Jump to content

Recommended Posts

ComboFix 13-08-25.01 - Kishore Reddy 26-08-2013  11:47:31.1.4 - x64

Microsoft Windows 7 Home Basic   6.1.7601.1.1252.91.1033.18.2807.1642 [GMT 5.5:30]

Running from: c:\users\Kishore Reddy\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\users\Kishore Reddy\AppData\Roaming\Local

c:\windows\wininit.ini

.

Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected 

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!SysWOW64!userinit.exe 

.

.

(((((((((((((((((((((((((   Files Created from 2013-07-26 to 2013-08-26  )))))))))))))))))))))))))))))))

.

.

2013-08-24 15:45 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4D9479B8-05B4-4226-9BD3-B3C0EC759742}\mpengine.dll

2013-08-24 15:23 . 2013-08-24 15:23 -------- d-----w- C:\_OTL

2013-08-24 07:43 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-08-23 13:26 . 2013-08-23 13:31 -------- d-----w- C:\AdwCleaner

2013-08-23 09:41 . 2013-08-23 09:41 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DBDF67A8-68F5-4896-B93A-810C1819F429}\gapaengine.dll

2013-08-18 12:39 . 2013-08-18 12:39 -------- d-----w- C:\CCE_Quarantine

2013-08-18 12:16 . 2013-08-18 12:16 -------- d-----w- c:\users\Kishore Reddy\AppData\Roaming\Comodo

2013-08-15 05:38 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys

2013-08-15 05:38 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-08-15 05:38 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-08-15 05:38 . 2013-07-09 06:03 5550528 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-08-15 05:38 . 2013-07-09 05:54 1732032 ----a-w- c:\windows\system32\ntdll.dll

2013-08-15 05:38 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-08-15 05:38 . 2013-07-09 05:53 243712 ----a-w- c:\windows\system32\wow64.dll

2013-08-15 05:38 . 2013-07-09 04:53 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll

2013-08-15 05:38 . 2013-07-09 02:49 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2013-08-15 05:38 . 2013-07-09 04:52 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2013-08-15 05:38 . 2013-07-09 02:49 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2013-08-15 05:38 . 2013-07-09 02:49 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2013-08-15 05:38 . 2013-07-09 02:49 2048 ----a-w- c:\windows\SysWow64\user.exe

2013-08-15 03:21 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll

2013-08-15 03:21 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2013-08-15 03:21 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll

2013-08-15 03:21 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2013-08-15 03:20 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll

2013-08-15 03:20 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2013-08-15 03:20 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll

2013-08-15 03:20 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll

2013-08-15 03:19 . 2013-07-19 01:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2013-08-15 03:19 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll

2013-08-15 03:19 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-08-15 03:19 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL

2013-08-15 03:18 . 2013-07-09 04:52 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll

2013-08-15 03:18 . 2013-07-09 05:51 1217024 ----a-w- c:\windows\system32\rpcrt4.dll

2013-08-08 10:14 . 2013-08-15 04:03 -------- d-----w- c:\users\Kishore Reddy\AppData\Local\FreeOCR

2013-08-08 10:05 . 2007-03-10 04:41 2680320 ----a-w- c:\windows\SysWow64\ImageEnXLibrary.ocx

2013-08-08 10:05 . 2013-08-12 15:22 -------- d-----w- C:\FreeOCR

2013-08-07 16:52 . 2013-08-21 08:59 -------- d-----w- c:\users\Kishore Reddy\AppData\Local\gtk-2.0

2013-08-07 16:46 . 2013-08-07 16:46 -------- d-----w- c:\users\Kishore Reddy\AppData\Roaming\.kde

2013-08-03 08:04 . 2012-09-18 08:22 239104 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys

2013-08-03 08:04 . 2012-08-20 00:55 76288 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys

2013-08-03 08:04 . 2012-08-20 00:55 30720 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys

2013-08-03 08:04 . 2012-08-20 00:55 104960 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys

2013-08-03 08:04 . 2012-09-14 01:28 451072 ----a-w- c:\windows\system32\drivers\ewusbwwan.sys

2013-08-03 08:04 . 2012-08-20 00:55 90112 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys

2013-08-03 08:04 . 2011-12-31 01:20 225920 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys

2013-08-03 08:04 . 2010-10-08 08:59 32768 ----a-w- c:\windows\system32\drivers\ewdcsc.sys

2013-08-03 08:04 . 2010-09-26 10:09 22016 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys

2013-08-03 08:04 . 2010-08-05 23:43 1001472 ----a-w- c:\windows\system32\drivers\mod7700.sys

2013-08-03 08:04 . 2010-07-27 01:52 117248 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys

2013-08-03 08:04 . 2010-03-20 04:06 13952 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys

2013-08-03 08:03 . 2013-08-03 08:15 -------- d-----w- c:\program files (x86)\Aircel

2013-07-30 16:24 . 2013-07-30 16:24 -------- d-----w- C:\Python27

2013-07-30 08:46 . 2013-07-30 08:46 -------- d-----w- c:\users\Kishore Reddy\AppData\Roaming\TuneUp Software

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-08-19 07:30 . 2012-04-02 15:46 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-08-19 07:30 . 2012-03-11 09:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-08-15 11:00 . 2011-09-10 10:04 78161360 ----a-w- c:\windows\system32\MRT.exe

2013-07-20 14:28 . 2012-02-11 12:01 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2013-07-09 04:45 . 2013-08-15 05:38 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-06-25 09:40 . 2012-08-01 14:26 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-06-25 09:40 . 2012-04-22 07:40 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-06-18 16:20 . 2013-06-18 16:20 247216 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2013-06-18 16:20 . 2011-04-27 09:55 139616 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2013-06-05 03:34 . 2013-07-10 15:31 3153920 ----a-w- c:\windows\system32\win32k.sys

2013-06-04 06:00 . 2013-07-10 15:41 624128 ----a-w- c:\windows\system32\qedit.dll

2013-06-04 04:53 . 2013-07-10 15:41 509440 ----a-w- c:\windows\SysWow64\qedit.dll

2013-05-07 14:33 . 2013-03-19 06:51 10965504 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 130736 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 130736 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 130736 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-12-16 765200]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ThreatFire"="c:\program files (x86)\ThreatFire\TFTray.exe" [2010-01-14 378128]

"KeyScrambler"="c:\program files (x86)\KeyScrambler\keyscrambler.exe" [2013-03-26 534160]

"LManager"="c:\program files (x86)\launch manager\lmanager.exe" [2010-08-10 975952]

"IAStorIcon"="c:\program files (x86)\intel\intel® rapid storage technology\iastoricon.exe" [2010-04-13 284696]

"SDTray"="c:\program files (x86)\spybot - search & destroy 2\sdtray.exe" [2012-11-13 3825176]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ  

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

"vProt"=c:\program files (x86)\avg secure search\vprot.exe

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

.

