLog 2013-09-11 15:46 . 2013-09-11 15:46 -------- d-----w- c:\program files\FDRLab 2013-09-11 08:01 . 2013-09-11 08:01 -------- d-----w- c:\users\user\AppData\Local\Programs 2013-08-23 06:51 . 2013-08-23 06:55 -------- d-----w- c:\program files\USBAntivirus . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-11 07:53 . 2013-07-11 07:53 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-07-11 07:53 . 2012-08-27 11:20 867240 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-07-11 07:53 . 2010-11-09 07:56 789416 ----a-w- c:\windows\system32\deployJava1.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-06-21 19875432] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-08 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-08 174104] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-08 151064] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-28 7625248] "PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704] "VitaKeyPdtWzd"="c:\program files\Acer Bio Protection\PdtWzd.exe" [2009-09-05 3570176] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-08-07 225280] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-09-03 1557800] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704] "Quick Heal Core UI"="c:\program files\Quick Heal\Quick Heal Total Security\strtupap.exe" [2011-08-06 161224] "UIExec"="c:\program files\Reliance 3G\UIExec.exe" [2011-08-09 153424] "SonicWALLNetExtender"="c:\program files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" [2010-06-22 1103744] "Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 383424] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-12-23 113664] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 275768] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ c:\program files\Acer Bio Protection\PwdFilter . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200445] Ime File REG_SZ GoogleInputTools.ime . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R0 mscank;mscank;c:\windows\system32\DRIVERS\mscank.sys [2011-08-06 33096] R2 Core Scanning Server;Core Scanning Server;c:\program files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [2011-08-06 206280] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-08-14 3291008] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-21 162408] R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x] R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x] R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x] R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 25112] R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-03-26 9216] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 174592] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-13 1343400] R3 wsnf;Network Filter Service;c:\windows\system32\DRIVERS\wsnf.sys [2011-08-06 44616] R4 ggc;ggc;c:\windows\system32\DRIVERS\ggc.sys [2011-07-29 49864] S1 wstif;wstif;c:\windows\system32\drivers\wstif.sys [2012-04-10 67136] S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-08-04 1807608] S2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-01-31 19232] S2 catflt;catflt;c:\windows\system32\DRIVERS\catflt.sys [2011-08-06 39880] S2 Core Mail Protection;Core Mail Protection;c:\program files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE [2011-08-06 29640] S2 Core Scanning ServerEx;Core Scanning ServerEx;c:\program files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [2011-08-06 206280] S2 EMLSS;EMLSS;c:\windows\system32\drivers\emltdi.sys [2011-08-06 29384] S2 GoogleInputService;GoogleInputService;c:\program files\Google\Google Input Tools\GoogleInputService.exe [2012-11-07 164888] S2 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [2009-09-05 3449856] S2 Quick Update Service;Quick Update Service;c:\program files\Quick Heal\Quick Heal Total Security\quhlpsvc.exe [2011-08-06 90568] S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840] S2 UI Assistant Service;UI Assistant Service;c:\program files\Reliance 3G\AssistantServices.exe [2011-08-09 270672] S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-08-04 659328] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880] S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712] S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] S3 NxDrv;SonicWALL NetExtender Adapter;c:\windows\system32\DRIVERS\NxDrv.sys [2009-10-21 22600] S3 wsnfmp;Network Filter Miniport;c:\windows\system32\DRIVERS\wsnf.sys [2011-08-06 44616] S4 Online Protection System;Online Protection System;c:\program files\Quick Heal\Quick Heal Total Security\opssvc.exe [2011-08-06 24520] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2013-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-04 06:22] . 2013-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-04 06:22] . 2013-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-108519296-852325044-3339374726-1000Core.job - c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-01 15:11] . 2013-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-108519296-852325044-3339374726-1000UA.job - c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-01 15:11] . 