Jump to content
Sign in to follow this  
scorpian

system running slow.

Recommended Posts

You can keep Sandboxie but please stop if from loading on startup.

 

Once all has been uninstalled please reboot the computer at least twice and then run the requested scan and post back the log.

Late here but I'll check back on you again sometime tomorrow.

 

Yes, delete what you currently have for FRST and download a new one and put in it's own folder please.

 

Thanks

Share this post


Link to post
Share on other sites

i have uninstalled all the software applications from the control panel. i was unable to find PCTuneup2011. i tried to create a backup with ERUNT.exe but opted not to do as it wanted to create to start menu folder and there was no option to avoid it.

The FRST scan logs are as follows:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-09-2013 01
Ran by Kishore Reddy (administrator) on KISHOREREDDY-PC on 10-09-2013 20:05:34
Running from C:\Users\Kishore Reddy\Desktop\REPAIR
Windows 7 Home Basic Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
() C:\ProgramData\Aircel\OnlineUpdate\ouc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(PC Tools) C:\Program Files (x86)\ThreatFire\TFTray.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(PC Tools) C:\Program Files (x86)\ThreatFire\TFService.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [ETDWare] - C:\Program Files\elantech\etdctrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM-x32\...\Run: [ThreatFire] - C:\Program Files (x86)\ThreatFire\TFTray.exe [378128 2010-01-14] (PC Tools)
HKLM-x32\...\Run: [KeyScrambler] - C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [534160 2013-03-27] (QFX Software Corporation)
HKLM-x32\...\Run: [LManager] - c:\program files (x86)\launch manager\lmanager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [iAStorIcon] - c:\program files (x86)\intel\intel® rapid storage technology\iastoricon.exe [284696 2010-04-13] (Intel Corporation)
HKU\Default\...\RunOnce: [scrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
HKU\Default User\...\RunOnce: [scrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
BootExecute: 
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {48D037B1-05CC-41FE-9EE6-DBA074FD2370} URL = http://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: AutorunsDisabled\linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler-x32: AutorunsDisabled\linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\..\Interfaces\{F893701F-8C69-4B7A-9239-8A552C12ECDE}: [NameServer]101.223.255.141 101.223.255.142
 
FireFox:
========
FF ProfilePath: C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\program files (x86)\google\chrome\application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\program files (x86)\google\chrome\application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\program files (x86)\google\chrome\application\29.0.1547.66\pdf.dll ()
CHR Plugin: (NPLastPass) - C:\Users\Kishore Reddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.21_0\nplastpass.dll No File
CHR Plugin: (Free Download Manager Click Catcher Plug-In for Netscape, Opera, Mozilla) - C:\program files (x86)\google\chrome\application\plugins\npfdm.dll (FreeDownloadManager.org)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\KISHOR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\KISHOR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1
CHR Extension: (WOT) - C:\Users\KISHOR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.13_0
CHR Extension: (YouTube) - C:\Users\KISHOR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1
CHR Extension: (Adblock Plus) - C:\Users\KISHOR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0
CHR Extension: (Google Search) - C:\Users\KISHOR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1
CHR Extension: (VTchromizer) - C:\Users\KISHOR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\efbjojhplkelaegfbieplglfidafgoka\1.2_0
CHR Extension: (HTTPS Everywhere) - C:\Users\KISHOR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp\2013.8.17_0
CHR Extension: (LastPass) - C:\Users\KISHOR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.5.5_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\KISHOR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\KISHOR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - C:\Program Files (x86)\LastPass\lpchrome.crx
 
==================== Services (Whitelisted) =================
 
S2 Aircel. RunOuc; C:\Program Files (x86)\Aircel\UpdateDog\ouc.exe [655744 2012-06-28] ()
S4 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [168592 2013-04-10] (Microsoft Corp.)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-05-28] ()
S3 HitmanPro37Crusader; C:\Users\Kishore Reddy\Downloads\HitmanPro36_x64.exe [9879648 2013-09-02] (SurfRight B.V.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [123664 2012-12-16] (SANDBOXIE L.T.D)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 ThreatFire; C:\Program Files (x86)\ThreatFire\TFService.exe [70928 2010-01-14] (PC Tools)
 
==================== Drivers (Whitelisted) ====================
 
R0 97771742; C:\Windows\System32\DRIVERS\97771742.sys [460888 2013-08-29] (Kaspersky Lab ZAO)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-16] (DT Soft Ltd)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [239104 2012-09-18] (Huawei Technologies Co., Ltd.)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [222232 2013-03-27] (QFX Software Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202632 2012-12-16] (SANDBOXIE L.T.D)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-07-02] (Duplex Secure Ltd.)
R0 TfFsMon; C:\Windows\System32\drivers\TfFsMon.sys [65072 2010-01-14] (PC Tools)
R3 TfNetMon; C:\Windows\system32\drivers\TfNetMon.sys [41888 2010-01-14] (PC Tools)
R3 TfNetMon; C:\Windows\system32\drivers\TfNetMon.sys [41888 2010-01-14] (PC Tools)
R0 TfSysMon; C:\Windows\System32\drivers\TfSysMon.sys [59880 2010-01-14] (PC Tools)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-03] ()
S3 ztemtusbser; C:\Windows\System32\DRIVERS\CT_ZTEMT_U_USBSER.sys [120704 2010-11-04] (ZTEMT Incorporated)
U3 AppMgmt; %SystemRoot%\system32\svchost.exe -k netsvcs
U2 CscService; 
U3 PeerDistSvc; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-09-10 19:45 - 2013-09-10 19:57 - 00000000 ____D C:\Users\Kishore Reddy\Desktop\REPAIR
2013-09-10 19:23 - 2013-09-10 19:23 - 00000666 _____ C:\Windows\PFRO.log
2013-09-10 19:11 - 2013-09-10 20:01 - 00000280 _____ C:\Windows\setupact.log
2013-09-10 19:11 - 2013-09-10 19:11 - 00000000 _____ C:\Windows\setuperr.log
2013-09-10 19:05 - 2013-09-10 19:06 - 00148590 _____ C:\Users\Kishore Reddy\Desktop\avgremover.log
2013-09-10 17:50 - 2013-09-10 17:50 - 00000127 ____H C:\Users\Kishore Reddy\Documents\.~lock.Latest GSD Club byelaws.docx#
2013-09-10 11:59 - 2013-09-10 12:15 - 02899344 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Kishore Reddy\Desktop\avg_remover_stf_x64_2012_2125.exe
2013-09-09 14:31 - 2013-09-09 14:36 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Kishore Reddy\Desktop\erunt-setup.exe
2013-09-07 22:22 - 2013-09-07 22:22 - 00000000 _____ C:\Windows\SysWOW64\shoFD3.tmp
2013-09-07 21:03 - 2013-09-07 21:03 - 00000000 ____D C:\FRST
2013-09-06 15:34 - 2013-09-06 15:34 - 02652287 _____ C:\Users\Kishore Reddy\Desktop\cureit.log
2013-09-06 15:07 - 2013-09-06 15:07 - 00000000 ____D C:\Users\Kishore Reddy\Doctor Web
2013-09-06 12:31 - 2013-09-06 15:05 - 129644008 _____ C:\Users\Kishore Reddy\Desktop\1lfqj0fo.exe
2013-09-06 01:39 - 2013-09-06 01:39 - 00000000 _____ C:\Windows\SysWOW64\sho9146.tmp
2013-09-04 11:33 - 2013-09-10 20:05 - 00493498 _____ C:\Windows\WindowsUpdate.log
2013-09-02 21:53 - 2013-09-02 21:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-02 11:58 - 2013-09-02 11:58 - 00000017 _____ C:\Users\Kishore Reddy\Documents\secret.txt
2013-09-01 21:51 - 2013-09-01 21:51 - 00000000 _____ C:\Windows\SysWOW64\shoA82C.tmp
2013-09-01 14:59 - 2013-09-01 14:59 - 00005417 _____ C:\Users\Kishore Reddy\Documents\new.odt
2013-09-01 14:37 - 2013-09-01 14:37 - 00010196 _____ C:\Users\Kishore Reddy\Documents\personal.odt
2013-08-31 11:00 - 2013-08-31 11:00 - 00001402 _____ C:\Users\KISHOR~1\AppData\Local\recently-used.xbel
2013-08-29 19:37 - 2013-08-29 19:37 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-08-29 19:35 - 2013-08-29 16:31 - 00460888 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\97771742.sys
2013-08-26 11:39 - 2013-08-26 21:48 - 00000000 ____D C:\Windows\erdnt
2013-08-18 18:09 - 2013-08-18 18:09 - 00000000 ____D C:\CCE_Quarantine
2013-08-18 17:46 - 2013-08-18 17:46 - 00000000 ____D C:\Users\Kishore Reddy\AppData\Roaming\Comodo
2013-08-15 16:39 - 2013-07-26 10:43 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 16:39 - 2013-07-26 10:43 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 16:39 - 2013-07-26 10:43 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 16:39 - 2013-07-26 10:42 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 16:39 - 2013-07-26 10:42 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 16:39 - 2013-07-26 10:42 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 16:39 - 2013-07-26 10:42 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 16:39 - 2013-07-26 10:42 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 16:39 - 2013-07-26 10:42 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 16:39 - 2013-07-26 10:42 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 16:39 - 2013-07-26 10:42 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 16:39 - 2013-07-26 10:42 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 16:39 - 2013-07-26 10:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 16:39 - 2013-07-26 10:42 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 16:39 - 2013-07-26 09:05 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 16:39 - 2013-07-26 08:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 16:39 - 2013-07-26 08:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 16:39 - 2013-07-26 08:42 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 16:39 - 2013-07-26 08:42 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 16:39 - 2013-07-26 08:42 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 16:39 - 2013-07-26 08:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 16:39 - 2013-07-26 08:42 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 16:39 - 2013-07-26 08:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 16:39 - 2013-07-26 08:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 16:39 - 2013-07-26 08:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 16:39 - 2013-07-26 08:42 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 16:39 - 2013-07-26 08:41 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 16:39 - 2013-07-26 08:41 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 16:39 - 2013-07-26 08:19 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 16:39 - 2013-07-26 08:09 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 16:39 - 2013-07-26 07:29 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 11:08 - 2013-07-09 11:33 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 11:08 - 2013-07-09 11:24 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 11:08 - 2013-07-09 11:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-15 11:08 - 2013-07-09 10:33 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 11:08 - 2013-07-09 10:33 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 11:08 - 2013-07-09 10:23 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-15 11:08 - 2013-07-09 10:22 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-15 11:08 - 2013-07-09 08:19 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-15 11:08 - 2013-07-09 08:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 11:08 - 2013-07-09 08:19 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-15 11:08 - 2013-07-09 08:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-15 11:08 - 2013-07-06 11:33 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 11:08 - 2013-06-15 10:02 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-15 08:51 - 2013-07-09 10:22 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 08:51 - 2013-07-09 10:16 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 08:51 - 2013-07-09 10:16 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 08:51 - 2013-07-09 10:16 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 08:50 - 2013-07-09 11:22 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 08:50 - 2013-07-09 11:16 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 08:50 - 2013-07-09 11:16 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 08:50 - 2013-07-09 11:16 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 08:49 - 2013-07-25 14:55 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 08:49 - 2013-07-25 14:27 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 08:49 - 2013-07-19 07:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 08:49 - 2013-07-19 07:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 08:48 - 2013-07-09 11:21 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 08:48 - 2013-07-09 10:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
 
