Jump to content

system running slow.


Recommended Posts

i some how installed delta search and when it tried to change my firefox home page,i removed it using Adwcleaner. the problem was solved but when i scan my system with Mbam it shows pup.optional.delta file and folder and when mbam removes and reboots it reappears when i scan again. it comes back again and again. so,please show mea solution to this problem and let me also know if any safety measures are necessary.i am posting the logs.

---------------------------------------------------------------------------------------------------------

DDS.txt

---------------------------------------------------------------------------------------------------------

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16660

Run by Kishore Reddy at 22:27:13 on 2013-08-22

Microsoft Windows 7 Home Basic 6.1.7601.1.1252.91.1033.18.2807.1430 [GMT 5.5:30]

.

AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Program Files\Sandboxie\SbieSvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Users\KISHOR~1\AppData\Local\Temp\7zO41B1B645\NoAutorun.exe

C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe

C:\ProgramData\Aircel\OnlineUpdate\ouc.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe

C:\Windows\System32\igfxtray.exe

C:\Program Files (x86)\Launch Manager\dsiwmis.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Program Files\Sandboxie\SbieCtrl.exe

C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

C:\ProgramData\DatacardService\HWDeviceService64.exe

C:\ProgramData\DatacardService\DCSHelper.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe

C:\Program Files (x86)\ThreatFire\TFTray.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

C:\Program Files (x86)\Secunia\PSI\PSIA.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Program Files (x86)\ThreatFire\TFService.exe

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

c:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\PROGRAM FILES (X86)\NEWTECH INFOSYSTEMS\ACER BACKUP MANAGER\BACKUPMANAGERTRAY.EXE

C:\PROGRAM FILES\REALTEK\AUDIO\HDA\RAVCPL64.EXE

C:\Program Files (x86)\FireTrust\MailWasher\MailWasher.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uWindow Title = Windows Internet Explorer provided by MSN and Bing

mWinlogon: Userinit = userinit.exe,

BHO: AutorunsDisabled -

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll

Notify: SDWinLogon - SDWinLogon.dll

SSODL: WebCheck -

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

IFEO: taskmgr.exe - "C:\USERS\KISHORE REDDY\DOWNLOADS\NEW PROG\PROCESSEXPLORER\PROCEXP.EXE"

x64-BHO: AutorunsDisabled -

x64-BHO: cardisabled -

x64-BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} -

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Run: [ETDWare] C:\Program Files (x86)\elantech\etdctrl.exe

x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

.

INFO: x64-HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

x64-Handler: AutorunsDisabled -

x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck -

x64-IFEO: taskmgr.exe - "C:\USERS\KISHORE REDDY\DOWNLOADS\NEW PROG\PROCESSEXPLORER\PROCEXP.EXE"

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]

R0 TfFsMon;TfFsMon;C:\Windows\System32\drivers\TfFsMon.sys [2012-11-16 65072]

R0 TfSysMon;TfSysMon;C:\Windows\System32\drivers\TfSysMon.sys [2012-11-16 59880]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-3-16 283200]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-8 143088]

R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-4-5 528192]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 DirMngr;DirMngr;C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [2013-5-28 218112]

R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-8-31 321104]

R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-1-8 868896]

R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]

R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe [2011-3-14 346976]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-8-31 13336]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-30 418376]

R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 139616]

R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-29 255744]

R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-12-30 1103392]

R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-12-30 1369624]

R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-12-30 168384]

R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-14 994360]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2013-2-3 11576]

R2 ThreatFire;ThreatFire;C:\Program Files (x86)\ThreatFire\TFService.exe service --> C:\Program Files (x86)\ThreatFire\TFService.exe service [?]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-3 13784]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-8-31 2320920]

R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-8-31 243232]

R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-8-31 135560]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-8-31 56344]

R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2013-8-3 90112]

R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-8-31 158976]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-8-31 287232]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-5-15 384040]

R3 KeyScrambler;KeyScrambler;C:\Windows\System32\drivers\keyscrambler.sys [2012-5-21 222232]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-4-5 25928]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600]

R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]

R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-12-16 202632]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 TfNetMon;TfNetMon;C:\Windows\System32\drivers\TfNetMon.sys [2012-11-16 41888]

S2 Aircel. RunOuc;Aircel. OUC;C:\Program Files (x86)\Aircel\UpdateDog\ouc.exe [2013-8-3 655744]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-30 701512]

S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2011-1-8 342056]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-1-8 39464]

S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2013-8-3 117248]

S3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\System32\drivers\ew_usbenumfilter.sys [2013-8-3 13952]

S3 HitmanPro37Crusader;HitmanPro 3.7 Crusader;C:\Users\Kishore Reddy\Downloads\HitmanPro36_x64.exe [2012-11-10 9853928]

S3 huawei_cdcacm;huawei_cdcacm;C:\Windows\System32\drivers\ew_jucdcacm.sys [2013-8-3 104960]

S3 huawei_ext_ctrl;huawei_ext_ctrl;C:\Windows\System32\drivers\ew_juextctrl.sys [2013-8-3 30720]

S3 huawei_wwanecm;huawei_wwanecm;C:\Windows\System32\drivers\ew_juwwanecm.sys [2013-8-3 239104]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-24 19456]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-1-8 246376]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-24 57856]

S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-3 126352]

S3 ztemtusbser;ZTEMT Legacy Serial Communication;C:\Windows\System32\drivers\CT_ZTEMT_U_USBSER.sys [2011-8-30 120704]

S4 avgwd;AVG WatchDog;"C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" --> C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [?]

S4 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2013-4-10 168592]

.

=============== Created Last 30 ================

.

2013-08-22 06:54:29 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EA915592-C61B-4301-854F-05A11C33AD7B}\mpengine.dll

2013-08-21 16:20:34 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-08-21 13:38:35 0 ----a-w- C:\Windows\SysWow64\shoE566.tmp

2013-08-18 12:39:11 -------- d-----w- C:\CCE_Quarantine

2013-08-18 12:16:52 -------- d-----w- C:\Users\Kishore Reddy\AppData\Roaming\Comodo

2013-08-15 05:38:56 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys

2013-08-15 05:38:55 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-08-15 05:38:32 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-08-15 05:38:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-08-15 05:38:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-08-15 05:38:30 1732032 ----a-w- C:\Windows\System32\ntdll.dll

2013-08-15 05:38:29 243712 ----a-w- C:\Windows\System32\wow64.dll

2013-08-15 05:38:29 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll

2013-08-15 05:38:28 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-08-15 05:38:27 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-08-15 05:38:27 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-08-15 05:38:27 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-08-15 05:38:27 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-08-15 03:21:12 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll

2013-08-15 03:21:12 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-08-15 03:21:12 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-08-15 03:21:12 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-08-15 03:20:52 224256 ----a-w- C:\Windows\System32\wintrust.dll

2013-08-15 03:20:52 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-08-15 03:20:52 1472512 ----a-w- C:\Windows\System32\crypt32.dll

2013-08-15 03:20:52 139776 ----a-w- C:\Windows\System32\cryptnet.dll

2013-08-15 03:19:39 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2013-08-15 03:19:25 2048 ----a-w- C:\Windows\System32\tzres.dll

2013-08-15 03:19:17 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2013-08-15 03:19:17 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

2013-08-15 03:18:51 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll

2013-08-15 03:18:48 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll

2013-08-12 11:52:42 0 ----a-w- C:\Windows\SysWow64\sho2A51.tmp

2013-08-10 17:43:26 0 ----a-w- C:\Windows\SysWow64\shoF615.tmp

2013-08-08 10:14:36 -------- d-----w- C:\Users\Kishore Reddy\AppData\Local\FreeOCR

2013-08-08 10:05:38 2680320 ----a-w- C:\Windows\SysWow64\ImageEnXLibrary.ocx

2013-08-08 10:05:34 -------- d-----w- C:\FreeOCR

2013-08-07 16:52:29 -------- d-----w- C:\Users\Kishore Reddy\AppData\Local\gtk-2.0

2013-08-07 16:46:27 -------- d-----w- C:\Users\Kishore Reddy\AppData\Roaming\.kde

2013-08-03 08:04:07 76288 ----a-w- C:\Windows\System32\drivers\ew_jucdcecm.sys

2013-08-03 08:04:07 30720 ----a-w- C:\Windows\System32\drivers\ew_juextctrl.sys

2013-08-03 08:04:07 239104 ----a-w- C:\Windows\System32\drivers\ew_juwwanecm.sys

2013-08-03 08:04:07 104960 ----a-w- C:\Windows\System32\drivers\ew_jucdcacm.sys

2013-08-03 08:04:06 90112 ----a-w- C:\Windows\System32\drivers\ew_jubusenum.sys

2013-08-03 08:04:06 451072 ----a-w- C:\Windows\System32\drivers\ewusbwwan.sys

2013-08-03 08:04:06 32768 ----a-w- C:\Windows\System32\drivers\ewdcsc.sys

2013-08-03 08:04:06 225920 ----a-w- C:\Windows\System32\drivers\ewusbmdm.sys

2013-08-03 08:04:06 22016 ----a-w- C:\Windows\System32\drivers\ew_hwupgrade.sys

2013-08-03 08:04:06 13952 ----a-w- C:\Windows\System32\drivers\ew_usbenumfilter.sys

2013-08-03 08:04:06 117248 ----a-w- C:\Windows\System32\drivers\ew_hwusbdev.sys

2013-08-03 08:04:06 1001472 ----a-w- C:\Windows\System32\drivers\mod7700.sys

2013-08-03 08:03:00 -------- d-----w- C:\Program Files (x86)\Aircel

2013-07-30 16:24:00 -------- d-----w- C:\Python27

2013-07-30 08:46:01 -------- d-----w- C:\Users\Kishore Reddy\AppData\Roaming\TuneUp Software

2013-07-30 07:42:59 0 ----a-w- C:\Windows\SysWow64\shoA49B.tmp

2013-07-28 10:47:16 0 ----a-w- C:\Windows\SysWow64\sho30D4.tmp

.

==================== Find3M ====================

.

2013-08-19 07:30:50 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-08-19 07:30:49 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-07-22 09:24:08 0 ----a-w- C:\Windows\SysWow64\sho6C2F.tmp

2013-07-11 08:25:52 0 ----a-w- C:\Windows\SysWow64\sho8EE6.tmp

2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2013-07-05 08:56:58 0 ----a-w- C:\Windows\SysWow64\sho9EF0.tmp

2013-07-04 09:02:35 0 ----a-w- C:\Windows\SysWow64\sho191D.tmp

2013-07-01 16:51:34 0 ----a-w- C:\Windows\SysWow64\sho69CC.tmp

2013-06-29 09:19:32 0 ----a-w- C:\Windows\SysWow64\shoDD37.tmp

2013-06-28 12:19:59 0 ----a-w- C:\Windows\SysWow64\sho9543.tmp

2013-06-25 09:40:08 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-06-25 09:40:08 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-06-19 16:46:33 0 ----a-w- C:\Windows\SysWow64\sho4FB7.tmp

2013-06-18 16:20:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys

2013-06-18 16:20:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys

2013-06-13 09:53:51 0 ----a-w- C:\Windows\SysWow64\shoE561.tmp

2013-06-12 10:56:09 0 ----a-w- C:\Windows\SysWow64\sho4911.tmp

2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll

2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll

2013-06-02 16:05:38 0 ----a-w- C:\Windows\SysWow64\sho50CF.tmp

2013-05-31 16:57:02 0 ----a-w- C:\Windows\SysWow64\shoCC38.tmp

2013-05-07 14:33:38 10965504 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe

.

============= FINISH: 22:28:50.76 ===============

--------------------------------------------------------------------------------------------------------

Attach.txt

---------------------------------------------------------------------------------------------------------

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Basic

Boot Device: \Device\HarddiskVolume2

Install Date: 17-08-2011 21:20:17

System Uptime: 22-08-2013 18:55:19 (4 hours ago)

.