2013-09-16 c:\windows\Tasks\Resume Quickup Download.job - c:\program files\Quick Heal\Quick Heal Total Security\ACAPPAA.EXE [2011-08-06 17:50] . . ------- Supplementary Scan ------- . IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(564) c:\program files\Acer Bio Protection\PwdFilter.DLL . - - - - - - - > 'Explorer.exe'(4556) c:\windows\system32\msiltcfg.dll c:\windows\system32\LINKINFO.dll c:\windows\System32\gameux.dll c:\windows\system32\ieframe.DLL c:\windows\System32\davclnt.dll . Completion time: 2013-09-16 21:59:11 ComboFix-quarantined-files.txt 2013-09-16 16:29 ComboFix2.txt 2013-09-16 15:49 ComboFix3.txt 2013-09-15 15:20 . Pre-Run: 8,599,519,232 bytes free Post-Run: 8,529,117,184 bytes free . - - End Of File - - 4A48B393AC6BC5C585A6A1B3EEA9E32D A36C5E4F47E84449FF07ED3517B43A31 Malwarebytes Log: Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.09.16.06 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 user :: USER-PC [administrator] Protection: Disabled 16-09-2013 22:12:22 mbam-log-2013-09-16 (22-12-22).txt Scan type: Full scan (C:\|D:\|E:\|F:\|H:\|I:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 612128 Time elapsed: 2 hour(s), 28 minute(s), 49 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 3 HKCU\SOFTWARE\3FWHZQA3LT (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKCU\SOFTWARE\SMH2B46TDP (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 7 F:\Programs\Photoshop 7\Photoshop 7\_ISDel.exe (Trojan.Agent) -> Quarantined and deleted successfully. H:\FreeAgent HD Backup\Prabir data from Acer\Programs\Photoshop 7\Photoshop 7\_ISDel.exe (Trojan.Agent) -> Quarantined and deleted successfully. H:\Prabir\Personal\Movies\English\BSPlayer Pro 2.56 Build 1043\keygen.rar (Trojan.Agent) -> Quarantined and deleted successfully. H:\Prabir\Personal\Programs\Photoshop 7\Photoshop 7\_ISDel.exe (Trojan.Agent) -> Quarantined and deleted successfully. I:\Prabir\Personal\Other Programs\Yahoo\ymsgr5.5.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully. I:\Prabir\Personal\Other Programs\Downloads\Downloadz\DivX5 Real Cracked, Working\DivxPro.5.kgenfixed.DAMN.ShareReactor\DAMN_DivX50_kg.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. I:\Prabir\Personal\Other Programs\Downloads\Downloadz\DivX5 Real Cracked, Working\DivxPro.5.Bundle.DAMN.ShareReactor\DAMN_DivX50_kg.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. (end) However, I encountered a problem after restarting as the computer runs only in safe mode. It does load in normal mode but then as soon as you double click any program to run, say skype or excel, it just hangs with the curson going round and round. Regards, Prabir
  5. I have run combofix as suggested. I had manually disabled the antivirus before but somehow combofix keeps up popping message that the AV is enabled. I don't understand why, but I finally ran combofix. Please see the log below. Also, I didn't connected my external drive while running the program as that was not suggested. ComboFix 13-09-14.01 - user 15-09-2013 20:39:16.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.91.1033.18.3002.1798 [GMT 5.5:30] Running from: c:\users\user\Desktop\ComboFix.exe AV: Quick Heal Total Security 13.00 *Enabled/Updated* {D8418B0E-EE80-1320-B172-3D5DEB3CE14F} FW: Quick Heal Firewall *Enabled* {E07A0A2B-A4EF-1278-9A2D-946815EFA634} SP: Quick Heal Total Security 13.00 *Enabled/Updated* {63206AEA-C8BA-1CAE-8BC2-062F90BBABF2} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Pitney Bowes MapInfo Professional v9.5_+_Example_Data\MIPro_v9.5_TrialData.exe c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences c:\users\user\Documents\~WRL0005.tmp c:\users\user\Documents\~WRL0006.tmp c:\users\user\Documents\~WRL0241.tmp c:\users\user\Documents\~WRL0412.tmp c:\users\user\Documents\~WRL0513.tmp c:\users\user\Documents\~WRL0693.tmp c:\users\user\Documents\~WRL0743.tmp c:\users\user\Documents\~WRL0858.tmp c:\users\user\Documents\~WRL1060.tmp c:\users\user\Documents\~WRL1089.tmp c:\users\user\Documents\~WRL1107.tmp c:\users\user\Documents\~WRL1138.tmp c:\users\user\Documents\~WRL1233.tmp c:\users\user\Documents\~WRL1475.tmp c:\users\user\Documents\~WRL1512.tmp c:\users\user\Documents\~WRL1999.tmp c:\users\user\Documents\~WRL2150.tmp c:\users\user\Documents\~WRL2406.tmp c:\users\user\Documents\~WRL2419.tmp c:\users\user\Documents\~WRL3090.tmp c:\users\user\Documents\~WRL3102.tmp c:\users\user\Documents\~WRL3191.tmp c:\users\user\Documents\~WRL3224.tmp c:\users\user\Documents\~WRL3375.tmp c:\users\user\Documents\~WRL3487.tmp c:\users\user\Documents\~WRL3520.tmp c:\users\user\Documents\~WRL3643.tmp c:\users\user\Documents\~WRL3685.tmp c:\users\user\Documents\~WRL3831.tmp c:\users\user\Documents\~WRL3867.tmp c:\users\user\Documents\~WRL3876.tmp c:\users\user\Documents\~WRL4020.tmp . . ((((((((((((((((((((((((( Files Created from 2013-08-15 to 2013-09-15 ))))))))))))))))))))))))))))))) . . 2013-09-15 15:15 . 2013-09-15 15:15 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-09-12 09:00 . 2013-09-12 09:00 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes 2013-09-12 08:59 . 