==================== One Month Modified Files and Folders =======
 
2013-09-10 20:05 - 2013-09-04 11:33 - 00493498 _____ C:\Windows\WindowsUpdate.log
2013-09-10 20:02 - 2013-09-10 20:02 - 00000022 _____ C:\Windows\S.dirmngr
2013-09-10 20:02 - 2011-12-13 19:23 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-10 20:01 - 2013-09-10 19:11 - 00000280 _____ C:\Windows\setupact.log
2013-09-10 20:01 - 2009-07-14 10:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-10 19:57 - 2013-09-10 19:45 - 00000000 ____D C:\Users\Kishore Reddy\Desktop\REPAIR
2013-09-10 19:57 - 2009-07-14 10:15 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-10 19:57 - 2009-07-14 10:15 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-10 19:56 - 2009-07-14 10:43 - 00727374 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-10 19:48 - 2013-06-13 12:03 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-10 19:42 - 2011-12-13 19:23 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-10 19:27 - 2012-09-03 22:08 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-09-10 19:23 - 2013-09-10 19:23 - 00000666 _____ C:\Windows\PFRO.log
2013-09-10 19:23 - 2012-12-30 14:34 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-09-10 19:11 - 2013-09-10 19:11 - 00000000 _____ C:\Windows\setuperr.log
2013-09-10 19:06 - 2013-09-10 19:05 - 00148590 _____ C:\Users\Kishore Reddy\Desktop\avgremover.log
2013-09-10 19:06 - 2011-11-01 21:37 - 00000000 ____D C:\ProgramData\MFAData
2013-09-10 18:11 - 2011-09-11 20:48 - 00000000 ____D C:\Users\Kishore Reddy\AppData\Roaming\SoftGrid Client
2013-09-10 17:50 - 2013-09-10 17:50 - 00000127 ____H C:\Users\Kishore Reddy\Documents\.~lock.personal.docx#
2013-09-10 14:36 - 2012-10-01 19:55 - 00000000 ____D C:\Users\Kishore Reddy\Desktop\personalfolder
2013-09-10 14:31 - 2013-04-15 13:55 - 00000000 ____D C:\Users\KISHOR~1\AppData\Local\Paint.NET
2013-09-10 12:15 - 2013-09-10 11:59 - 02899344 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Kishore Reddy\Desktop\avg_remover_stf_x64_2012_2125.exe
2013-09-09 14:36 - 2013-09-09 14:31 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Kishore Reddy\Desktop\erunt-setup.exe
2013-09-08 19:20 - 2009-07-14 10:38 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-07 22:22 - 2013-09-07 22:22 - 00000000 _____ C:\Windows\SysWOW64\shoFD3.tmp
2013-09-07 21:03 - 2013-09-07 21:03 - 00000000 ____D C:\FRST
2013-09-07 13:39 - 2012-09-18 14:00 - 00000000 ____D C:\Users\Kishore Reddy\AppData\Roaming\Abine
2013-09-06 15:34 - 2013-09-06 15:34 - 02652287 _____ C:\Users\Kishore Reddy\Desktop\cureit.log
2013-09-06 15:07 - 2013-09-06 15:07 - 00000000 ____D C:\Users\Kishore Reddy\Doctor Web
2013-09-06 15:07 - 2011-08-17 21:20 - 00000000 ____D C:\Users\Kishore Reddy
2013-09-06 15:05 - 2013-09-06 12:31 - 129644008 _____ C:\Users\Kishore Reddy\Desktop\1lfqj0fo.exe
2013-09-06 01:39 - 2013-09-06 01:39 - 00000000 _____ C:\Windows\SysWOW64\sho9146.tmp
2013-09-05 18:57 - 2013-06-14 12:59 - 00003210 _____ C:\Windows\Sandboxie.ini
2013-09-04 11:47 - 2013-02-27 19:42 - 00002147 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-03 11:34 - 2012-11-08 11:41 - 00000000 ____D C:\Users\Kishore Reddy\Downloads\new prog
2013-09-03 11:15 - 2012-11-09 20:46 - 00000826 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-09-03 11:15 - 2012-11-09 20:46 - 00000000 ____D C:\Program Files\CCleaner
2013-09-03 11:07 - 2012-08-14 15:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-02 22:09 - 2011-08-17 21:22 - 00000000 ___RD C:\Users\Kishore Reddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-02 21:57 - 2012-11-10 13:35 - 09879648 _____ (SurfRight B.V.) C:\Users\Kishore Reddy\Downloads\HitmanPro36_x64.exe
2013-09-02 21:54 - 2013-09-02 21:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-02 12:31 - 2012-12-03 22:00 - 00000000 ___RD C:\Users\Kishore Reddy\Dropbox
2013-09-02 12:31 - 2012-12-01 14:35 - 00000000 ____D C:\Users\Kishore Reddy\AppData\Roaming\Dropbox
2013-09-02 11:58 - 2013-09-02 11:58 - 00000017 _____ C:\Users\Kishore Reddy\Documents\secret.txt
2013-09-01 21:51 - 2013-09-01 21:51 - 00000000 _____ C:\Windows\SysWOW64\shoA82C.tmp
2013-09-01 20:57 - 2013-07-21 12:17 - 00003130 _____ C:\Windows\System32\Tasks\NoAutorun
2013-09-01 14:59 - 2013-09-01 14:59 - 00005417 _____ C:\Users\Kishore Reddy\Documents\new.odt
2013-09-01 14:37 - 2013-09-01 14:37 - 00010196 _____ C:\Users\Kishore Reddy\Documents\personal.odt
2013-08-31 23:23 - 2012-04-20 15:08 - 00000000 ____D C:\Users\Kishore Reddy\AppData\Roaming\vlc
2013-08-31 23:12 - 2013-08-07 22:22 - 00000000 ____D C:\Users\KISHOR~1\AppData\Local\gtk-2.0
2013-08-31 23:12 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\registration
2013-08-31 23:12 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\AppCompat
2013-08-31 11:00 - 2013-08-31 11:00 - 00001402 _____ C:\Users\KISHOR~1\AppData\Local\recently-used.xbel
2013-08-31 10:59 - 2013-05-01 20:54 - 00000000 ____D C:\Users\Kishore Reddy\AppData\Roaming\gnupg
2013-08-29 19:37 - 2013-08-29 19:37 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-08-29 16:31 - 2013-08-29 19:35 - 00460888 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\97771742.sys
2013-08-28 20:31 - 2009-07-14 08:04 - 00000244 _____ C:\Windows\system.ini
2013-08-26 21:49 - 2009-07-14 08:04 - 78643200 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-08-26 21:49 - 2009-07-14 08:04 - 19660800 _____ C:\Windows\system32\config\SYSTEM.bak
2013-08-26 21:49 - 2009-07-14 08:04 - 05648384 _____ C:\Windows\system32\config\DEFAULT.bak
2013-08-26 21:49 - 2009-07-14 08:04 - 00057344 _____ C:\Windows\system32\config\SAM.bak
2013-08-26 21:49 - 2009-07-14 08:04 - 00024576 _____ C:\Windows\system32\config\SECURITY.bak
2013-08-26 21:48 - 2013-08-26 11:39 - 00000000 ____D C:\Windows\erdnt
2013-08-26 12:14 - 2009-07-14 08:50 - 00000000 __RHD C:\Users\Default
2013-08-22 18:59 - 2012-07-17 21:06 - 00000000 ____D C:\Users\Kishore Reddy\Documents\Calibre Library
2013-08-21 14:37 - 2013-08-05 15:04 - 00000000 ____D C:\Users\Kishore Reddy\Desktop\judge's forms
2013-08-20 11:56 - 2013-03-27 14:25 - 00000000 ____D C:\Users\Kishore Reddy\Documents\storing folder
2013-08-19 13:00 - 2012-04-02 21:16 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-19 13:00 - 2012-03-11 14:46 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-19 12:25 - 2012-11-16 15:11 - 00000000 ____D C:\Program Files (x86)\ThreatFire
2013-08-18 20:23 - 2012-09-29 15:43 - 00000000 ____D C:\Windows\rescache
2013-08-18 18:09 - 2013-08-18 18:09 - 00000000 ____D C:\CCE_Quarantine
2013-08-18 17:46 - 2013-08-18 17:46 - 00000000 ____D C:\Users\Kishore Reddy\AppData\Roaming\Comodo
2013-08-16 18:46 - 2011-08-31 17:06 - 00000000 ____D C:\Users\Kishore Reddy\Tracing
2013-08-15 18:27 - 2007-07-12 07:19 - 00000000 ____D C:\Windows\Panther
2013-08-15 16:34 - 2013-07-13 12:34 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 16:30 - 2011-09-10 15:34 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-15 09:34 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\servicing
2013-08-15 09:33 - 2013-08-08 15:44 - 00000000 ____D C:\Users\KISHOR~1\AppData\Local\FreeOCR
2013-08-15 09:33 - 2012-10-20 19:28 - 00000000 ____D C:\Program Files (x86)\MusicBee
2013-08-15 09:33 - 2012-07-09 20:39 - 00000000 ____D C:\Users\Kishore Reddy\AppData\Roaming\MusicBee
2013-08-15 09:33 - 2012-02-03 22:31 - 00000000 ____D C:\ProgramData\IObit
2013-08-15 09:33 - 2009-07-14 08:50 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-08-15 09:31 - 2012-02-11 21:55 - 00000000 ____D C:\Users\Kishore Reddy\AppData\Roaming\Malwarebytes
2013-08-12 20:52 - 2013-08-08 15:35 - 00000000 ____D C:\FreeOCR
2013-08-11 14:30 - 2013-02-20 14:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-09-02 13:10
 
