my system freezes and restarts while i am scanning through malwarebytes

Luffy_zoro · October 10, 2013

First i want to say where i saw the issue first, I used steam for playing games, one day out of the blue while i tried to start steam my system froze and it restarted on its own. I tried to uninstalll and reinstalling steam, and other solutions provided by steam community by i couldn't install steam again. It started giving me problems during installation.

Then somebody suggested maybe its a malware problem so i installed malwarebytes to remove the problem. But during scan my system froze and restarted as it did with steam. Now i am sure that its some malware problem. No other application shows any problem.

I tried Malwarebyte Chameleon, Chkdsk, degfragment . But still during scan my sytem freezes and restarts .

So Please help to solve the issue so that i can install steam again. I tried every solution related to steam given by steamcommunity no use.

there were other members with the same problem. the were suggestions for them to use mbam-check and dds.scr . i performed it i pasted the logs here. i am awaiting any instructions.

mbam-check result log version: 2.0.0.1000

Malwarebytes Version: REG_SZ 1.75.0.1300

Date Log Created: 10/09/13

Time Log Created: 17:02:56

User Account type: Administrator

32 bit Operating System

Product Name: REG_SZ Windows 7 Ultimate

Current Build Number: 7600

Current Version Number: 6.1

Current CSDVersion:

Proxy Status: No proxy is Set

LAN Settings:

=============

only 'Automatically detect settings' is selected

SystemPartition:

================

HKEY_LOCAL_MACHINE\SYSTEM\Setup\

SystemPartition REG_SZ \Device\HarddiskVolume1

Balloon Tips Status:

====================

Enabled

Time Format Settings:

=====================

Should be:

h:mm:ss tt

AM

PM

:

Currently:

REG_SZ h:mm:ss tt

REG_SZ AM

REG_SZ PM

REG_SZ :

Language and Regional Settings:

===============================

ACP: Language is English (United States)

MACCP: Language is English (United States)

OEMCP: Language is English (United States)

Startup Folders for Error_Expanding_Variables Check:

====================================================

All Users Startup Folder Exists.

Current User's Startup Folder Exists.

Terminal Services Status for (null) entries in PM logs and GetUserToken errors:

===============================================================================

TERMService:

==============

Type : 32

State : 1 (The service is not running.) (State is stopped)

WIN32_EXIT_CODE : 1077

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

TermService Start is set to: 3 (Manual Startup)

Compatibility Flag Settings (Any MBAM file listings should be removed):

=======================================================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

SIGN.MEDIA=F2D3B5 Drivers\Software\Drivers\Video\32bit\15.7.3.1409\Setup.exeREG_SZ VISTARTM

SIGN.MEDIA=74EF5A88 Adobe Photoshop 7\Setup.exeREG_SZ WINXPSP2

C:\Users\Swamy\Downloads\Compressed\Norton 2012 Trial Reset\Norton 2012 Trial Reset\Norton Account Registration.exeREG_SZ WINXPSP2

C:\Users\Swamy\Downloads\Programs\OnLineRecovery.exeREG_SZ VISTARTM

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

Malwarebytes Anti-Malware Shell Extension Block Check:

======================================================

MBAM Startup Entries:

=====================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Service and Driver Status:

==========================

MBAMProtector:

==============

Type : 2

State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

MBAMService:

==============

Type : 16

State : 1 (The service is not running.) (State is stopped)

WIN32_EXIT_CODE : 0

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

MBAMScheduler:

==============

Type : 16

State : 4 (The service is running.)

WIN32_EXIT_CODE : 0

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

MBAMChameleon:

==============

Type : 2

State : 1 (The service is not running.) (State is stopped)

WIN32_EXIT_CODE : 1077

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

MBAMProtector Registry Values:

==============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector

Type REG_DWORD 2

Start REG_DWORD 3

ErrorControl REG_DWORD 1

ImagePath REG_EXPAND_SZ \??\C:\Windows\system32\drivers\mbam.sys

Group REG_SZ FSFilter Anti-Virus

DependOnService REG_MULTI_SZ FltMgr

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances

DefaultInstance REG_SZ MBAMProtector Instance

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance

Altitude REG_SZ 328800

Flags REG_DWORD 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Enum

0 REG_SZ Root\LEGACY_MBAMPROTECTOR\0000

Count REG_DWORD 1

NextInstance REG_DWORD 1

MBAMService Registry Values:

============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService

Type REG_DWORD 16

Start REG_DWORD 2

ErrorControl REG_DWORD 1

ImagePath REG_EXPAND_SZ "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe"

DependOnService REG_MULTI_SZ MBAMProtector

ObjectName REG_SZ LocalSystem

Description REG_SZ Malwarebytes Anti-Malware service

DelayedAutostart REG_DWORD 0

MBAMScheduler Registry Values:

==============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler

Type REG_DWORD 16

Start REG_DWORD 2

ErrorControl REG_DWORD 1

ImagePath REG_EXPAND_SZ "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe"

ObjectName REG_SZ LocalSystem

Description REG_SZ Malwarebytes Anti-Malware scheduler

MBAM DLL's and Runtime Files:

=============================

HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid

(Default): REG_SZ vbAccelerator Grid Control

HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid\Clsid

(Default): REG_SZ {C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}

HKEY_CLASSES_ROOT\SSubTimer6.GSubclass

(Default): REG_SZ SSubTimer6.GSubclass

HKEY_CLASSES_ROOT\SSubTimer6.GSubclass\Clsid

(Default): REG_SZ {71A27032-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\SSubTimer6.CTimer

(Default): REG_SZ SSubTimer6.CTimer

HKEY_CLASSES_ROOT\SSubTimer6.CTimer\Clsid

(Default): REG_SZ {71A27034-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\SSubTimer6.ISubclass

(Default): REG_SZ SSubTimer6.ISubclass

HKEY_CLASSES_ROOT\SSubTimer6.ISubclass\Clsid

(Default): REG_SZ {71A2702F-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ SSubTimer6.ISubclass

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgID

(Default): REG_SZ SSubTimer6.ISubclass

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Programmable

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\VERSION

(Default): REG_SZ 1.0

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ SSubTimer6.GSubclass

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32

(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll

ThreadingModel REG_SZ Apartment

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgID

(Default): REG_SZ SSubTimer6.GSubclass

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Programmable

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\VERSION

(Default): REG_SZ 1.0

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ SSubTimer6.CTimer

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32

(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll

ThreadingModel REG_SZ Apartment

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgID

(Default): REG_SZ SSubTimer6.CTimer

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Programmable

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\VERSION

(Default): REG_SZ 1.0

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1

(Default): REG_SZ vbAccelerator VB6 SGrid Control 2.0

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32

(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS

(Default): REG_SZ 2

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR

(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0

(Default): REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix)

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32

(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS

(Default): REG_SZ 0

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR

(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ ISubclass

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ CTimer

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}

(Default): REG_SZ vbalGrid

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib

(Default): REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A}

Version REG_SZ 1.1

MBAM Registry Settings and License Info:

========================================

HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware

advancedheuristics REG_DWORD 1

downloadprogram REG_DWORD 1

hidereg REG_DWORD 0

detectp2p REG_DWORD 0

detectpum REG_DWORD 1

detectpup REG_DWORD 2

updatewarn REG_DWORD 1

updatewarndays REG_DWORD 7

useproxy REG_DWORD 0

useauthentication REG_DWORD 0

contextmenu REG_DWORD 1

reportthreats REG_DWORD 1

startwithwindows REG_DWORD 0 <--MBAM IS NOT SET TO START WITH WINDOWS

startfsdisabled REG_DWORD 0

startipdisabled REG_DWORD 0

silentipmode REG_DWORD 0

autoquarantine REG_DWORD 1

notifyinstallprogram REG_DWORD 1

trialpromptshown REG_DWORD 1

autoquarantinenotify REG_DWORD 1

alwaysscanarchives REG_DWORD 1

InstallPath REG_SZ C:\Program Files\Malwarebytes' Anti-Malware

dbdate REG_SZ Wed, 09 Oct 2013 09:57:04 GMT

dbversion REG_SZ v2013.10.09.03

programversion REG_SZ 1.75.0.1300

programbuild REG_SZ consumer

trialended REG_DWORD 0

SchedulerQueue REG_MULTI_SZ 6148, 30327821, 2509917984, 1, 23 | 30327978, 3450540730

ID XXXXX This is hidden data.

Key XXXX-XXXX-XXXX-XXXX This is hidden data.

HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware (Trial)

TrialId There is data here but it is hidden.

StartDate REG_SZ Tue, 08 Oct 2013 08:34:12 UTC

EndDate REG_SZ Tue, 22 Oct 2013 08:34:12 UTC

HKEY_CURRENT_USER\SOFTWARE\Malwarebytes' Anti-Malware

alwaysscanfiles REG_DWORD 1

alwaysscanheuristics REG_DWORD 1

alwaysscanmemory REG_DWORD 1

alwaysscanregistry REG_DWORD 1

alwaysscanstartups REG_DWORD 1

autosavelog REG_DWORD 1

openlog REG_DWORD 1

defaultscan REG_DWORD 1

terminateie REG_DWORD 0

Language REG_SZ English.lng

selectedrives REG_SZ C:\|D:\|E:\|F:\|G:\|

HKEY_USERS\S-1-5-18\SOFTWARE\Malwarebytes' Anti-Malware

alwaysscanfiles REG_DWORD 1

alwaysscanheuristics REG_DWORD 1

alwaysscanmemory REG_DWORD 1

alwaysscanregistry REG_DWORD 1

alwaysscanstartups REG_DWORD 1

autosavelog REG_DWORD 1

openlog REG_DWORD 1

defaultscan REG_DWORD 0

terminateie REG_DWORD 0

HKEY_USERS\.DEFAULT\SOFTWARE\Malwarebytes' Anti-Malware

alwaysscanfiles REG_DWORD 1

alwaysscanheuristics REG_DWORD 1

alwaysscanmemory REG_DWORD 1

alwaysscanregistry REG_DWORD 1

alwaysscanstartups REG_DWORD 1

autosavelog REG_DWORD 1

openlog REG_DWORD 1

defaultscan REG_DWORD 0

terminateie REG_DWORD 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1

Inno Setup: Setup Version REG_SZ 5.5.3-dev (a)

Inno Setup: App Path REG_SZ C:\Program Files\Malwarebytes' Anti-Malware

InstallLocation REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\

Inno Setup: Icon Group REG_SZ Malwarebytes' Anti-Malware

Inno Setup: User REG_SZ Swamy

Inno Setup: Selected Tasks REG_SZ desktopicon

Inno Setup: Deselected Tasks REG_SZ quicklaunchicon

Inno Setup: Language REG_SZ English

DisplayName REG_SZ Malwarebytes Anti-Malware version 1.75.0.1300

DisplayIcon REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

UninstallString REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

QuietUninstallString REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" /SILENT

DisplayVersion REG_SZ 1.75.0.1300

Publisher REG_SZ Malwarebytes Corporation

URLInfoAbout REG_SZ http://www.malwarebytes.org

NoModify REG_DWORD 1

NoRepair REG_DWORD 1

InstallDate REG_SZ 20131008

MajorVersion REG_DWORD 1

MinorVersion REG_DWORD 75

EstimatedSize REG_DWORD 19726

Pending File Rename Operations:

================================

If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.