2013-09-12 08:59 -------- d-----w- c:\programdata\Malwarebytes 2013-09-12 08:59 . 2013-09-12 15:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-09-11 16:28 . 2013-09-11 16:28 -------- d-----w- c:\users\user\AppData\Roaming\337 Wallpaper 2013-09-11 16:20 . 2013-09-12 04:11 -------- d-----w- c:\programdata\Freemake 2013-09-11 16:20 . 2013-09-12 04:11 -------- d-----w- c:\program files\Freemake 2013-09-11 15:46 . 2013-09-11 15:46 -------- d-----w- c:\users\user\AppData\Roaming\EurekaLog 2013-09-11 15:46 . 2013-09-11 15:46 -------- d-----w- c:\program files\FDRLab 2013-09-11 08:01 . 2013-09-11 08:01 -------- d-----w- c:\users\user\AppData\Local\Programs 2013-08-23 06:51 . 2013-08-23 06:55 -------- d-----w- c:\program files\USBAntivirus . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-11 07:53 . 2013-07-11 07:53 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-07-11 07:53 . 2012-08-27 11:20 867240 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-07-11 07:53 . 2010-11-09 07:56 789416 ----a-w- c:\windows\system32\deployJava1.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-12-09 07:21 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] 2010-12-09 07:21 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-06-21 19875432] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-08 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-08 174104] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-08 151064] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-28 7625248] "PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704] "VitaKeyPdtWzd"="c:\program files\Acer Bio Protection\PdtWzd.exe" [2009-09-05 3570176] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-08-07 225280] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-09-03 1557800] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704] "Quick Heal Core UI"="c:\program files\Quick Heal\Quick Heal Total Security\strtupap.exe" [2011-08-06 161224] "UIExec"="c:\program files\Reliance 3G\UIExec.exe" [2011-08-09 153424] "SonicWALLNetExtender"="c:\program files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" [2010-06-22 1103744] "Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 383424] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-12-23 113664] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 275768] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ c:\program files\Acer Bio Protection\PwdFilter . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200445] Ime File REG_SZ GoogleInputTools.ime . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R0 mscank;mscank;c:\windows\system32\DRIVERS\mscank.sys [2011-08-06 33096] R2 Core Scanning ServerEx;Core Scanning ServerEx;c:\program files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [2011-08-06 206280] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-21 162408] R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x] R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x] R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x] R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 25112] R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-03-26 9216] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 174592] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-13 1343400] R3 wsnf;Network Filter Service;c:\windows\system32\DRIVERS\wsnf.sys [2011-08-06 44616] R4 ggc;ggc;c:\windows\system32\DRIVERS\ggc.sys [2011-07-29 49864] R4 Online Protection System;Online Protection System;c:\program files\Quick Heal\Quick Heal Total Security\opssvc.exe [2011-08-06 24520] S1 wstif;wstif;c:\windows\system32\drivers\wstif.sys [2012-04-10 67136] S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-08-04 1807608] S2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-01-31 19232] S2 catflt;catflt;c:\windows\system32\DRIVERS\catflt.sys [2011-08-06 39880] S2 Core Mail Protection;Core Mail Protection;c:\program files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE [2011-08-06 29640] S2 Core Scanning Server;Core Scanning Server;c:\program files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [2011-08-06 206280] S2 EMLSS;EMLSS;c:\windows\system32\drivers\emltdi.sys [2011-08-06 29384] S2 GoogleInputService;GoogleInputService;c:\program files\Google\Google Input Tools\GoogleInputService.exe [2012-11-07 164888] S2 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [2009-09-05 3449856] S2 Quick Update Service;Quick Update Service;c:\program files\Quick Heal\Quick Heal Total Security\quhlpsvc.exe [2011-08-06 90568] S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-05-14 3289208] S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840] S2 UI Assistant Service;UI Assistant Service;c:\program files\Reliance 3G\AssistantServices.exe [2011-08-09 270672] S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-08-04 659328] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880] S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712] S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] S3 NxDrv;SonicWALL NetExtender Adapter;c:\windows\system32\DRIVERS\NxDrv.sys [2009-10-21 22600] S3 wsnfmp;Network Filter Miniport;c:\windows\system32\DRIVERS\wsnf.sys [2011-08-06 44616] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2013-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-04 06:22] . 