==================== End Of Log ============================

Share this post


Link to post
Share on other sites

continues

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-09-2013 01
Ran by Kishore Reddy at 2013-09-10 20:07:04
Running from C:\Users\Kishore Reddy\Desktop\REPAIR
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
   
7-Zip 9.22beta (x32)
Acer Backup Manager (x32 Version: 2.0.0.68)
Acer Crystal Eye webcam (x32 Version: 1.0.4.5)
Acer ePower Management (x32 Version: 5.00.3005)
Acer eRecovery Management (x32 Version: 4.05.3013)
Acer GameZone Console (x32 Version: 6.1.0.40435)
Acer Registration (x32 Version: 1.03.3003)
Acer ScreenSaver (x32 Version: 1.1.0707.2010)
Acer Updater (x32 Version: 1.02.3001)
Acrobat.com (x32 Version: 1.6.65)
Adobe Community Help (x32 Version: 3.5.23)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader XI (11.0.03) (x32 Version: 11.0.03)
Advanced Renamer (x32 Version: 3.53)
Aegisub 3.0.4 (Version: 3.0.4)
AeroWallpaperChanger (x32 Version: 1.1.0.2)
Aircel (x32 Version: 23.009.05.01.850)
Any Video Converter 3.5.5 (x32)
Ashampoo Burning Studio 2012 v.10.0.15 (x32 Version: 10.0.15)
Astroburn Lite (x32 Version: 1.8.0.0182)
Audacity 2.0.3 (x32 Version: 2.0.3)
Avidemux 2.6 (x32 Version: 2.6.1.8321)
AviSynth 2.5 (x32)
AxCrypt 1.7.2931.0 (Version: 1.7.2931.0)
Backup Manager Basic (x32 Version: 2.0.0.68)
Belarc Advisor 8.3 (x32 Version: 8.3.0.0)
Bing Desktop (x32 Version: 1.2.126.0)
BitMeter (x32)
Broadcom Gigabit NetLink Controller (Version: 14.0.2.3)
calibre (x32 Version: 0.9.33)
CCleaner (Version: 4.05)
Cheat Engine 6.2 (x32)
CyberLink PowerDVD 9 (x32 Version: 9.0.3814.50)
DAEMON Tools Lite (x32 Version: 4.47.1.0333)
Daum PotPlayer 1.5.39007 x64 Edition
dows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0)
Dropbox (HKCU Version: 2.2.9)
DVD Decrypter (Remove Only) (x32)
DVD Shrink 3.2 (x32)
Eraser 6.0.10.2620 (Version: 6.0.2620)
ESET Online Scanner v3 (x32)
eSobi v2 (x32 Version: 2.0.4.000274)
ETDWare PS/2-x64 7.0.6.5_WHQL (Version: 7.0.6.5)
FormatFactory 3.00 (x32 Version: 3.00)
Free Download Manager 3.9.2 (x32)
Free Studio version 5.7.6.1015 (x32 Version: 5.7.6.1015)
FreeOCR v4.2 (x32)
GIMP 2.8.4 (Version: 2.8.4)
GnuCash 2.4.13 (x32)
Google Chrome (x32 Version: 29.0.1547.66)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.153)
Gpg4win (2.1.1) (x32 Version: 2.1.1)
GPL Ghostscript (Version: 9.07)
HandBrake 0.9.8 (x32 Version: 0.9.8)
Identity Card (x32 Version: 1.00.3003)
ImgBurn (x32 Version: 2.5.8.0)
Inkscape 0.48.4 (x32 Version: 0.48.4)
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver (x32 Version: 8.15.10.2182)
Intel® Management Engine Components (x32 Version: 6.0.0.1179)
Intel® Rapid Storage Technology (x32 Version: 9.6.2.1001)
Intel® Turbo Boost Technology Monitor (Version: 1.0.186.6)
Internet Explorer (Enable DEP)
Junk Mail filter update (x32 Version: 14.0.8117.416)
KC Softwares SUMo (x32)
KeyScrambler (x32 Version: 3.1.0.0)
K-Lite Mega Codec Pack 9.9.4 (x32 Version: 9.9.4)
LADSPA_plugins-win-0.4.15 (x32)
LastPass(uninstall only) (x32)
Launch Manager (x32 Version: 4.0.14)
Lernout & Hauspie TruVoice American English TTS Engine (x32)
LibreOffice 4.0 Help Pack (English) (x32 Version: 4.0.4.2)
LibreOffice 4.0.4.2 (x32 Version: 4.0.4.2)
MailWasher (x32 Version: 7.1.5)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Text-to-Speech Engine 4.0 (English) (x32)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Mozilla Firefox 23.0.1 (x86 en-US) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
Mozilla Thunderbird 17.0.8 (x86 en-US) (x32 Version: 17.0.8)
MP3 Rocket (x32)
MSVC90_x64 (Version: 1.0.1.2)
MSVC90_x86 (x32 Version: 1.0.1.2)
MSVCRT (x32 Version: 14.0.1468.721)
MusicBee 2.1 (x32 Version: 2.1)
Nokia Connectivity Cable Driver (x32 Version: 7.1.78.0)
Nokia PC Suite (x32 Version: 7.1.180.94)
Notepad++ (x32 Version: 6.2.2)
Paint.NET v3.5.10 (Version: 3.60.0)
PC Connectivity Solution (x32 Version: 12.0.27.0)
PDFCreator (x32 Version: 1.5.0)
PDFill PDF Editor with FREE Writer and FREE Tools (Version: 10.0)
PDF-Viewer (Version: 2.5.208.0)
PDF-XChange Viewer (Version: 2.5.206.0)
PhotoScape (x32)
Python 2.7.5 (x32 Version: 2.7.5150)
RapidTyping (x32 Version: 4.6.5)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6141)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30122)
Recuva (Version: 1.46)
Revo Uninstaller 1.94 (x32 Version: 1.94)
Samsung ML-2010 Series (x32)
Sandboxie 3.76 (64-bit) (Version: 3.76)
Secunia PSI (2.0.0.4003) (x32 Version: 2.0.0.4003)
SecurityKISS Tunnel v0.3.0
Sizer 3.34 (x32 Version: 3.3.4.0)
Speakonia (x32 Version: 1.0.3.5)
Speccy (Version: 1.20)
ThreatFire (x32)
TrueCrypt (x32 Version: 7.1a)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Valkyrie Uploader 1.0 (x32)
Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2)
VLC media player 2.0.8 (x32 Version: 2.0.8)
VobSub v2.23 (Remove Only) (x32)
WebSite Downloader 1.1 (x32 Version: 1.1)
Welcome Center (x32 Version: 1.02.3004)
WIDCOMM Bluetooth Software (Version: 6.3.0.6000)
Windows Driver Package - Nokia Modem  (02/25/2011 4.7) (Version: 02/25/2011 4.7)
Windows Driver Package - Nokia Modem  (02/25/2011 7.01.0.9) (Version: 02/25/2011 7.01.0.9)
Windows Live Call (x32 Version: 14.0.8117.0416)
Windows Live Communications Platform (x32 Version: 14.0.8117.416)
Windows Live Essentials (x32 Version: 14.0.8117.0416)
Windows Live Essentials (x32 Version: 14.0.8117.416)
Windows Live Mail (x32 Version: 14.0.8117.0416)
Windows Live Messenger (x32 Version: 14.0.8117.0416)
Windows Live Movie Maker (x32 Version: 14.0.8117.0416)
Windows Live Photo Gallery (x32 Version: 14.0.8117.416)
Windows Live Sign-in Assistant (x32 Version: 5.000.818.5)
Windows Live Sync (x32 Version: 14.0.8117.416)
Windows Live Upload Tool (x32 Version: 14.0.8014.1029)
Windows Live Writer (x32 Version: 14.0.8117.0416)
yEd Graph Editor 3.10.2 (x32 Version: 3.10.2)
 