R0 nmfmfx;nmfmfx; [x]

R0 ofvpmj;ofvpmj; [x]

R0 pvkvlw;pvkvlw; [x]

R0 qozysh;qozysh; [x]

R0 ssuhop;ssuhop; [x]

R0 tvelms;tvelms; [x]

R0 uotote;uotote; [x]

R0 vhjrap;vhjrap; [x]

R0 vxoqkw;vxoqkw; [x]

R0 wayuia;wayuia; [x]

R0 zedltn;zedltn; [x]

R0 zvijcv;zvijcv; [x]

R2 Aircel. RunOuc;Aircel. OUC;c:\program files (x86)\Aircel\UpdateDog\ouc.exe;c:\program files (x86)\Aircel\UpdateDog\ouc.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]

R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]

R3 HitmanPro37Crusader;HitmanPro 3.7 Crusader;c:\users\Kishore Reddy\Downloads\HitmanPro36_x64.exe;c:\users\Kishore Reddy\Downloads\HitmanPro36_x64.exe [x]

R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]

R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]

R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]

R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys;c:\windows\SYSNATIVE\DRIVERS\CT_ZTEMT_U_USBSER.sys [x]

R4 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [x]

R4 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys;c:\windows\SYSNATIVE\drivers\TfFsMon.sys [x]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys;c:\windows\SYSNATIVE\drivers\TfSysMon.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]

S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [x]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]

S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]

S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]

S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]

S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]

S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]

S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]

S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]

S2 ThreatFire;ThreatFire;c:\program files (x86)\ThreatFire\TFService.exe service;c:\program files (x86)\ThreatFire\TFService.exe service [x]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]

S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]

S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys;c:\windows\SYSNATIVE\drivers\keyscrambler.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]

S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys;c:\windows\SYSNATIVE\drivers\TfNetMon.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-08-22 07:13 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-08-26 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 15:08]

.

2013-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-13 13:53]

.

2013-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-13 13:53]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 164016 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 164016 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 164016 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 164016 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 417560]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 392984]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 1356240]

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uLocal Page = c:\windows\system32\blank.htm





IE: Free YouTube Download - c:\users\Kishore Reddy\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm

IE: Free YouTube to MP3 Converter - c:\users\Kishore Reddy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm



IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: Interfaces\{F893701F-8C69-4B7A-9239-8A552C12ECDE}: NameServer = 101.223.255.141 101.223.255.142

FF - ProfilePath - c:\users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Notify-SDWinLogon - SDWinLogon.dll

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

HKLM-Run-ETDWare - c:\program files (x86)\elantech\etdctrl.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ThreatFire]

"AlternateImagePath"=""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{2B9F5787-88A5-4945-90E7-C4B18563BC5E}"=hex:51,66,7a,6c,4c,1d,38,12,e9,54,8c,

   2f,97,c6,2b,0c,ef,f1,87,f1,80,3d,f8,4a

"{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}"=hex:51,66,7a,6c,4c,1d,38,12,81,2d,20,

   35,ad,85,e1,00,d0,fd,90,4e,9f,38,f2,ae

"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,

   38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{CC59E0F9-7E43-44FA-9FAA-8377850BF205}"=hex:51,66,7a,6c,4c,1d,38,12,97,e3,4a,

   c8,71,30,94,01,e0,bc,c0,37,80,55,b6,11

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:e6,1e,6f,07,11,c4,cd,01

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,60,ce,f5,dc,1a,92,4a,98,22,81,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,60,ce,f5,dc,1a,92,4a,98,22,81,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe

c:\programdata\Aircel\OnlineUpdate\ouc.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\ThreatFire\TFService.exe

c:\program files (x86)\Panda USB Vaccine\USBVaccine.exe

.

**************************************************************************

.

Completion time: 2013-08-26  12:14:36 - machine was rebooted

ComboFix-quarantined-files.txt  2013-08-26 06:44

.

Pre-Run: 420,943,970,304 bytes free

Post-Run: 420,777,947,136 bytes free

.

- - End Of File - - C0CFC77A2414B0D640D9880D0D357A47
Link to post
Share on other sites
  • Replies 210
  • Created
  • Last Reply

Top Posters In This Topic

Have some patience:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Driver::

nmfmfx

ofvpmj

pvkvlw

qozysh

ssuhop

tvelms

uotote

vhjrap

vxoqkw

wayuia

zedltn

zvijcv

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Here is the required log:

 