2013-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-04 06:22] . 2013-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-108519296-852325044-3339374726-1000Core.job - c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-01 15:11] . 2013-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-108519296-852325044-3339374726-1000UA.job - c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-01 15:11] . 2013-09-15 c:\windows\Tasks\Resume Quickup Download.job - c:\program files\Quick Heal\Quick Heal Total Security\ACAPPAA.EXE [2011-08-06 17:50] . . ------- Supplementary Scan ------- . IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html . - - - - ORPHANS REMOVED - - - - . HKCU-Run-Ekolurc - c:\users\user\AppData\Roaming\Avwyor\ernen.exe HKLM-Run-AutorunRemover.exe - c:\program files\AutorunRemover\AutorunRemover.exe HKLM-Run-USBAntivirus.exe - c:\program files\USBAntivirus\USBAntivirus.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(564) c:\program files\Acer Bio Protection\PwdFilter.DLL . - - - - - - - > 'Explorer.exe'(3624) c:\windows\System32\wer.dll c:\windows\System32\SyncCenter.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Acer Bio Protection\CompPtcVUI.exe c:\program files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXE c:\program files\SonicWALL\SSL-VPN\NetExtender\NEService.exe c:\windows\system32\sppsvc.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\windows\system32\taskhost.exe c:\program files\Google\Google Input Tools\GoogleInputHandler.exe c:\windows\system32\conhost.exe c:\windows\System32\rundll32.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Completion time: 2013-09-15 20:50:54 - machine was rebooted ComboFix-quarantined-files.txt 2013-09-15 15:20 . Pre-Run: 9,033,334,784 bytes free Post-Run: 8,792,068,096 bytes free . - - End Of File - - 41B9412D053C3E1E9602147CA5354DA0 A36C5E4F47E84449FF07ED3517B43A31 With Regards, Prabir
  6. Hi, Thank you very much. Please find the logs below: DDS.TXT: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.25.2Run by user at 18:00:03 on 2013-09-14Microsoft Windows 7 Ultimate 6.1.7600.0.1252.91.1033.18.3002.1566 [GMT 5.5:30].AV: Quick Heal Total Security 13.00 *Enabled/Updated* {D8418B0E-EE80-1320-B172-3D5DEB3CE14F}SP: Quick Heal Total Security 13.00 *Enabled/Updated* {63206AEA-C8BA-1CAE-8BC2-062F90BBABF2}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: Quick Heal Firewall *Enabled* {E07A0A2B-A4EF-1278-9A2D-946815EFA634}.============== Running Processes ================.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Program Files\Fingerprint Sensor\AtService.exeC:\Program Files\Acer Bio Protection\CompPtcVUI.exeC:\Windows\System32\spoolsv.exeC:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exeC:\Program Files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXEC:\Program Files\Google\Google Input Tools\GoogleInputService.exeC:\Program Files\Acer Bio Protection\BASVC.exeC:\Program Files\Quick Heal\Quick Heal Total Security\opssvc.exeC:\Program Files\Quick Heal\Quick Heal Total Security\quhlpsvc.exeC:\Program Files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXEC:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exeC:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exeC:\Windows\system32\sppsvc.exeC:\Program Files\TeamViewer\Version7\TeamViewer_Service.exeC:\Program Files\Reliance 3G\AssistantServices.exeC:\Windows\system32\taskhost.exeC:\Program Files\Google\Google Input Tools\GoogleInputHandler.exeC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exeC:\Windows\PLFSetI.exeC:\Program Files\Acer Bio Protection\PdtWzd.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\DivX\DivX Update\DivXUpdate.exeC:\Program Files\Quick Heal\Quick Heal Total Security\onlinent.exeC:\Program Files\Reliance 3G\UIExec.exeC:\Program Files\Quick Heal\Quick Heal Total Security\SCANMSG.EXEC:\Program Files\Quick Heal\Quick Heal Total Security\UPSCHD.EXEC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Acer Bio Protection\PwdBank.exeC:\Program Files\Reliance 3G\UIMain.exeC:\Program Files\Reliance 3G\CMUpdater.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\WUDFHost.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\HP\Digital Imaging\bin\hpqbam08.exeC:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exeC:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\user\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exeC:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXEC:\Windows\system32\taskeng.exeC:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\conhost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k hpdevmgmtC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\System32\svchost.exe -k HPZ12C:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\svchost.exe -k HPServiceC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation.============== Pseudo HJT Report ===============.uSearch Bar = PreservemURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dllBHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dllBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\ConduitEngine.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllBHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllBHO: {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - <orphaned>BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dllBHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllTB: uTorrentBar Toolbar: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - c:\program files\utorrentbar\tbuTor.dllTB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\ConduitEngine.dllTB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dllTB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\ConduitEngine.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dlluRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /cuRun: [Ekolurc] c:\users\user\appdata\roaming\avwyor\ernen.exeuRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrunmRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exemRun: [PLFSetI] c:\windows\PLFSetI.exemRun: [VitaKeyPdtWzd] "c:\program files\acer bio protection\PdtWzd.exe"mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exemRun: [Apoint] c:\program files\apoint2k\Apoint.exemRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exemRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"mRun: [NeroCheck] c:\windows\system32\NeroCheck.exemRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exemRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOWmRun: [Quick Heal Core UI] "c:\program files\quick heal\quick heal total security\strtupap.exe"mRun: [uIExec] "c:\program files\reliance 3g\UIExec.exe"mRun: [sonicWALLNetExtender] c:\program files\sonicwall\ssl-vpn\netextender\NEGui.exe -hideGUI -clearRebootmRun: [Autodesk Sync] c:\program files\autodesk\autodesk sync\AdSync.exemRun: [AutorunRemover.exe] c:\program files\autorunremover\AutorunRemover.exe -HidemRun: [uSBAntivirus.exe] c:\program files\usbantivirus\USBAntivirus.exe -HideStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exemPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.htmlIE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer bio protection\PwdBank.exeIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllTCP: Interfaces\{4C9A4BB0-C45B-4C22-92EE-814A2882B54F} : NameServer = 220.226.6.104 220.226.100.40TCP: Interfaces\{577885E7-6B1B-423A-8B0F-33C7EA524708}\34F42554 : DHCPNameServer = 217.77.71.33 217.77.71.1TCP: Interfaces\{577885E7-6B1B-423A-8B0F-33C7EA524708}\34F42554741424F4E4 : DHCPNameServer = 217.77.71.33 217.77.71.1TCP: Interfaces\{577885E7-6B1B-423A-8B0F-33C7EA524708}\36F62756D696E696E67613 : DHCPNameServer = 192.168.168.10 192.168.168.168 192.168.10.15TCP: Interfaces\{577885E7-6B1B-423A-8B0F-33C7EA524708}\36F627D696E696E676 : DHCPNameServer = 192.168.2.1TCP: Interfaces\{577885E7-6B1B-423A-8B0F-33C7EA524708}\84F44554C4026414C414943554 : DHCPNameServer = 8.8.8.8 195.24.192.33TCP: Interfaces\{577885E7-6B1B-423A-8B0F-33C7EA524708}\C414026414C4149435540224F4E414E4A4F4 : DHCPNameServer = 8.8.8.8 195.24.192.33Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dllHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dllNotify: igfxcui - igfxdev.dllSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll.============= SERVICES / DRIVERS ===============.R1 ggc;ggc;c:\windows\system32\drivers\ggc.sys [2012-3-26 49864]R1 wstif;wstif;c:\windows\system32\drivers\wstif.sys [2012-3-26 67136]R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2009-8-5 1807608]R2 Autodesk Content Service;Autodesk Content Service;c:\program files\autodesk\content service\Connect.Service.ContentService.exe [2012-1-31 19232]R2 catflt;catflt;c:\windows\system32\drivers\catflt.sys [2011-8-6 39880]R2 Core Mail Protection;Core Mail Protection;c:\program files\quick heal\quick heal total security\EMLPROXY.EXE [2011-8-6 29640]R2 Core Scanning ServerEx;Core Scanning ServerEx;c:\program files\quick heal\quick heal total security\SAPISSVC.EXE [2011-8-6 206280]R2 EMLSS;EMLSS;c:\windows\system32\drivers\EMLTDI.SYS [2012-3-26 29384]R2 GoogleInputService;GoogleInputService;c:\program files\google\google input tools\GoogleInputService.exe [2012-11-7 164888]R2 IGBASVC;EgisTec Service;c:\program files\acer bio protection\BASVC.exe [2009-9-5 3449856]R2 Online Protection System;Online Protection System;c:\program files\quick heal\quick heal total security\OPSSVC.EXE [2011-8-6 24520]R2 Quick Update Service;Quick Update Service;c:\program files\quick heal\quick heal total security\QUHLPSVC.EXE [2011-8-6 90568]R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-5-14 3289208]R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-1-26 3027840]R2 UI Assistant Service;UI Assistant Service;c:\program files\reliance 3g\AssistantServices.exe [2012-5-18 270672]R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-8-5 659328]R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-7-10 