==================== Restore Points  =========================
 
24-08-2013 15:29:22 OTL Restore Point - 8/24/2013 8:59:22 PM
25-08-2013 14:24:20 Windows Backup
26-08-2013 10:30:19 Windows Update
28-08-2013 14:44:42 ComboFix created restore point
30-08-2013 13:52:29 Windows Update
31-08-2013 17:39:12 Restore Operation
31-08-2013 18:04:54 31/8/2013(before deleting2delta folders)
01-09-2013 08:34:07 Windows Update
01-09-2013 13:30:11 Windows Backup
02-09-2013 08:00:34 02/09/2013
03-09-2013 05:42:59 03/09/2013
04-09-2013 15:02:53 Windows Update
05-09-2013 13:52:09 05/09/2013
08-09-2013 14:01:04 Windows Backup
08-09-2013 15:41:43 Windows Update
09-09-2013 16:02:50 09/09/2013
 
==================== Hosts content: ==========================
 
2009-07-14 08:04 - 2013-08-26 21:52 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {16284DAB-B425-4E49-8164-7BD3F2C303F0} - System32\Tasks\{52D0BE30-3B47-428F-A21A-6DDA772BEBDB} => C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\airappinstaller.exe
Task: {2038FF92-5BBD-4AE3-9787-06265FB59ED3} - System32\Tasks\{F5A804BD-93CF-4E93-BBAC-00A00DF0A2B8} => C:\Users\Kishore Reddy\Downloads\new prog\AdobeFlashPlayer_11.7.700.224_ActiveX_SPS.exe
Task: {2551A1B4-465D-4622-B4E8-52AC6D74EEF2} - System32\Tasks\{B064DBA5-0EF4-4A7A-9F51-C2D37BD4423D} => C:\Windows\System32\msiexec.exe [2010-11-20] (Microsoft Corporation)
Task: {325A5BAF-FD0B-4680-9412-C54ED5BFBF9E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {44C81A7F-D7BE-401D-A89F-97E3245473C0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-20] (Adobe Systems Incorporated)
Task: {4D8184AA-5176-469D-8BEE-9CD9D8859EB9} - System32\Tasks\{8928C854-7EA1-4C7E-85F8-9CBB55D4C94F} => C:\Users\Kishore Reddy\Downloads\UnlockAero\aeropatch1.4.exe
Task: {576B2300-CFE6-457F-8905-038DEF6E85FE} - System32\Tasks\{228D4A0F-AC58-4EA7-9A8E-DCCF59C96AD0} => F:\AutoRun.exe
Task: {5C8AC9AF-9548-441D-A852-2C75FDDDF8BB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-13] (Google Inc.)
Task: {68541726-589F-4D09-A81C-15A29FD5EA60} - System32\Tasks\{3D14A63B-47B2-4784-BD3F-B2D655D0D272} => C:\Program Files\Reliance Netconnect+\bin\App.exe
Task: {719B2D22-894E-44A5-A605-6F7B1F3018E8} - System32\Tasks\NoAutorun => C:\Users\KISHOR~1\AppData\Local\Temp\7zO87ADE30B\NoAutorun.exe
Task: {7FB2C484-B56D-47E4-A0FC-23F14AFF0A0B} - System32\Tasks\{8585F68E-04A8-4CC5-9686-78B0F4880911} => F:\AutoRun.exe
Task: {95ABB15D-52A9-4A78-9CBD-6876A23ACE08} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2010-11-20] (Microsoft Corporation)
Task: {98641702-7D3C-4BA3-8C05-67ACB9D28479} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {9BD1F373-79A5-44B9-AF93-87180199B8BD} - System32\Tasks\{63A9A2BE-7251-4530-AF6A-00C5A920FA40} => C:\Windows\System32\msiexec.exe [2010-11-20] (Microsoft Corporation)
Task: {B5B7F634-34CD-45A6-8F36-95C60B5EF268} - System32\Tasks\WindowsFirewallNotifierTask => C:\Users\Kishore Reddy\Downloads\new prog\WFN\Notifier.exe [2013-06-06] (Wokhan)
Task: {BDC30456-623D-43B3-B0A1-13C00FE398D7} - System32\Tasks\{FC133F4F-43A3-4019-85DA-AF5F62D695A9} => C:\Program Files (x86)\Calibre2\calibre.exe [2013-05-30] ()
Task: {C0D70E82-EA87-4C3A-94EC-D1E08B992F48} - System32\Tasks\AVG\PC Tuneup 2011\Integrator\Start On Kishore Reddy Logon => C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
Task: {C54D1BA4-AF45-4349-AF43-49C1609DB84F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-13] (Google Inc.)
Task: {C6651D05-BACA-47D6-97EE-F858CD9D16D3} - System32\Tasks\AdobeAAMUpdater-1.0-KishoreReddy-PC-Kishore Reddy => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {ED409FD1-EE54-4431-8044-D85CB0AD4CB2} - System32\Tasks\{48CA0A54-A7BC-43C4-AD82-A049F89655A9} => C:\Users\Kishore Reddy\Downloads\new prog\AdobeFlashPlayer_11.7.700.224_ActiveX_SPS.exe
Task: {F7CE9D0B-9A1F-43A1-B949-C3F4A66D6E3B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2009-07-14 05:21 - 2011-08-09 20:30 - 00041472 _____ () C:\Windows\system32\slc.dll
2009-07-14 05:52 - 2009-07-14 07:08 - 00081408 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm
2013-04-05 03:42 - 2013-04-05 03:42 - 00164016 _____ (Dropbox, Inc.) C:\Users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
2013-03-29 17:08 - 2013-03-29 17:08 - 00467736 _____ (Piriform Ltd) C:\Program Files\Recuva\RecuvaShell64.dll
2012-05-22 08:12 - 2012-05-22 08:12 - 00252344 _____ (The Eraser Project) C:\Program Files\Eraser\Eraser.Shell.dll
2012-06-26 13:11 - 2012-06-26 13:11 - 00900184 _____ (Nokia) C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PhoneBrowser64.dll
2012-06-26 11:58 - 2012-06-26 11:58 - 01262592 _____ (Nokia) C:\Program Files (x86)\Nokia\Nokia PC Suite 7\NGSCM64.DLL
2012-06-26 13:08 - 2012-06-26 13:08 - 00026112 _____ (Nokia) C:\Program Files (x86)\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
2012-06-26 13:08 - 2012-06-26 13:08 - 00572928 _____ (Nokia) C:\Program Files (x86)\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
2012-01-10 21:18 - 2012-01-10 21:18 - 00285696 _____ (Intel Corporation) C:\Windows\system32\igfxrENU.lrc
2010-08-31 14:20 - 2010-08-10 14:09 - 00460368 _____ (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDUtl.dll
2013-03-27 03:15 - 2013-03-27 03:15 - 01245840 _____ (QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.DLL
2012-11-16 15:11 - 2010-01-14 16:08 - 00460048 _____ (PC Tools) C:\Program Files (x86)\ThreatFire\TFWAH.dll
2013-03-30 13:24 - 2013-03-30 13:16 - 00011362 _____ () C:\ProgramData\Aircel\OnlineUpdate\mingwm10.dll
2013-03-30 13:24 - 2013-03-30 13:16 - 00043008 _____ () C:\ProgramData\Aircel\OnlineUpdate\libgcc_s_dw2-1.dll
2013-03-30 13:24 - 2010-07-23 10:28 - 02415104 _____ () C:\ProgramData\Aircel\OnlineUpdate\QtCore4.dll
2013-03-30 13:24 - 2013-03-30 13:16 - 01148416 _____ () C:\ProgramData\Aircel\OnlineUpdate\QtNetwork4.dll
2013-03-30 13:24 - 2012-06-28 08:04 - 00843264 _____ () C:\ProgramData\Aircel\OnlineUpdate\QueryStrategy.dll
2013-03-30 13:24 - 2013-03-30 13:16 - 00398336 _____ () C:\ProgramData\Aircel\OnlineUpdate\QtXml4.dll
2012-11-16 15:11 - 2010-01-14 16:07 - 00044816 _____ (PC Tools) C:\Program Files (x86)\ThreatFire\TFAPI.dll