ComboFix 13-08-25.01 - Kishore Reddy 26-08-2013  21:34:58.2.4 - x64
Microsoft Windows 7 Home Basic   6.1.7601.1.1252.91.1033.18.2807.1576 [GMT 5.5:30]
Running from: c:\users\Kishore Reddy\Desktop\ComboFix.exe
Command switches used :: c:\users\Kishore Reddy\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NMFMFX
-------\Legacy_OFVPMJ
-------\Legacy_PVKVLW
-------\Legacy_QOZYSH
-------\Legacy_SSUHOP
-------\Legacy_TVELMS
-------\Legacy_UOTOTE
-------\Legacy_VHJRAP
-------\Legacy_VXOQKW
-------\Legacy_WAYUIA
-------\Legacy_ZEDLTN
-------\Legacy_ZVIJCV
-------\Service_nmfmfx
-------\Service_ofvpmj
-------\Service_pvkvlw
-------\Service_qozysh
-------\Service_ssuhop
-------\Service_tvelms
-------\Service_uotote
-------\Service_vhjrap
-------\Service_vxoqkw
-------\Service_wayuia
-------\Service_zedltn
-------\Service_zvijcv
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-26 to 2013-08-26  )))))))))))))))))))))))))))))))
.
.
2013-08-26 16:18 . 2013-08-26 16:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-26 10:30 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{180BC440-77C0-43C2-8625-0B3A6E214F81}\mpengine.dll
2013-08-26 06:49 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-24 15:23 . 2013-08-24 15:23 -------- d-----w- C:\_OTL
2013-08-23 13:26 . 2013-08-23 13:31 -------- d-----w- C:\AdwCleaner
2013-08-23 09:41 . 2013-08-23 09:41 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DBDF67A8-68F5-4896-B93A-810C1819F429}\gapaengine.dll
2013-08-18 12:39 . 2013-08-18 12:39 -------- d-----w- C:\CCE_Quarantine
2013-08-18 12:16 . 2013-08-18 12:16 -------- d-----w- c:\users\Kishore Reddy\AppData\Roaming\Comodo
2013-08-15 05:38 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-15 05:38 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-15 05:38 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-15 05:38 . 2013-07-09 06:03 5550528 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-15 05:38 . 2013-07-09 05:54 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-08-15 05:38 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-15 05:38 . 2013-07-09 05:53 243712 ----a-w- c:\windows\system32\wow64.dll
2013-08-15 05:38 . 2013-07-09 04:53 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-08-15 05:38 . 2013-07-09 02:49 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-08-15 05:38 . 2013-07-09 04:52 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-08-15 05:38 . 2013-07-09 02:49 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-08-15 05:38 . 2013-07-09 02:49 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-08-15 05:38 . 2013-07-09 02:49 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-08-15 03:21 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-08-15 03:21 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-08-15 03:21 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-08-15 03:21 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-08-15 03:20 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-08-15 03:20 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-15 03:20 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-08-15 03:20 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-15 03:19 . 2013-07-19 01:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-08-15 03:19 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-15 03:19 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-15 03:19 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-08-15 03:18 . 2013-07-09 04:52 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-08-15 03:18 . 2013-07-09 05:51 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-08 10:14 . 2013-08-15 04:03 -------- d-----w- c:\users\Kishore Reddy\AppData\Local\FreeOCR
2013-08-08 10:05 . 2007-03-10 04:41 2680320 ----a-w- c:\windows\SysWow64\ImageEnXLibrary.ocx
2013-08-08 10:05 . 2013-08-12 15:22 -------- d-----w- C:\FreeOCR
2013-08-07 16:52 . 2013-08-21 08:59 -------- d-----w- c:\users\Kishore Reddy\AppData\Local\gtk-2.0
2013-08-07 16:46 . 2013-08-07 16:46 -------- d-----w- c:\users\Kishore Reddy\AppData\Roaming\.kde
2013-08-03 08:04 . 2012-09-18 08:22 239104 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
2013-08-03 08:04 . 2012-08-20 00:55 76288 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2013-08-03 08:04 . 2012-08-20 00:55 30720 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2013-08-03 08:04 . 2012-08-20 00:55 104960 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2013-08-03 08:04 . 2012-09-14 01:28 451072 ----a-w- c:\windows\system32\drivers\ewusbwwan.sys
2013-08-03 08:04 . 2012-08-20 00:55 90112 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2013-08-03 08:04 . 2011-12-31 01:20 225920 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2013-08-03 08:04 . 2010-10-08 08:59 32768 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2013-08-03 08:04 . 2010-09-26 10:09 22016 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2013-08-03 08:04 . 2010-08-05 23:43 1001472 ----a-w- c:\windows\system32\drivers\mod7700.sys
2013-08-03 08:04 . 2010-07-27 01:52 117248 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2013-08-03 08:04 . 2010-03-20 04:06 13952 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2013-08-03 08:03 . 2013-08-03 08:15 -------- d-----w- c:\program files (x86)\Aircel
2013-07-30 16:24 . 2013-07-30 16:24 -------- d-----w- C:\Python27
2013-07-30 08:46 . 2013-07-30 08:46 -------- d-----w- c:\users\Kishore Reddy\AppData\Roaming\TuneUp Software
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-19 07:30 . 2012-04-02 15:46 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-19 07:30 . 2012-03-11 09:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-15 11:00 . 2011-09-10 10:04 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-07-20 14:28 . 2012-02-11 12:01 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-07-09 04:45 . 2013-08-15 05:38 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-06-25 09:40 . 2012-08-01 14:26 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-25 09:40 . 2012-04-22 07:40 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-18 16:20 . 2013-06-18 16:20 247216 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-18 16:20 . 2011-04-27 09:55 139616 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-06-05 03:34 . 2013-07-10 15:31 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-10 15:41 624128 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-10 15:41 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-05-07 14:33 . 2013-03-19 06:51 10965504 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-12-16 765200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ThreatFire"="c:\program files (x86)\ThreatFire\TFTray.exe" [2010-01-14 378128]
"KeyScrambler"="c:\program files (x86)\KeyScrambler\keyscrambler.exe" [2013-03-26 534160]
"LManager"="c:\program files (x86)\launch manager\lmanager.exe" [2010-08-10 975952]
"IAStorIcon"="c:\program files (x86)\intel\intel® rapid storage technology\iastoricon.exe" [2010-04-13 284696]
"SDTray"="c:\program files (x86)\spybot - search & destroy 2\sdtray.exe" [2012-11-13 3825176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ  
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"vProt"=c:\program files (x86)\avg secure search\vprot.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 Aircel. RunOuc;Aircel. OUC;c:\program files (x86)\Aircel\UpdateDog\ouc.exe;c:\program files (x86)\Aircel\UpdateDog\ouc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 HitmanPro37Crusader;HitmanPro 3.7 Crusader;c:\users\Kishore Reddy\Downloads\HitmanPro36_x64.exe;c:\users\Kishore Reddy\Downloads\HitmanPro36_x64.exe [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys;c:\windows\SYSNATIVE\DRIVERS\CT_ZTEMT_U_USBSER.sys [x]
R4 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [x]
R4 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys;c:\windows\SYSNATIVE\drivers\TfFsMon.sys [x]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys;c:\windows\SYSNATIVE\drivers\TfSysMon.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 ThreatFire;ThreatFire;c:\program files (x86)\ThreatFire\TFService.exe service;c:\program files (x86)\ThreatFire\TFService.exe service [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys;c:\windows\SYSNATIVE\drivers\keyscrambler.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys;c:\windows\SYSNATIVE\drivers\TfNetMon.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-22 07:13 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 15:08]
.
2013-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-13 13:53]
.
2013-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-13 13:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 417560]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 392984]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 1356240]
"ETDWare"="c:\program files (x86)\elantech\etdctrl.exe" [bU]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
IE: Free YouTube Download - c:\users\Kishore Reddy\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Kishore Reddy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{F893701F-8C69-4B7A-9239-8A552C12ECDE}: NameServer = 101.223.255.141 101.223.255.142
FF - ProfilePath - c:\users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2B9F5787-88A5-4945-90E7-C4B18563BC5E}"=hex:51,66,7a,6c,4c,1d,38,12,e9,54,8c,
   2f,97,c6,2b,0c,ef,f1,87,f1,80,3d,f8,4a
"{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}"=hex:51,66,7a,6c,4c,1d,38,12,81,2d,20,
   35,ad,85,e1,00,d0,fd,90,4e,9f,38,f2,ae
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
   38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{CC59E0F9-7E43-44FA-9FAA-8377850BF205}"=hex:51,66,7a,6c,4c,1d,38,12,97,e3,4a,
   c8,71,30,94,01,e0,bc,c0,37,80,55,b6,11
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:e6,1e,6f,07,11,c4,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,60,ce,f5,dc,1a,92,4a,98,22,81,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,60,ce,f5,dc,1a,92,4a,98,22,81,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
c:\programdata\Aircel\OnlineUpdate\ouc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\ThreatFire\TFService.exe
c:\program files (x86)\Panda USB Vaccine\USBVaccine.exe
.
**************************************************************************
.
Completion time: 2013-08-26  22:02:00 - machine was rebooted
ComboFix-quarantined-files.txt  2013-08-26 16:31
ComboFix2.txt  2013-08-26 06:44
.
Pre-Run: 420,316,585,984 bytes free
Post-Run: 420,028,583,936 bytes free
.
- - End Of File - - 705D3AEA67B2E6D60F21F06F8D108765
Link to post
Share on other sites

Well done! :)

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

Earlier i scanned using eset online scanner using all the options mentioned by you but the scan did not find any threats. The scan was done before approaching the forum.