122880]R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-7-27 51712]R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]R3 NxDrv;SonicWALL NetExtender Adapter;c:\windows\system32\drivers\NxDrv.sys [2009-10-21 22600]R3 wsnfmp;Network Filter Miniport;c:\windows\system32\drivers\wsnf.sys [2012-3-26 44616]S0 mscank;mscank;c:\windows\system32\drivers\mscank.sys [2012-3-26 33096]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 Core Scanning Server;Core Scanning Server;c:\program files\quick heal\quick heal total security\SAPISSVC.EXE [2011-8-6 206280]S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-21 162408]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2012-5-18 9216]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-12-23 174592]S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-14 1343400]S3 wsnf;Network Filter Service;c:\windows\system32\drivers\wsnf.sys [2012-3-26 44616].=============== Created Last 30 ================.2013-09-12 09:00:11 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes2013-09-12 08:59:50 -------- d-----w- c:\programdata\Malwarebytes2013-09-12 08:59:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2013-09-11 16:28:28 -------- d-----w- c:\users\user\appdata\roaming\337 Wallpaper2013-09-11 16:20:13 -------- d-----w- c:\programdata\Freemake2013-09-11 16:20:01 -------- d-----w- c:\program files\Freemake2013-09-11 15:46:39 -------- d-----w- c:\users\user\appdata\roaming\EurekaLog2013-09-11 15:46:16 -------- d-----w- c:\program files\FDRLab2013-09-11 08:01:23 -------- d-----w- c:\users\user\appdata\local\Programs2013-08-23 06:51:30 -------- d-----w- c:\program files\USBAntivirus.==================== Find3M ====================.2013-07-11 07:53:08 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll2013-07-11 07:53:05 867240 ----a-w- c:\windows\system32\npDeployJava1.dll2013-07-11 07:53:05 789416 ----a-w- c:\windows\system32\deployJava1.dll.============= FINISH: 18:03:18.23 =============== ATTACH.TXT .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1Install Date: 23-12-2009 15:28:08System Uptime: 14-09-2013 17:48:51 (1 hours ago).Motherboard: Acer | | Aspire 4736 Processor: Intel® Core2 Duo CPU T6600 @ 2.20GHz | uPGA-478 | 1188/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 45 GiB total, 7.819 GiB free.D: is FIXED (NTFS) - 84 GiB total, 63.307 GiB free.E: is FIXED (NTFS) - 84 GiB total, 43.688 GiB free.F: is FIXED (NTFS) - 84 GiB total, 52.023 GiB free.G: is CDROM ()J: is CDROM (CDFS)K: is Removable.==== Disabled Device Manager Items =============.Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: Officejet 4500 G510n-zDevice ID: ROOT\MULTIFUNCTION\0000Manufacturer: HPName: Officejet 4500 G510n-zPNP Device ID: ROOT\MULTIFUNCTION\0000Service: .Class GUID: Description: Officejet Pro 8500 A909gDevice ID: ROOT\MULTIFUNCTION\0001Manufacturer: Name: Officejet Pro 8500 A909gPNP Device ID: ROOT\MULTIFUNCTION\0001Service: .Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: Officejet Pro 8500 A909gDevice ID: ROOT\MULTIFUNCTION\0002Manufacturer: HPName: Officejet Pro 8500 A909gPNP Device ID: ROOT\MULTIFUNCTION\0002Service: .Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: HP LaserJet P4014Device ID: ROOT\MULTIFUNCTION\0003Manufacturer: Hewlett-PackardName: HP LaserJet P4014PNP Device ID: ROOT\MULTIFUNCTION\0003Service: .Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: Officejet 4500 G510g-mDevice ID: ROOT\MULTIFUNCTION\0004Manufacturer: HPName: Officejet 4500 G510g-mPNP Device ID: ROOT\MULTIFUNCTION\0004Service: .Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: HP LaserJet P4014Device ID: ROOT\MULTIFUNCTION\0005Manufacturer: Hewlett-PackardName: HP LaserJet P4014PNP Device ID: ROOT\MULTIFUNCTION\0005Service: .Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}Description: mscankDevice ID: ROOT\LEGACY_MSCANK\0000Manufacturer: Name: mscankPNP Device ID: ROOT\LEGACY_MSCANK\0000Service: mscank.Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: Officejet 6500 E710n-zDevice ID: ROOT\MULTIFUNCTION\0006Manufacturer: HPName: Officejet 6500 E710n-zPNP Device ID: ROOT\MULTIFUNCTION\0006Service: .Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}Description: Officejet 4500 G510n-zDevice ID: ROOT\IMAGE\0000Manufacturer: HPName: Officejet 4500 G510n-zPNP Device ID: ROOT\IMAGE\0000Service: StillCam.==== System Restore Points ===================.RP236: 05-09-2013 16:04:53 - Scheduled Checkpoint.==== Installed Programs ======================.µTorrent32 Bit HP CIO Components Installer4500_G510nz_Help4500G510nz4500G510nz_Software_MinAcer Bio ProtectionAcer Crystal Eye WebcamAcrobat.comAdobe AIRAdobe Flash Player 11 ActiveXAdobe Photoshop 7.0Adobe Reader 9.5.2 MUIAdobe Shockwave Player 11.5Ahead Nero Burning ROMALPS Touch Pad DriverAtheros Communications Inc.