Scheduler Queue:

================

Scheduled Item: Update Schedule Options: | Daily | Random

Start Time: 2013-10-08 10:03 Repeating Every: 1 Recover if missed by: 23

Context Menu Entries:

=====================

HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt

(Default): REG_SZ MBAMShlExt Class

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer

(Default): REG_SZ MBAMExt.MBAMShlExt.1

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1

(Default): REG_SZ MBAMShlExt Class

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}

(Default): REG_SZ IMBAMShlExt

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib

(Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}

(Default): REG_SZ MBAMShlExt Class

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32

(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll

ThreadingModel REG_SZ Apartment

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID

(Default): REG_SZ MBAMExt.MBAMShlExt.1

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib

(Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID

(Default): REG_SZ MBAMExt.MBAMShlExt

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0

(Default): REG_SZ MBAMExt 1.0 Type Library

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32

(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS

(Default): REG_SZ 0

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR

(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware

MBAM Drivers:

=============

C:\Windows\system32\drivers\mbam.sys File Size: 22856 BYTES FileVersion: 1.60.2.0

C:\Windows\system32\drivers\mbamswissarmy.sys File Size: 40776 BYTES FileVersion: 1.60.0.0

C:\Windows\system32\drivers\mbamchameleon.sys File Size: 31560 BYTES

Required Dependencies:

======================

BFE:

==============

Type : 32

State : 4 (The service is running.)

WIN32_EXIT_CODE : 0

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

DisplayName REG_SZ @%SystemRoot%\system32\bfe.dll,-1001

Group REG_SZ NetworkProvider

ImagePath REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork

Description REG_SZ @%SystemRoot%\system32\bfe.dll,-1002

ObjectName REG_SZ NT AUTHORITY\LocalService

ErrorControl REG_DWORD 1

Start REG_DWORD 2

Type REG_DWORD 32

DependOnService REG_MULTI_SZ RpcSs

ServiceSidType REG_DWORD 3

RequiredPrivileges REG_MULTI_SZ SeAuditPrivilege

FailureActions REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters

ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\bfe.dll

ServiceDllUnloadOnStop REG_DWORD 1

ServiceMain REG_SZ BfeServiceMain

fltmgr:

==============

Type : 2

State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr

AttachWhenLoaded REG_DWORD 1

DisplayName REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10001

Group REG_SZ FSFilter Infrastructure

ImagePath REG_EXPAND_SZ system32\drivers\fltmgr.sys

Description REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10000

ErrorControl REG_DWORD 3

Start REG_DWORD 0

Tag REG_DWORD 1

Type REG_DWORD 2

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum

0 REG_SZ Root\LEGACY_FLTMGR\0000

Count REG_DWORD 1

NextInstance REG_DWORD 1

C:\Windows\system32\drivers\fltmgr.sys File Size: 198208 BYTES FileVersion: 6.1.7600.16385

C:\Windows\system32\comctl32.ocx File Size: 608448 BYTES FileVersion: 6.0.81.5

C:\Windows\system32\mscomctl.ocx File Size: 1069376 BYTES FileVersion: 6.1.98.18

C:\Windows\system32\olepro32.dll File Size: 90112 BYTES FileVersion: 6.1.7600.16385

List of MBAM Related Directories:

=================================

C:\Program Files\Malwarebytes' Anti-Malware

7z.dll File Size: 914432 BYTES FileVersion: 9.20.0.0

changes.txt File Size: 200 BYTES

license.rtf File Size: 17916 BYTES

mbam.chm File Size: 474148 BYTES

mbam.dll File Size: 527944 BYTES FileVersion: 1.70.0.0

mbam.exe File Size: 887432 BYTES FileVersion: 1.75.0.1

mbamcore.dll File Size: 1127496 BYTES FileVersion: 1.70.0.0

mbamext.dll File Size: 80968 BYTES FileVersion: 1.70.0.0

mbamgui.exe File Size: 532040 BYTES FileVersion: 1.70.0.0

mbamnet.dll File Size: 2191944 BYTES FileVersion: 1.70.0.0

mbampt.exe File Size: 40008 BYTES FileVersion: 1.70.0.0

mbamscheduler.exe File Size: 418376 BYTES FileVersion: 1.70.0.0

mbamservice.exe File Size: 701512 BYTES FileVersion: 1.70.0.0

ssubtmr6.dll File Size: 46416 BYTES FileVersion: 1.1.0.3

unins000.dat File Size: 15082 BYTES

unins000.exe File Size: 712264 BYTES FileVersion: 51.52.0.0

unins000.msg File Size: 11277 BYTES

vbalsgrid6.ocx File Size: 496976 BYTES FileVersion: 2.0.0.40

C:\Program Files\Malwarebytes' Anti-Malware\Chameleon

chameleon.chm File Size: 186068 BYTES

firefox.com File Size: 218184 BYTES

firefox.exe File Size: 218184 BYTES

firefox.pif File Size: 218184 BYTES

firefox.scr File Size: 218184 BYTES

iexplore.exe File Size: 218184 BYTES

mbam-chameleon.com File Size: 218184 BYTES

mbam-chameleon.exe File Size: 218184 BYTES

mbam-chameleon.pif File Size: 218184 BYTES

mbam-chameleon.scr File Size: 218184 BYTES

mbam-killer.exe File Size: 896072 BYTES

rundll32.exe File Size: 218184 BYTES

svchost.exe File Size: 218184 BYTES

winlogon.exe File Size: 218184 BYTES

C:\Program Files\Malwarebytes' Anti-Malware\Languages

arabic.lng File Size: 21894 BYTES

belarusian.lng File Size: 26884 BYTES

bosnian.lng File Size: 27108 BYTES

bulgarian.lng File Size: 27574 BYTES

catalan.lng File Size: 28252 BYTES

chineseSI.lng File Size: 11024 BYTES

chineseTR.lng File Size: 11952 BYTES

croatian.lng File Size: 26670 BYTES

czech.lng File Size: 24874 BYTES

danish.lng File Size: 26582 BYTES

dutch.lng File Size: 28342 BYTES

english.lng File Size: 24542 BYTES

estonian.lng File Size: 25146 BYTES

finnish.lng File Size: 25950 BYTES

french.lng File Size: 29830 BYTES

german.lng File Size: 29894 BYTES

greek.lng File Size: 29300 BYTES

hebrew.lng File Size: 19362 BYTES

hungarian.lng File Size: 28666 BYTES

indonesian.lng File Size: 26854 BYTES

italian.lng File Size: 28194 BYTES

japanese.lng File Size: 16266 BYTES

korean.lng File Size: 14188 BYTES

latvian.lng File Size: 27100 BYTES

lithuanian.lng File Size: 27838 BYTES

norwegian.lng File Size: 25116 BYTES

polish.lng File Size: 26644 BYTES

portugueseBR.lng File Size: 28654 BYTES

portuguesePT.lng File Size: 29062 BYTES

romanian.lng File Size: 28290 BYTES

russian.lng File Size: 27302 BYTES

serbian.lng File Size: 26804 BYTES

slovak.lng File Size: 25644 BYTES

slovenian.lng File Size: 24852 BYTES

spanish.lng File Size: 30060 BYTES

swedish.lng File Size: 25992 BYTES

thai.lng File Size: 26092 BYTES

turkish.lng File Size: 25876 BYTES

vietnamese.lng File Size: 29528 BYTES

C:\Users\Swamy\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware

C:\Users\Swamy\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs

mbam-log-2013-10-08 (17-17-11).txt File Size: 1890 BYTES

C:\Users\Swamy\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware

rules.ref File Size: 6580934 BYTES

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration

build.conf File Size: 140 BYTES

config.conf File Size: 4076 BYTES

custom.conf File Size: 20 BYTES

database.conf File Size: 432 BYTES

html.conf File Size: 2904 BYTES

local.conf File Size: 998 BYTES

manifest.conf File Size: 1752 BYTES

messaging.conf File Size: 1430 BYTES

news.conf File Size: 272 BYTES

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs

protection-log-2013-10-08.txt File Size: 6824 BYTES

protection-log-2013-10-09.txt File Size: 1026 BYTES

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine

===============================================================

END OF FILE

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.21.2

Run by Swamy at 17:05:41 on 2013-10-09

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.738 [GMT 5.5:30]

.

AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe

C:\Program Files\AVG\AVG2013\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\WinFLService.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe

C:\Windows\Explorer.EXE

C:\Windows\RtHDVCpl.exe

C:\Program Files\Google\Google Talk\googletalk.exe

C:\Program Files\AVG\AVG2013\avgui.exe

C:\Windows\System32\WinFLTray.exe

C:\Program Files\Internet Download Manager\IDMan.exe

C:\Program Files\Internet Download Manager\IEMonitor.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Mobile Partner\Mobile Partner.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\AVG\AVG2013\avgcfgex.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Internet Explorer\IELowutil.exe

C:\Windows\System32\NOTEPAD.EXE

C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Blog This in Windows Live: {2adefb8e-b923-35e6-86e2-2b7841f5d2a2} -

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

uRun: [WinFLTray] c:\windows\system32\WinFLTray.exe

uRun: [FLBackup] c:\program files\newsoftware's\folder lock\FLComServCtrl.exe

uRun: [iDMan] c:\program files\internet download manager\IDMan.exe /onboot

uRun: [steam] "c:\program files\steam\Steam.exe" -silent

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY

uPolicies-Explorer: NoDriveAutoRun = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm

IE: Download with IDM - c:\program files\internet download manager\IEExt.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

TCP: Interfaces\{9728D89D-FD31-4F3F-B271-78461D1F9F75} : NameServer = 202.148.200.3 202.148.202.4

TCP: Interfaces\{C6B11A0E-DE22-4B4D-8795-A6555941F496} : NameServer = 202.148.202.3 202.148.200.3

TCP: Interfaces\{EE3BDC8A-C384-4362-84D3-98472BFE0151} : NameServer = 202.148.200.3 202.148.202.4

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

IFEO: garenamessenger.exe - "c:\program files\tuneup utilities 2012\TUAutoReactivator32.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\swamy\appdata\roaming\mozilla\firefox\profiles\azmgk3j2.default\

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\users\swamy\appdata\local\google\update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: c:\users\swamy\appdata\roaming\mozilla\firefox\profiles\azmgk3j2.default\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}\plugins\np-mswmp.dll

FF - plugin: c:\users\swamy\appdata\roaming\mozilla\firefox\profiles\azmgk3j2.default\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}\plugins\npConduitFirefoxPlugin.dll