2013-05-28 22:14 - 2013-05-28 22:14 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2013-05-28 22:12 - 2013-05-28 22:12 - 00037888 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2013-05-28 22:11 - 2013-05-28 22:11 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2013-05-28 22:14 - 2013-05-28 22:14 - 00069632 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2013-05-28 22:15 - 2013-05-28 22:15 - 00627712 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-11.dll
2010-06-29 03:43 - 2010-06-29 03:43 - 00049920 _____ (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\Pehook.DLL
2010-06-29 03:43 - 2010-06-29 03:43 - 00408320 _____ (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ISchedule.DLL
2010-06-29 03:43 - 2010-06-29 03:43 - 00360192 _____ (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\SyncDll.DLL
2010-06-29 03:50 - 2010-06-29 03:50 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-29 03:42 - 2010-06-29 03:42 - 00049920 _____ (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\agent_stub.dll
2010-06-29 03:42 - 2010-06-29 03:42 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2010-06-29 03:43 - 2010-06-29 03:43 - 00063744 _____ (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\VssAgent.dll
2010-06-29 03:43 - 2010-06-29 03:43 - 00333056 _____ (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IShadowS3.dll
2012-11-16 15:11 - 2010-01-14 16:08 - 00058640 _____ (PC Tools) C:\Program Files (x86)\ThreatFire\TFServer.dll
2012-11-16 15:11 - 2010-01-14 16:07 - 00873744 _____ (PC Tools) C:\Program Files (x86)\ThreatFire\TFE.dll
2012-11-16 15:11 - 2010-01-14 16:08 - 00045840 _____ (PC Tools) C:\Program Files (x86)\ThreatFire\TFMon.dll
2012-11-16 15:11 - 2010-01-14 16:08 - 00107792 _____ (PC Tools) C:\Program Files (x86)\ThreatFire\TFRK.dll
2012-11-16 15:11 - 2010-01-14 16:08 - 00028944 _____ (PC Tools) C:\Program Files (x86)\ThreatFire\TFMisc.dll
2012-11-16 15:11 - 2010-01-14 16:08 - 00062736 _____ (PC Tools) C:\Program Files (x86)\ThreatFire\TFLog.dll
2012-11-16 15:11 - 2010-01-14 16:08 - 00058640 _____ (PC Tools) C:\Program Files (x86)\ThreatFire\TFUndo.dll
2012-11-16 15:11 - 2010-01-14 16:08 - 00423184 _____ (PC Tools) C:\Program Files (x86)\ThreatFire\TFSF.dll
2012-11-16 15:11 - 2010-01-14 16:08 - 00353552 _____ (PC Tools) C:\Program Files (x86)\ThreatFire\TFQT.dll
2012-11-16 15:11 - 2010-01-14 16:08 - 00161040 _____ (PC Tools) C:\Program Files (x86)\ThreatFire\TFScan.dll
2012-11-16 15:11 - 2010-01-14 16:07 - 00066832 _____ (PC Tools) C:\Program Files (x86)\ThreatFire\TFDBM.dll
2012-11-16 15:11 - 2010-01-14 16:08 - 00402704 _____ (PC Tools) C:\Program Files (x86)\ThreatFire\TFTM.dll
2012-11-16 15:11 - 2010-01-14 16:08 - 00032528 _____ (PC Tools) C:\Program Files (x86)\ThreatFire\TFO.dll
2012-11-16 15:11 - 2010-01-14 16:07 - 00099600 _____ (PC Tools) C:\Program Files (x86)\ThreatFire\TFCR.dll
2012-11-16 15:11 - 2010-01-14 16:08 - 00144656 _____ (PC Tools) C:\Program Files (x86)\ThreatFire\TFPA.dll
2013-03-27 03:15 - 2013-03-27 03:15 - 00924816 _____ (QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.DLL
2012-11-16 15:11 - 2010-01-14 16:08 - 00460048 _____ (PC Tools) C:\Program Files (x86)\ThreatFire\TfWah.dll
2010-08-31 14:20 - 2009-07-20 12:42 - 00137736 _____ (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\ComFnUtl.dll
2010-08-31 14:20 - 2009-07-14 12:23 - 00128008 _____ (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\CDRomUtl.dll
2010-08-31 14:20 - 2009-07-27 10:12 - 00062472 _____ (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MixerUtl.dll
2010-08-31 14:20 - 2009-07-27 10:17 - 00068104 _____ (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\Wnd2File.dll
2010-08-31 14:20 - 2009-07-27 16:13 - 00068104 _____ (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\PowerUtl.dll
2010-08-31 14:20 - 2009-12-30 14:43 - 00326736 _____ (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\OSDUtl2.dll
2010-08-31 14:20 - 2009-07-27 10:08 - 00088584 _____ (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\SzUPFUtl.dll
2010-08-31 14:20 - 2010-06-22 12:02 - 00399440 _____ (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\RadioWndUtl.dll
2010-08-31 14:20 - 2010-08-10 14:36 - 00366160 _____ (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\aipflib.dll
2010-08-31 14:20 - 2010-02-10 07:19 - 00082000 _____ (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LmSmbKel.dll
2010-08-31 14:20 - 2009-07-03 13:59 - 00147464 _____ (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\VistaVol.DLL
2010-08-31 14:20 - 2009-05-20 11:32 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2010-08-31 14:20 - 2010-02-03 10:01 - 00071248 _____ (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\NTKCUtl.dll
2013-08-15 15:43 - 2013-08-15 15:43 - 00019968 _____ (Intel Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgrSvc\c0f692a4db9d2fd24ff08f77f1ca375c\IAStorDataMgrSvc.ni.exe
2013-08-15 15:44 - 2013-08-15 15:44 - 00176640 _____ (Intel Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\cf755a845ccf977a04718b1da87c881f\IAStorDataMgr.ni.dll
2013-08-15 15:44 - 2013-08-15 15:44 - 00452608 _____ (Intel Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\a813594aee7ca5ff5608765993abc02e\IAStorUtil.ni.dll
2013-08-15 15:44 - 2013-08-15 15:44 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\6e997fe0be532817a01fc1928df6bd62\IsdiInterop.ni.dll
2010-08-31 13:36 - 2010-04-13 22:22 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (whitelisted) ==========
 
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/10/2013 08:00:29 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (09/10/2013 07:34:34 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (09/10/2013 07:22:11 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (09/10/2013 05:48:12 PM) (Source: CVHSVC) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (09/10/2013 05:48:11 PM) (Source: Application Virtualization Client) (User: )
Description: The Application Virtualization Core Service could not contact the Service Control Dispatcher.
 