Motherboard: Acer | | Aspire 5742

Processor: Intel® Core i5 CPU M 480 @ 2.67GHz | CPU | 1173/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 453 GiB total, 391.043 GiB free.

D: is CDROM ()

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP709: 15-08-2013 00:14:38 - Restore Operation

RP710: 15-08-2013 00:25:15 - Windows Update

RP711: 15-08-2013 08:46:11 - Windows Update

RP712: 15-08-2013 09:27:36 - Restore Operation

RP713: 15-08-2013 09:40:47 - Windows Update

RP714: 15-08-2013 16:29:15 - Windows Update

RP715: 17-08-2013 19:23:25 - 17/08/2013

RP716: 18-08-2013 18:48:40 - 18/08/2013

RP717: 18-08-2013 19:00:07 - Windows Backup

RP718: 18-08-2013 19:49:05 - Windows Update

RP720: 18-08-2013 21:38:26 - Microsoft Antimalware Checkpoint

RP721: 19-08-2013 12:57:35 - 19/08/2013

RP722: 21-08-2013 21:49:55 - Windows Update

.

==== Installed Programs ======================

.

.

==== End Of File ===========================

Link to post
Share on other sites
  • Replies 210
  • Created
  • Last Reply

Hello scorpian and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Your log files are fragmented. Please post them again.
Link to post
Share on other sites

Hello Borislav,i am really thankfull to you for your help in advance.

except MBAM, no other scan is showing delta.

the logs are as follows:

 

 DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 10.0.9200.16660
Run by Kishore Reddy at 22:27:13 on 2013-08-22
Microsoft Windows 7 Home Basic   6.1.7601.1.1252.91.1033.18.2807.1430 [GMT 5.5:30]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Users\KISHOR~1\AppData\Local\Temp\7zO41B1B645\NoAutorun.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\ProgramData\Aircel\OnlineUpdate\ouc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\ProgramData\DatacardService\HWDeviceService64.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
C:\Program Files (x86)\ThreatFire\TFTray.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\ThreatFire\TFService.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\PROGRAM FILES (X86)\NEWTECH INFOSYSTEMS\ACER BACKUP MANAGER\BACKUPMANAGERTRAY.EXE
C:\PROGRAM FILES\REALTEK\AUDIO\HDA\RAVCPL64.EXE
C:\Program Files (x86)\FireTrust\MailWasher\MailWasher.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title = Windows Internet Explorer provided by MSN and Bing
mWinlogon: Userinit = userinit.exe,
BHO: AutorunsDisabled - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll
BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
uRun: [sandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
mRun: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe
mRun: [KeyScrambler] C:\Program Files (x86)\KeyScrambler\keyscrambler.exe /a
mRun: [LManager] c:\program files (x86)\launch manager\lmanager.exe
mRun: [iAStorIcon] c:\program files (x86)\intel\intel® rapid storage technology\iastoricon.exe
mRun: [sDTray] c:\program files (x86)\spybot - search & destroy 2\sdtray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:124
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: Free YouTube Download - C:\Users\Kishore Reddy\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - C:\Users\Kishore Reddy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: lastpass - C:\Users\Kishore Reddy\AppData\LocalLow\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Users\Kishore Reddy\AppData\LocalLow\lastpass\context.html?cmd=fillforms
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: Interfaces\{74014D15-BF53-4AB2-8AE3-B51DF324B05C} : DHCPNameServer = 168.95.1.1
TCP: Interfaces\{A20E3932-DF94-4653-BC8A-7A2694250D5A} : DHCPNameServer = 10.10.0.1
TCP: Interfaces\{F893701F-8C69-4B7A-9239-8A552C12ECDE} : NameServer = 101.223.255.141 101.223.255.142
Handler: AutorunsDisabled - <Clsid value has no data>
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: taskmgr.exe - "C:\USERS\KISHORE REDDY\DOWNLOADS\NEW PROG\PROCESSEXPLORER\PROCEXP.EXE"
x64-BHO: AutorunsDisabled - <orphaned>
x64-BHO: cardisabled - <orphaned>
x64-BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [ETDWare] C:\Program Files (x86)\elantech\etdctrl.exe
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: AutorunsDisabled - <Clsid value has no data>
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-IFEO: taskmgr.exe - "C:\USERS\KISHORE REDDY\DOWNLOADS\NEW PROG\PROCESSEXPLORER\PROCEXP.EXE"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R0 TfFsMon;TfFsMon;C:\Windows\System32\drivers\TfFsMon.sys [2012-11-16 65072]
R0 TfSysMon;TfSysMon;C:\Windows\System32\drivers\TfSysMon.sys [2012-11-16 59880]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-3-16 283200]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-8 143088]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-4-5 528192]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DirMngr;DirMngr;C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [2013-5-28 218112]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-8-31 321104]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-1-8 868896]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe [2011-3-14 346976]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-8-31 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-30 418376]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 139616]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-29 255744]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-12-30 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-12-30 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-12-30 168384]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-14 994360]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2013-2-3 11576]
R2 ThreatFire;ThreatFire;C:\Program Files (x86)\ThreatFire\TFService.exe service --> C:\Program Files (x86)\ThreatFire\TFService.exe service [?]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-3 13784]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-8-31 2320920]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-8-31 243232]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-8-31 135560]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-8-31 56344]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2013-8-3 90112]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-8-31 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-8-31 287232]
R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-5-15 384040]
R3 KeyScrambler;KeyScrambler;C:\Windows\System32\drivers\keyscrambler.sys [2012-5-21 222232]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-4-5 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-12-16 202632]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TfNetMon;TfNetMon;C:\Windows\System32\drivers\TfNetMon.sys [2012-11-16 41888]
S2 Aircel. RunOuc;Aircel. OUC;C:\Program Files (x86)\Aircel\UpdateDog\ouc.exe [2013-8-3 655744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-30 701512]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2011-1-8 342056]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-1-8 39464]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2013-8-3 117248]
S3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\System32\drivers\ew_usbenumfilter.sys [2013-8-3 13952]
S3 HitmanPro37Crusader;HitmanPro 3.7 Crusader;C:\Users\Kishore Reddy\Downloads\HitmanPro36_x64.exe [2012-11-10 9853928]
S3 huawei_cdcacm;huawei_cdcacm;C:\Windows\System32\drivers\ew_jucdcacm.sys [2013-8-3 104960]
S3 huawei_ext_ctrl;huawei_ext_ctrl;C:\Windows\System32\drivers\ew_juextctrl.sys [2013-8-3 30720]
S3 huawei_wwanecm;huawei_wwanecm;C:\Windows\System32\drivers\ew_juwwanecm.sys [2013-8-3 239104]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-24 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-1-8 246376]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-24 57856]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-3 126352]
S3 ztemtusbser;ZTEMT Legacy Serial Communication;C:\Windows\System32\drivers\CT_ZTEMT_U_USBSER.sys [2011-8-30 120704]
S4 avgwd;AVG WatchDog;"C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" --> C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [?]
S4 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2013-4-10 168592]
.
=============== Created Last 30 ================
.
2013-08-22 06:54:29 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EA915592-C61B-4301-854F-05A11C33AD7B}\mpengine.dll
2013-08-21 16:20:34 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-21 13:38:35 0 ----a-w- C:\Windows\SysWow64\shoE566.tmp
2013-08-18 12:39:11 -------- d-----w- C:\CCE_Quarantine
2013-08-18 12:16:52 -------- d-----w- C:\Users\Kishore Reddy\AppData\Roaming\Comodo
2013-08-15 05:38:56 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-08-15 05:38:55 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-08-15 05:38:32 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-15 05:38:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-15 05:38:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-15 05:38:30 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-15 05:38:29 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-15 05:38:29 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-15 05:38:28 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-15 05:38:27 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-15 05:38:27 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-15 05:38:27 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-15 05:38:27 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-15 03:21:12 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-08-15 03:21:12 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-08-15 03:21:12 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-08-15 03:21:12 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-08-15 03:20:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-08-15 03:20:52 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-08-15 03:20:52 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-08-15 03:20:52 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-08-15 03:19:39 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-08-15 03:19:25 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-08-15 03:19:17 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-08-15 03:19:17 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-08-15 03:18:51 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-08-15 03:18:48 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-08-12 11:52:42 0 ----a-w- C:\Windows\SysWow64\sho2A51.tmp
2013-08-10 17:43:26 0 ----a-w- C:\Windows\SysWow64\shoF615.tmp
2013-08-08 10:14:36 -------- d-----w- C:\Users\Kishore Reddy\AppData\Local\FreeOCR
2013-08-08 10:05:38 2680320 ----a-w- C:\Windows\SysWow64\ImageEnXLibrary.ocx
2013-08-08 10:05:34 -------- d-----w- C:\FreeOCR
2013-08-07 16:52:29 -------- d-----w- C:\Users\Kishore Reddy\AppData\Local\gtk-2.0
2013-08-07 16:46:27 -------- d-----w- C:\Users\Kishore Reddy\AppData\Roaming\.kde
2013-08-03 08:04:07 76288 ----a-w- C:\Windows\System32\drivers\ew_jucdcecm.sys
2013-08-03 08:04:07 30720 ----a-w- C:\Windows\System32\drivers\ew_juextctrl.sys
2013-08-03 08:04:07 239104 ----a-w- C:\Windows\System32\drivers\ew_juwwanecm.sys
2013-08-03 08:04:07 104960 ----a-w- C:\Windows\System32\drivers\ew_jucdcacm.sys
2013-08-03 08:04:06 90112 ----a-w- C:\Windows\System32\drivers\ew_jubusenum.sys
2013-08-03 08:04:06 451072 ----a-w- C:\Windows\System32\drivers\ewusbwwan.sys
2013-08-03 08:04:06 32768 ----a-w- C:\Windows\System32\drivers\ewdcsc.sys
2013-08-03 08:04:06 225920 ----a-w- C:\Windows\System32\drivers\ewusbmdm.sys
2013-08-03 08:04:06 22016 ----a-w- C:\Windows\System32\drivers\ew_hwupgrade.sys
2013-08-03 08:04:06 13952 ----a-w- C:\Windows\System32\drivers\ew_usbenumfilter.sys
2013-08-03 08:04:06 117248 ----a-w- C:\Windows\System32\drivers\ew_hwusbdev.sys
2013-08-03 08:04:06 1001472 ----a-w- C:\Windows\System32\drivers\mod7700.sys
2013-08-03 08:03:00 -------- d-----w- C:\Program Files (x86)\Aircel
2013-07-30 16:24:00 -------- d-----w- C:\Python27
2013-07-30 08:46:01 -------- d-----w- C:\Users\Kishore Reddy\AppData\Roaming\TuneUp Software
2013-07-30 07:42:59 0 ----a-w- C:\Windows\SysWow64\shoA49B.tmp
2013-07-28 10:47:16 0 ----a-w- C:\Windows\SysWow64\sho30D4.tmp
.
==================== Find3M  ====================
.
2013-08-19 07:30:50 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-19 07:30:49 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-07-22 09:24:08 0 ----a-w- C:\Windows\SysWow64\sho6C2F.tmp
2013-07-11 08:25:52 0 ----a-w- C:\Windows\SysWow64\sho8EE6.tmp
2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-07-05 08:56:58 0 ----a-w- C:\Windows\SysWow64\sho9EF0.tmp
2013-07-04 09:02:35 0 ----a-w- C:\Windows\SysWow64\sho191D.tmp
2013-07-01 16:51:34 0 ----a-w- C:\Windows\SysWow64\sho69CC.tmp
2013-06-29 09:19:32 0 ----a-w- C:\Windows\SysWow64\shoDD37.tmp
2013-06-28 12:19:59 0 ----a-w- C:\Windows\SysWow64\sho9543.tmp
2013-06-25 09:40:08 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-06-25 09:40:08 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-19 16:46:33 0 ----a-w- C:\Windows\SysWow64\sho4FB7.tmp
2013-06-18 16:20:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-06-18 16:20:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-06-13 09:53:51 0 ----a-w- C:\Windows\SysWow64\shoE561.tmp
2013-06-12 10:56:09 0 ----a-w- C:\Windows\SysWow64\sho4911.tmp
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-06-02 16:05:38 0 ----a-w- C:\Windows\SysWow64\sho50CF.tmp
2013-05-31 16:57:02 0 ----a-w- C:\Windows\SysWow64\shoCC38.tmp
2013-05-07 14:33:38 10965504 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
.
============= FINISH: 22:28:50.76 ===============
 