FF - plugin: c:\users\swamy\appdata\roaming\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\users\swamy\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\users\swamy\appdata\roaming\mozilla\plugins\npo1d.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll

FF - ExtSQL: !HIDDEN! 2012-11-18 09:07; hotfix@mozilla.org; c:\users\swamy\appdata\roaming\mozilla\firefox\extensions\MozillaHotfix

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-7-20 60216]

R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-7-20 246072]

R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-7-1 96568]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-5 39224]

R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-7-20 208184]

R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-9-10 22328]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-7-20 171320]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 182072]

R1 WinFLAdrv;WinFLAdrv;c:\windows\system32\WinFLAdrv.sys [2012-10-30 29184]

R2 ABBYY.Licensing.PDFTransformer.Classic.3.0;ABBYY PDF Transformer 3.0 Licensing Service;c:\program files\abbyy pdf transformer 3.0\NetworkLicenseServer.exe [2010-2-1 759048]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-7-23 283136]

R2 FLService;FLService;c:\windows\system32\WinFLService.exe [2012-10-30 91336]

R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2013-7-19 104928]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-10-8 418376]

R2 NEWDRIVER;NEWDRIVER;c:\windows\system32\WinVDEdrv6.sys [2012-10-30 188176]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2012\TuneUpUtilitiesService32.exe [2012-2-6 1528640]

R2 WinVDEDrv;WinVDEDrv;c:\windows\system32\WinVDEdrv.sys [2012-10-30 228112]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2012-10-8 208896]

R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-10-8 72832]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-10-8 22856]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2012\TuneUpUtilitiesDriver32.sys [2012-2-1 10064]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-7-4 4939312]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-10-8 701512]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-10-8 102784]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-10-9 31560]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-10-9 40776]

.

=============== Created Last 30 ================

.

2013-10-09 10:45:23 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2013-10-09 10:37:19 31560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2013-10-09 10:11:51 -------- d-----w- c:\users\swamy\appdata\local\ElevatedDiagnostics

2013-10-09 09:09:35 -------- d-----w- C:\AdwCleaner

2013-10-08 08:34:04 -------- d-----w- c:\users\swamy\appdata\roaming\Malwarebytes

2013-10-08 08:33:46 -------- d-----w- c:\programdata\Malwarebytes

2013-10-08 08:33:44 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-10-08 08:33:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-10-07 07:42:26 -------- d-----w- c:\users\swamy\048298C9A4D3490B9FF9AB023A9238F3.TMP

2013-10-07 07:30:26 -------- d---a-w- c:\program files\Steam

2013-10-04 14:58:49 505104 ----a-w- c:\windows\system32\msxml.dll

2013-10-04 14:58:43 69632 ----a-w- c:\windows\system32\xmltok.dll

2013-10-04 14:58:43 36864 ----a-w- c:\windows\system32\xmlparse.dll

2013-10-04 14:58:43 35840 ----a-w- c:\windows\system32\comdlg32.oca

2013-10-04 14:58:43 28432 ----a-w- c:\windows\system32\msxmlr.dll

2013-10-04 14:58:43 26096 ----a-w- c:\windows\system32\xmlinst.exe

2013-10-04 14:58:43 24576 ----a-w- c:\windows\system32\msxml3a.dll

2013-10-04 14:58:42 89360 ----a-w- c:\windows\system32\VB5DB.DLL

2013-10-04 14:58:42 29184 ----a-w- c:\windows\system32\MSINET.oca

2013-10-04 14:54:56 696320 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll

2013-10-04 14:54:56 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll

2013-10-04 14:54:56 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe

2013-10-04 14:54:56 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll

2013-10-04 14:54:56 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll

2013-10-04 14:54:56 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll

2013-10-04 14:54:48 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll

2013-10-04 14:54:48 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll

2013-10-02 18:36:41 -------- d-----w- c:\programdata\JetFlash220

2013-10-02 17:38:15 -------- d-----w- c:\users\swamy\appdata\roaming\tmp

2013-10-02 08:40:51 -------- d-----w- C:\DriveKey

2013-10-02 08:40:36 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll

2013-10-02 08:40:35 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll

2013-10-02 08:40:35 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll

2013-10-02 08:40:34 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll

2013-10-02 08:40:33 610436 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe

2013-09-30 05:02:57 -------- d-----w- c:\windows\system32\appmgmt

2013-09-26 08:33:12 -------- d-----w- c:\program files\Video Convert Master

2013-09-10 11:46:17 -------- d-----w- c:\users\swamy\appdata\roaming\AnvsoftPdfTools

2013-09-10 11:45:53 -------- d-----w- c:\users\swamy\appdata\local\Programs

2013-09-09 20:04:48 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys

.

==================== Find3M ====================

.

2013-10-09 11:15:13 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-10-09 11:15:13 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-09-04 20:13:42 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2013-07-19 20:21:00 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys

2013-07-19 20:20:56 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2013-07-19 20:20:56 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys

2013-07-19 20:20:50 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys

.

============= FINISH: 17:06:09.45 ===============

attach.txt dds.txt

kevinf80 · October 10, 2013

Hello and

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Kevin

Luffy_zoro · October 10, 2013

Thankyou for responding

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013

Ran by Swamy (administrator) on SWAMY-PC on 10-10-2013 21:34:04

Running from C:\Users\Swamy\Downloads\Programs

Microsoft Windows 7 Ultimate (X86) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2013\avgrsx.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

(ABBYY) C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe

(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(New Softwares.net) C:\Windows\system32\WinFLService.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe

(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe

(Google) C:\Program Files\Google\Google Talk\googletalk.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe

( New Softwares.net) C:\Windows\System32\WinFLTray.exe

(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe

(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgemcx.exe

() C:\Program Files\Mobile Partner\Mobile Partner.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google) C:\Users\Swamy\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4874240 2008-03-03] (Realtek Semiconductor)

HKLM\...\Run: [bCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)

HKLM\...\Run: [googletalk] - C:\Program Files\Google\Google Talk\googletalk.exe [3739648 2007-01-02] (Google)

HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)

HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [4411440 2013-08-15] (AVG Technologies CZ, s.r.o.)

HKCU\...\Run: [WinFLTray] - C:\Windows\system32\WinFLTray.exe [321736 2012-10-30] ( New Softwares.net)

HKCU\...\Run: [FLBackup] - C:\Program Files\NewSoftware's\Folder Lock\FLComServCtrl.exe [275656 2012-10-30] (New Softwares.net)

HKCU\...\Run: [iDMan] - C:\Program Files\Internet Download Manager\IDMan.exe [3541008 2012-12-15] (Tonec Inc.)

HKCU\...\Run: [steam] - C:\Program Files\Steam\Steam.exe [1610664 2013-10-07] (Valve Corporation)

HKCU\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5706480 2013-10-03] (SUPERAntiSpyware)

HKCU\...\Policies\system: [LogonHoursAction] 2

HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKCU\...\Policies\Explorer: [NofolderOptions] 0

MountPoints2: I - I:\AutoRun.exe

MountPoints2: {24e95c4e-40f9-11e2-ac66-001cc099adbf} - J:\AutoRun.exe

MountPoints2: {9d468b85-d7c0-11e2-b31a-806e6f6e6963} - I:\AutoRun.exe

MountPoints2: {f0507c69-2963-11e2-a2b6-001e101fabdd} - I:\.\StartModem.exe

IMEO\garenamessenger.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://in.msn.com/?rd=1&ucc=IN&dcc=IN&opt=0&ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

SearchScopes: HKLM - DefaultScope value is missing.

BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)

BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO: Blog This in Windows Live - {2adefb8e-b923-35e6-86e2-2b7841f5d2a2} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKCU - No Name - {B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} - No File

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} http://u3.sandisk.com/download/apps/LPInstaller.CAB

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)

Winsock: Catalog9 000000000100 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000101 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000102 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000103 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000104 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000105 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000106 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Tcpip\..\Interfaces\{6A1BE518-C25A-465F-80B0-2A28FE2E0AD9}: [NameServer]101.223.255.141 101.223.255.142

Tcpip\..\Interfaces\{9728D89D-FD31-4F3F-B271-78461D1F9F75}: [NameServer]202.148.200.3 202.148.202.4

Tcpip\..\Interfaces\{C6B11A0E-DE22-4B4D-8795-A6555941F496}: [NameServer]202.148.202.3 202.148.200.3

Tcpip\..\Interfaces\{EE3BDC8A-C384-4362-84D3-98472BFE0151}: [NameServer]202.148.200.3 202.148.202.4

FireFox:

========

FF ProfilePath: C:\Users\Swamy\AppData\Roaming\Mozilla\Firefox\Profiles\azmgk3j2.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()

FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Swamy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Swamy\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Swamy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Swamy\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Swamy\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Extension: grooveshredder - C:\Users\Swamy\AppData\Roaming\Mozilla\Firefox\Profiles\azmgk3j2.default\Extensions\grooveshredder@code.argee.org.xpi

FF Extension: No Name - C:\Users\Swamy\AppData\Roaming\Mozilla\Firefox\Profiles\azmgk3j2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF HKLM\...\Firefox\Extensions: [hotfix@mozilla.org] - C:\Users\Swamy\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix

FF Extension: Mozilla hotfix - C:\Users\Swamy\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix

FF HKCU\...\Firefox\Extensions: [hotfix@mozilla.org] - C:\Users\Swamy\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix

FF Extension: Mozilla hotfix - C:\Users\Swamy\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix

FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Swamy\AppData\Roaming\IDM\idmmzcc5

FF Extension: IDM CC - C:\Users\Swamy\AppData\Roaming\IDM\idmmzcc5

FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Swamy\AppData\Roaming\IDM\idmmzcc5

FF Extension: IDM CC - C:\Users\Swamy\AppData\Roaming\IDM\idmmzcc5

Chrome:

=======

CHR Extension: (Google Docs) - C:\Users\Swamy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0

CHR Extension: (Google Drive) - C:\Users\Swamy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

CHR Extension: (YouTube) - C:\Users\Swamy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Adblock Plus) - C:\Users\Swamy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6_0

CHR Extension: (Google Search) - C:\Users\Swamy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (IDM Integration) - C:\Users\Swamy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.17.4_0

CHR Extension: (Gmail) - C:\Users\Swamy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

CHR HKLM\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - C:\Program Files\Internet Download Manager\IDMGCExt.crx

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119056 2013-05-24] (SUPERAntiSpyware.com)

R2 ABBYY.Licensing.PDFTransformer.Classic.3.0; C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [759048 2010-02-01] (ABBYY)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1528640 2012-02-06] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-07-20] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-09-10] (AVG Technologies CZ, s.r.o.)

R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.)

R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-09-05] (AVG Technologies CZ, s.r.o.)

R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.)