Link to post
Share on other sites

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind*delta*:folderfind*delta*:regfinddelta
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Link to post
Share on other sites

Here is the log :

 

SystemLook 30.07.11 by jpshortstuff
Log created at 23:02 on 27/08/2013 by Kishore Reddy
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "*delta*"
C:\Program Files\GIMP 2\share\gimp\2.0\help\en\images\filters\examples\addborder-delta.png --a---- 953 bytes [09:33 28/10/2012] [07:32 03/06/2012] B00177FDD89DA4C13A8AE1BC4C985465
C:\Program Files\SecurityKISS Tunnel\OpenVPN\bin\deltapall.bat --a---- 36 bytes [07:10 08/06/2013] [00:18 01/08/2010] 18ABDFF2B46F134ECE25184596F3D129
C:\Program Files (x86)\Aircel\usermanual\en-us\public_sys-resources\delta.gif --a---- 117 bytes [08:03 03/08/2013] [03:52 31/10/2012] 590FE4AA39AD65888B60F513240BB77E
C:\Program Files (x86)\Aircel\usermanual\en-us\public_sys-resources\deltaend.gif --a---- 116 bytes [08:03 03/08/2013] [03:52 31/10/2012] B0CDFD8E2D774E7D6890366B0508C67A
C:\Program Files (x86)\Inkscape\share\extensions\alphabet_soup\Delta.svg --a---- 589 bytes [12:25 08/07/2011] [12:25 08/07/2011] A3582CAB0FCE8F398583DC78A1A16503
C:\Users\Kishore Reddy\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\Help\en_US\Photoshop\CS5\Using\images\P_Delta_Sm_N.png --a---- 462 bytes [12:16 24/02/2012] [12:16 24/02/2012] 0ED5EEF9C7473AE5CC24F9275CF9EA80
C:\Windows\Installer\{177586E7-E42E-4F38-83D1-D15B4AF5B714}\Delta.ico -ra---- 17542 bytes [15:23 13/02/2013] [15:23 13/02/2013] A00E6F81998496C98D28576CE1EAE43B
C:\Windows\Prefetch\AM_DELTA_PATCH_1.157.330.0.EX-2568A3EC.pf --a---- 9216 bytes [10:30 26/08/2013] [10:30 26/08/2013] CE55EB9BD2ACA0CBBCB59B70CB86BD07
C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.157.408.0.exe --a---- 660760 bytes [13:10 27/08/2013] [08:58 27/08/2013] 5C1652EC906BB2F661DD0389FBD7AB83
C:\Windows\System32\msdelta.dll --a---- 451584 bytes [23:22 13/07/2009] [01:41 14/07/2009] D9A5B279A8D2F8775FA254927F33DA6D
C:\Windows\SysWOW64\msdelta.dll --a---- 305152 bytes [23:12 13/07/2009] [01:15 14/07/2009] 739E51268B4BB79AB4F9E55F0018D0BC
C:\Windows\winsxs\amd64_microsoft-windows-deltacompressionengine_31bf3856ad364e35_6.1.7600.16385_none_9c2159bf9f702069\msdelta.dll --a---- 451584 bytes [23:22 13/07/2009] [01:41 14/07/2009] D9A5B279A8D2F8775FA254927F33DA6D
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_655452efe0fb810b\msdelta.dll --a---- 451584 bytes [02:55 14/07/2009] [02:55 14/07/2009] D9A5B279A8D2F8775FA254927F33DA6D
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_678566b7ddea04a5\msdelta.dll --a---- 451584 bytes [02:55 14/07/2009] [02:55 14/07/2009] D9A5B279A8D2F8775FA254927F33DA6D
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\msdelta.dll --a---- 451584 bytes [02:55 14/07/2009] [02:55 14/07/2009] D9A5B279A8D2F8775FA254927F33DA6D
C:\Windows\winsxs\FileMaps\$$_media_delta_0f36d7d9b4f7293c.cdf-ms --a---- 2436 bytes [02:59 14/07/2009] [05:32 14/07/2009] 0ED4291DC068EB860AC15A6E5360224C
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-deltacompressionengine_31bf3856ad364e35_6.1.7600.16385_none_9c2159bf9f702069.manifest --a---- 2888 bytes [02:33 14/07/2009] [02:21 14/07/2009] 6B7D6AD4FA771B7D532B7AD67D396853
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.1.7600.16385_none_c5d387d64eb8e1f2.manifest --a---- 2461 bytes [02:33 14/07/2009] [02:26 14/07/2009] B84326CF1509A48DF01F10CC45B97A3F
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.1.7601.17514_none_c8049b9e4ba7658c.manifest ------- 2461 bytes [11:26 02/09/2011] [00:51 20/11/2010] 8A388670A7B189FE5CE192B81E6F7401
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-s..l-soundthemes-delta_31bf3856ad364e35_6.1.7600.16385_none_fbf7e0678b64a4b8.manifest --a---- 27794 bytes [02:17 14/07/2009] [02:18 14/07/2009] 2D159244CBBD3875345AFDD9C34B444B
C:\Windows\winsxs\Manifests\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_6.1.7600.16385_none_4002be3be712af33.manifest --a---- 2886 bytes [02:33 14/07/2009] [01:54 14/07/2009] 110D843CC1C2B3A02A46D4AD962C04B6
C:\Windows\winsxs\Manifests\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.1.7600.16385_none_69b4ec52965b70bc.manifest --a---- 2459 bytes [02:33 14/07/2009] [01:57 14/07/2009] 6A0B78A725C86457BCED783D682C9BB5
C:\Windows\winsxs\Manifests\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.1.7601.17514_none_6be6001a9349f456.manifest ------- 2459 bytes [11:26 02/09/2011] [23:40 19/11/2010] 771093D6028BE8C764993524B6392E70
C:\Windows\winsxs\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_6.1.7600.16385_none_4002be3be712af33\msdelta.dll --a---- 305152 bytes [23:12 13/07/2009] [01:15 14/07/2009] 739E51268B4BB79AB4F9E55F0018D0BC
C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_0935b76c289e0fd5\msdelta.dll --a---- 305152 bytes [02:43 14/07/2009] [02:43 14/07/2009] 739E51268B4BB79AB4F9E55F0018D0BC
C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_0b66cb34258c936f\msdelta.dll --a---- 305152 bytes [02:43 14/07/2009] [02:43 14/07/2009] 739E51268B4BB79AB4F9E55F0018D0BC
C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\msdelta.dll --a---- 305152 bytes [02:43 14/07/2009] [02:43 14/07/2009] 739E51268B4BB79AB4F9E55F0018D0BC
 
========== folderfind ==========
 
Searching for "*delta*"
C:\Windows\Media\Delta dr--s-- [03:20 14/07/2009]
C:\Windows\winsxs\amd64_microsoft-windows-deltacompressionengine_31bf3856ad364e35_6.1.7600.16385_none_9c2159bf9f702069 d------ [03:20 14/07/2009]
C:\Windows\winsxs\amd64_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.1.7600.16385_none_c5d387d64eb8e1f2 d------ [03:20 14/07/2009]
C:\Windows\winsxs\amd64_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.1.7601.17514_none_c8049b9e4ba7658c d------ [10:28 10/09/2011]
C:\Windows\winsxs\amd64_microsoft-windows-s..l-soundthemes-delta_31bf3856ad364e35_6.1.7600.16385_none_fbf7e0678b64a4b8 d------ [05:30 14/07/2009]
C:\Windows\winsxs\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_6.1.7600.16385_none_4002be3be712af33 d------ [03:20 14/07/2009]
C:\Windows\winsxs\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.1.7600.16385_none_69b4ec52965b70bc d------ [03:20 14/07/2009]
C:\Windows\winsxs\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.1.7601.17514_none_6be6001a9349f456 d------ [10:29 10/09/2011]
 