 
 
 
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Basic 
Boot Device: \Device\HarddiskVolume2
Install Date: 17-08-2011 21:20:17
System Uptime: 22-08-2013 18:55:19 (4 hours ago)
.
Motherboard: Acer |  | Aspire 5742
Processor: Intel® Core i5 CPU       M 480  @ 2.67GHz | CPU | 1173/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 453 GiB total, 391.043 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP709: 15-08-2013 00:14:38 - Restore Operation
RP710: 15-08-2013 00:25:15 - Windows Update
RP711: 15-08-2013 08:46:11 - Windows Update
RP712: 15-08-2013 09:27:36 - Restore Operation
RP713: 15-08-2013 09:40:47 - Windows Update
RP714: 15-08-2013 16:29:15 - Windows Update
RP715: 17-08-2013 19:23:25 - 17/08/2013
RP716: 18-08-2013 18:48:40 - 18/08/2013
RP717: 18-08-2013 19:00:07 - Windows Backup
RP718: 18-08-2013 19:49:05 - Windows Update
RP720: 18-08-2013 21:38:26 - Microsoft Antimalware Checkpoint
RP721: 19-08-2013 12:57:35 - 19/08/2013
RP722: 21-08-2013 21:49:55 - Windows Update
.
==== Installed Programs ======================
.
.
==== End Of File ===========================
 
Link to post
Share on other sites

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
Step 3
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log
Link to post
Share on other sites

Earlier i tried to run JRT but was unable to run it . only a black screen opens and closes. shall i run these instructed applications being online or offline.

Link to post
Share on other sites

still unable to run JRL. the black box appears and closes immediately.

 

the AdwCleaner and MBAM logs are as follows:

 

----------------------------------------------------------------------------------------------------------------

----------------------------------------------------------------------------------------------------------------

 

# AdwCleaner v3.000 - Report created 23/08/2013 at 18:56:49
# Updated 20/08/2013 by Xplode
# Operating System : Windows 7 Home Basic Service Pack 1 (64 bits)
# Username : Kishore Reddy - KISHOREREDDY-PC
# Running from : C:\Users\Kishore Reddy\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\jetpack
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16660
 
 
-\\ Mozilla Firefox v23.0 (en-US)
 
[ File : C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\prefs.js ]
 
 
-\\ Google Chrome v29.0.1547.57
 
[ File : C:\Users\Kishore Reddy\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1614 octets] - [23/08/2013 18:56:49]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1674 octets] ##########
 
# AdwCleaner v3.000 - Report created 23/08/2013 at 19:01:04
# Updated 20/08/2013 by Xplode
# Operating System : Windows 7 Home Basic Service Pack 1 (64 bits)
# Username : Kishore Reddy - KISHOREREDDY-PC
# Running from : C:\Users\Kishore Reddy\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\jetpack
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16660
 
 
-\\ Mozilla Firefox v23.0 (en-US)
 
[ File : C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\prefs.js ]
 
 
-\\ Google Chrome v29.0.1547.57
 
[ File : C:\Users\Kishore Reddy\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1758 octets] - [23/08/2013 18:56:49]
AdwCleaner[s0].txt - [1693 octets] - [23/08/2013 19:01:04]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1753 octets] ##########
 
--------------------------------------------------------------------------------------------------------------
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.08.23.02
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Kishore Reddy :: KISHOREREDDY-PC [administrator]
 
23-08-2013 19:30:47
mbam-log-2013-08-23 (19-30-47).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 221800
Time elapsed: 12 minute(s), 21 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 1
c:\users\kishore reddy\appdata\roaming\delta (PUP.Optional.Delta) -> Quarantined and deleted successfully.
 
Files Detected: 1
c:\users\kishore reddy\appdata\roaming\delta\sqlite3.dll (PUP.Optional.Delta) -> Delete on reboot.
 
(end)
-------------------------------------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------------------------------------
 
 
Link to post
Share on other sites

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
Link to post
Share on other sites

Unable to complete the quick scan as OTL gets struck while scanning firefox settings and after a while shows as not responding.Disabled all system security programs.  

Link to post
Share on other sites

Even in safe mode with networking the same problem continues. it is  getting struck while scanning firefox settings. but it is not showing that the program is not responding. i want to know what time it takes to complete the quick scan. because i waited more than 20 minutes to complete the quick scan in safe mode but it was struck there for the whole time. now i am back to the normal mode. do i need to disable the firefox addons?

Link to post
Share on other sites

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

Sorry for the inconvenience. i was not giving time for the OTL to complete the scan. the scan was completed when i gave enough time. i scan was done in a normal mode.  thankyou for your precious time.

 

the logs are as follows:

----------------------------------------------------------------------------------------------------------------

 

OTL logfile created on: 8/24/2013 6:23:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kishore Reddy\Desktop
64bit- Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: India | Language: ENN | Date Format: dd-MM-yyyy
 