R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)

S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [31560 2013-10-09] ()

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-10-09] (Malwarebytes Corporation)

R2 NEWDRIVER; C:\Windows\system32\WinVDEdrv6.sys [188176 2012-10-30] ()

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2012-02-01] (TuneUp Software)

R1 WinFLAdrv; C:\Windows\System32\WinFLAdrv.sys [29184 2012-10-30] ()

R2 WinVDEDrv; C:\Windows\system32\WinVDEdrv.sys [228112 2012-10-30] (NewSoftwares.net, Inc.)

U2 ccEvtMgr;

U2 ccSetMgr;

S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [x]

U3 navapsvc;

U3 SAVRT;

U1 SAVRTPEL;

U3 TlntSvr;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-10 21:33 - 2013-10-10 21:33 - 00000000 ____D C:\FRST

2013-10-09 18:27 - 2013-10-10 18:27 - 00000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f97ad0d7-6d9b-405f-b6f0-3e2fbf00a26f.job

2013-10-09 18:27 - 2013-10-10 13:00 - 00000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 3b3ac4ea-3c2a-49cc-b682-2e8b08e5d94f.job

2013-10-09 18:27 - 2013-10-09 18:27 - 00001921 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

2013-10-09 18:27 - 2013-10-09 18:27 - 00000000 ____D C:\Users\Swamy\AppData\Roaming\SUPERAntiSpyware.com

2013-10-09 18:27 - 2013-10-09 18:27 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com

2013-10-09 18:27 - 2013-10-09 18:27 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2013-10-09 17:06 - 2013-10-09 17:06 - 00014921 _____ C:\Users\Swamy\Desktop\dds.txt

2013-10-09 17:06 - 2013-10-09 17:06 - 00010357 _____ C:\Users\Swamy\Desktop\attach.txt

2013-10-09 17:04 - 2013-10-09 17:05 - 00688992 ____R (Swearware) C:\Users\Swamy\Downloads\dds.scr

2013-10-09 17:02 - 2013-10-09 17:02 - 00030335 _____ C:\Users\Swamy\Desktop\CheckResults.txt

2013-10-09 16:33 - 2013-10-09 16:33 - 00001900 _____ C:\Users\Swamy\Desktop\RKreport[0]_D_10092013_163342.txt

2013-10-09 16:32 - 2013-10-09 16:32 - 00003358 _____ C:\Users\Swamy\Desktop\RKreport[0]_S_10092013_163219.txt

2013-10-09 16:27 - 2013-10-09 16:33 - 00000000 ____D C:\Users\Swamy\Desktop\RK_Quarantine

2013-10-09 16:15 - 2013-10-09 16:15 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys

2013-10-09 16:07 - 2013-10-09 16:07 - 00031560 _____ C:\Windows\system32\Drivers\mbamchameleon.sys

2013-10-09 14:39 - 2013-10-09 14:40 - 00000000 ____D C:\AdwCleaner

2013-10-09 10:23 - 2013-10-10 21:19 - 00000448 _____ C:\Windows\setupact.log

2013-10-08 15:02 - 2013-10-10 18:42 - 00000000 ____D C:\Users\Swamy\Documents\FIFA 09

2013-10-08 15:02 - 2013-10-08 15:02 - 00000552 _____ C:\Users\Swamy\Desktop\FIFA 09.lnk

2013-10-08 14:04 - 2013-10-08 14:04 - 00000000 ____D C:\Users\Swamy\AppData\Roaming\Malwarebytes

2013-10-08 14:03 - 2013-10-08 14:03 - 00001027 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-10-08 14:03 - 2013-10-08 14:03 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-10-08 14:03 - 2013-10-08 14:03 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-10-08 14:03 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-10-07 13:12 - 2013-10-07 13:12 - 00000000 ____D C:\Users\Swamy\048298C9A4D3490B9FF9AB023A9238F3.TMP

2013-10-07 13:00 - 2013-10-10 21:20 - 00000000 ____D C:\Program Files\Steam

2013-10-04 20:28 - 2013-10-04 20:28 - 00000000 ____D C:\Program Files\Ubisoft

2013-10-04 20:28 - 2003-10-27 14:06 - 00505104 _____ (Microsoft Corporation) C:\Windows\system32\msxml.dll

2013-10-04 20:28 - 2003-10-27 14:06 - 00089360 _____ (Microsoft Corporation) C:\Windows\system32\VB5DB.DLL

2013-10-04 20:28 - 2003-10-27 14:06 - 00069632 _____ C:\Windows\system32\xmltok.dll

2013-10-04 20:28 - 2003-10-27 14:06 - 00036864 _____ C:\Windows\system32\xmlparse.dll

2013-10-04 20:28 - 2003-10-27 14:06 - 00035840 _____ C:\Windows\system32\comdlg32.oca

2013-10-04 20:28 - 2003-10-27 14:06 - 00029184 _____ C:\Windows\system32\MSINET.oca

2013-10-04 20:28 - 2003-10-27 14:06 - 00028432 _____ (Microsoft Corporation) C:\Windows\system32\msxmlr.dll

2013-10-04 20:28 - 2003-10-27 14:06 - 00026096 _____ (Microsoft Corporation) C:\Windows\system32\xmlinst.exe

2013-10-04 20:28 - 2003-10-27 14:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\msxml3a.dll

2013-10-03 11:59 - 2013-10-03 11:59 - 00000721 _____ C:\Users\Swamy\Desktop\Condition Zero.lnk

2013-10-03 00:06 - 2013-10-03 00:06 - 00000000 ____D C:\Users\Swamy\Documents\My Fingerprint Data

2013-10-03 00:06 - 2013-10-03 00:06 - 00000000 ____D C:\ProgramData\JetFlash220

2013-10-02 23:08 - 2013-10-02 23:19 - 00000000 ____D C:\Users\Swamy\AppData\Roaming\tmp

2013-10-02 20:44 - 2013-10-02 20:44 - 00000000 ____D C:\Users\Swamy\Downloads\ChipGenius

2013-10-02 20:43 - 2013-10-02 20:44 - 00138431 _____ C:\Users\Swamy\Downloads\ChipGenius.rar

2013-10-02 13:23 - 2013-10-02 13:28 - 00000000 ____D C:\Users\Swamy\Documents\GTA Vice City User Files

2013-09-30 21:32 - 2013-09-30 21:33 - 00473354 _____ C:\Users\Swamy\Downloads\steam need to be online to update (fatal error) fixed 100% working - YouTube.3GP

2013-09-30 16:34 - 2013-09-30 16:34 - 00086082 _____ C:\Users\Swamy\Downloads\Steam.htm

2013-09-30 10:32 - 2013-09-30 10:32 - 00000000 ____D C:\Windows\system32\appmgmt

2013-09-26 14:03 - 2013-09-26 14:03 - 00000902 _____ C:\Users\Swamy\Desktop\Video Convert Master.lnk

2013-09-26 14:03 - 2013-09-26 14:03 - 00000000 ____D C:\Program Files\Video Convert Master

2013-09-23 01:57 - 2013-10-08 18:11 - 00000000 ____D C:\Windows\Minidump

2013-09-10 17:16 - 2013-09-10 17:16 - 00000000 ____D C:\Users\Swamy\Documents\Anvsoft

2013-09-10 17:16 - 2013-09-10 17:16 - 00000000 ____D C:\Users\Swamy\AppData\Roaming\AnvsoftPdfTools

2013-09-10 01:34 - 2013-09-10 01:34 - 00022328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys

==================== One Month Modified Files and Folders =======

2013-10-10 21:33 - 2013-10-10 21:33 - 00000000 ____D C:\FRST

2013-10-10 21:32 - 2013-01-29 21:02 - 00000000 ___HD C:\Program Files\InstallShield Installation Information

2013-10-10 21:32 - 2012-10-16 19:27 - 00000000 ____D C:\Program Files\Common Files\InstallShield

2013-10-10 21:32 - 2009-07-14 07:34 - 00000478 _____ C:\Windows\win.ini

2013-10-10 21:31 - 2013-04-29 16:10 - 00000000 ____D C:\Users\Swamy\AppData\Roaming\uTorrent

2013-10-10 21:31 - 2012-10-08 13:03 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-10-10 21:29 - 2012-12-10 16:01 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3756954993-494701191-2749408217-1000UA.job

2013-10-10 21:26 - 2013-06-09 16:09 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-10-10 21:24 - 2012-10-08 12:05 - 00000000 ____D C:\Users\Swamy\AppData\Roaming\DMCache

2013-10-10 21:24 - 2009-07-14 10:04 - 00013536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-10-10 21:24 - 2009-07-14 10:04 - 00013536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-10-10 21:23 - 2013-08-06 11:45 - 00000000 ____D C:\Users\Swamy\AppData\Roaming\IDM

2013-10-10 21:23 - 2012-10-09 00:20 - 01218821 _____ C:\Windows\WindowsUpdate.log

2013-10-10 21:20 - 2013-10-07 13:00 - 00000000 ____D C:\Program Files\Steam

2013-10-10 21:20 - 2013-06-09 16:09 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-10-10 21:19 - 2013-10-09 10:23 - 00000448 _____ C:\Windows\setupact.log

2013-10-10 21:19 - 2009-07-14 10:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-10-10 19:53 - 2012-12-22 11:13 - 00000000 ____D C:\Users\Swamy\AppData\Roaming\vlc

2013-10-10 18:42 - 2013-10-08 15:02 - 00000000 ____D C:\Users\Swamy\Documents\FIFA 09

2013-10-10 18:27 - 2013-10-09 18:27 - 00000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f97ad0d7-6d9b-405f-b6f0-3e2fbf00a26f.job

2013-10-10 17:58 - 2012-10-08 12:07 - 00000000 ____D C:\ProgramData\MFAData

2013-10-10 16:06 - 2012-10-08 12:05 - 00000000 ____D C:\Users\Swamy\Downloads\Video

2013-10-10 13:29 - 2012-12-10 16:01 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3756954993-494701191-2749408217-1000Core.job

2013-10-10 13:00 - 2013-10-09 18:27 - 00000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 3b3ac4ea-3c2a-49cc-b682-2e8b08e5d94f.job

2013-10-09 18:27 - 2013-10-09 18:27 - 00001921 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

2013-10-09 18:27 - 2013-10-09 18:27 - 00000000 ____D C:\Users\Swamy\AppData\Roaming\SUPERAntiSpyware.com

2013-10-09 18:27 - 2013-10-09 18:27 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com

2013-10-09 18:27 - 2013-10-09 18:27 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2013-10-09 17:50 - 2012-10-08 13:03 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2013-10-09 17:50 - 2012-10-08 13:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2013-10-09 17:06 - 2013-10-09 17:06 - 00014921 _____ C:\Users\Swamy\Desktop\dds.txt

2013-10-09 17:06 - 2013-10-09 17:06 - 00010357 _____ C:\Users\Swamy\Desktop\attach.txt

2013-10-09 17:05 - 2013-10-09 17:04 - 00688992 ____R (Swearware) C:\Users\Swamy\Downloads\dds.scr