Error: (09/10/2013 11:30:08 AM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (09/09/2013 10:58:08 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (09/09/2013 00:04:28 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (09/08/2013 08:04:38 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The operation timed out
 
Error: (09/08/2013 07:32:03 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved
 
 
System errors:
=============
Error: (09/10/2013 08:02:23 PM) (Source: Service Control Manager) (User: )
Description: The DgiVecp service failed to start due to the following error: 
%%20
 
Error: (09/10/2013 08:02:23 PM) (Source: Service Control Manager) (User: )
Description: The Aircel. OUC service failed to start due to the following error: 
%%1053
 
Error: (09/10/2013 08:02:23 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Aircel. OUC service to connect.
 
Error: (09/10/2013 07:50:00 PM) (Source: Service Control Manager) (User: )
Description: The DgiVecp service failed to start due to the following error: 
%%20
 
Error: (09/10/2013 07:49:58 PM) (Source: Service Control Manager) (User: )
Description: The Aircel. OUC service failed to start due to the following error: 
%%1053
 
Error: (09/10/2013 07:49:58 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Aircel. OUC service to connect.
 
Error: (09/10/2013 07:39:56 PM) (Source: Service Control Manager) (User: )
Description: The DgiVecp service failed to start due to the following error: 
%%20
 
Error: (09/10/2013 07:39:55 PM) (Source: Service Control Manager) (User: )
Description: The Aircel. OUC service failed to start due to the following error: 
%%1053
 
Error: (09/10/2013 07:39:55 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Aircel. OUC service to connect.
 
Error: (09/10/2013 07:24:05 PM) (Source: Service Control Manager) (User: )
Description: The DgiVecp service failed to start due to the following error: 
%%20
 
 
Microsoft Office Sessions:
=========================
Error: (09/10/2013 08:00:29 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (09/10/2013 07:34:34 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (09/10/2013 07:22:11 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (09/10/2013 05:48:12 PM) (Source: CVHSVC)(User: )
Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (09/10/2013 05:48:11 PM) (Source: Application Virtualization Client)(User: )
Description: 
 
Error: (09/10/2013 11:30:08 AM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (09/09/2013 10:58:08 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (09/09/2013 00:04:28 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (09/08/2013 08:04:38 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The operation timed out
 
Error: (09/08/2013 07:32:03 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-08-26 12:00:17.671
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-26 12:00:17.546
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 42%
Total physical RAM: 2806.71 MB
Available physical RAM: 1606.64 MB
Total Pagefile: 5611.61 MB
Available Pagefile: 4249.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:452.66 GB) (Free:392.37 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: ACC65072)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

Share this post


Link to post
Share on other sites

Hello Mr.Ron, do you want me to post AVG Remover logs.

 

thank you.

Share this post


Link to post
Share on other sites

No that's fine.  Please run this again and post back the new log.  Make sure  to get a new version, don't use the old one.

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Share this post


Link to post
Share on other sites

Hello, i have run Combofix as per your instructions and the log is attached for your analysis.

 

 

ComboFix 13-09-10.03 - Kishore Reddy 12-09-2013  12:53:44.4.4 - x64
Microsoft Windows 7 Home Basic   6.1.7601.1.1252.91.1033.18.2807.1377 [GMT 5.5:30]
Running from: c:\users\Kishore Reddy\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kishore Reddy\AppData\Local\Google\Chrome\User Data\Default\Preferences
.
c:\windows\SysWow64\Drivers\atapi.sys . . . is infected!!
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-12 to 2013-09-12  )))))))))))))))))))))))))))))))
.
.
2013-09-12 07:58 . 2013-09-12 07:58 -------- d-----w- c:\users\Kishore Reddy\AppData\Local\temp
2013-09-12 07:58 . 2013-09-12 07:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-12 06:38 . 2013-08-10 05:22 1084928 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-09-12 06:38 . 2013-08-10 05:21 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-09-12 06:38 . 2013-08-10 03:59 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-09-12 06:38 . 2013-08-10 05:22 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-09-12 06:38 . 2013-08-10 05:20 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-09-12 06:38 . 2013-08-10 05:21 19246592 ----a-w- c:\windows\system32\mshtml.dll
2013-09-11 14:43 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{14FF5A84-3F55-4A1A-A5A4-E5BD511FF720}\mpengine.dll
2013-09-09 16:52 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-07 16:52 . 2013-09-07 16:52 0 ----a-w- c:\windows\SysWow64\shoFD3.tmp
2013-09-07 15:33 . 2013-09-07 15:33 -------- d-----w- C:\FRST
2013-09-06 16:14 . 2013-09-06 16:14 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{09E6CB6F-4E3B-45AB-804E-A5CA674D6695}\gapaengine.dll
2013-09-06 09:37 . 2013-09-06 09:37 -------- d-----w- c:\users\Kishore Reddy\Doctor Web
2013-09-05 20:09 . 2013-09-05 20:09 0 ----a-w- c:\windows\SysWow64\sho9146.tmp
2013-09-01 16:21 . 2013-09-01 16:21 0 ----a-w- c:\windows\SysWow64\shoA82C.tmp
2013-08-29 14:07 . 2013-08-29 14:07 -------- d-----w- c:\programdata\Kaspersky Lab
2013-08-29 14:05 . 2013-08-29 11:01 460888 ----a-w- c:\windows\system32\drivers\97771742.sys
2013-08-18 12:39 . 2013-08-18 12:39 -------- d-----w- C:\CCE_Quarantine
2013-08-18 12:16 . 2013-08-18 12:16 -------- d-----w- c:\users\Kishore Reddy\AppData\Roaming\Comodo
2013-08-15 05:38 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-15 05:38 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-15 03:21 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-08-15 03:21 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-08-15 03:21 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-08-15 03:21 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-08-15 03:20 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-08-15 03:20 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-15 03:20 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-08-15 03:20 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-15 03:19 . 2013-07-19 01:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-08-15 03:19 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-15 03:19 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-15 03:19 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-08-15 03:18 . 2013-07-09 04:52 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-08-15 03:18 . 2013-07-09 05:51 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-12 06:32 . 2011-09-10 10:04 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-08-23 09:41 . 2012-02-11 12:01 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-19 07:30 . 2012-04-02 15:46 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-19 07:30 . 2012-03-11 09:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-02 01:48 . 2013-09-11 07:38 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-06-26 13:51 . 2013-06-26 13:51 23208 ----a-w- c:\windows\system32\drivers\Sftvollh.sys
2013-06-26 13:51 . 2013-06-26 13:51 28840 ----a-w- c:\windows\system32\drivers\Sftredirlh.sys
2013-06-26 13:51 . 2013-06-26 13:51 273576 ----a-w- c:\windows\system32\drivers\Sftplaylh.sys
2013-06-26 13:51 . 2013-06-26 13:51 1777320 ----a-w- c:\windows\system32\sftldr.dll
2013-06-26 13:51 . 2013-06-26 13:51 1130664 ----a-w- c:\windows\SysWow64\sftldr_wow64.dll
2013-06-26 13:51 . 2013-06-26 13:51 767144 ----a-w- c:\windows\system32\drivers\Sftfslh.sys
2013-06-25 09:40 . 2012-08-01 14:26 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-25 09:40 . 2012-04-22 07:40 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-18 16:20 . 2013-06-18 16:20 247216 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-18 16:20 . 2011-04-27 09:55 139616 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-05-07 14:33 . 2013-03-19 06:51 10965504 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ThreatFire"="c:\program files (x86)\ThreatFire\TFTray.exe" [2010-01-14 378128]
"KeyScrambler"="c:\program files (x86)\KeyScrambler\keyscrambler.exe" [2013-03-26 534160]
"LManager"="c:\program files (x86)\launch manager\lmanager.exe" [2010-08-10 975952]
"IAStorIcon"="c:\program files (x86)\intel\intel® rapid storage technology\iastoricon.exe" [2010-04-13 284696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ  
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"vProt"=c:\program files (x86)\avg secure search\vprot.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 Aircel. RunOuc;Aircel. OUC;c:\program files (x86)\Aircel\UpdateDog\ouc.exe;c:\program files (x86)\Aircel\UpdateDog\ouc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 HitmanPro37Crusader;HitmanPro 3.7 Crusader;c:\users\Kishore Reddy\Downloads\HitmanPro36_x64.exe;c:\users\Kishore Reddy\Downloads\HitmanPro36_x64.exe [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys;c:\windows\SYSNATIVE\DRIVERS\CT_ZTEMT_U_USBSER.sys [x]
R4 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
S0 97771742;97771742;c:\windows\system32\DRIVERS\97771742.sys;c:\windows\SYSNATIVE\DRIVERS\97771742.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys;c:\windows\SYSNATIVE\drivers\TfFsMon.sys [x]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys;c:\windows\SYSNATIVE\drivers\TfSysMon.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 ThreatFire;ThreatFire;c:\program files (x86)\ThreatFire\TFService.exe service;c:\program files (x86)\ThreatFire\TFService.exe service [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys;c:\windows\SYSNATIVE\drivers\keyscrambler.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys;c:\windows\SYSNATIVE\drivers\TfNetMon.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-04 06:12 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 15:08]
.
2013-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-13 13:53]
.
2013-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-13 13:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 417560]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 392984]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 1356240]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
IE: Free YouTube Download - c:\users\Kishore Reddy\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Kishore Reddy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{F893701F-8C69-4B7A-9239-8A552C12ECDE}: NameServer = 101.223.255.141 101.223.255.142
FF - ProfilePath - c:\users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\
FF - ExtSQL: 2013-09-03 13:38; firefox@ghostery.com; c:\users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\firefox@ghostery.com.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\elantech\etdctrl.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2B9F5787-88A5-4945-90E7-C4B18563BC5E}"=hex:51,66,7a,6c,4c,1d,38,12,e9,54,8c,
   2f,97,c6,2b,0c,ef,f1,87,f1,80,3d,f8,4a
"{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}"=hex:51,66,7a,6c,4c,1d,38,12,81,2d,20,
   35,ad,85,e1,00,d0,fd,90,4e,9f,38,f2,ae
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
   38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{CC59E0F9-7E43-44FA-9FAA-8377850BF205}"=hex:51,66,7a,6c,4c,1d,38,12,97,e3,4a,
   c8,71,30,94,01,e0,bc,c0,37,80,55,b6,11
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:e6,1e,6f,07,11,c4,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,60,ce,f5,dc,1a,92,4a,98,22,81,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,60,ce,f5,dc,1a,92,4a,98,22,81,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-12  13:36:40
ComboFix-quarantined-files.txt  2013-09-12 08:06
.
Pre-Run: 420,992,770,048 bytes free
Post-Run: 421,559,427,072 bytes free
.
- - End Of File - - 355C855D3FA11200353B3BF47A0D5141