========== regfind ==========
 
Searching for "delta"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\.Default\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\.Default\Delta]
@="C:\Windows\Media\Delta\Windows Ding.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\ChangeTheme\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\ChangeTheme\Delta]
@="C:\Windows\Media\Delta\Windows Logon Sound.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\CriticalBatteryAlarm\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\CriticalBatteryAlarm\Delta]
@="C:\Windows\Media\Delta\Windows Battery Critical.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\DeviceConnect\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\DeviceConnect\Delta]
@="C:\Windows\Media\Delta\Windows Hardware Insert.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\Delta]
@="C:\Windows\Media\Delta\Windows Hardware Remove.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\DeviceFail\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\DeviceFail\Delta]
@="C:\Windows\Media\Delta\Windows Hardware Fail.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\FaxBeep\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\FaxBeep\Delta]
@="C:\Windows\Media\Delta\Windows Notify.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\Delta]
@="C:\Windows\Media\Delta\Windows Battery Low.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\MailBeep\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\MailBeep\Delta]
@="C:\Windows\Media\Delta\Windows Notify.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\PrintComplete\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\PrintComplete\Delta]
@="C:\Windows\Media\Delta\Windows Print complete.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemAsterisk\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemAsterisk\Delta]
@="C:\Windows\Media\Delta\Windows Error.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemExclamation\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemExclamation\Delta]
@="C:\Windows\Media\Delta\Windows Exclamation.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemExit\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemHand\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemHand\Delta]
@="C:\Windows\Media\Delta\Windows Critical Stop.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemNotification\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemNotification\Delta]
@="C:\Windows\Media\Delta\Windows Balloon.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\WindowsLogoff\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\WindowsLogoff\Delta]
@="C:\Windows\Media\Delta\Windows Logoff Sound.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\WindowsLogon\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\WindowsLogon\Delta]
@="C:\Windows\Media\Delta\Windows Logon Sound.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\WindowsUAC\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\WindowsUAC\Delta]
@="C:\Windows\Media\Delta\Windows User Account Control.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\BlockedPopup\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\BlockedPopup\Delta]
@="C:\Windows\Media\Delta\Windows Pop-up Blocked.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\FaxError\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\FaxLineRings\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\FaxSent\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\FeedDiscovered\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\FeedDiscovered\Delta]
@="C:\Windows\Media\Delta\Windows Feed Discovered.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating\Delta]
@="C:\Windows\Media\Delta\Windows Navigation Start.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\SecurityBand\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\SecurityBand\Delta]
@="C:\Windows\Media\Delta\Windows Information Bar.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\sapisvr\DisNumbersSound\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\sapisvr\HubOffSound\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\sapisvr\HubOnSound\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\sapisvr\HubSleepSound\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\sapisvr\MisrecoSound\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\sapisvr\PanelSound\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Names\Delta]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\1B4\52C64B7E]
"@mmres.dll,-814"="Delta"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*]
"ContentViewModeLayoutPatternForBrowse"="delta"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*]
"ContentViewModeLayoutPatternForSearch"="delta"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive]
"ContentViewModeLayoutPatternForBrowse"="delta"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder]
"ContentViewModeLayoutPatternForBrowse"="delta"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Kind.Document]
"ContentViewModeLayoutPatternForBrowse"="delta"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Kind.Email]
"ContentViewModeLayoutPatternForBrowse"="delta"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Kind.Music]
"ContentViewModeLayoutPatternForBrowse"="delta"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Kind.Music]
"ContentViewModeLayoutPatternForSearch"="delta"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Kind.Picture]
"ContentViewModeLayoutPatternForBrowse"="delta"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Kind.Picture]
"ContentViewModeLayoutPatternForSearch"="delta"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Kind.Video]
"ContentViewModeLayoutPatternForBrowse"="delta"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Kind.Video]
"ContentViewModeLayoutPatternForSearch"="delta"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Appointment]
"ContentViewModeLayoutPatternForBrowse"="delta"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Appointment]
"ContentViewModeLayoutPatternForSearch"="delta"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Contact]
"ContentViewModeLayoutPatternForBrowse"="delta"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Contact]
"ContentViewModeLayoutPatternForSearch"="delta"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Schedule.Meeting]
"ContentViewModeLayoutPatternForBrowse"="delta"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Schedule.Meeting]
"ContentViewModeLayoutPatternForSearch"="delta"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{8F6D68FF-81A4-3F8A-AD32-8E8DDDA7FC41}\2.0.0.0]
"Class"="System.Diagnostics.SymbolStore.SymbolLineDelta"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{8F6D68FF-81A4-3F8A-AD32-8E8DDDA7FC41}\4.0.0.0]
"Class"="System.Diagnostics.SymbolStore.SymbolLineDelta"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.msg]
"ContentViewModeLayoutPatternForBrowse"="delta"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.msg]
"ContentViewModeLayoutPatternForSearch"="delta"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-deltacompressionengine_31bf3856ad364e35_none_9afd56f432219a2e]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-deltapackageexpander_31bf3856ad364e35_none_0a20a2633b1984ad]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-s..l-soundthemes-delta_31bf3856ad364e35_none_f2cfa9dc6d3f5297]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_none_3edebb7079c428f8]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_none_ae0206df82bc1377]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Input Formats\Half SD]
"WinSAT_CPU Delta"="-1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Input Formats\HD Default]
"WinSAT_CPU Delta"="2.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Input Formats\SD AVC-MP4]
"WinSAT_CPU Delta"="0.2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Input Formats\SD AVC-MPG-ISO]
"WinSAT_CPU Delta"="0.2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Input Formats\SD AVC-MPG-TTS]
"WinSAT_CPU Delta"="0.2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Input Formats\SD Default]
"WinSAT_CPU Delta"="0.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Input Formats\SD WMV]
"WinSAT_CPU Delta"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object  consists of counters that describe the behavior of physical and virtual memory on the computer.  Physical memory is the amount of random access memory on the computer.  Virtual memory consists of the space in physical memory and on disk.  Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory.  Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idle thread tha