2013-10-09 17:02 - 2013-10-09 17:02 - 00030335 _____ C:\Users\Swamy\Desktop\CheckResults.txt

2013-10-09 16:33 - 2013-10-09 16:33 - 00001900 _____ C:\Users\Swamy\Desktop\RKreport[0]_D_10092013_163342.txt

2013-10-09 16:33 - 2013-10-09 16:27 - 00000000 ____D C:\Users\Swamy\Desktop\RK_Quarantine

2013-10-09 16:32 - 2013-10-09 16:32 - 00003358 _____ C:\Users\Swamy\Desktop\RKreport[0]_S_10092013_163219.txt

2013-10-09 16:15 - 2013-10-09 16:15 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys

2013-10-09 16:07 - 2013-10-09 16:07 - 00031560 _____ C:\Windows\system32\Drivers\mbamchameleon.sys

2013-10-09 14:40 - 2013-10-09 14:39 - 00000000 ____D C:\AdwCleaner

2013-10-09 14:40 - 2013-06-08 16:06 - 00000000 ____D C:\Users\Swamy\AppData\Local\iexplorer

2013-10-08 18:11 - 2013-09-23 01:57 - 00000000 ____D C:\Windows\Minidump

2013-10-08 18:01 - 2012-11-03 12:16 - 00000000 ____D C:\Users\Swamy\Documents\Outlook Files

2013-10-08 15:02 - 2013-10-08 15:02 - 00000552 _____ C:\Users\Swamy\Desktop\FIFA 09.lnk

2013-10-08 15:00 - 2012-11-02 23:18 - 00000000 ____D C:\Users\Swamy\AppData\Local\CrashDumps

2013-10-08 14:04 - 2013-10-08 14:04 - 00000000 ____D C:\Users\Swamy\AppData\Roaming\Malwarebytes

2013-10-08 14:03 - 2013-10-08 14:03 - 00001027 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-10-08 14:03 - 2013-10-08 14:03 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-10-08 14:03 - 2013-10-08 14:03 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-10-07 20:18 - 2012-10-08 12:03 - 00782154 _____ C:\Windows\system32\PerfStringBackup.INI

2013-10-07 13:12 - 2013-10-07 13:12 - 00000000 ____D C:\Users\Swamy\048298C9A4D3490B9FF9AB023A9238F3.TMP

2013-10-07 13:12 - 2012-10-08 11:57 - 00000000 ____D C:\Users\Swamy

2013-10-07 12:55 - 2009-07-14 07:33 - 42467328 _____ C:\Windows\system32\config\SOFTWARE_tureg_old

2013-10-07 12:55 - 2009-07-14 07:33 - 18612224 _____ C:\Windows\system32\config\SYSTEM_tureg_old

2013-10-07 12:55 - 2009-07-14 07:33 - 00262144 _____ C:\Windows\system32\config\SECURITY_tureg_old

2013-10-07 12:55 - 2009-07-14 07:33 - 00262144 _____ C:\Windows\system32\config\DEFAULT_tureg_old

2013-10-07 12:53 - 2009-07-14 07:33 - 00262144 _____ C:\Windows\system32\config\SAM_tureg_old

2013-10-04 20:28 - 2013-10-04 20:28 - 00000000 ____D C:\Program Files\Ubisoft

2013-10-03 11:59 - 2013-10-03 11:59 - 00000721 _____ C:\Users\Swamy\Desktop\Condition Zero.lnk

2013-10-03 00:06 - 2013-10-03 00:06 - 00000000 ____D C:\Users\Swamy\Documents\My Fingerprint Data

2013-10-03 00:06 - 2013-10-03 00:06 - 00000000 ____D C:\ProgramData\JetFlash220

2013-10-03 00:05 - 2012-10-08 12:05 - 00000000 ____D C:\Users\Swamy\Downloads\Compressed

2013-10-02 23:19 - 2013-10-02 23:08 - 00000000 ____D C:\Users\Swamy\AppData\Roaming\tmp

2013-10-02 20:44 - 2013-10-02 20:44 - 00000000 ____D C:\Users\Swamy\Downloads\ChipGenius

2013-10-02 20:44 - 2013-10-02 20:43 - 00138431 _____ C:\Users\Swamy\Downloads\ChipGenius.rar

2013-10-02 13:28 - 2013-10-02 13:23 - 00000000 ____D C:\Users\Swamy\Documents\GTA Vice City User Files

2013-10-02 13:23 - 2012-10-08 13:05 - 00000000 ____D C:\Users\Swamy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

2013-10-02 13:16 - 2012-10-08 12:47 - 00000000 ____D C:\Users\Swamy\AppData\Roaming\GameRanger

2013-10-01 21:03 - 2013-06-22 11:49 - 00001258 __RSH C:\Users\Swamy\ntuser.pol

2013-10-01 14:02 - 2012-11-18 09:07 - 00000000 ____D C:\Users\Swamy\AppData\Roaming\MCommon

2013-09-30 21:33 - 2013-09-30 21:32 - 00473354 _____ C:\Users\Swamy\Downloads\steam need to be online to update (fatal error) fixed 100% working - YouTube.3GP

2013-09-30 16:34 - 2013-09-30 16:34 - 00086082 _____ C:\Users\Swamy\Downloads\Steam.htm

2013-09-30 16:29 - 2009-07-14 10:23 - 00032554 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-09-30 10:32 - 2013-09-30 10:32 - 00000000 ____D C:\Windows\system32\appmgmt

2013-09-28 14:33 - 2012-11-18 13:45 - 00000000 ____D C:\results

2013-09-26 14:03 - 2013-09-26 14:03 - 00000902 _____ C:\Users\Swamy\Desktop\Video Convert Master.lnk

2013-09-26 14:03 - 2013-09-26 14:03 - 00000000 ____D C:\Program Files\Video Convert Master

2013-09-24 19:57 - 2013-06-08 14:14 - 00000000 ____D C:\Program Files\Common Files\Steam

2013-09-13 17:54 - 2013-04-06 23:51 - 00000895 _____ C:\Users\Public\Desktop\AVG 2013.lnk

2013-09-10 17:16 - 2013-09-10 17:16 - 00000000 ____D C:\Users\Swamy\Documents\Anvsoft

2013-09-10 17:16 - 2013-09-10 17:16 - 00000000 ____D C:\Users\Swamy\AppData\Roaming\AnvsoftPdfTools

2013-09-10 01:34 - 2013-09-10 01:34 - 00022328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys

Files to move or delete:

====================

C:\ProgramData\win_mpwd_sys.dat

Some content of TEMP:

====================

C:\Users\Swamy\AppData\Local\Temp\drm_dyndata_7370012.dll

C:\Users\Swamy\AppData\Local\Temp\ntdll_dump.dll

C:\Users\Swamy\AppData\Local\Temp\Quarantine.exe

C:\Users\Swamy\AppData\Local\Temp\Uninstal.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-10-01 19:17

==================== End Of Log ============================

Addition.txt

kevinf80 · October 10, 2013

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST/FRST64 and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Next,

Remove and reinstall Malwarebytes, lets seeif it will run ok...

Download and save mbam-clean.exe and save to your desktop from the following:

http://www.malwarebytes.org/mbam-clean.exe

Now do the following:

Click on Start and select Control Panel
Open Uninstall a Program
Uninstall Malwarebytes' Anti-Malware
Restart your computer, very important to do that!!
Run mbam-clean.exe
It will ask to restart your computer, please allow it to do so, very important!!

Next, D/L and install Malwarebytes again and update as follows :-

Please download Malwarebytes Anti-Malware and save it to your desktop.
Alernative D/L mirror
Alternative D/L mirror

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Kevin..

fixlist.txt

Luffy_zoro · October 11, 2013

hello,I fixed it through frst and even got the fixlog.txt which i have pasted below.. But after i uninstalled and reinstalled malwarebytes and performed the quick scan my system froze & restarted again....I am sure i followed each step correctly.....So wat to do now?

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-10-2013

Ran by Swamy at 2013-10-11 13:01:25 Run:1

Running from C:\Users\Swamy\Downloads\Programs

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

Start

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

C:\ProgramData\win_mpwd_sys.dat

C:\Users\Swamy\AppData\Local\Temp\drm_dyndata_7370012.dll

C:\Users\Swamy\AppData\Local\Temp\ntdll_dump.dll

C:\Users\Swamy\AppData\Local\Temp\Quarantine.exe

C:\Users\Swamy\AppData\Local\Temp\Uninstal.exe

End

*****************

HKLM\SOFTWARE\Policies\Google => Key deleted successfully.

HKCU\SOFTWARE\Policies\Google => Key deleted successfully.

C:\ProgramData\win_mpwd_sys.dat => Moved successfully.

C:\Users\Swamy\AppData\Local\Temp\drm_dyndata_7370012.dll => Moved successfully.

C:\Users\Swamy\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.

C:\Users\Swamy\AppData\Local\Temp\Quarantine.exe => Moved successfully.

"C:\Users\Swamy\AppData\Local\Temp\Uninstal.exe" => File/Directory not found.

==== End of Fixlog ====

kevinf80 · October 11, 2013

Please download RogueKiller from here:

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe <- 32 bit version

http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe <- 64 bit version

Make sure to get the correct version for your system.
Quit all running programs
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
Wait until Prescan has finished...
The following EULA will appear, please select accept
Ensure MBR scan, Check faked and AntiRootkit are checked
Select Scan
When the scan completes select Report, copy and paste that to your reply.
The log should be found in RKreport[?].txt on your Desktop
Exit/Close RogueKiller

Luffy_zoro · October 11, 2013

RogueKiller V8.7.2 [Oct 3 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 32 bits version

Started in : Normal mode

User : Swamy [Admin rights]

Mode : Scan -- Date : 10/11/2013 14:39:43

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 12 ¤¤¤

[DNS][PUM] HKLM\[...]\CCSet\[...]\{6A1BE518-C25A-465F-80B0-2A28FE2E0AD9} : NameServer (101.223.255.141 101.223.255.142) -> FOUND

[DNS][PUM] HKLM\[...]\CCSet\[...]\{9728D89D-FD31-4F3F-B271-78461D1F9F75} : NameServer (202.148.200.3 202.148.202.4) -> FOUND

[DNS][PUM] HKLM\[...]\CCSet\[...]\{C6B11A0E-DE22-4B4D-8795-A6555941F496} : NameServer (202.148.202.3 202.148.200.3) -> FOUND

[DNS][PUM] HKLM\[...]\CCSet\[...]\{EE3BDC8A-C384-4362-84D3-98472BFE0151} : NameServer (202.148.200.3 202.148.202.4) -> FOUND

[DNS][PUM] HKLM\[...]\CS001\[...]\{6A1BE518-C25A-465F-80B0-2A28FE2E0AD9} : NameServer (101.223.255.141 101.223.255.142) -> FOUND