2.74 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 55.09% Memory free
5.48 Gb Paging File | 3.64 Gb Available in Paging File | 66.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.66 Gb Total Space | 390.84 Gb Free Space | 86.34% Space Free | Partition Type: NTFS
Drive F: | 66.82 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: KISHOREREDDY-PC | User Name: Kishore Reddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/08/24 11:45:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kishore Reddy\Desktop\OTL.exe
PRC - [2013/07/13 12:36:33 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/05/28 22:20:02 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
PRC - [2013/05/11 16:07:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/27 03:15:10 | 000,534,160 | ---- | M] (QFX Software Corporation) -- C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
PRC - [2013/02/25 17:52:42 | 000,528,192 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
PRC - [2012/11/13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012/11/13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012/11/13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012/11/13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012/11/13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012/11/02 18:00:40 | 000,524,800 | ---- | M] () -- C:\Program Files (x86)\Aircel\Aircel.exe
PRC - [2012/06/28 08:16:07 | 000,655,744 | ---- | M] () -- C:\ProgramData\Aircel\OnlineUpdate\ouc.exe
PRC - [2011/10/14 11:31:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2011/10/14 11:31:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/03/14 20:57:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2010/08/10 14:36:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/08/10 14:36:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/08/10 14:36:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/06/29 03:53:12 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010/06/29 03:53:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010/06/01 17:09:52 | 001,268,808 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
PRC - [2010/04/13 22:27:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/04/13 22:27:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/18 10:27:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 10:26:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/01/29 04:57:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/14 16:08:16 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFTray.exe
PRC - [2010/01/14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFService.exe
PRC - [2010/01/08 18:51:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/08/15 15:44:08 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\a813594aee7ca5ff5608765993abc02e\IAStorUtil.ni.dll
MOD - [2013/08/15 11:33:33 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\90f6d6f0e7424c9693b7c3ae1b7db9b5\System.Web.ni.dll
MOD - [2013/08/15 11:33:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\294a1aa4b856e10b5a715f5a19c30a29\System.Runtime.Remoting.ni.dll
MOD - [2013/08/15 11:32:33 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\869523b43080bd707966444972bc8eef\System.Windows.Forms.ni.dll
MOD - [2013/08/15 11:32:27 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ef9c62e7806b5f461a762709e3f531e\System.Drawing.ni.dll
MOD - [2013/08/15 11:32:06 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\0d9832db41355f50218a725bb28a1540\WindowsBase.ni.dll
MOD - [2013/08/15 11:32:00 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\20e3bd99d0fc9364e2a3a091d48786cd\System.Xml.ni.dll
MOD - [2013/08/15 11:31:56 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5ff08b75e9d6b5a898c6fe35bba608fb\System.Configuration.ni.dll
MOD - [2013/08/15 11:31:53 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\98707c4b7b8ecf87ae85618de04564c9\System.ni.dll
MOD - [2013/07/11 14:09:37 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\bb95b73d99bc2f61c750b3fa46f4f5a1\mscorlib.ni.dll
MOD - [2012/11/13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012/11/13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012/11/13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012/11/13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012/11/13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012/11/02 18:00:40 | 000,524,800 | ---- | M] () -- C:\Program Files (x86)\Aircel\Aircel.exe
MOD - [2012/10/31 17:47:27 | 000,313,344 | ---- | M] () -- C:\Program Files (x86)\Aircel\DiagnosisPlugin.dll
MOD - [2012/10/30 11:52:12 | 000,158,208 | ---- | M] () -- C:\Program Files (x86)\Aircel\Trace.dll
MOD - [2012/10/30 11:30:06 | 000,362,496 | ---- | M] () -- C:\Program Files (x86)\Aircel\NetConnectPlugin.dll
MOD - [2012/10/30 11:29:47 | 000,878,080 | ---- | M] () -- C:\Program Files (x86)\Aircel\SMSUIPlugin.dll
MOD - [2012/10/26 12:24:51 | 000,417,792 | ---- | M] () -- C:\Program Files (x86)\Aircel\CallLogUIPlugin.dll
MOD - [2012/10/26 12:24:16 | 000,316,928 | ---- | M] () -- C:\Program Files (x86)\Aircel\XFramePlugin.dll
MOD - [2012/10/26 12:23:43 | 000,523,776 | ---- | M] () -- C:\Program Files (x86)\Aircel\core.dll
MOD - [2012/10/25 16:57:19 | 000,148,480 | ---- | M] () -- C:\Program Files (x86)\Aircel\HomePlugin.dll
MOD - [2012/10/25 16:57:03 | 000,095,232 | ---- | M] () -- C:\Program Files (x86)\Aircel\PINSettingUIPlugin.dll
MOD - [2012/10/25 16:56:12 | 000,100,864 | ---- | M] () -- C:\Program Files (x86)\Aircel\DataUsagePlugin.dll
MOD - [2012/10/25 16:54:14 | 000,717,312 | ---- | M] () -- C:\Program Files (x86)\Aircel\CallUIPlugin.dll
MOD - [2012/10/25 16:52:25 | 000,502,272 | ---- | M] () -- C:\Program Files (x86)\Aircel\USSDUIPlugin.dll
MOD - [2012/10/25 16:51:38 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Aircel\AboutPlugin.dll
MOD - [2012/10/25 16:33:41 | 000,237,568 | ---- | M] () -- C:\Program Files (x86)\Aircel\ToolBarMgrPlugin.dll
MOD - [2012/10/25 16:33:01 | 000,332,288 | ---- | M] () -- C:\Program Files (x86)\Aircel\MenuMgrPlugin.dll
MOD - [2012/10/25 16:31:10 | 000,157,696 | ---- | M] () -- C:\Program Files (x86)\Aircel\SettingUIPlugin.dll
MOD - [2012/10/25 16:30:45 | 000,140,288 | ---- | M] () -- C:\Program Files (x86)\Aircel\EntertainmentUIPlugin.dll
MOD - [2012/10/25 16:30:23 | 000,117,760 | ---- | M] () -- C:\Program Files (x86)\Aircel\LayoutPlugin.dll
MOD - [2012/10/25 16:28:58 | 000,334,848 | ---- | M] () -- C:\Program Files (x86)\Aircel\StatusBarMgrPlugin.dll
MOD - [2012/10/25 16:27:56 | 000,583,168 | ---- | M] () -- C:\Program Files (x86)\Aircel\DeviceMgrUIPlugin.dll
MOD - [2012/10/25 16:27:03 | 000,572,928 | ---- | M] () -- C:\Program Files (x86)\Aircel\NetSettingPlugin.dll
MOD - [2012/10/25 16:25:34 | 000,819,712 | ---- | M] () -- C:\Program Files (x86)\Aircel\AddrBookUIPlugin.dll
MOD - [2012/10/25 16:24:15 | 000,097,792 | ---- | M] () -- C:\Program Files (x86)\Aircel\NotifyServicePlugin.dll
MOD - [2012/10/25 16:20:39 | 000,654,848 | ---- | M] () -- C:\Program Files (x86)\Aircel\DialupUIPlugin.dll
MOD - [2012/10/25 16:18:05 | 000,286,720 | ---- | M] () -- C:\Program Files (x86)\Aircel\sdk.dll
MOD - [2012/08/06 12:38:40 | 000,119,296 | ---- | M] () -- C:\Program Files (x86)\Aircel\ConnectMgrUIPlugin.dll
MOD - [2012/08/06 12:35:39 | 000,569,344 | ---- | M] () -- C:\Program Files (x86)\Aircel\CallLogSrvPlugin.dll
MOD - [2012/08/06 12:35:38 | 000,177,152 | ---- | M] () -- C:\Program Files (x86)\Aircel\CallSrvPlugin.dll
MOD - [2012/08/06 12:35:36 | 000,729,088 | ---- | M] () -- C:\Program Files (x86)\Aircel\DeviceSrvPlugin.dll
MOD - [2012/08/06 12:35:31 | 000,704,000 | ---- | M] () -- C:\Program Files (x86)\Aircel\SmsAppPlugin.dll
MOD - [2012/08/06 12:35:29 | 000,219,648 | ---- | M] () -- C:\Program Files (x86)\Aircel\SmsSrvPlugin.dll
MOD - [2012/08/06 12:35:26 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\Aircel\USSDSrvPlugin.dll
MOD - [2012/08/06 12:35:25 | 001,124,352 | ---- | M] () -- C:\Program Files (x86)\Aircel\AddrBookPlugin.dll
MOD - [2012/08/06 12:35:21 | 000,672,768 | ---- | M] () -- C:\Program Files (x86)\Aircel\AddrBookSrvPlugin.dll
MOD - [2012/08/06 12:35:20 | 000,241,152 | ---- | M] () -- C:\Program Files (x86)\Aircel\NetSrvPlugin.dll
MOD - [2012/08/06 12:35:19 | 000,646,144 | ---- | M] () -- C:\Program Files (x86)\Aircel\AtCodec.dll
MOD - [2012/08/06 12:35:19 | 000,195,584 | ---- | M] () -- C:\Program Files (x86)\Aircel\XCodec.dll
MOD - [2012/08/06 12:35:19 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Aircel\OSCall.dll
MOD - [2012/08/06 12:35:18 | 000,583,168 | ---- | M] () -- C:\Program Files (x86)\Aircel\PluginContainer.dll
MOD - [2012/08/06 12:35:17 | 000,730,624 | ---- | M] () -- C:\Program Files (x86)\Aircel\DeviceAppPlugin.dll
MOD - [2012/08/06 12:35:17 | 000,702,464 | ---- | M] () -- C:\Program Files (x86)\Aircel\NetInfoSrvPlugin.dll
MOD - [2012/08/06 12:35:17 | 000,187,392 | ---- | M] () -- C:\Program Files (x86)\Aircel\CallAppPlugin.dll
MOD - [2012/08/06 12:35:15 | 000,168,960 | ---- | M] () -- C:\Program Files (x86)\Aircel\ATR2SMgr.dll
MOD - [2012/08/06 12:35:06 | 000,236,032 | ---- | M] () -- C:\Program Files (x86)\Aircel\DialUpPlugin.dll
MOD - [2012/08/06 12:35:05 | 000,201,216 | ---- | M] () -- C:\Program Files (x86)\Aircel\NDISPlugin.dll
MOD - [2012/08/06 12:35:02 | 000,405,504 | ---- | M] () -- C:\Program Files (x86)\Aircel\Proxy.dll
MOD - [2012/08/06 12:35:02 | 000,158,720 | ---- | M] () -- C:\Program Files (x86)\Aircel\NetConnectSrvPlugin.dll
MOD - [2012/08/06 12:35:01 | 000,164,864 | ---- | M] () -- C:\Program Files (x86)\Aircel\OSDialup.dll
MOD - [2012/08/06 12:35:01 | 000,155,136 | ---- | M] () -- C:\Program Files (x86)\Aircel\DataServicePlugin.dll
MOD - [2012/08/06 12:35:00 | 000,131,584 | ---- | M] () -- C:\Program Files (x86)\Aircel\OSNDIS.dll
MOD - [2012/08/06 12:34:59 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Aircel\OSAdapt.dll
MOD - [2012/08/06 12:34:58 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Aircel\OSPowerMgr.dll
MOD - [2012/08/06 12:34:57 | 000,628,224 | ---- | M] () -- C:\Program Files (x86)\Aircel\Common.dll
MOD - [2012/07/27 12:23:54 | 001,114,112 | ---- | M] () -- C:\Program Files (x86)\Aircel\NDISAPI.dll
MOD - [2012/06/28 08:04:16 | 000,694,272 | ---- | M] () -- C:\Program Files (x86)\Aircel\LiveUpdateInterface.dll
MOD - [2012/06/06 06:52:00 | 000,224,256 | ---- | M] () -- C:\Program Files (x86)\Aircel\tdpcvoice.dll
MOD - [2012/06/06 06:52:00 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Aircel\Win7Support.dll
MOD - [2012/06/06 06:51:18 | 000,370,176 | ---- | M] () -- C:\Program Files (x86)\Aircel\plugins\imageformats\qtiff4.dll
MOD - [2012/06/06 06:51:18 | 000,350,720 | ---- | M] () -- C:\Program Files (x86)\Aircel\plugins\imageformats\qmng4.dll
MOD - [2012/06/06 06:51:18 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Aircel\plugins\imageformats\qjpeg4.dll
MOD - [2012/06/06 06:51:18 | 000,082,944 | ---- | M] () -- C:\Program Files (x86)\Aircel\plugins\imageformats\qgif4.dll
MOD - [2012/06/06 06:51:18 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Aircel\plugins\imageformats\qico4.dll
MOD - [2010/07/23 10:28:22 | 002,415,104 | ---- | M] () -- C:\Program Files (x86)\Aircel\QtCore4.dll
MOD - [2010/06/29 03:50:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2010/02/11 01:41:38 | 015,675,904 | ---- | M] () -- C:\Program Files (x86)\Aircel\QtWebKit4.dll
MOD - [2010/02/10 23:16:04 | 000,306,176 | ---- | M] () -- C:\Program Files (x86)\Aircel\phonon4.dll
MOD - [2010/02/10 23:14:20 | 003,962,880 | ---- | M] () -- C:\Program Files (x86)\Aircel\QtXmlPatterns4.dll
MOD - [2010/02/10 20:13:38 | 009,515,520 | ---- | M] () -- C:\Program Files (x86)\Aircel\QtGui4.dll
MOD - [2010/02/10 19:40:26 | 001,148,416 | ---- | M] () -- C:\Program Files (x86)\Aircel\QtNetwork4.dll
MOD - [2010/02/10 19:36:52 | 000,398,336 | ---- | M] () -- C:\Program Files (x86)\Aircel\QtXml4.dll
MOD - [2009/06/23 00:12:42 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\Aircel\libgcc_s_dw2-1.dll
MOD - [2009/05/20 11:32:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
MOD - [2009/01/10 16:02:40 | 000,011,362 | ---- | M] () -- C:\Program Files (x86)\Aircel\mingwm10.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/06/20 20:33:08 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/06/20 20:33:08 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 11:20:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/05/08 04:07:15 | 000,143,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2012/12/16 16:55:38 | 000,123,664 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2010/06/25 22:38:30 | 000,952,096 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/06/12 03:57:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/29 04:57:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/11/03 02:18:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2013/08/10 21:38:46 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/08/06 13:34:50 | 009,853,928 | ---- | M] (SurfRight B.V.) [On_Demand | Stopped] -- C:\Users\Kishore Reddy\Downloads\HitmanPro36_x64.exe -- (HitmanPro37Crusader)
SRV - [2013/07/20 20:38:58 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/28 22:20:02 | 000,218,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe -- (DirMngr)
SRV - [2013/05/11 16:07:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/10 17:11:52 | 000,168,592 | ---- | M] (Microsoft Corp.) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/25 17:52:42 | 000,528,192 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2012/06/28 08:16:07 | 000,655,744 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Aircel\UpdateDog\ouc.exe -- (Aircel. RunOuc)
SRV - [2012/06/11 11:33:26 | 000,724,376 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/10/14 11:31:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/03/14 20:57:34 | 000,346,976 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
SRV - [2011/01/08 22:45:48 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/08/10 14:36:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/06/29 03:53:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/04/13 22:27:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 10:27:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/18 10:26:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/01/14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2010/01/08 18:51:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/11 02:53:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/27 03:10:42 | 000,222,232 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\keyscrambler.sys -- (KeyScrambler)
DRV:64bit: - [2013/03/16 12:28:16 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/12/16 16:55:34 | 000,202,632 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2012/09/18 13:52:30 | 000,239,104 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys -- (huawei_wwanecm)
DRV:64bit: - [2012/09/11 11:07:56 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012/08/23 19:40:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 19:37:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/20 06:25:56 | 000,104,960 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV:64bit: - [2012/08/20 06:25:56 | 000,090,112 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2012/08/20 06:25:56 | 000,030,720 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV:64bit: - [2012/07/02 12:26:57 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/06/11 11:33:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012/03/01 12:16:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/10 22:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/07/22 21:56:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/13 03:25:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/07/01 04:46:40 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/03/11 12:11:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 12:11:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 19:03:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/04 10:15:54 | 000,120,704 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
DRV:64bit: - [2010/09/01 14:00:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/07/27 07:22:16 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2010/07/09 09:21:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010/06/25 22:43:18 | 000,342,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/06/25 22:42:26 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/06/25 22:42:26 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/06/25 22:42:24 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/06/25 22:42:24 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/06/21 15:15:56 | 000,287,232 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/06/17 14:48:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/06/04 01:29:00 | 004,171,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/05/15 18:18:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010/04/20 08:05:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2010/04/13 22:14:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/04/13 15:45:04 | 000,135,560 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/03/20 09:36:58 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV:64bit: - [2010/02/27 05:02:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/01/14 16:08:34 | 000,059,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TfSysMon)
DRV:64bit: - [2010/01/14 16:08:32 | 000,041,888 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)
DRV:64bit: - [2010/01/14 16:08:30 | 000,065,072 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
DRV:64bit: - [2009/11/03 02:18:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/17 11:24:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/14 07:22:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 07:18:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 07:15:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 02:04:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 02:04:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 02:04:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 02:01:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/02 14:12:18 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2009/03/02 14:12:14 | 000,053,816 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2009/07/14 06:49:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1220574047-3781605312-2057228316-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.msn.com/?ocid=OIE9HP
IE - HKU\S-1-5-21-1220574047-3781605312-2057228316-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1220574047-3781605312-2057228316-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1220574047-3781605312-2057228316-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1220574047-3781605312-2057228316-1000\..\SearchScopes\{48D037B1-05CC-41FE-9EE6-DBA074FD2370}: "URL" = http://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-1220574047-3781605312-2057228316-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1220574047-3781605312-2057228316-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7Baff87fa2-a58e-4edd-b852-0a20203c1e17%7D:0.9
FF - prefs.js..extensions.enabledAddons: %7B987311C6-B504-4aa2-90BF-60CC49808D42%7D:2.2
FF - prefs.js..extensions.enabledAddons: linkalert.conlan%40addons.mozilla.com:1.0.2
FF - prefs.js..extensions.enabledAddons: info%40virustotal.com:1.5
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: %7B05f6a7ea-896b-11da-8bde-f66bad1e3fff%7D:3.5.20090705
FF - prefs.js..extensions.enabledAddons: %7BCE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B%7D:3.9
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.17
FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:2.0.20
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-6665170634FE%7D:1.09
FF - prefs.js..extensions.enabledAddons: fdm_ffext%40freedownloadmanager.org:1.5.8
FF - prefs.js..extensions.enabledAddons: trafficlight%40bitdefender.com:0.2.10
FF - prefs.js..extensions.enabledAddons: perspectives%40cmu.edu:4.3.4
FF - prefs.js..extensions.enabledAddons: %7B24cea704-946d-11da-a72b-0800200c9a66%7D:1.5.3.1
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.9.6
FF - prefs.js..extensions.enabledAddons: https-everywhere%40eff.org:3.3.1
FF - prefs.js..extensions.enabledAddons: %7B6614d11d-d21d-b211-ae23-815234e1ebb5%7D:3.2.3
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.7
FF - prefs.js..extensions.enabledAddons: abine%40abine.com:0.753
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2:  File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/08/11 14:30:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/08/14 15:15:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Extensions
[2013/08/15 09:31:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions
[2012/11/26 14:22:23 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2013/04/17 21:20:22 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2013/07/28 21:30:10 | 000,000,000 | ---D | M] (Dr.Web Anti-Virus Link Checker) -- C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
[2013/05/17 13:34:37 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/05/23 15:16:31 | 000,000,000 | ---D | M] (PrivacySuite) -- C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\abine@abine.com
[2013/07/12 20:01:05 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\firefox@ghostery.com
[2013/07/12 14:32:36 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\foxyproxy@eric.h.jung
[2013/07/28 21:30:13 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\https-everywhere@eff.org
[2013/06/06 21:45:16 | 000,000,000 | ---D | M] (Perspectives) -- C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\perspectives@cmu.edu
[2013/05/14 15:13:27 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\support@lastpass.com
[2012/11/25 16:17:48 | 000,017,212 | ---- | M] () (No name found) -- C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\info@virustotal.com.xpi
[2013/07/31 21:44:45 | 000,320,147 | ---- | M] () (No name found) -- C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi
[2012/11/25 16:17:48 | 000,101,213 | ---- | M] () (No name found) -- C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\linkalert.conlan@addons.mozilla.com.xpi
[2012/11/26 14:22:05 | 000,003,323 | ---- | M] () (No name found) -- C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\movableAppButton@Merci.chao.xpi
[2013/03/03 14:53:07 | 000,091,162 | ---- | M] () (No name found) -- C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\openwith@darktrojan.net.xpi
[2012/11/25 16:17:44 | 000,049,540 | ---- | M] () (No name found) -- C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\trackerblock@privacychoice.org.xpi
[2013/06/06 21:45:15 | 001,060,244 | ---- | M] () (No name found) -- C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\trafficlight@bitdefender.com.xpi
[2012/11/26 14:22:05 | 000,004,969 | ---- | M] () (No name found) -- C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\{05f6a7ea-896b-11da-8bde-f66bad1e3fff}.xpi
[2013/08/06 21:29:19 | 000,475,365 | ---- | M] () (No name found) -- C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
[2013/06/26 12:08:17 | 000,094,167 | ---- | M] () (No name found) -- C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\{24cea704-946d-11da-a72b-0800200c9a66}.xpi
[2013/06/26 11:51:38 | 000,135,673 | ---- | M] () (No name found) -- C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}.xpi
[2012/11/26 14:22:05 | 000,010,707 | ---- | M] () (No name found) -- C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}.xpi
[2012/11/25 16:17:44 | 000,073,384 | ---- | M] () (No name found) -- C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\{6bdc61ae-7b80-44a3-9476-e1d121ec2238}.xpi
[2013/08/11 17:35:52 | 000,534,178 | ---- | M] () (No name found) -- C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/11/25 16:17:44 | 000,022,573 | ---- | M] () (No name found) -- C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi
[2013/06/05 22:04:23 | 000,050,761 | ---- | M] () (No name found) -- C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\{9AA46F4F-4DC7-4c06-97AF-6665170634FE}.xpi
[2012/11/25 16:17:44 | 000,042,737 | ---- | M] () (No name found) -- C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi
[2013/08/06 21:29:21 | 000,224,035 | ---- | M] () (No name found) -- C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012/11/26 14:22:05 | 000,922,025 | ---- | M] () (No name found) -- C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\{c33c5b47-69c8-45a4-a5e0-af85bbe628dd}.xpi
[2013/02/10 20:45:02 | 000,328,332 | ---- | M] () (No name found) -- C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi
[2013/07/31 21:44:50 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/06/05 22:04:23 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2012/11/26 14:22:05 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013/04/04 11:11:52 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012/11/25 16:16:50 | 000,010,339 | ---- | M] () -- C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\searchplugins\duckduckgo-1.xml
[2012/11/25 16:16:46 | 000,010,339 | ---- | M] () -- C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\searchplugins\duckduckgo.xml
[2013/08/10 21:38:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/10 21:38:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/06/06 12:49:38 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\PROGRAMDATA\FREE DOWNLOAD MANAGER\FIREFOX\EXTENSIONS\1.5.8
 