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object  consists of counters that describe the behavior of physical and virtual memory on the computer.  Physical memory is the amount of random access memory on the computer.  Virtual memory consists of the space in physical memory and on disk.  Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory.  Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl
[HKEY_LOCAL_MACHINE\SOFTWARE\Realtek\AECBF\icrcAudioProcessingDemo\GSCBeamformer\PostFiltering]
"delta"="0.000100"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\14.0\CVH\Connect\{90140011-0066-0409-0000-0000000FF1CE}]
"deltaCacheFolderName"="140066.enu-90140011-66-409"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Media Player NSS\3.0\Input Formats\Half SD]
"WinSAT_CPU Delta"="-1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Media Player NSS\3.0\Input Formats\HD Default]
"WinSAT_CPU Delta"="2.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Media Player NSS\3.0\Input Formats\SD AVC-MP4]
"WinSAT_CPU Delta"="0.2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Media Player NSS\3.0\Input Formats\SD AVC-MPG-ISO]
"WinSAT_CPU Delta"="0.2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Media Player NSS\3.0\Input Formats\SD AVC-MPG-TTS]
"WinSAT_CPU Delta"="0.2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Media Player NSS\3.0\Input Formats\SD Default]
"WinSAT_CPU Delta"="0.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Media Player NSS\3.0\Input Formats\SD WMV]
"WinSAT_CPU Delta"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object  consists of counters that describe the behavior of physical and virtual memory on the computer.  Physical memory is the amount of random access memory on the computer.  Virtual memory consists of the space in physical memory and on disk.  Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory.  Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object  consists of counters that describe the behavior of physical and virtual memory on the computer.  Physical memory is the amount of random access memory on the computer.  Virtual memory consists of the space in physical memory and on disk.  Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory.  Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processo
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0014]
"RoamDelta"="3"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0014\Ndi\params\RoamDelta]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0014]
"RoamDelta"="3"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0014\Ndi\params\RoamDelta]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0014]
"RoamDelta"="3"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0014\Ndi\params\RoamDelta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\.Default\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\.Default\Delta]
@="C:\Windows\Media\Delta\Windows Ding.wav"
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\ChangeTheme\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\ChangeTheme\Delta]
@="C:\Windows\Media\Delta\Windows Logon Sound.wav"
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\CriticalBatteryAlarm\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\CriticalBatteryAlarm\Delta]
@="C:\Windows\Media\Delta\Windows Battery Critical.wav"
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\DeviceConnect\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\DeviceConnect\Delta]
@="C:\Windows\Media\Delta\Windows Hardware Insert.wav"
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\Delta]
@="C:\Windows\Media\Delta\Windows Hardware Remove.wav"
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\DeviceFail\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\DeviceFail\Delta]
@="C:\Windows\Media\Delta\Windows Hardware Fail.wav"
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\FaxBeep\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\FaxBeep\Delta]
@="C:\Windows\Media\Delta\Windows Notify.wav"
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\Delta]
@="C:\Windows\Media\Delta\Windows Battery Low.wav"
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\MailBeep\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\MailBeep\Delta]
@="C:\Windows\Media\Delta\Windows Notify.wav"
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\PrintComplete\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\PrintComplete\Delta]
@="C:\Windows\Media\Delta\Windows Print complete.wav"
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\SystemAsterisk\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\SystemAsterisk\Delta]
@="C:\Windows\Media\Delta\Windows Error.wav"
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\SystemExclamation\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\SystemExclamation\Delta]
@="C:\Windows\Media\Delta\Windows Exclamation.wav"
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\SystemExit\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\SystemHand\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\SystemHand\Delta]
@="C:\Windows\Media\Delta\Windows Critical Stop.wav"
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\SystemNotification\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\SystemNotification\Delta]
@="C:\Windows\Media\Delta\Windows Balloon.wav"
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\WindowsLogoff\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\WindowsLogoff\Delta]
@="C:\Windows\Media\Delta\Windows Logoff Sound.wav"
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\WindowsLogon\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\WindowsLogon\Delta]
@="C:\Windows\Media\Delta\Windows Logon Sound.wav"
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\WindowsUAC\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\WindowsUAC\Delta]
@="C:\Windows\Media\Delta\Windows User Account Control.wav"
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Explorer\BlockedPopup\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Explorer\BlockedPopup\Delta]
@="C:\Windows\Media\Delta\Windows Pop-up Blocked.wav"
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Explorer\FaxError\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Explorer\FaxLineRings\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Explorer\FaxSent\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Explorer\FeedDiscovered\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Explorer\FeedDiscovered\Delta]
@="C:\Windows\Media\Delta\Windows Feed Discovered.wav"
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Explorer\Navigating\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Explorer\Navigating\Delta]
@="C:\Windows\Media\Delta\Windows Navigation Start.wav"
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Explorer\SecurityBand\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Explorer\SecurityBand\Delta]
@="C:\Windows\Media\Delta\Windows Information Bar.wav"
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\sapisvr\DisNumbersSound\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\sapisvr\HubOffSound\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\sapisvr\HubOnSound\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\sapisvr\HubSleepSound\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\sapisvr\MisrecoSound\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\sapisvr\PanelSound\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Names\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\.Default\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\.Default\Delta]
@="C:\Windows\Media\Delta\Windows Ding.wav"
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\ChangeTheme\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\ChangeTheme\Delta]
@="C:\Windows\Media\Delta\Windows Logon Sound.wav"
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\CriticalBatteryAlarm\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\CriticalBatteryAlarm\Delta]
@="C:\Windows\Media\Delta\Windows Battery Critical.wav"
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\DeviceConnect\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\DeviceConnect\Delta]
@="C:\Windows\Media\Delta\Windows Hardware Insert.wav"
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\Delta]
@="C:\Windows\Media\Delta\Windows Hardware Remove.wav"
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\DeviceFail\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\DeviceFail\Delta]
@="C:\Windows\Media\Delta\Windows Hardware Fail.wav"
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\FaxBeep\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\FaxBeep\Delta]
@="C:\Windows\Media\Delta\Windows Notify.wav"
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\Delta]
@="C:\Windows\Media\Delta\Windows Battery Low.wav"