[DNS][PUM] HKLM\[...]\CS001\[...]\{9728D89D-FD31-4F3F-B271-78461D1F9F75} : NameServer (202.148.200.3 202.148.202.4) -> FOUND

[DNS][PUM] HKLM\[...]\CS001\[...]\{C6B11A0E-DE22-4B4D-8795-A6555941F496} : NameServer (202.148.202.3 202.148.200.3) -> FOUND

[DNS][PUM] HKLM\[...]\CS001\[...]\{EE3BDC8A-C384-4362-84D3-98472BFE0151} : NameServer (202.148.200.3 202.148.202.4) -> FOUND

[DNS][PUM] HKLM\[...]\CS002\[...]\{6A1BE518-C25A-465F-80B0-2A28FE2E0AD9} : NameServer (101.223.255.141 101.223.255.142) -> FOUND

[DNS][PUM] HKLM\[...]\CS002\[...]\{9728D89D-FD31-4F3F-B271-78461D1F9F75} : NameServer (202.148.200.3 202.148.202.4) -> FOUND

[DNS][PUM] HKLM\[...]\CS002\[...]\{C6B11A0E-DE22-4B4D-8795-A6555941F496} : NameServer (202.148.202.3 202.148.200.3) -> FOUND

[DNS][PUM] HKLM\[...]\CS002\[...]\{EE3BDC8A-C384-4362-84D3-98472BFE0151} : NameServer (202.148.200.3 202.148.202.4) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - ST3500320AS ATA Device +++++

--- User ---

[MBR] 4763a6c2035437412ac380c955842f87

[bSP] ed1e277b9b02c4cc89587c2acead57ef : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 49999 Mo

1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 102398310 | Size: 426930 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[0]_S_10112013_143943.txt >>

kevinf80 · October 11, 2013

1.Download Malwarebytes Anti-Rootkit from this link:

http://www.malwarebytes.org/products/mbar/

2. Unzip the File to a convenient location. (Recommend the Desktop)

3. Open the folder where the contents were unzipped to run mbar.exe

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

6. The following image opens, select Next.

7. The following image opens, select Update

8. When the update completes select Next.

9. In the following window ensure "Targets" are ticked. Then select "Scan"

10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.

11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.

12. If no threats were found you will see the following image, Select Exit:

13. Verify that your system is now running normally, making sure that the following items are functional:

Internet access
Windows Update
Windows Firewall

14. If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder.

15. Select "Y" from your Keyboard, tap Enter.

16. The fix will be applied, select any key to Exit.

17. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

System - log

Mbar - log Date and time of scan will also be shown

Thanks,

Kevin...

Luffy_zoro · October 11, 2013

Hello again, i scanned thru mbar but same thing happened system froze and restarted again. No other application shows this problem only steam and malwarebytes(while scanning).. One more thing when the system restarts "automaticaly" it says searching for boot agent & later it says no boot agent...

But after i restart manually the system restarts as usual..

Ther was no mbar log due to incomplete scan i think....But i used fixdamage a log was generated which i pasted below.

System-log

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1007

OS version: 6.1.7600 Windows 7 x86

Account is Administrative

Internet Explorer version: 8.0.7600.16385

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED

CPU speed: 2.388000 GHz

Memory total: 2136551424, free: 560496640

Downloaded database version: v2013.10.11.03

Downloaded database version: v2013.10.08.02

=======================================

Initializing...

------------ Kernel report ------------

10/11/2013 15:18:59

------------ Loaded modules -----------

\SystemRoot\system32\ntkrnlpa.exe

\SystemRoot\system32\halmacpi.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\BOOTVID.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\DRIVERS\ACPI.sys

\SystemRoot\system32\DRIVERS\WMILIB.SYS

\SystemRoot\system32\DRIVERS\msisadrv.sys

\SystemRoot\system32\DRIVERS\pci.sys

\SystemRoot\system32\DRIVERS\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\system32\DRIVERS\intelide.sys

\SystemRoot\system32\DRIVERS\PCIIDEX.SYS

\SystemRoot\system32\DRIVERS\pciide.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\atapi.sys

\SystemRoot\system32\DRIVERS\ataport.SYS

\SystemRoot\system32\DRIVERS\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\DRIVERS\vmstorfl.sys

\SystemRoot\system32\DRIVERS\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\avgrkx86.sys

\SystemRoot\system32\DRIVERS\avglogx.sys

\SystemRoot\system32\DRIVERS\avgmfx86.sys

\SystemRoot\system32\DRIVERS\avgidshx.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\WinFLAdrv.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\avgtdix.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\serial.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\system32\drivers\csc.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\avgldx86.sys

\SystemRoot\system32\DRIVERS\avgidsshimx.sys

\SystemRoot\system32\DRIVERS\avgidsdriverx.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\igdkmd32.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\e1e6032.sys

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\1394ohci.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\serenum.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\rdpbus.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\ew_jubusenum.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\RTKVHDA.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\ewusbmdm.sys

\SystemRoot\system32\drivers\modem.sys

\SystemRoot\system32\DRIVERS\ewusbnet.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_dumpata.sys

\SystemRoot\System32\Drivers\dump_atapi.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\luafv.sys

\??\C:\Windows\system32\drivers\mbam.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\DRIVERS\idmwfp.sys

\SystemRoot\system32\DRIVERS\cdfs.sys

\??\C:\Windows\system32\WinVDEdrv6.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\??\C:\Windows\system32\WinVDEdrv.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\??\C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\SystemRoot\system32\DRIVERS\asyncmac.sys

\??\C:\Users\Swamy\Downloads\Compressed\RealTemp_370\WinRing0.sys

\??\C:\Windows\system32\TrueSight.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xffffffff864feac8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000097\

Lower Device Object: 0xffffffff86501a90

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff85eedac8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-5\

Lower Device Object: 0xffffffff85d9f030

Lower Device Driver Name: \Driver\atapi\

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff85eedac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff85eed750, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xffffffff85eedac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff85d694d8, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xffffffff85d9f030, DeviceName: \Device\Ide\IdeDeviceP3T0L0-5\, DriverName: \Driver\atapi\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 815198A1

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 102398247

Partition file system is NTFS

Partition is bootable

Partition 1 type is Extended with LBA (0xf)

Partition is NOT ACTIVE.

Partition starts at LBA: 102398310 Numsec = 874353690

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...

Done!

Physical Sector Size: 0

Drive: 1, DevicePointer: 0xffffffff864feac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff864ba020, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xffffffff864feac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff86501a90, DeviceName: \Device\00000097\, DriverName: \Driver\USBSTOR\

------------ End ----------

Read File: File "c:\programdata\avg2013\chjw\2441ae7441add6b.dat:f07a581a-479a-492d-b92b-fb1b635fa416" is sparse (flags = 32768)

Read File: File "c:\programdata\avg2013\chjw\26c26826c267119.dat:ee584650-20a6-4636-818d-b66b6bc3ab61" is sparse (flags = 32768)

Infected: C:\ProgramData\InstallMate\{E6EB9417-4897-4BB8-A953-00B53D08B6E1}\Custom.dll --> [Trojan.MSIL.Injector]

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1007

OS version: 6.1.7600 Windows 7 x86

Account is Administrative

Internet Explorer version: 8.0.7600.16385

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED

CPU speed: 2.388000 GHz

Memory total: 2136551424, free: 864133120

Could not load protection driver

=======================================

Initializing...

------------ Kernel report ------------

10/11/2013 15:32:58

------------ Loaded modules -----------

\SystemRoot\system32\ntkrnlpa.exe

\SystemRoot\system32\halmacpi.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\BOOTVID.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\DRIVERS\ACPI.sys

\SystemRoot\system32\DRIVERS\WMILIB.SYS

\SystemRoot\system32\DRIVERS\msisadrv.sys

\SystemRoot\system32\DRIVERS\pci.sys

\SystemRoot\system32\DRIVERS\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\system32\DRIVERS\intelide.sys

\SystemRoot\system32\DRIVERS\PCIIDEX.SYS

\SystemRoot\system32\DRIVERS\pciide.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\atapi.sys

\SystemRoot\system32\DRIVERS\ataport.SYS

\SystemRoot\system32\DRIVERS\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\DRIVERS\vmstorfl.sys

\SystemRoot\system32\DRIVERS\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\avgrkx86.sys

\SystemRoot\system32\DRIVERS\avglogx.sys

\SystemRoot\system32\DRIVERS\avgmfx86.sys

\SystemRoot\system32\DRIVERS\avgidshx.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\WinFLAdrv.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\avgtdix.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\serial.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\system32\drivers\csc.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\avgldx86.sys

\SystemRoot\system32\DRIVERS\avgidsshimx.sys

\SystemRoot\system32\DRIVERS\avgidsdriverx.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\igdkmd32.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\e1e6032.sys

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\1394ohci.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\serenum.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\rdpbus.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\ew_jubusenum.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\RTKVHDA.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\ewusbmdm.sys

\SystemRoot\system32\drivers\modem.sys

\SystemRoot\system32\DRIVERS\ewusbnet.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_dumpata.sys

\SystemRoot\System32\Drivers\dump_atapi.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\luafv.sys

\??\C:\Windows\system32\drivers\mbam.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\cdfs.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\DRIVERS\idmwfp.sys

\??\C:\Windows\system32\WinVDEdrv6.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\??\C:\Windows\system32\WinVDEdrv.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\??\C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\SystemRoot\system32\DRIVERS\asyncmac.sys

\??\C:\Users\Swamy\Downloads\Compressed\RealTemp_370\WinRing0.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xffffffff86b8b030

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000099\

Lower Device Object: 0xffffffff866a7cb8

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff85eed1b8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-5\

Lower Device Object: 0xffffffff85da1030

Lower Device Driver Name: \Driver\atapi\

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff85eed1b8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff85eeecd0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xffffffff85eed1b8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff85db0918, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xffffffff85da1030, DeviceName: \Device\Ide\IdeDeviceP3T0L0-5\, DriverName: \Driver\atapi\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 815198A1

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 102398247

Partition file system is NTFS

Partition is bootable

Partition 1 type is Extended with LBA (0xf)

Partition is NOT ACTIVE.

Partition starts at LBA: 102398310 Numsec = 874353690

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...

Done!

Physical Sector Size: 0

Drive: 1, DevicePointer: 0xffffffff86b8b030, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff86b9a1b0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xffffffff86b8b030, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff866a7cb8, DeviceName: \Device\00000099\, DriverName: \Driver\USBSTOR\

------------ End ----------

Read File: File "c:\programdata\avg2013\chjw\2441ae7441add6b.dat:f07a581a-479a-492d-b92b-fb1b635fa416" is sparse (flags = 32768)

Read File: File "c:\programdata\avg2013\chjw\26c26826c267119.dat:ee584650-20a6-4636-818d-b66b6bc3ab61" is sparse (flags = 32768)

Infected: C:\ProgramData\InstallMate\{E6EB9417-4897-4BB8-A953-00B53D08B6E1}\Custom.dll --> [Trojan.MSIL.Injector]

kevinf80 · October 11, 2013

OK, RogueKiller did flag a possible MBR infection, did expect better result from MBAR...