========== Chrome  ==========
 
CHR - plugin: Shockwave Flash (Enabled) = C:\program files (x86)\google\chrome\application\29.0.1547.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\program files (x86)\google\chrome\application\29.0.1547.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\program files (x86)\google\chrome\application\29.0.1547.57\pdf.dll
CHR - plugin: NPLastPass (Enabled) = C:\Users\Kishore Reddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.21_0\nplastpass.dll
CHR - plugin: Free Download Manager Click Catcher Plug-In for Netscape, Opera, Mozilla (Enabled) = C:\program files (x86)\google\chrome\application\plugins\npfdm.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Kishore Reddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Kishore Reddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: WOT = C:\Users\Kishore Reddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.13_0\
CHR - Extension: YouTube = C:\Users\Kishore Reddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Adblock Plus = C:\Users\Kishore Reddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.4_0\
CHR - Extension: Google Search = C:\Users\Kishore Reddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: VTchromizer = C:\Users\Kishore Reddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\efbjojhplkelaegfbieplglfidafgoka\1.2_0\
CHR - Extension: HTTPS Everywhere = C:\Users\Kishore Reddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp\2013.8.17_0\
CHR - Extension: LastPass = C:\Users\Kishore Reddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.5.5_0\
CHR - Extension: Ghostery = C:\Users\Kishore Reddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.2_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Kishore Reddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Kishore Reddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.9_1\
CHR - Extension: Gmail = C:\Users\Kishore Reddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
 