® AR81Family Gigabit/Fast Ethernet DriverAuthenTec Fingerprint SoftwareAutoCAD 2013 - EnglishAutoCAD 2013 Language Pack - EnglishAutodesk Content ServiceAutodesk Content Service Language PackAutodesk Material Library 2013Autodesk Material Library Base Resolution Image Library 2013Autodesk SyncBroadcom Wireless LAN Driver Installation Program for Windows7BtwMfcMMBufferChmcalibreCCleanerConduit EngineCutePDF Writer 2.8DestinationsDeviceDiscoveryDivX SetupDjVuLibre+DjViewDocMgrDocProcESET Online Scanner v3FARO LS 1.1.406.58FaxFingerprint SolutionGoogle ChromeGoogle EarthGoogle Input BengaliGoogle Input ToolsGoogle Talk PluginGoogle Update HelperGoToMeeting 5.1.0.880GPBaseService2HP Customer Participation Program 13.0HP Document Manager 2.0HP Imaging Device Functions 13.0HP Officejet 4500 G510n-zHP Smart Web Printing 4.5HP Solution Center 13.0HP UpdateHPProductAssistantHPSSupplyIntel® Graphics Media Accelerator DriverIntel® TV WizardIntel® Matrix Storage ManagerJava 7 Update 25Java Auto UpdaterJMicron Flash Media Controller DriverLeapfrog Viewer version 2MapInfo Beta DataMapInfo Professional 9.5MarketResearchMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Enterprise 2007Microsoft Office Excel MUI (English) 2007Microsoft Office Groove MUI (English) 2007Microsoft Office Groove Setup Metadata MUI (English) 2007Microsoft Office InfoPath MUI (English) 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)NetworkOCR Software by I.R.I.S. 13.0PowerDVDQuick Heal Total SecurityRealtek High Definition Audio DriverRealtek USB 2.0 Card ReaderReliance 3GReliance Netconnect - Broadband+ScanShop for HP SuppliesSkype Click to CallSkype™ 6.6SmartWebPrintingSolutionCenterSonicWALL SSL-VPN NetExtenderStatusSynaptics Pointing Device DriverTeamViewer 7ToolboxTrayAppUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2468871)uTorrentBar ToolbarVC80CRTRedist - 8.0.50727.4053VideoLAN VLC media player 0.8.6bVS10RuntimeWin32WebRegWinRAR archiverYahoo! MessengerYahoo! Software Update.==== Event Viewer Messages From Past Week ========.14-09-2013 17:50:59, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.14-09-2013 17:50:20, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.14-09-2013 17:49:24, Error: Service Control Manager [7000] - The Security Center service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.14-09-2013 17:49:12, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.14-09-2013 17:49:12, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.14-09-2013 17:49:11, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.12-09-2013 20:53:33, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.12-09-2013 20:53:06, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}12-09-2013 20:51:58, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.12-09-2013 20:51:57, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}12-09-2013 20:51:57, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}12-09-2013 20:51:56, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}12-09-2013 20:51:56, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}12-09-2013 20:51:54, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}12-09-2013 20:51:47, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}12-09-2013 20:51:33, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache ggc NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf wstif12-09-2013 20:51:33, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.12-09-2013 20:51:33, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.12-09-2013 20:51:33, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.12-09-2013 20:51:33, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.12-09-2013 20:51:33, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.12-09-2013 20:51:33, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.12-09-2013 20:51:33, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.12-09-2013 20:51:33, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.12-09-2013 20:51:33, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.12-09-2013 20:51:33, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.12-09-2013 20:46:44, Error: Service Control Manager [7022] - The Online Protection System service hung on starting.12-09-2013 20:42:07, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.12-09-2013 11:57:48, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the UI Assistant Service service to connect.12-09-2013 11:57:48, Error: Service Control Manager [7000] - The UI Assistant Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.12-09-2013 09:41:07, Error: Service Control Manager [7034] - The FreemakeVideoCapture service terminated unexpectedly. It has done this 1 time(s).12-09-2013 09:36:26, Error: Service Control Manager [7000] - The WinPcap Packet Driver (NPF) service failed to start due to the following error: The system cannot find the file specified.12-09-2013 07:07:27, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.12-09-2013 07:07:27, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.12-09-2013 07:06:57, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.12-09-2013 07:06:57, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.11-09-2013 22:03:45, Error: Service Control Manager [7034] - The WinZiper service service terminated unexpectedly. It has done this 1 time(s).10-09-2013 21:48:02, Error: Service Control Manager [7031] - The Autodesk Content Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.08-09-2013 20:45:01, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.07-09-2013 09:18:16, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).07-09-2013 09:18:16, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.07-09-2013 09:18:16, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}.