Continue:

download the latest version of TDSSKiller from here:

http://support.kaspersky.com/downloads/utils/tdsskiller.exe and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Put a checkmark beside loaded modules.
A reboot will be needed to apply the changes. Do it.
TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
Then click on Change parameters in TDSSKiller.
Check all boxes then click OK.
Click the Start Scan button.
The scan will be quick.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Luffy_zoro · October 11, 2013

i Could'n copy paste.. it said too long

And there was no cure option for all the threats identified..

TDSSKiller.2.8.16.0_11.10.2013_17.56.49_log.txt

kevinf80 · October 11, 2013

MBR checks back ok, unsigned drivers are not always malicious, have checked MD5 and appear to be ok.... Continue please>>

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Ensure that Combofix is saved directly to the Desktop <--- Very important
Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
Close any open browsers and any other programs you might have running
Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

*EXTRA NOTES*

    If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin

Luffy_zoro · October 11, 2013

ComboFix 13-10-09.01 - Swamy 11-Oct-13 21:29:09.1.4 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.857 [GMT 5.5:30]

Running from: C:\Users\Swamy\Desktop\ComboFix.exe

AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Users\Swamy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{09993482-642C-4C99-8BC9-69F2A72036FE}.xps

C:\Users\Swamy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{251BF7DA-C6D1-40C2-9C08-1101F4AF6DEB}.xps

C:\Users\Swamy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{576369F7-9A0C-49CD-AE58-02A618B19748}.xps

C:\Users\Swamy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{790CE498-0989-4D4E-BADD-82EC7FEB254C}.xps

C:\Users\Swamy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{93F8D45B-1DC4-49EC-9089-1A4E77532A2B}.xps

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NEWDRIVER

-------\Service_NEWDRIVER

((((((((((((((((((((((((( Files Created from 2013-09-11 to 2013-10-11 )))))))))))))))))))))))))))))))

2013-10-11 09:48:59 . 2013-10-11 10:04:07 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-10-11 09:46:11 . 2013-10-11 09:46:11 75992 ----a-w- C:\Windows\system32\drivers\mbamchameleon.sys

2013-10-11 07:41:58 . 2013-10-11 11:59:43 40776 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys

2013-10-11 07:41:58 . 2013-10-11 07:41:58 -------- d-----w- C:\Users\Swamy\AppData\Roaming\Malwarebytes

2013-10-11 07:41:47 . 2013-10-11 07:41:47 -------- d-----w- C:\ProgramData\Malwarebytes

2013-10-11 07:41:46 . 2013-10-11 07:41:48 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware

2013-10-11 07:41:46 . 2013-04-04 09:20:32 22856 ----a-w- C:\Windows\system32\drivers\mbam.sys

2013-10-10 16:03:52 . 2013-10-10 16:03:52 -------- d-----w- C:\FRST

2013-10-09 12:57:31 . 2013-10-09 12:57:31 -------- d-----w- C:\Users\Swamy\AppData\Roaming\SUPERAntiSpyware.com

2013-10-09 10:11:51 . 2013-10-09 10:11:51 -------- d-----w- C:\Users\Swamy\AppData\Local\ElevatedDiagnostics

2013-10-09 09:09:35 . 2013-10-09 09:10:58 -------- d-----w- C:\AdwCleaner

2013-10-04 14:58:49 . 2003-10-27 08:36:00 505104 ----a-w- C:\Windows\system32\msxml.dll

2013-10-04 14:58:43 . 2003-10-27 08:36:02 69632 ----a-w- C:\Windows\system32\xmltok.dll

2013-10-04 14:58:43 . 2003-10-27 08:36:02 36864 ----a-w- C:\Windows\system32\xmlparse.dll

2013-10-04 14:58:43 . 2003-10-27 08:36:02 28432 ----a-w- C:\Windows\system32\msxmlr.dll

2013-10-04 14:58:43 . 2003-10-27 08:36:02 26096 ----a-w- C:\Windows\system32\xmlinst.exe

2013-10-04 14:58:43 . 2003-10-27 08:36:00 35840 ----a-w- C:\Windows\system32\comdlg32.oca

2013-10-04 14:58:43 . 2003-10-27 08:36:00 24576 ----a-w- C:\Windows\system32\msxml3a.dll

2013-10-04 14:58:42 . 2013-10-04 14:58:42 -------- d-----w- C:\Program Files\Ubisoft

2013-10-04 14:58:42 . 2003-10-27 08:36:02 89360 ----a-w- C:\Windows\system32\VB5DB.DLL

2013-10-04 14:58:42 . 2003-10-27 08:36:00 29184 ----a-w- C:\Windows\system32\MSINET.oca

2013-10-04 14:54:56 . 2003-02-27 10:42:48 696320 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll

2013-10-04 14:54:56 . 2002-12-05 08:40:32 155648 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll

2013-10-04 14:54:56 . 2002-12-02 09:52:44 5632 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe

2013-10-04 14:54:56 . 2002-12-02 08:03:04 57344 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll

2013-10-04 14:54:56 . 2002-12-02 08:03:04 32768 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\Objectps.dll

2013-10-04 14:54:56 . 2002-12-02 08:03:04 237568 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll

2013-10-04 14:54:48 . 2013-10-04 14:54:48 282756 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll

2013-10-04 14:54:48 . 2013-10-04 14:54:48 163972 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll

2013-10-02 18:36:41 . 2013-10-02 18:36:41 -------- d-----w- C:\ProgramData\JetFlash220

2013-10-02 17:38:15 . 2013-10-02 17:49:24 -------- d-----w- C:\Users\Swamy\AppData\Roaming\tmp

2013-09-26 08:33:12 . 2013-09-26 08:33:53 -------- d-----w- C:\Program Files\Video Convert Master

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-10-10 17:02:39 . 2012-10-08 07:33:02 71048 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl

2013-10-10 17:02:39 . 2012-10-08 07:33:02 692616 ----a-w- C:\Windows\system32\FlashPlayerApp.exe

2013-09-09 20:04:48 . 2013-09-09 20:04:48 22328 ----a-w- C:\Windows\system32\drivers\avgidsshimx.sys

2013-09-04 20:13:42 . 2013-09-04 20:13:42 39224 ----a-w- C:\Windows\system32\drivers\avgrkx86.sys

2013-07-19 20:21:00 . 2013-07-19 20:21:00 246072 ----a-w- C:\Windows\system32\drivers\avglogx.sys

2013-07-19 20:20:56 . 2013-07-19 20:20:56 60216 ----a-w- C:\Windows\system32\drivers\avgidshx.sys

2013-07-19 20:20:56 . 2013-07-19 20:20:56 208184 ----a-w- C:\Windows\system32\drivers\avgidsdriverx.sys

2013-07-19 20:20:50 . 2013-07-19 20:20:50 171320 ----a-w- C:\Windows\system32\drivers\avgldx86.sys

2012-10-29 12:26:42 . 2012-10-29 12:26:38 261600 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2012-11-15 23:07:46 21904 ----a-w- C:\Program Files\Internet Download Manager\IDMShellExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WinFLTray"="C:\Windows\system32\WinFLTray.exe" [2012-10-30 11:59:54 321736]

"FLBackup"="C:\Program Files\NewSoftware's\Folder Lock\FLComServCtrl.exe" [2012-10-30 12:00:06 275656]

"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2012-12-15 06:18:44 3541008]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2009-07-14 01:14:38 1173504]

"googletalk"="C:\Users\Swamy\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 21:22:02 3739648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2008-03-03 03:40:08 4874240]

"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 11:52:24 91520]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 14:39:05 41208]

"AVG_UI"="C:\Program Files\AVG\AVG2013\avgui.exe" [2013-08-15 06:23:50 4411440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinFLAdrv.sys]

@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Google Update"="C:\Users\Swamy\AppData\Local\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 04:22:02 102784]

R3 GGSAFERDriver;GGSAFER Driver;C:\Program Files\Garena Plus\Room\safedrv.sys [x]

R3 mbamchameleon;mbamchameleon;C:\Windows\system32\drivers\mbamchameleon.sys [2013-10-11 09:46:11 75992]

R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\system32\drivers\mbamswissarmy.sys [2013-10-11 11:59:43 40776]

R3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Users\Swamy\Downloads\Compressed\RealTemp_370\WinRing0.sys [2008-07-26 17:00:30 14416]

S0 AVGIDSHX;AVGIDSHX;C:\Windows\system32\DRIVERS\avgidshx.sys [2013-07-19 20:20:56 60216]

S0 Avglogx;AVG Logging Driver;C:\Windows\system32\DRIVERS\avglogx.sys [2013-07-19 20:21:00 246072]

S0 Avgrkx86;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx86.sys [2013-09-04 20:13:42 39224]

S1 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdriverx.sys [2013-07-19 20:20:56 208184]

S1 AVGIDSShim;AVGIDSShim;C:\Windows\system32\DRIVERS\avgidsshimx.sys [2013-09-09 20:04:48 22328]

S1 Avgldx86;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx86.sys [2013-07-19 20:20:50 171320]

S1 Avgtdix;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdix.sys [2013-03-20 21:38:24 182072]

S1 WinFLAdrv;WinFLAdrv;C:\Windows\system32\WinFLAdrv.sys [2012-10-30 12:00:15 29184]

S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files\AVG\AVG2013\avgidsagent.exe [2013-07-04 10:23:10 4939312]

S2 avgwd;AVG WatchDog;C:\Program Files\AVG\AVG2013\avgwdsvc.exe [2013-07-23 13:39:28 283136]

S2 FLService;FLService;C:\Windows\system32\WinFLService.exe [2012-10-30 11:59:57 91336]

S2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys [2013-06-27 09:57:42 104928]

S2 MBAMScheduler;MBAMScheduler;C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 09:20:32 418376]

S2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 09:20:32 701512]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [2012-02-06 08:55:18 1528640]

S2 WinVDEDrv;WinVDEDrv;C:\Windows\system32\WinVDEdrv.sys [2012-10-30 12:00:12 228112]

S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys [2010-08-31 12:39:00 208896]

S3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2010-07-27 09:55:48 72832]

S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [2013-04-04 09:20:32 22856]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [2012-02-01 07:54:02 10064]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - WS2IFSL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-10-11 07:57:15 1185744 ----a-w- C:\Program Files\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe

Contents of the 'Scheduled Tasks' folder

2013-10-11 C:\Windows\Tasks\Adobe Flash Player Updater.job

- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 07:33:02 . 2013-10-10 17:02:40]

2013-10-11 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

- C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-09 10:39:34 . 2013-06-09 10:39:23]

2013-10-11 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

- C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-09 10:39:34 . 2013-06-09 10:39:23]

2013-10-11 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3756954993-494701191-2749408217-1000Core.job

- C:\Users\Swamy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-10 10:31:44 . 2012-12-10 10:31:42]

2013-10-11 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3756954993-494701191-2749408217-1000UA.job

- C:\Users\Swamy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-10 10:31:44 . 2012-12-10 10:31:42]

kevinf80 · October 11, 2013

Combofix log is not complete..