O1 HOSTS File: ([2013/07/28 12:47:52 | 000,449,499 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15429 more lines...
O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O2:64bit: - BHO: (no name) - cardisabled - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - InprocServer32 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1220574047-3781605312-2057228316-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [iAStorIcon] c:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KeyScrambler] C:\Program Files (x86)\KeyScrambler\keyscrambler.exe (QFX Software Corporation)
O4 - HKLM..\Run: [LManager] c:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [sDTray] c:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)
O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1220574047-3781605312-2057228316-1000..\Run: [sandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1220574047-3781605312-2057228316-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1220574047-3781605312-2057228316-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 124
O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Kishore Reddy\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kishore Reddy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Kishore Reddy\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kishore Reddy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74014D15-BF53-4AB2-8AE3-B51DF324B05C}: DhcpNameServer = 168.95.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A20E3932-DF94-4653-BC8A-7A2694250D5A}: DhcpNameServer = 10.10.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F893701F-8C69-4B7A-9239-8A552C12ECDE}: NameServer = 101.223.255.141 101.223.255.142
O18:64bit: - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18:64bit: - Protocol\Handler\AutorunsDisabled\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (userinit.exe) -  File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -  File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\taskmgr.exe: Debugger - C:\USERS\KISHORE REDDY\DOWNLOADS\NEW PROG\PROCESSEXPLORER\PROCEXP.EXE (Sysinternals - www.sysinternals.com)
O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\USERS\KISHORE REDDY\DOWNLOADS\NEW PROG\PROCESSEXPLORER\PROCEXP.EXE (Sysinternals - www.sysinternals.com)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) -  File not found
O29 - HKLM SecurityProviders - (credssp.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/15 04:57:22 | 000,148,320 | R--- | M] () - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/10/01 14:42:34 | 000,000,045 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2009/06/18 19:43:04 | 000,000,094 | R--- | M] () - F:\autorun.sh -- [ CDFS ]
O33 - MountPoints2\{01998a03-990d-11e2-b406-889ffa52868d}\Shell - "" = AutoRun
O33 - MountPoints2\{01998a03-990d-11e2-b406-889ffa52868d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/15 04:57:22 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{02fde2c1-b157-11e2-bd95-1c75084a5eed}\Shell - "" = AutoRun
O33 - MountPoints2\{02fde2c1-b157-11e2-bd95-1c75084a5eed}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/15 04:57:22 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{02fde2d1-b157-11e2-bd95-1c75084a5eed}\Shell - "" = AutoRun
O33 - MountPoints2\{02fde2d1-b157-11e2-bd95-1c75084a5eed}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/15 04:57:22 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{482c2762-fc12-11e2-b6d4-889ffa52868d}\Shell - "" = AutoRun
O33 - MountPoints2\{482c2762-fc12-11e2-b6d4-889ffa52868d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/15 04:57:22 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{482c277d-fc12-11e2-b6d4-889ffa52868d}\Shell - "" = AutoRun
O33 - MountPoints2\{482c277d-fc12-11e2-b6d4-889ffa52868d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/15 04:57:22 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{d5780c13-9900-11e2-908b-889ffa52868d}\Shell - "" = AutoRun
O33 - MountPoints2\{d5780c13-9900-11e2-908b-889ffa52868d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/15 04:57:22 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{f128dd15-f74f-11e2-b993-889ffa52868d}\Shell - "" = AutoRun
O33 - MountPoints2\{f128dd15-f74f-11e2-b993-889ffa52868d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/15 04:57:22 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{fd6edeaf-d30d-11e0-a1a6-889ffa52868d}\Shell - "" = AutoRun
O33 - MountPoints2\{fd6edeaf-d30d-11e0-a1a6-889ffa52868d}\Shell\AutoRun\command - "" = E:\Setup.exe /Auto
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/08/24 11:45:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kishore Reddy\Desktop\OTL.exe
[2013/08/23 18:56:41 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/08/23 18:55:24 | 001,021,434 | ---- | C] (Thisisu) -- C:\Users\Kishore Reddy\Desktop\JRT.exe
[2013/08/19 15:00:52 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Kishore Reddy\Desktop\dds.com
[2013/08/18 18:09:11 | 000,000,000 | ---D | C] -- C:\CCE_Quarantine
[2013/08/18 17:46:52 | 000,000,000 | ---D | C] -- C:\Users\Kishore Reddy\AppData\Roaming\Comodo
[2013/08/11 14:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/08/10 21:38:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/08/08 15:44:36 | 000,000,000 | ---D | C] -- C:\Users\Kishore Reddy\AppData\Local\FreeOCR
[2013/08/08 15:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeOCR
[2013/08/08 15:35:38 | 002,680,320 | ---- | C] (HiComponents) -- C:\Windows\SysWow64\ImageEnXLibrary.ocx
[2013/08/08 15:35:34 | 000,000,000 | ---D | C] -- C:\FreeOCR
[2013/08/07 22:22:29 | 000,000,000 | ---D | C] -- C:\Users\Kishore Reddy\AppData\Local\gtk-2.0
[2013/08/07 22:16:27 | 000,000,000 | ---D | C] -- C:\Users\Kishore Reddy\AppData\Roaming\.kde
[2013/08/06 12:55:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astroburn Lite
[2013/08/05 18:20:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/08/05 15:04:04 | 000,000,000 | ---D | C] -- C:\Users\Kishore Reddy\Desktop\judge's forms
[2013/08/03 13:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aircel
[2013/08/03 13:34:07 | 000,239,104 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys
[2013/08/03 13:34:07 | 000,104,960 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys
[2013/08/03 13:34:07 | 000,076,288 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcecm.sys
[2013/08/03 13:34:07 | 000,030,720 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juextctrl.sys
[2013/08/03 13:34:06 | 001,001,472 | ---- | C] (DiBcom SA) -- C:\Windows\SysNative\drivers\mod7700.sys
[2013/08/03 13:34:06 | 000,451,072 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbwwan.sys
[2013/08/03 13:34:06 | 000,225,920 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2013/08/03 13:34:06 | 000,117,248 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys
[2013/08/03 13:34:06 | 000,090,112 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys
[2013/08/03 13:34:06 | 000,032,768 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys
[2013/08/03 13:34:06 | 000,022,016 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwupgrade.sys
[2013/08/03 13:34:06 | 000,013,952 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys
[2013/08/03 13:33:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aircel
[2013/07/30 21:54:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
[2013/07/30 21:54:00 | 000,000,000 | ---D | C] -- C:\Python27
[2013/07/30 14:16:01 | 000,000,000 | ---D | C] -- C:\Users\Kishore Reddy\AppData\Roaming\TuneUp Software
[2013/03/19 12:21:12 | 010,965,504 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
[71 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/08/24 18:48:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/24 18:42:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/24 15:45:02 | 000,727,374 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/24 15:45:02 | 000,629,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/24 15:45:02 | 000,111,212 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/24 14:51:00 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/24 14:51:00 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/24 14:43:34 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/24 14:43:22 | 000,000,022 | ---- | M] () -- C:\Windows\S.dirmngr
[2013/08/24 14:42:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/24 14:42:22 | 2207,285,248 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/24 11:45:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kishore Reddy\Desktop\OTL.exe
[2013/08/23 18:55:31 | 001,021,434 | ---- | M] (Thisisu) -- C:\Users\Kishore Reddy\Desktop\JRT.exe
[2013/08/23 18:54:10 | 000,975,858 | ---- | M] () -- C:\Users\Kishore Reddy\Desktop\AdwCleaner.exe
[2013/08/22 12:46:08 | 000,002,147 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/08/21 14:30:24 | 000,003,387 | ---- | M] () -- C:\Users\Kishore Reddy\AppData\Local\recently-used.xbel
[2013/08/20 20:31:45 | 000,029,206 | ---- | M] () -- C:\Users\Kishore Reddy\Documents\cancellation of authorization(20Aug) .pdf
[2013/08/19 15:01:01 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Kishore Reddy\Desktop\dds.com
[2013/08/16 21:21:18 | 000,003,214 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2013/08/11 14:31:07 | 000,002,078 | ---- | M] () -- C:\Users\Kishore Reddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2013/08/03 13:35:34 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\Aircel.lnk
[2013/07/30 13:58:45 | 079,343,880 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2013/07/30 13:58:45 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjw.avm
[2013/07/28 12:47:52 | 000,449,499 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/07/28 12:45:30 | 000,449,499 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130728-124752.backup
[71 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/08/24 14:43:22 | 000,000,022 | ---- | C] () -- C:\Windows\S.dirmngr
[2013/08/23 18:53:53 | 000,975,858 | ---- | C] () -- C:\Users\Kishore Reddy\Desktop\AdwCleaner.exe
[2013/08/21 14:30:24 | 000,003,387 | ---- | C] () -- C:\Users\Kishore Reddy\AppData\Local\recently-used.xbel
[2013/08/20 20:31:42 | 000,029,206 | ---- | C] () -- C:\Users\Kishore Reddy\Documents\cancellation of authorization(20Aug) .pdf
[2013/08/03 13:35:34 | 000,000,947 | ---- | C] () -- C:\Users\Public\Desktop\Aircel.lnk
[2013/06/14 12:59:09 | 000,003,214 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2013/03/16 21:00:56 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2013/03/16 21:00:55 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013/03/16 21:00:49 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013/03/09 15:58:13 | 000,000,949 | ---- | C] () -- C:\Windows\wininit.ini
[2013/02/21 14:01:09 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/12/25 19:17:33 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/12/01 13:42:18 | 000,000,110 | ---- | C] () -- C:\Users\Kishore Reddy\AppData\Roaming\recorder.ini
[2012/11/16 21:18:31 | 000,000,043 | ---- | C] () -- C:\Windows\gswin64.ini
[2012/10/11 17:44:20 | 000,000,288 | ---- | C] () -- C:\Users\Kishore Reddy\AppData\Roaming\.backup.dm
[2012/08/13 19:40:06 | 007,551,073 | ---- | C] () -- C:\Users\Kishore Reddy\AppData\Local\census.cache
[2012/08/13 19:39:19 | 000,108,500 | ---- | C] () -- C:\Users\Kishore Reddy\AppData\Local\ars.cache
[2012/06/27 12:38:57 | 000,002,292 | ---- | C] () -- C:\Users\Kishore Reddy\AppData\Roaming\ASSDraw3.cfg
[2012/06/12 21:21:36 | 000,034,764 | ---- | C] () -- C:\Users\Kishore Reddy\AppData\Local\dt.dat
[2012/02/03 13:59:11 | 000,007,599 | ---- | C] () -- C:\Users\Kishore Reddy\AppData\Local\Resmon.ResmonCfg
[2012/01/10 21:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/09/11 20:47:55 | 000,736,592 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/31 19:51:16 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/08/31 19:51:16 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011/08/31 19:51:16 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/08/31 13:45:03 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 10:25:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 11:22:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 10:25:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 07:10:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 17:49:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 07:11:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/05/27 20:27:27 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2013/01/31 21:46:45 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012/01/11 21:39:03 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\ZTEEVDO
[2013/05/27 20:27:27 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
[2013/01/31 21:46:45 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012/01/11 21:39:03 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\ZTEEVDO
[2013/08/07 22:16:28 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\.kde
[2013/08/24 18:20:24 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\Abine
[2013/07/23 14:24:39 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\Aegisub
[2012/05/14 13:29:20 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\AnvSoft
[2012/11/15 13:27:28 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\Ashampoo
[2013/08/04 22:02:57 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\Audacity
[2012/04/19 18:48:05 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\AVG
[2013/07/27 17:39:49 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\avidemux
[2012/08/03 15:05:52 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\Bitmeter2
[2013/06/06 11:23:23 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\calibre
[2012/11/07 12:38:05 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\CBS Interactive
[2011/09/11 20:55:43 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/10/08 16:51:33 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\ColorCop
[2011/10/01 16:06:17 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/07/20 19:48:58 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\DAEMON Tools Lite
[2013/08/08 13:50:24 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\Dropbox
[2012/10/26 14:52:40 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\DVDVideoSoft
[2013/06/27 13:43:48 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\Firetrust
[2012/12/11 14:59:56 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\Free Download Manager
[2012/04/26 18:31:48 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\GlarySoft
[2013/08/21 14:36:19 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\gnupg
[2013/05/25 13:05:19 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\gtk-2.0
[2012/06/26 19:58:07 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\HandBrake
[2012/10/10 15:02:29 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\Hulubulu
[2012/07/11 12:55:20 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\ImgBurn
[2013/06/03 13:37:21 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\inkscape
[2013/04/05 22:09:13 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\IObit
[2012/11/07 16:32:03 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\KC Softwares
[2013/04/02 14:26:02 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\LibreOffice
[2013/03/20 10:22:41 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\Local
[2013/07/03 20:21:56 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\MailWasherFree
[2012/09/10 14:18:58 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\MP3Rocket
[2013/08/15 09:33:54 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\MusicBee
[2013/03/20 10:37:37 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\Nokia
[2013/08/08 18:51:24 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\Notepad++
[2013/03/20 10:37:32 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\PC Suite
[2012/07/10 15:44:31 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\PhotoScape
[2011/09/29 14:39:23 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\PlayFirst
[2013/04/04 13:05:33 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\PotPlayerMini64
[2013/02/14 15:09:10 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\QFX Software
[2012/09/09 13:14:20 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\RapidTyping
[2013/08/20 22:08:07 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\SoftGrid Client
[2013/05/17 14:36:50 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\Thunderbird
[2011/09/11 20:48:39 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\TP
[2012/09/11 11:11:20 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\TrueCrypt
[2013/07/30 14:16:01 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\TuneUp Software
[2013/05/17 14:26:53 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\uTorrent
[2012/04/13 20:59:48 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\Windows Live Writer
[2013/06/06 14:44:56 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\Wise Registry Cleaner
[2012/11/23 15:42:48 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\XBMC
[2012/10/20 19:37:34 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\yWorks
[2013/03/30 11:53:25 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\ZTEEVDO
[2012/01/15 18:23:30 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\ZTEMTUI
 
========== Purity Check ==========
 
 
 
< End of report >
 
Link to post
Share on other sites
OTL Extras logfile created on: 8/24/2013 6:23:34 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kishore Reddy\Desktop

64bit- Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16660)

Locale: 00000409 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

 

2.74 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 55.09% Memory free

5.48 Gb Paging File | 3.64 Gb Available in Paging File | 66.37% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 452.66 Gb Total Space | 390.84 Gb Free Space | 86.34% Space Free | Partition Type: NTFS

Drive F: | 66.82 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: KISHOREREDDY-PC | User Name: Kishore Reddy | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

.reg [@ = regfile] -- regedit.exe "%1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.reg [@ = regfile] -- regedit.exe "%1"

 

[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [open] -- regedit.exe "%1"

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [cmd] -- cmd.exe /s /k pushd "%V"

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [open] -- regedit.exe "%1"

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [cmd] -- cmd.exe /s /k pushd "%V"

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

"DefaultInboundAction" = 1

"DefaultOutboundAction" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

"DefaultInboundAction" = 1

"DefaultOutboundAction" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

"DefaultInboundAction" = 1

"DefaultOutboundAction" = 1

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)

"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)

"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)

"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)

"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)

"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)

"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0405F82A-246D-4561-96D5-87850EFD8B90}" = rport=80 | protocol=6 | dir=out | svc=wuauserv | app=c:\windows\system32\svchost.exe | 

"{072E9140-EF21-42B9-AC02-A045B8D003F4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

"{33DC8F96-478A-40D4-8BF1-4A1A413A299B}" = rport=80 | protocol=6 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe | 

"{3CB8D2C3-C61C-4241-A90E-4B076B672660}" = rport=80 | protocol=6 | dir=out | svc=cryptsvc | app=c:\windows\system32\svchost.exe | 

"{DD08BAEE-1954-41D3-9E47-86447E77DD0A}" = lport=2869 | protocol=6 | dir=in | app=system | 

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00A5E4C0-1F80-48FF-8717-B49733ECEF88}" = protocol=6 | dir=in | app=c:\users\kishore reddy\appdata\roaming\dropbox\bin\dropbox.exe | 

"{04A07DBE-8631-42E9-B4C5-A77D99C1D683}" = protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 

"{0551A529-13D2-4D03-9F05-3ED22C613DE0}" = protocol=6 | dir=out | svc=secunia psi agent | app=c:\program files (x86)\secunia\psi\psia.exe | 

"{098AFDBB-8C97-4F35-89DB-00F2D69D787E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 

"{0ECAFD45-3656-4EB9-945D-6EC3C00EB4E5}" = protocol=17 | dir=out | app=c:\program files (x86)\windows live\mail\wlmail.exe | 