==== End Of File =========================== ansMBR.dat aswMBR version 0.9.9.1771 Copyright© 2011 AVAST SoftwareRun date: 2013-09-14 18:07:51-----------------------------18:07:51.210 OS Version: Windows 6.1.7600 18:07:51.210 Number of processors: 2 586 0x170A18:07:51.212 ComputerName: USER-PC UserName: user18:07:52.078 Initialize success18:08:11.266 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-118:08:11.270 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 318:08:11.368 Disk 0 MBR read successfully18:08:11.372 Disk 0 MBR scan18:08:11.377 Disk 0 Windows 7 default MBR code18:08:11.382 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 46077 MB offset 6318:08:11.387 Disk 0 Partition - 00 0F Extended LBA 259157 MB offset 9436581018:08:11.408 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 86388 MB offset 9436587318:08:11.415 Disk 0 Partition - 00 05 Extended 86388 MB offset 27128965518:08:11.433 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 86388 MB offset 27128971818:08:11.442 Disk 0 Partition - 00 05 Extended 86380 MB offset 62513734518:08:11.464 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 86380 MB offset 44821356318:08:11.474 Disk 0 scanning sectors +62512128018:08:11.568 Disk 0 scanning C:\Windows\system32\drivers18:08:17.327 Service scanning18:08:39.159 Modules scanning18:08:46.834 Disk 0 trace - called modules:18:08:46.846 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll dxgkrnl.sys igdkmd32.sys dxgmms1.sys 18:08:46.852 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87a89030]18:08:46.859 3 CLASSPNP.SYS[8c58e59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86c31028]18:08:46.865 Scan finished successfully18:10:06.082 Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"18:10:06.089 The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt" With Regards, Prabir
  7. Hi Marius, Thanks for your response and extending your help. Please see below the log pasted. C:\Users\user\AppData\Local\Temp\79312B7.tmp multiple threatsC:\Users\user\AppData\Local\Temp\7933600.tmp a variant of Win32/ELEX.L applicationC:\Users\user\AppData\Local\Temp\7934415.tmp multiple threatsC:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\415a8fa8-5fbae3b0 Java/Exploit.Agent.NRV trojanC:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\5aceb1f2-56305206 multiple threatsC:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\5488f5b7-7956d77e multiple threatsC:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\3ea43786-2f0bbe4b multiple threatsC:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6263f106-7e6b3103 a variant of Java/TrojanDownloader.OpenStream.NCM trojanC:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\21b9c4c8-274d7488 Java/Exploit.CVE-2013-0422.CV trojanC:\Users\user\Desktop - Copy\LaunchManager_Dritek_2.0.00_Vistax64Vistax86_A.zip multiple threatsF:\26.03.2012\Desktop\LaunchManager_Dritek_2.0.00_Vistax64Vistax86_A.zip multiple threatsF:\Programs\LaunchManager_Dritek_2.0.00_Vistax64Vistax86_A.zip multiple threatsH:\Prabir\Personal\Movies\English\BSPlayer Pro 2.56 Build 1043\keygen.rar a variant of Win32/Keygen.AC application After the scan is completed, I enabled my Quick Heal Total Security and it again gave me the same messages for my external hard drives as I had posted earlier. Please guide me what to do next. ​I don't have a continuous access to internet. So please bear with my delay in response. With Regards,Prabir
  8. As soon as I plug my external drive to my PC my QuickHeal antivirus gives me the following message. It doesn't repair the file or clean the infection but just display the message that the file is skipped. I am afraid of using the external drive that it may infect my PC as well. But i can't do a full formatting as well as I have a lot of my work files in it which I need to back up or copy before I format the whole drive. Please some one help to remove/clean the infection from my external drive. Also, why my antivirus is not cleaning the infection as it is a paid and full version one!!! H:\Prabir\Personal\Other Programs\Downloads\FruityLoops355_Demo_Install.exe/FruityLoopsEngine.dll Detected: "Trojan.Black.a.n9" File is skipped H:\Prabir\Personal\Other Programs\Downloads\FruityLoops355_Demo_Install.exe File is skipped H:\Prabir\Personal\Other Programs\Downloads\Downloadz\Codecs\need_this_to_play_smr_avi_movies.zip/setup.exe Detected: "Trojan.Agent.ATV.n8" File is skipped H:\Prabir\Personal\Other Programs\Downloads\Downloadz\Codecs\need_this_to_play_smr_avi_movies.zip File is skipped H:\Prabir\Personal\Other Programs\Downloads\Downloadz\Codecs\smrpatchsetup.zip/setup.exe Detected: "Trojan.Agent.ATV.n8" File is skipped Regards, Prabir
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.