Share this post


Link to post
Share on other sites

Hello Mr.Ron, do you want me to download RegClean Pro to scan and repair the system files. thankyou.

Share this post


Link to post
Share on other sites

ok. you want me to open cmd.exe and type sfc /scannow (is there a space after sfc) and press enter.

Share this post


Link to post
Share on other sites

Please read the post I linked you to as it will describe in detail how to do it.  You have files that are infected and they need to get replaced with the proper ones and that is what SFC is for.

 

I'm heading off so I'll check back on you again sometime tomorrow.

 

Thanks again

Share this post


Link to post
Share on other sites

Sorry Mr.Ron, it took me some time to understand what you want me to do. Eventually, i understood and did it the way you wanted me to do it. After scan and repair the command promp showed the following message:

 

Windows Resource Protection found corrupt files and successfully repaired them. Details are included in the CBS.log.

For Example: C:\Windows\Logs\CBS\CBS.log.

 

I tried to open CBS.log with notepad but it says "Access Denied". 

 

thankyou.

Share this post


Link to post
Share on other sites

Mr.Ron, SFC has repaired or replaced 7 components or files successfully. Do you want me to post the sfcdetails.txt. thankyou.

Share this post


Link to post
Share on other sites

Please reboot the computer one more time and then run Combofix again.  It may ask to update, please say yes and update it if it does, then run a new scan and post back the new log.

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Share this post


Link to post
Share on other sites

The Combofix log is as follows:

 

ComboFix 13-09-10.03 - Kishore Reddy 13-09-2013  10:56:58.5.4 - x64
Microsoft Windows 7 Home Basic   6.1.7601.1.1252.91.1033.18.2807.1040 [GMT 5.5:30]
Running from: c:\users\Kishore Reddy\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected 
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!SysWOW64!userinit.exe 
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-13 to 2013-09-13  )))))))))))))))))))))))))))))))
.
.
2013-09-13 05:40 . 2013-09-13 05:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-12 08:18 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1FFB949-FE5A-4C6B-9BEE-CE73AF77EB82}\mpengine.dll
2013-09-12 08:06 . 2013-09-13 05:43 -------- d-----w- c:\users\Kishore Reddy\AppData\Local\temp
2013-09-12 06:38 . 2013-08-10 05:22 1084928 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-09-12 06:38 . 2013-08-10 05:21 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-09-12 06:38 . 2013-08-10 03:59 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-09-12 06:38 . 2013-08-10 05:22 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-09-12 06:38 . 2013-08-10 05:20 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-09-12 06:38 . 2013-08-10 05:21 19246592 ----a-w- c:\windows\system32\mshtml.dll
2013-09-09 16:52 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-07 16:52 . 2013-09-07 16:52 0 ----a-w- c:\windows\SysWow64\shoFD3.tmp
2013-09-07 15:33 . 2013-09-07 15:33 -------- d-----w- C:\FRST
2013-09-06 16:14 . 2013-09-06 16:14 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{09E6CB6F-4E3B-45AB-804E-A5CA674D6695}\gapaengine.dll
2013-09-06 09:37 . 2013-09-06 09:37 -------- d-----w- c:\users\Kishore Reddy\Doctor Web
2013-09-05 20:09 . 2013-09-05 20:09 0 ----a-w- c:\windows\SysWow64\sho9146.tmp
2013-09-01 16:21 . 2013-09-01 16:21 0 ----a-w- c:\windows\SysWow64\shoA82C.tmp
2013-08-29 14:07 . 2013-08-29 14:07 -------- d-----w- c:\programdata\Kaspersky Lab
2013-08-29 14:05 . 2013-08-29 11:01 460888 ----a-w- c:\windows\system32\drivers\97771742.sys
2013-08-18 12:39 . 2013-08-18 12:39 -------- d-----w- C:\CCE_Quarantine
2013-08-18 12:16 . 2013-08-18 12:16 -------- d-----w- c:\users\Kishore Reddy\AppData\Roaming\Comodo
2013-08-15 05:38 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-15 05:38 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-15 03:21 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-08-15 03:21 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-08-15 03:21 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-08-15 03:21 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-08-15 03:20 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-08-15 03:20 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-15 03:20 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-08-15 03:20 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-15 03:19 . 2013-07-19 01:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-08-15 03:19 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-15 03:19 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-15 03:19 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-08-15 03:18 . 2013-07-09 04:52 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-08-15 03:18 . 2013-07-09 05:51 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-12 06:32 . 2011-09-10 10:04 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-08-23 09:41 . 2012-02-11 12:01 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-19 07:30 . 2012-04-02 15:46 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-19 07:30 . 2012-03-11 09:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-02 01:48 . 2013-09-11 07:38 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-06-26 13:51 . 2013-06-26 13:51 23208 ----a-w- c:\windows\system32\drivers\Sftvollh.sys
2013-06-26 13:51 . 2013-06-26 13:51 28840 ----a-w- c:\windows\system32\drivers\Sftredirlh.sys
2013-06-26 13:51 . 2013-06-26 13:51 273576 ----a-w- c:\windows\system32\drivers\Sftplaylh.sys
2013-06-26 13:51 . 2013-06-26 13:51 1777320 ----a-w- c:\windows\system32\sftldr.dll
2013-06-26 13:51 . 2013-06-26 13:51 1130664 ----a-w- c:\windows\SysWow64\sftldr_wow64.dll
2013-06-26 13:51 . 2013-06-26 13:51 767144 ----a-w- c:\windows\system32\drivers\Sftfslh.sys
2013-06-25 09:40 . 2012-08-01 14:26 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-25 09:40 . 2012-04-22 07:40 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-18 16:20 . 2013-06-18 16:20 247216 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-18 16:20 . 2011-04-27 09:55 139616 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-05-07 14:33 . 2013-03-19 06:51 10965504 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ThreatFire"="c:\program files (x86)\ThreatFire\TFTray.exe" [2010-01-14 378128]
"KeyScrambler"="c:\program files (x86)\KeyScrambler\keyscrambler.exe" [2013-03-26 534160]
"LManager"="c:\program files (x86)\launch manager\lmanager.exe" [2010-08-10 975952]
"IAStorIcon"="c:\program files (x86)\intel\intel® rapid storage technology\iastoricon.exe" [2010-04-13 284696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ  
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"vProt"=c:\program files (x86)\avg secure search\vprot.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 Aircel. RunOuc;Aircel. OUC;c:\program files (x86)\Aircel\UpdateDog\ouc.exe;c:\program files (x86)\Aircel\UpdateDog\ouc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 HitmanPro37Crusader;HitmanPro 3.7 Crusader;c:\users\Kishore Reddy\Downloads\HitmanPro36_x64.exe;c:\users\Kishore Reddy\Downloads\HitmanPro36_x64.exe [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys;c:\windows\SYSNATIVE\DRIVERS\CT_ZTEMT_U_USBSER.sys [x]
R4 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
S0 97771742;97771742;c:\windows\system32\DRIVERS\97771742.sys;c:\windows\SYSNATIVE\DRIVERS\97771742.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys;c:\windows\SYSNATIVE\drivers\TfFsMon.sys [x]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys;c:\windows\SYSNATIVE\drivers\TfSysMon.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 ThreatFire;ThreatFire;c:\program files (x86)\ThreatFire\TFService.exe service;c:\program files (x86)\ThreatFire\TFService.exe service [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys;c:\windows\SYSNATIVE\drivers\keyscrambler.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys;c:\windows\SYSNATIVE\drivers\TfNetMon.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-04 06:12 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 15:08]
.
2013-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-13 13:53]
.
2013-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-13 13:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 417560]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 392984]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 1356240]
"ETDWare"="c:\program files (x86)\elantech\etdctrl.exe" [bU]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
IE: Free YouTube Download - c:\users\Kishore Reddy\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Kishore Reddy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{F893701F-8C69-4B7A-9239-8A552C12ECDE}: NameServer = 101.223.255.141 101.223.255.142
FF - ProfilePath - c:\users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\
FF - ExtSQL: 2013-09-03 13:38; firefox@ghostery.com; c:\users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\firefox@ghostery.com.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2B9F5787-88A5-4945-90E7-C4B18563BC5E}"=hex:51,66,7a,6c,4c,1d,38,12,e9,54,8c,
   2f,97,c6,2b,0c,ef,f1,87,f1,80,3d,f8,4a
"{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}"=hex:51,66,7a,6c,4c,1d,38,12,81,2d,20,
   35,ad,85,e1,00,d0,fd,90,4e,9f,38,f2,ae
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
   38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{CC59E0F9-7E43-44FA-9FAA-8377850BF205}"=hex:51,66,7a,6c,4c,1d,38,12,97,e3,4a,
   c8,71,30,94,01,e0,bc,c0,37,80,55,b6,11
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:e6,1e,6f,07,11,c4,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,60,ce,f5,dc,1a,92,4a,98,22,81,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,60,ce,f5,dc,1a,92,4a,98,22,81,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
c:\programdata\Aircel\OnlineUpdate\ouc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\ThreatFire\TFService.exe
.
**************************************************************************
.
Completion time: 2013-09-13  11:23:25 - machine was rebooted
ComboFix-quarantined-files.txt  2013-09-13 05:53
ComboFix2.txt  2013-09-12 08:06
.
Pre-Run: 421,639,405,568 bytes free
Post-Run: 421,352,751,104 bytes free
.
- - End Of File - - 5EB007F97539E63FA764BE11E6EB9A90