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\MailBeep\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\MailBeep\Delta]
@="C:\Windows\Media\Delta\Windows Notify.wav"
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\PrintComplete\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\PrintComplete\Delta]
@="C:\Windows\Media\Delta\Windows Print complete.wav"
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\SystemAsterisk\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\SystemAsterisk\Delta]
@="C:\Windows\Media\Delta\Windows Error.wav"
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\SystemExclamation\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\SystemExclamation\Delta]
@="C:\Windows\Media\Delta\Windows Exclamation.wav"
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\SystemExit\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\SystemHand\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\SystemHand\Delta]
@="C:\Windows\Media\Delta\Windows Critical Stop.wav"
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\SystemNotification\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\SystemNotification\Delta]
@="C:\Windows\Media\Delta\Windows Balloon.wav"
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\WindowsLogoff\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\WindowsLogoff\Delta]
@="C:\Windows\Media\Delta\Windows Logoff Sound.wav"
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\WindowsLogon\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\WindowsLogon\Delta]
@="C:\Windows\Media\Delta\Windows Logon Sound.wav"
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\WindowsUAC\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\WindowsUAC\Delta]
@="C:\Windows\Media\Delta\Windows User Account Control.wav"
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Explorer\BlockedPopup\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Explorer\BlockedPopup\Delta]
@="C:\Windows\Media\Delta\Windows Pop-up Blocked.wav"
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Explorer\FaxError\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Explorer\FaxLineRings\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Explorer\FaxSent\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Explorer\FeedDiscovered\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Explorer\FeedDiscovered\Delta]
@="C:\Windows\Media\Delta\Windows Feed Discovered.wav"
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Explorer\Navigating\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Explorer\Navigating\Delta]
@="C:\Windows\Media\Delta\Windows Navigation Start.wav"
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Explorer\SecurityBand\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Explorer\SecurityBand\Delta]
@="C:\Windows\Media\Delta\Windows Information Bar.wav"
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\sapisvr\DisNumbersSound\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\sapisvr\HubOffSound\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\sapisvr\HubOnSound\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\sapisvr\HubSleepSound\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\sapisvr\MisrecoSound\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\sapisvr\PanelSound\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Names\Delta]
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\.Default\Delta]
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\.Default\Delta]
@="C:\Windows\Media\Delta\Windows Ding.wav"
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\ChangeTheme\Delta]
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\ChangeTheme\Delta]
@="C:\Windows\Media\Delta\Windows Logon Sound.wav"
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\CriticalBatteryAlarm\Delta]
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\CriticalBatteryAlarm\Delta]
@="C:\Windows\Media\Delta\Windows Battery Critical.wav"
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\DeviceConnect\Delta]
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\DeviceConnect\Delta]
@="C:\Windows\Media\Delta\Windows Hardware Insert.wav"
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\Delta]
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\Delta]
@="C:\Windows\Media\Delta\Windows Hardware Remove.wav"
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\DeviceFail\Delta]
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\DeviceFail\Delta]
@="C:\Windows\Media\Delta\Windows Hardware Fail.wav"
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\FaxBeep\Delta]
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\FaxBeep\Delta]
@="C:\Windows\Media\Delta\Windows Notify.wav"
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\Delta]
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\Delta]
@="C:\Windows\Media\Delta\Windows Battery Low.wav"
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\MailBeep\Delta]
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\MailBeep\Delta]
@="C:\Windows\Media\Delta\Windows Notify.wav"
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\PrintComplete\Delta]
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\PrintComplete\Delta]
@="C:\Windows\Media\Delta\Windows Print complete.wav"
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\SystemAsterisk\Delta]
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\SystemAsterisk\Delta]
@="C:\Windows\Media\Delta\Windows Error.wav"
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\SystemExclamation\Delta]
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\SystemExclamation\Delta]
@="C:\Windows\Media\Delta\Windows Exclamation.wav"
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\SystemExit\Delta]
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\SystemHand\Delta]
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\SystemHand\Delta]
@="C:\Windows\Media\Delta\Windows Critical Stop.wav"
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\SystemNotification\Delta]
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\SystemNotification\Delta]
@="C:\Windows\Media\Delta\Windows Balloon.wav"
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\WindowsLogoff\Delta]
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\WindowsLogoff\Delta]
@="C:\Windows\Media\Delta\Windows Logoff Sound.wav"
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\WindowsLogon\Delta]
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\WindowsLogon\Delta]
@="C:\Windows\Media\Delta\Windows Logon Sound.wav"
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\WindowsUAC\Delta]
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\.Default\WindowsUAC\Delta]
@="C:\Windows\Media\Delta\Windows User Account Control.wav"
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\Explorer\BlockedPopup\Delta]
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\Explorer\BlockedPopup\Delta]
@="C:\Windows\Media\Delta\Windows Pop-up Blocked.wav"
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\Delta]
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\Explorer\FaxError\Delta]
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\Explorer\FaxLineRings\Delta]
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\Explorer\FaxSent\Delta]
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\Explorer\FeedDiscovered\Delta]
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\Explorer\FeedDiscovered\Delta]
@="C:\Windows\Media\Delta\Windows Feed Discovered.wav"
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\Explorer\Navigating\Delta]
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\Explorer\Navigating\Delta]
@="C:\Windows\Media\Delta\Windows Navigation Start.wav"
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\Explorer\SecurityBand\Delta]
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\Explorer\SecurityBand\Delta]
@="C:\Windows\Media\Delta\Windows Information Bar.wav"
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\sapisvr\DisNumbersSound\Delta]
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\sapisvr\HubOffSound\Delta]
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\sapisvr\HubOnSound\Delta]
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\sapisvr\HubSleepSound\Delta]
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\sapisvr\MisrecoSound\Delta]
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Apps\sapisvr\PanelSound\Delta]
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\AppEvents\Schemes\Names\Delta]
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000\Software\Classes\Local Settings\MuiCache\1B4\52C64B7E]
"@mmres.dll,-814"="Delta"
[HKEY_USERS\S-1-5-21-1220574047-3781605312-2057228316-1000_Classes\Local Settings\MuiCache\1B4\52C64B7E]
"@mmres.dll,-814"="Delta"
 