"{173DE8F2-E825-4BDD-A778-A54ECCD20B17}" = protocol=6 | dir=out | app=c:\users\kishore reddy\downloads\hitmanpro36_x64.exe | 

"{1B1D7FA9-4383-4EFB-A9F3-54710EB4F573}" = protocol=6 | dir=out | app=c:\windows\system32\svchost.exe | 

"{300DC36F-2A5A-4585-8E4A-B63914728871}" = protocol=6 | dir=out | app=c:\program files (x86)\aircel\aircel.exe | 

"{470A660D-94BF-421B-BB9C-D68067D6E648}" = protocol=6 | dir=out | app=c:\program files (x86)\malwarebytes' anti-malware\mbam.exe | 

"{47F060D5-939E-469B-94A4-929480E1E6A7}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 

"{4B5A027E-33CC-4CF7-97ED-CC37A5808A51}" = protocol=17 | dir=out | app=c:\program files (x86)\spybot - search & destroy 2\sdfssvc.exe | 

"{4C32E950-05BD-4123-91BC-176F2AD56487}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 

"{543E2E15-781A-467C-9BAB-FA4E7FB58D67}" = protocol=17 | dir=out | app=c:\windows\system32\svchost.exe | 

"{6A3032EB-937B-4747-8F71-CE88344F9F13}" = protocol=17 | dir=out | app=system | 

"{6A5C0B62-10C0-456F-A0EB-AAC55358348B}" = protocol=6 | dir=out | app=c:\program files (x86)\threatfire\tfnotice.exe | 

"{6DB534C1-EDE6-4450-8448-B74BB38B495B}" = protocol=17 | dir=in | app=c:\users\kishore reddy\appdata\roaming\dropbox\bin\dropbox.exe | 

"{843359CA-4C4F-4677-92F3-2A2DCD1B3B8E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 

"{9606CF96-A22F-46E1-A609-0A22E9D056E3}" = protocol=6 | dir=out | app=c:\program files (x86)\mozilla firefox\firefox.exe | 

"{A02D1814-7540-4E2E-85CC-72FA3F57A1D7}" = protocol=6 | dir=out | app=c:\program files (x86)\windows live\mail\wlmail.exe | 

"{A3BFAEAB-041E-46D5-9CE8-A5AB7ADB1FC0}" = protocol=6 | dir=out | app=c:\program files (x86)\secunia\psi\psia.exe | 

"{A91AC253-18AF-40A8-A7E0-C8758C98C240}" = protocol=17 | dir=out | app=c:\users\kishore reddy\downloads\hitmanpro36_x64.exe | 

"{B201CF28-1F2D-4D53-86DC-3F21D289788A}" = protocol=17 | dir=out | app=c:\windows\system32\svchost.exe | 

"{B264529E-844C-4A17-BB4A-F5C4AFAAF5B7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 

"{B9FEB938-DB7B-427F-9962-869462AAF17E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 

"{CE6F1168-52DA-472D-B47A-A0869971721A}" = protocol=6 | dir=out | app=c:\program files (x86)\google\chrome\application\chrome.exe | 

"{CF09178E-171D-448C-8B83-D0E38ACF60A8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 

"{E2F8A6C3-069D-4D8A-9955-52E862310A7E}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 

"{E6C61CD3-626E-47EC-A866-2064730588BC}" = protocol=6 | dir=out | app=c:\program files\superantispyware\superantispyware.exe | 

"{E7680AD3-22EF-4B45-BFD5-DD0BD330B49D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 

"{EBFC60D5-9E8D-448A-A38A-0EF078355DA4}" = protocol=6 | dir=out | app=c:\program files (x86)\google\update\googleupdate.exe | 

"{EC948797-2967-471B-A711-AFDDDE052BF6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 

"{FD2C1440-A1D8-4E9F-89B4-59881C8122AA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 

"TCP Query User{47BE02EC-599C-4838-8915-3E2735655872}C:\program files (x86)\yworks\yed\yed.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yworks\yed\yed.exe | 

"TCP Query User{521B3E6E-F63E-45BA-8EF3-A2C6FC8E2A2C}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 

"TCP Query User{F0E7D77F-8EAC-47FC-AE43-47BD3A912EA0}C:\program files (x86)\xbmc\xbmc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe | 

"UDP Query User{2AA978CC-759E-43EF-B070-8CBAC10FB94A}C:\program files (x86)\xbmc\xbmc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe | 

"UDP Query User{86FE1A3E-E559-4AC5-AD08-584BD01C85C4}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 

"UDP Query User{CE42330E-5D05-4552-8217-6BECF182D548}C:\program files (x86)\yworks\yed\yed.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yworks\yed\yed.exe | 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64

"{22591D78-46F8-41E4-9E89-323B8C0A16AF}" = AVG 2012

"{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1" = Aegisub 3.0.4

"{27726449-83B8-428D-92DE-101346C1E15C}" = Microsoft Security Client

"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor

"{41B19F41-8A6F-4422-AD69-CF3B408F382C}" = AVG 2012

"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software

"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64

"{49A4F76E-4285-4AEE-9D5D-9CCE5E86AA8F}" = AVG 2012

"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6B9CE44B-52D0-4B2F-BDFA-56FF4977A790}" = AVG 2012

"{6E5159B4-A519-41EF-80EF-AD58371515DF}" = Eraser 6.0.10.2620

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64

"{857B32C1-7C87-40B5-B2A5-D06F49B80002}" = AVG 2012

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010

"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64

"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer

"{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012

"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer

"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64

"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller

"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)

"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64

"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012

"{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and FREE Tools

"{E191812E-F3A0-4F87-98D9-DCD03321278D}" = AxCrypt 1.7.2931.0

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0)

"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows Driver Package - Nokia Modem  (02/25/2011 7.01.0.9)

"CCleaner" = CCleaner

"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows Driver Package - Nokia Modem  (02/25/2011 4.7)

"Elantech" = ETDWare PS/2-x64 7.0.6.5_WHQL

"GIMP-2_is1" = GIMP 2.8.4

"GPL Ghostscript 9.07" = GPL Ghostscript

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Security Client" = Microsoft Security Essentials

"PotPlayer64" = Daum PotPlayer 1.5.39007 x64 Edition

"Recuva" = Recuva

"Sandboxie" = Sandboxie 3.76 (64-bit)

"SecurityKISS Tunnel_is1" = SecurityKISS Tunnel v0.3.0

"Speccy" = Speccy

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{28E0D137-99C8-462E-BB12-FB1BD48BB7F3}" = calibre

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials

"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam

"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.16

"{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{644F4910-E812-49AD-93EC-86828CB81A0D}" = PC Connectivity Solution

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management

"{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}" = Nokia PC Suite

"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update

"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker

"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help

"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver

"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)

"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86

"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync

"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy

"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger

"{BFBC6337-B7B9-4AEE-BC19-CA910EED755D}" = Adobe Flash Player 11 Plugin

"{C61BF999-5594-4D22-A688-7887A3A119C2}" = MailWasher

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DBDD570E-0952-475f-9453-AB88F3DD5659}" = Python 2.7.5

"{DE43AA92-E8C0-4620-AFE2-FBD623C71643}" = Sizer 3.34

"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call

"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater

"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables

"{FE88323B-9F0E-4596-8F56-37757C6918E9}" = LibreOffice 4.0.4.2

"{FF6FE3EC-F36E-4061-8B06-2429107BCDB0}" = LibreOffice 4.0 Help Pack (English)

"3309-7404-0599-8908" = yEd Graph Editor 3.10.2

"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire

"7-Zip" = 7-Zip 9.22beta

"Acer Registration" = Acer Registration

"Acer Screensaver" = Acer ScreenSaver

"Acer Welcome Center" = Welcome Center

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Advanced Renamer_is1" = Advanced Renamer

"Advanced SystemCare 6_is1" = Advanced SystemCare 6

"AeroWallpaperChanger" = AeroWallpaperChanger

"Aircel" = Aircel

"Any Video Converter_is1" = Any Video Converter 3.5.5

"Ashampoo Burning Studio 2012_is1" = Ashampoo Burning Studio 2012 v.10.0.15

"Astroburn Lite" = Astroburn Lite

"Audacity_is1" = Audacity 2.0.3

"Avidemux 2.6 (64-bit)" = Avidemux 2.6

"AviSynth" = AviSynth 2.5

"Belarc Advisor" = Belarc Advisor 8.3

"BitMeter" = BitMeter

"Browser Hijack Retaliator_is1" = Browser Hijack Retaliator 4.5.0 Build 471

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"Cheat Engine 6.2_is1" = Cheat Engine 6.2

"DAEMON Tools Lite" = DAEMON Tools Lite

"DVD Decrypter" = DVD Decrypter (Remove Only)

"DVD Shrink_is1" = DVD Shrink 3.2

"ESET Online Scanner" = ESET Online Scanner v3

"FormatFactory" = FormatFactory 3.00

"Free Download Manager_is1" = Free Download Manager 3.9.2

"Free Studio_is1" = Free Studio version 5.7.6.1015

"freeocr_is1" = FreeOCR v4.2

"GnuCash_is1" = GnuCash 2.4.13

"Google Chrome" = Google Chrome

"GPG4Win" = Gpg4win (2.1.1)

"HandBrake" = HandBrake 0.9.8

"Identity Card" = Identity Card

"ImgBurn" = ImgBurn

"Inkscape" = Inkscape 0.48.4

"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager

"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"KC Softwares SUMo_is1" = KC Softwares SUMo

"KeyScrambler" = KeyScrambler

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.9.4

"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15

"lastpass" = LastPass(uninstall only)

"LManager" = Launch Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"Mozilla Firefox 23.0 (x86 en-US)" = Mozilla Firefox 23.0 (x86 en-US)

"Mozilla Thunderbird 17.0.8 (x86 en-US)" = Mozilla Thunderbird 17.0.8 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MP3 Rocket" = MP3 Rocket

"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)

"MusicBee" = MusicBee 2.1

"Nokia PC Suite" = Nokia PC Suite

"Notepad++" = Notepad++

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

"PhotoScape" = PhotoScape

"RapidTyping" = RapidTyping

"Revo Uninstaller" = Revo Uninstaller 1.94

"Samsung ML-2010 Series" = Samsung ML-2010 Series

"Secunia PSI" = Secunia PSI (2.0.0.4003)

"Speakonia_is1" = Speakonia

"TrueCrypt" = TrueCrypt

"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine

"Valkyrie Uploader 1.0" = Valkyrie Uploader 1.0

"VLC media player" = VLC media player 2.0.8

"VobSub" = VobSub v2.23 (Remove Only)

"WebSite Downloader" = WebSite Downloader 1.1

"WinLiveSuite_Wave3" = Windows Live Essentials

"Wise Registry Cleaner_is1" = Wise Registry Cleaner 7.52

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

"XBMC" = XBMC

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 8/24/2013 3:10:55 AM | Computer Name = KishoreReddy-PC | Source = Application Hang | ID = 1002

Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows

 and was closed. To see if more information about the problem is available, check

 the problem history in the Action Center control panel.    Process ID: e20    Start Time:

 01cea0976158d738    Termination Time: 0    Application Path: C:\Users\Kishore Reddy\Desktop\OTL.exe

 

Report

 Id: 4f69981e-0c8c-11e3-a813-1c75084a5eed  

 

Error - 8/24/2013 3:13:55 AM | Computer Name = KishoreReddy-PC | Source = Application Hang | ID = 1002

Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows

 and was closed. To see if more information about the problem is available, check

 the problem history in the Action Center control panel.    Process ID: 1674    Start Time:

 01cea0992d065ac5    Termination Time: 0    Application Path: C:\Users\Kishore Reddy\Desktop\OTL.exe

 

Report

 Id: bac6b05e-0c8c-11e3-a813-1c75084a5eed  

 

Error - 8/24/2013 3:15:01 AM | Computer Name = KishoreReddy-PC | Source = Application Hang | ID = 1002

Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows

 and was closed. To see if more information about the problem is available, check

 the problem history in the Action Center control panel.    Process ID: 898    Start Time:

 01cea09980b117ea    Termination Time: 16    Application Path: C:\Users\Kishore Reddy\Desktop\OTL.exe

 

Report

 Id: e25c1190-0c8c-11e3-a813-1c75084a5eed  

 

Error - 8/24/2013 3:19:47 AM | Computer Name = KishoreReddy-PC | Source = Application Hang | ID = 1002

Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows

 and was closed. To see if more information about the problem is available, check

 the problem history in the Action Center control panel.    Process ID: cf4    Start Time:

 01cea099f4ec8450    Termination Time: 0    Application Path: C:\Users\Kishore Reddy\Desktop\OTL.exe

 

Report

 Id: 8c2b36e0-0c8d-11e3-a813-1c75084a5eed  

 

Error - 8/24/2013 3:34:05 AM | Computer Name = KishoreReddy-PC | Source = Application Hang | ID = 1002

Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows

 and was closed. To see if more information about the problem is available, check

 the problem history in the Action Center control panel.    Process ID: 14a0    Start Time:

 01cea09a655cfdc5    Termination Time: 0    Application Path: C:\Users\Kishore Reddy\Desktop\OTL.exe

 

Report

 Id: 4568238f-0c8f-11e3-a813-1c75084a5eed  

 

Error - 8/24/2013 3:36:16 AM | Computer Name = KishoreReddy-PC | Source = Application Hang | ID = 1002

Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows

 and was closed. To see if more information about the problem is available, check

 the problem history in the Action Center control panel.    Process ID: 8a8    Start Time:

 01cea09c52797aeb    Termination Time: 0    Application Path: C:\Users\Kishore Reddy\Desktop\OTL.exe

 

Report

 Id: d7db7a0e-0c8f-11e3-a813-1c75084a5eed  

 

Error - 8/24/2013 3:38:39 AM | Computer Name = KishoreReddy-PC | Source = Application Hang | ID = 1002

Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows

 and was closed. To see if more information about the problem is available, check

 the problem history in the Action Center control panel.    Process ID: 12d8    Start Time:

 01cea09cc7505472    Termination Time: 0    Application Path: C:\Users\Kishore Reddy\Desktop\OTL.exe

 

Report

 Id: 2f33c6b0-0c90-11e3-a813-1c75084a5eed  

 

Error - 8/24/2013 3:43:18 AM | Computer Name = KishoreReddy-PC | Source = Application Hang | ID = 1002

Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows

 and was closed. To see if more information about the problem is available, check

 the problem history in the Action Center control panel.    Process ID: 1564    Start Time:

 01cea09d7355b87c    Termination Time: 0    Application Path: C:\Users\Kishore Reddy\Desktop\OTL.exe

 

Report

 Id: d596a8d3-0c90-11e3-a813-1c75084a5eed  

 

Error - 8/24/2013 4:27:42 AM | Computer Name = KishoreReddy-PC | Source = CVHSVC | ID = 100

Description = Information only.  (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):

 DownloadLatest Failed: There are currently no active network connections. Background

 Intelligent Transfer Service (BITS) will try again when an adapter is connected.

 

 

Error - 8/24/2013 4:31:59 AM | Computer Name = KishoreReddy-PC | Source = Application Hang | ID = 1002

Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows

 and was closed. To see if more information about the problem is available, check

 the problem history in the Action Center control panel.    Process ID: 13cc    Start Time:

 01cea0a288a8e346    Termination Time: 0    Application Path: C:\Users\Kishore Reddy\Desktop\OTL.exe

 

Report

 Id: a21554ca-0c97-11e3-875d-889ffa52868d  

 

[ System Events ]

Error - 8/24/2013 4:51:25 AM | Computer Name = KishoreReddy-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

   discache  MpFilter  nmfmfx  ofvpmj  pvkvlw  qozysh  SASDIFSV  SASKUTIL  spldr  ssuhop  TfFsMon  TfSysMon

truecrypt

tvelms

uotote

vhjrap

vxoqkw

Wanarpv6

wayuia

zedltn

zvijcv

 

Error - 8/24/2013 4:51:33 AM | Computer Name = KishoreReddy-PC | Source = DCOM | ID = 10005

Description = 

 

Error - 8/24/2013 4:51:41 AM | Computer Name = KishoreReddy-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000

Description = WLAN Extensibility Module has failed to start.    Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error

 Code: 21  

 

Error - 8/24/2013 4:51:44 AM | Computer Name = KishoreReddy-PC | Source = DCOM | ID = 10005

Description = 

 

Error - 8/24/2013 4:51:48 AM | Computer Name = KishoreReddy-PC | Source = DCOM | ID = 10005

Description = 

 

Error - 8/24/2013 4:51:49 AM | Computer Name = KishoreReddy-PC | Source = DCOM | ID = 10005

Description = 

 

Error - 8/24/2013 5:13:15 AM | Computer Name = KishoreReddy-PC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Aircel.

 OUC service to connect.

 

Error - 8/24/2013 5:13:15 AM | Computer Name = KishoreReddy-PC | Source = Service Control Manager | ID = 7000

Description = The Aircel. OUC service failed to start due to the following error:

   %%1053

 

Error - 8/24/2013 5:13:17 AM | Computer Name = KishoreReddy-PC | Source = Service Control Manager | ID = 7000

Description = The DgiVecp service failed to start due to the following error:   %%20

 

Error - 8/24/2013 5:13:49 AM | Computer Name = KishoreReddy-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

   nmfmfx  ofvpmj  pvkvlw  qozysh  ssuhop  tvelms  uotote  vhjrap  vxoqkw  wayuia  zedltn  zvijcv

 

 

< End of report >
Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.9.6

    [2013/07/12 20:01:05 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\firefox@ghostery.com

    CHR - Extension: Ghostery = C:\Users\Kishore Reddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.2_0\

    O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.

    O2:64bit: - BHO: (no name) - cardisabled - No CLSID value found.

    O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.

    O3:64bit: - HKLM\..\Toolbar: (no name) - InprocServer32 - No CLSID value found.

    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

    [2013/05/17 14:26:53 | 000,000,000 | ---D | M] -- C:\Users\Kishore Reddy\AppData\Roaming\uTorrent

    :files

    ipconfig /flushdns /c

    :Commands

    [emptytemp]

    [resethosts]

    [clearallrestorepoints]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.
Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles
Link to post
Share on other sites

once again when i tried to run OTL , it showed as not responding. when closed and tried again it was succesful.

here is the OTL fix log:

 

All processes killed
========== OTL ==========
Prefs.js: firefox%40ghostery.com:2.9.6 removed from extensions.enabledAddons
C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\firefox@ghostery.com\resource\font folder moved successfully.
C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\firefox@ghostery.com\resource folder moved successfully.
C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\firefox@ghostery.com\META-INF folder moved successfully.
C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\firefox@ghostery.com\defaults\preferences folder moved successfully.
C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\firefox@ghostery.com\defaults folder moved successfully.
C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\firefox@ghostery.com\components folder moved successfully.
C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\firefox@ghostery.com\chrome\locale\ru-RU folder moved successfully.
C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\firefox@ghostery.com\chrome\locale\ja-JP folder moved successfully.
C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\firefox@ghostery.com\chrome\locale\fr-FR folder moved successfully.
C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\firefox@ghostery.com\chrome\locale\es-ES folder moved successfully.
C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\firefox@ghostery.com\chrome\locale\en-US folder moved successfully.
C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\firefox@ghostery.com\chrome\locale\de-DE folder moved successfully.
C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\firefox@ghostery.com\chrome\locale folder moved successfully.
C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\firefox@ghostery.com\chrome\content\includes\tiptip folder moved successfully.
C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\firefox@ghostery.com\chrome\content\includes folder moved successfully.
C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\firefox@ghostery.com\chrome\content\images\popup\Tutorial folder moved successfully.
C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\firefox@ghostery.com\chrome\content\images\popup\Tracker folder moved successfully.
C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\firefox@ghostery.com\chrome\content\images\popup\Settings folder moved successfully.
C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\firefox@ghostery.com\chrome\content\images\popup\Header folder moved successfully.
C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\firefox@ghostery.com\chrome\content\images\popup\Footer folder moved successfully.
C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\firefox@ghostery.com\chrome\content\images\popup folder moved successfully.
C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\firefox@ghostery.com\chrome\content\images folder moved successfully.
C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\firefox@ghostery.com\chrome\content folder moved successfully.
C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\firefox@ghostery.com\chrome folder moved successfully.
C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\firefox@ghostery.com folder moved successfully.
C:\Users\Kishore Reddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.2_0\_locales\en folder moved successfully.
C:\Users\Kishore Reddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.2_0\_locales folder moved successfully.
C:\Users\Kishore Reddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.2_0\templates\precompiled folder moved successfully.
C:\Users\Kishore Reddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.2_0\templates folder moved successfully.
C:\Users\Kishore Reddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.2_0\lib\vendor\tipTip folder moved successfully.
C:\Users\Kishore Reddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.2_0\lib\vendor\apprise folder moved successfully.
C:\Users\Kishore Reddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.2_0\lib\vendor folder moved successfully.
C:\Users\Kishore Reddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.2_0\lib folder moved successfully.
C:\Users\Kishore Reddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.2_0\js folder moved successfully.
C:\Users\Kishore Reddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.2_0\includes folder moved successfully.
C:\Users\Kishore Reddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.2_0\images\panel folder moved successfully.
C:\Users\Kishore Reddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.2_0\images folder moved successfully.
C:\Users\Kishore Reddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.2_0\css folder moved successfully.
C:\Users\Kishore Reddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.2_0 folder moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\cardisabled\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\InprocServer32 deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
C:\Users\Kishore Reddy\AppData\Roaming\uTorrent\share folder moved successfully.
C:\Users\Kishore Reddy\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.
C:\Users\Kishore Reddy\AppData\Roaming\uTorrent\Cache folder moved successfully.
C:\Users\Kishore Reddy\AppData\Roaming\uTorrent\apps folder moved successfully.
C:\Users\Kishore Reddy\AppData\Roaming\uTorrent folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
C:\Users\Kishore Reddy\Desktop\cmd.bat deleted successfully.
C:\Users\Kishore Reddy\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Kishore Reddy
->Temp folder emptied: 2058871 bytes
->Temporary Internet Files folder emptied: 12736 bytes
->Java cache emptied: 65493 bytes
->FireFox cache emptied: 17661023 bytes
->Google Chrome cache emptied: 12208740 bytes
->Flash cache emptied: 492 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 34232 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 97322 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 31.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 08242013_205517
 
Files\Folders moved on Reboot...
C:\Users\Kishore Reddy\AppData\Local\Temp\7zO41B1B645\NoAutorun.exe moved successfully.
C:\Users\Kishore Reddy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Kishore Reddy\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Users\Kishore Reddy\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
Link to post
Share on other sites

Now the system seems to run really GOOD.  :)

can i run MBAM to find out whether the delta thing is gone or still hiding somewhere.

thank you for your help and waiting for your further advice.

Link to post
Share on other sites

The problem still continues. MBAM still detects DELTA in its scan.the scan log is as follows:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.08.25.04
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Kishore Reddy :: KISHOREREDDY-PC [administrator]
 
25-08-2013 20:21:26
mbam-log-2013-08-25 (20-21-26).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 221678
Time elapsed: 11 minute(s), 26 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 1
c:\users\kishore reddy\appdata\roaming\delta (PUP.Optional.Delta) -> Quarantined and deleted successfully.
 
Files Detected: 1
c:\users\kishore reddy\appdata\roaming\delta\sqlite3.dll (PUP.Optional.Delta) -> Delete on reboot.
 
(end)
Link to post
Share on other sites

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.