Share this post


Link to post
Share on other sites

Please do not connect any external USB drive or thumb drive to this computer.  Something is reinfecting the computer.  Unless you're willing to FDISK, FORMAT and reinstall Windows you need to isolate the computer from other potential means of reinfection.  Since detecting invalid files is not an easy task and one that must be done with antivirus scanners please run the following.

 

 

dr_web_cureit_zpse80d87bf.jpg


  • Please download Dr.Web CureIt! antivirus and save it to your computer. The file size is in excess of 100MB
  • NOTE: Free usage of Dr.Web CureIt! for business purposes is illegal.
  • Internet Explorer may show a warning when downloading - the file is safe to download from the provided link.
  • Shutdown your antivirus to avoid any conflicts while scanning.
  • Once the scans have completed please re-enable your antivirus.
  • If using Malwarebytes Anti-Malware PRO you can right click over the tray icon and disable the Protection Modules
  • If needed you can also temporarily disable it from starting with Windows
  • Temporarily turn off any other security add-ons or applications you may also have.
  • Once you have downloaded Dr.Web CureIt! you should right click over it and choose Properties and verify it has a Digital Signature.
  • If it does not have a Digital Signature then do not run it.
  • Close all open programs including all Web browsers and then double-click on drweb-cureit.exe to start the installer.
  • You should have your User Account Control (UAC) enabled for improved security and which should then produce a dialog box asking for approval to run the installer.
  • Click on the Yes button to start the installer.
  • Click OK to scan your computer in the Enhanced Protection Mode
  • Click on the check box to agree to participate in their software improvement program.
  • Then if needed choose your Language by clicking on the small globe like icon in the upper right corner by the wrench.
  • Then click on the Continue button and then click on the Select objects for scanning link just below the "Start scanning" button.
  • Place a check mark on all the items except for Temporary files and System restore points - those items should not have a check mark on them.
  • Then click on the Start scanning button.
  • If a threat is found you can click on the Action column in the program.
  • Your options will be Cure or Ignore
  • If you see an item that you are absolutely sure is OK, then un-check the check box for that item, otherwise keep it on Cure.
  • Then click on the Neutralize button.
  • Once completed click on the green Open Report link. It will open the report in NOTEPAD
  • Save the report to your desktop. The report will be called Cureit.log
  • Close Dr.Web Cureit!
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, attach the log Cureit.log you saved previously in your next reply.
  • Re-Enable your antivirus and other security programs when all done.

Share this post


Link to post
Share on other sites

Hello Mr.Ron, i have  earlier downloaded copy of Dr.Web Cureit on 6/9 and i also have the log  Cureit.log on my Desktop. Do you want me to delete these and download a new copy of Dr.Web Cureit. And about the  infection, i use USB Dongle for wireless internet service. Waiting for your further instructions. thankyou.

Share this post


Link to post
Share on other sites

Hello Mr.Ron, i have deleted the previous copy of Dr.Web cureit and Cureit.log from my desktop and downloaded a new copy.After verifying the Digital signature, scanned my computer in the Enhanced Protection Mode.The scan has not shown any threats.It scanned 36,619 objects and found no threats.No open Report link was available after the scan. thankyou .

Share this post


Link to post
Share on other sites

Click on START - RUN and type in SIGVERIF and click OK
This is a Microsoft File Signature Verification program that will check the status of some files for us.

  • Click on the START button and let it run. 
  • It will popup a box when it's done to show the status, you can close that box.
  • Close the File Signature Verification application.
  • On Windows XP find and attach the file C:\WINDOWS\SIGVERIF.TXT to your reply.
  • On Windows 7 find and attach the file C:\Users\Public\Public Documents\SIGVERIF.TXT to your reply.
  • DO NOT post the log directly into your reply, attach the file please.

Share this post


Link to post
Share on other sites

Download a new version of Combofix and run it again and post back the new log please.

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Share this post


Link to post
Share on other sites

Hello Mr.Ron, i am unable to find "avg secure search" to uninstall. MBAM has detected some new threats along with the old ones. MBAM log is as follows.

 

Will be waiting for your instructions. thankyou.

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.09.16.02
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Kishore Reddy :: KISHOREREDDY-PC [administrator]
 
16-09-2013 15:26:33
mbam-log-2013-09-16 (15-26-33).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 229646
Time elapsed: 12 minute(s), 10 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 1
c:\users\kishore reddy\appdata\roaming\delta (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
 
Files Detected: 3
c:\users\kishore reddy\appdata\roaming\delta\sqlite3.dll (PUP.Optional.Delta.A) -> Delete on reboot.
c:\users\kishore reddy\appdata\local\google\chrome\user data\default\bprotector web data (PUP.Optional.BProtector.A) -> Delete on reboot.
c:\users\kishore reddy\appdata\local\google\chrome\user data\default\bprotectorpreferences (PUP.Optional.BProtector.A) -> Delete on reboot.
 
(end)

Share this post


Link to post
Share on other sites

Okay please reboot the computer.  Find and delete all the old log files for FRST then download a new fresh copy and run it and post back the new logs.

 

Then run MBAM and check for updates and do a new Quick Scan and post back that new log as well.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.