-= EOF =-
Link to post
Share on other sites

Sorry Mr.Borislav, i forgot to mention that the ESET online scanner did not detect any threats during the scan.It took more than 3 hours and the result was no threats.

Link to post
Share on other sites

Please manually delete ComboFix, download a new fresh copy and then:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::

c:\users\kishore reddy\appdata\roaming\delta

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

The required log is as follows:

 

ComboFix 13-08-28.02 - Kishore Reddy 28-08-2013  20:17:28.3.4 - x64
Microsoft Windows 7 Home Basic   6.1.7601.1.1252.91.1033.18.2807.1621 [GMT 5.5:30]
Running from: c:\users\Kishore Reddy\Desktop\ComboFix.exe
Command switches used :: c:\users\Kishore Reddy\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-28 to 2013-08-28  )))))))))))))))))))))))))))))))
.
.
2013-08-28 15:00 . 2013-08-28 15:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-28 14:11 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8169A4FD-A440-4599-897E-F70F72473146}\mpengine.dll
2013-08-27 13:10 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-24 15:23 . 2013-08-24 15:23 -------- d-----w- C:\_OTL
2013-08-23 13:26 . 2013-08-23 13:31 -------- d-----w- C:\AdwCleaner
2013-08-23 09:41 . 2013-08-23 09:41 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DBDF67A8-68F5-4896-B93A-810C1819F429}\gapaengine.dll
2013-08-18 12:39 . 2013-08-18 12:39 -------- d-----w- C:\CCE_Quarantine
2013-08-18 12:16 . 2013-08-18 12:16 -------- d-----w- c:\users\Kishore Reddy\AppData\Roaming\Comodo
2013-08-15 05:38 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-15 05:38 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-15 05:38 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-15 05:38 . 2013-07-09 06:03 5550528 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-15 05:38 . 2013-07-09 05:54 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-08-15 05:38 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-15 05:38 . 2013-07-09 05:53 243712 ----a-w- c:\windows\system32\wow64.dll
2013-08-15 05:38 . 2013-07-09 04:53 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-08-15 05:38 . 2013-07-09 02:49 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-08-15 05:38 . 2013-07-09 04:52 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-08-15 05:38 . 2013-07-09 02:49 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-08-15 05:38 . 2013-07-09 02:49 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-08-15 05:38 . 2013-07-09 02:49 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-08-15 03:21 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-08-15 03:21 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-08-15 03:21 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-08-15 03:21 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-08-15 03:20 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-08-15 03:20 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-15 03:20 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-08-15 03:20 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-15 03:19 . 2013-07-19 01:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-08-15 03:19 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-15 03:19 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-15 03:19 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-08-15 03:18 . 2013-07-09 04:52 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-08-15 03:18 . 2013-07-09 05:51 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-08 10:14 . 2013-08-15 04:03 -------- d-----w- c:\users\Kishore Reddy\AppData\Local\FreeOCR
2013-08-08 10:05 . 2007-03-10 04:41 2680320 ----a-w- c:\windows\SysWow64\ImageEnXLibrary.ocx
2013-08-08 10:05 . 2013-08-12 15:22 -------- d-----w- C:\FreeOCR
2013-08-07 16:52 . 2013-08-21 08:59 -------- d-----w- c:\users\Kishore Reddy\AppData\Local\gtk-2.0
2013-08-07 16:46 . 2013-08-07 16:46 -------- d-----w- c:\users\Kishore Reddy\AppData\Roaming\.kde
2013-08-03 08:04 . 2012-09-18 08:22 239104 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
2013-08-03 08:04 . 2012-08-20 00:55 76288 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2013-08-03 08:04 . 2012-08-20 00:55 30720 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2013-08-03 08:04 . 2012-08-20 00:55 104960 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2013-08-03 08:04 . 2012-09-14 01:28 451072 ----a-w- c:\windows\system32\drivers\ewusbwwan.sys
2013-08-03 08:04 . 2012-08-20 00:55 90112 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2013-08-03 08:04 . 2011-12-31 01:20 225920 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2013-08-03 08:04 . 2010-10-08 08:59 32768 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2013-08-03 08:04 . 2010-09-26 10:09 22016 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2013-08-03 08:04 . 2010-08-05 23:43 1001472 ----a-w- c:\windows\system32\drivers\mod7700.sys
2013-08-03 08:04 . 2010-07-27 01:52 117248 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2013-08-03 08:04 . 2010-03-20 04:06 13952 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2013-08-03 08:03 . 2013-08-03 08:15 -------- d-----w- c:\program files (x86)\Aircel
2013-07-30 16:24 . 2013-07-30 16:24 -------- d-----w- C:\Python27
2013-07-30 08:46 . 2013-07-30 08:46 -------- d-----w- c:\users\Kishore Reddy\AppData\Roaming\TuneUp Software
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-19 07:30 . 2012-04-02 15:46 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-19 07:30 . 2012-03-11 09:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-15 11:00 . 2011-09-10 10:04 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-07-20 14:28 . 2012-02-11 12:01 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-07-09 04:45 . 2013-08-15 05:38 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-06-25 09:40 . 2012-08-01 14:26 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-25 09:40 . 2012-04-22 07:40 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-18 16:20 . 2013-06-18 16:20 247216 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-18 16:20 . 2011-04-27 09:55 139616 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-06-05 03:34 . 2013-07-10 15:31 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-10 15:41 624128 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-10 15:41 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-05-07 14:33 . 2013-03-19 06:51 10965504 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-12-16 765200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ThreatFire"="c:\program files (x86)\ThreatFire\TFTray.exe" [2010-01-14 378128]
"KeyScrambler"="c:\program files (x86)\KeyScrambler\keyscrambler.exe" [2013-03-26 534160]
"LManager"="c:\program files (x86)\launch manager\lmanager.exe" [2010-08-10 975952]
"IAStorIcon"="c:\program files (x86)\intel\intel® rapid storage technology\iastoricon.exe" [2010-04-13 284696]
"SDTray"="c:\program files (x86)\spybot - search & destroy 2\sdtray.exe" [2012-11-13 3825176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ  
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"vProt"=c:\program files (x86)\avg secure search\vprot.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 Aircel. RunOuc;Aircel. OUC;c:\program files (x86)\Aircel\UpdateDog\ouc.exe;c:\program files (x86)\Aircel\UpdateDog\ouc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 HitmanPro37Crusader;HitmanPro 3.7 Crusader;c:\users\Kishore Reddy\Downloads\HitmanPro36_x64.exe;c:\users\Kishore Reddy\Downloads\HitmanPro36_x64.exe [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys;c:\windows\SYSNATIVE\DRIVERS\CT_ZTEMT_U_USBSER.sys [x]
R4 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [x]
R4 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys;c:\windows\SYSNATIVE\drivers\TfFsMon.sys [x]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys;c:\windows\SYSNATIVE\drivers\TfSysMon.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 ThreatFire;ThreatFire;c:\program files (x86)\ThreatFire\TFService.exe service;c:\program files (x86)\ThreatFire\TFService.exe service [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys;c:\windows\SYSNATIVE\drivers\keyscrambler.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys;c:\windows\SYSNATIVE\drivers\TfNetMon.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-22 07:13 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 15:08]
.
2013-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-13 13:53]
.
2013-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-13 13:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 417560]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 392984]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 1356240]
"ETDWare"="c:\program files (x86)\elantech\etdctrl.exe" [bU]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
IE: Free YouTube Download - c:\users\Kishore Reddy\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Kishore Reddy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{F893701F-8C69-4B7A-9239-8A552C12ECDE}: NameServer = 101.223.255.141 101.223.255.142
FF - ProfilePath - c:\users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2B9F5787-88A5-4945-90E7-C4B18563BC5E}"=hex:51,66,7a,6c,4c,1d,38,12,e9,54,8c,
   2f,97,c6,2b,0c,ef,f1,87,f1,80,3d,f8,4a
"{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}"=hex:51,66,7a,6c,4c,1d,38,12,81,2d,20,
   35,ad,85,e1,00,d0,fd,90,4e,9f,38,f2,ae
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
   38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{CC59E0F9-7E43-44FA-9FAA-8377850BF205}"=hex:51,66,7a,6c,4c,1d,38,12,97,e3,4a,
   c8,71,30,94,01,e0,bc,c0,37,80,55,b6,11
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:e6,1e,6f,07,11,c4,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,60,ce,f5,dc,1a,92,4a,98,22,81,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,60,ce,f5,dc,1a,92,4a,98,22,81,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-28  20:39:16
ComboFix-quarantined-files.txt  2013-08-28 15:09
ComboFix2.txt  2013-08-26 16:32
ComboFix3.txt  2013-08-26 06:44
.
Pre-Run: 421,187,305,472 bytes free
Post-Run: 421,102,649,344 bytes free
.
- - End Of File - - 98148031EA1B7E357DCDFE219C42ACF0
Link to post
Share on other sites
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.
Link to post
Share on other sites

The MBAM log is as follows:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.08.29.03
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Kishore Reddy :: KISHOREREDDY-PC [administrator]
 
29-08-2013 10:47:17
mbam-log-2013-08-29 (10-47-17).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 227279
Time elapsed: 11 minute(s), 54 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 1
c:\users\kishore reddy\appdata\roaming\delta (PUP.Optional.Delta) -> Quarantined and deleted successfully.
 
Files Detected: 1
c:\users\kishore reddy\appdata\roaming\delta\sqlite3.dll (PUP.Optional.Delta) -> Delete on reboot.
 
(end)
Link to post
Share on other sites

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

AVPfront.gif

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

avpsettings.gif

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

Link to post
Share on other sites

Mr.Borislav, the Kaspersky virus removal tool has not detected any threats during the scan. But it is asking me do i like make any changes to my system when ever i reboot my system. i opted not to do any changes. waiting for your further instructions.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.