Luffy_zoro · October 11, 2013

in C drive there was a folder combofix in that combofix.txt wat ever is ther i have pasted ... do u want me to redo...

kevinf80 · October 11, 2013

Combofix is listed here C:\Combofix.txt. The log you post is definitely not complete.....

Luffy_zoro · October 11, 2013

ComboFix 13-10-09.01 - Swamy 11-Oct-13 22:18:33.2.4 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.1163 [GMT 5.5:30]

Running from: c:\users\Swamy\Desktop\ComboFix.exe

AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Previous Run -------

.

c:\users\Swamy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{09993482-642C-4C99-8BC9-69F2A72036FE}.xps

c:\users\Swamy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{251BF7DA-C6D1-40C2-9C08-1101F4AF6DEB}.xps

c:\users\Swamy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{576369F7-9A0C-49CD-AE58-02A618B19748}.xps

c:\users\Swamy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{790CE498-0989-4D4E-BADD-82EC7FEB254C}.xps

c:\users\Swamy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{93F8D45B-1DC4-49EC-9089-1A4E77532A2B}.xps

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NEWDRIVER

-------\Service_NEWDRIVER

.

((((((((((((((((((((((((( Files Created from 2013-09-11 to 2013-10-11 )))))))))))))))))))))))))))))))

.

2013-10-11 16:53 . 2013-10-11 16:53 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-10-11 09:48 . 2013-10-11 10:04 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-10-11 09:46 . 2013-10-11 09:46 75992 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2013-10-11 07:41 . 2013-10-11 11:59 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2013-10-11 07:41 . 2013-10-11 07:41 -------- d-----w- c:\users\Swamy\AppData\Roaming\Malwarebytes

2013-10-11 07:41 . 2013-10-11 07:41 -------- d-----w- c:\programdata\Malwarebytes

2013-10-11 07:41 . 2013-10-11 07:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-10-11 07:41 . 2013-04-04 09:20 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-10-10 16:03 . 2013-10-10 16:03 -------- d-----w- C:\FRST

2013-10-09 12:57 . 2013-10-09 12:57 -------- d-----w- c:\users\Swamy\AppData\Roaming\SUPERAntiSpyware.com

2013-10-09 10:11 . 2013-10-09 10:11 -------- d-----w- c:\users\Swamy\AppData\Local\ElevatedDiagnostics

2013-10-09 09:09 . 2013-10-09 09:10 -------- d-----w- C:\AdwCleaner

2013-10-04 14:58 . 2003-10-27 08:36 505104 ----a-w- c:\windows\system32\msxml.dll

2013-10-04 14:58 . 2003-10-27 08:36 69632 ----a-w- c:\windows\system32\xmltok.dll

2013-10-04 14:58 . 2003-10-27 08:36 36864 ----a-w- c:\windows\system32\xmlparse.dll

2013-10-04 14:58 . 2003-10-27 08:36 28432 ----a-w- c:\windows\system32\msxmlr.dll

2013-10-04 14:58 . 2003-10-27 08:36 26096 ----a-w- c:\windows\system32\xmlinst.exe

2013-10-04 14:58 . 2003-10-27 08:36 35840 ----a-w- c:\windows\system32\comdlg32.oca

2013-10-04 14:58 . 2003-10-27 08:36 24576 ----a-w- c:\windows\system32\msxml3a.dll

2013-10-04 14:58 . 2013-10-04 14:58 -------- d-----w- c:\program files\Ubisoft

2013-10-04 14:58 . 2003-10-27 08:36 89360 ----a-w- c:\windows\system32\VB5DB.DLL

2013-10-04 14:58 . 2003-10-27 08:36 29184 ----a-w- c:\windows\system32\MSINET.oca

2013-10-04 14:54 . 2003-02-27 10:42 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll

2013-10-04 14:54 . 2002-12-05 08:40 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll

2013-10-04 14:54 . 2002-12-02 09:52 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe

2013-10-04 14:54 . 2002-12-02 08:03 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll

2013-10-04 14:54 . 2002-12-02 08:03 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll

2013-10-04 14:54 . 2002-12-02 08:03 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll

2013-10-04 14:54 . 2013-10-04 14:54 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll

2013-10-04 14:54 . 2013-10-04 14:54 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll

2013-10-02 18:36 . 2013-10-02 18:36 -------- d-----w- c:\programdata\JetFlash220

2013-10-02 17:38 . 2013-10-02 17:49 -------- d-----w- c:\users\Swamy\AppData\Roaming\tmp

2013-09-26 08:33 . 2013-09-26 08:33 -------- d-----w- c:\program files\Video Convert Master

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-10-10 17:02 . 2012-10-08 07:33 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-10-10 17:02 . 2012-10-08 07:33 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-09-09 20:04 . 2013-09-09 20:04 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys

2013-09-04 20:13 . 2013-09-04 20:13 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2013-07-19 20:21 . 2013-07-19 20:21 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys

2013-07-19 20:20 . 2013-07-19 20:20 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2013-07-19 20:20 . 2013-07-19 20:20 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys

2013-07-19 20:20 . 2013-07-19 20:20 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2012-10-29 12:26 . 2012-10-29 12:26 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2012-11-15 23:07 21904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WinFLTray"="c:\windows\system32\WinFLTray.exe" [2012-10-30 321736]

"FLBackup"="c:\program files\NewSoftware's\Folder Lock\FLComServCtrl.exe" [2012-10-30 275656]

"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-12-15 3541008]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

"googletalk"="c:\users\Swamy\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2008-03-03 4874240]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]

"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-08-15 4411440]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinFLAdrv.sys]

@="Driver"

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Google Update"="c:\users\Swamy\AppData\Local\Google\Update\GoogleUpdate.exe" /c

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

.

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [2013-07-04 4939312]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 102784]

R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Plus\Room\safedrv.sys [x]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-10-11 75992]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-10-11 40776]

R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Swamy\Downloads\Compressed\RealTemp_370\WinRing0.sys [2008-07-26 14416]

S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2013-07-19 60216]

S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2013-07-19 246072]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2013-09-04 39224]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2013-07-19 208184]

S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2013-09-09 22328]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2013-07-19 171320]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2013-03-20 182072]

S1 WinFLAdrv;WinFLAdrv;c:\windows\system32\WinFLAdrv.sys [2012-10-30 29184]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [2013-07-23 283136]

S2 FLService;FLService;c:\windows\system32\WinFLService.exe [2012-10-30 91336]

S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2013-06-27 104928]

S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [2012-02-06 1528640]

S2 WinVDEDrv;WinVDEDrv;c:\windows\system32\WinVDEdrv.sys [2012-10-30 228112]

S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-08-31 208896]

S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-07-27 72832]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [2012-02-01 10064]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-10-11 07:57 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-10-11 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 17:02]

.

2013-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-09 10:39]

.

2013-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-09 10:39]

.

2013-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3756954993-494701191-2749408217-1000Core.job

- c:\users\Swamy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-10 10:31]

.

2013-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3756954993-494701191-2749408217-1000UA.job

- c:\users\Swamy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-10 10:31]

.

------- Supplementary Scan -------

.

IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm

IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm

TCP: Interfaces\{9728D89D-FD31-4F3F-B271-78461D1F9F75}: NameServer = 202.148.200.3 202.148.202.4

TCP: Interfaces\{C6B11A0E-DE22-4B4D-8795-A6555941F496}: NameServer = 202.148.202.3 202.148.200.3

TCP: Interfaces\{EE3BDC8A-C384-4362-84D3-98472BFE0151}: NameServer = 202.148.200.3 202.148.202.4

FF - ProfilePath - c:\users\Swamy\AppData\Roaming\Mozilla\Firefox\Profiles\azmgk3j2.default\

FF - ExtSQL: !HIDDEN! 2012-11-18 09:07; hotfix@mozilla.org; c:\users\Swamy\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} - (no file)

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3756954993-494701191-2749408217-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e*n*žxC#\OpenWithList]

@Class="Shell"

"a"="vlc.exe"

"MRUList"="a"

.

[HKEY_USERS\S-1-5-21-3756954993-494701191-2749408217-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*f*l*v*èf\OpenWithList]

@Class="Shell"

"a"="vlc.exe"

"MRUList"="a"

.

[HKEY_USERS\S-1-5-21-3756954993-494701191-2749408217-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*f*l*v*qW*\OpenWithList]

@Class="Shell"

"a"="vlc.exe"

"MRUList"="a"

.

[HKEY_USERS\S-1-5-21-3756954993-494701191-2749408217-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*f*l*v*Žºˆr\OpenWithList]

@Class="Shell"

"a"="vlc.exe"

"MRUList"="a"

.

[HKEY_USERS\S-1-5-21-3756954993-494701191-2749408217-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*f*l*v*}éÉ;\OpenWithList]

@Class="Shell"

"a"="vlc.exe"

"MRUList"="a"

.

[HKEY_USERS\S-1-5-21-3756954993-494701191-2749408217-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*f*úL]

@Class="Shell"

.

[HKEY_USERS\S-1-5-21-3756954993-494701191-2749408217-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*f*úL\OpenWithList]

@Class="Shell"

"a"="vlc.exe"

"MRUList"="a"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-10-11 22:25:54

ComboFix-quarantined-files.txt 2013-10-11 16:55

.

Pre-Run: 11,987,693,568 bytes free

Post-Run: 11,934,216,192 bytes free

.

- - End Of File - - 1B534204FAA0ADDD7B95EB5AD6576D52

A36C5E4F47E84449FF07ED3517B43A31

kevinf80 · October 11, 2013

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

ClearJavaCache::Folder::c:\users\Swamy\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfixRegNull::[HKEY_USERS\S-1-5-21-3756954993-494701191-2749408217-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e*n*žxC#\OpenWithList][HKEY_USERS\S-1-5-21-3756954993-494701191-2749408217-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*f*l*v*èf\OpenWithList][HKEY_USERS\S-1-5-21-3756954993-494701191-2749408217-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*f*l*v*qW*\OpenWithList][HKEY_USERS\S-1-5-21-3756954993-494701191-2749408217-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*f*l*v*Žºˆr\OpenWithList][HKEY_USERS\S-1-5-21-3756954993-494701191-2749408217-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*f*l*v*}éÉ;\OpenWithList][HKEY_USERS\S-1-5-21-3756954993-494701191-2749408217-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*f*úL][HKEY_USERS\S-1-5-21-3756954993-494701191-2749408217-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*f*úL\OpenWithList]

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next,

We need to run an online AV scan to ensure there are no remnants of any infection left on your system, this scan can take several hours to complete, it is very thorough and well worth running, please be patient and let it complete:

Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option Remove found threats is unticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

When the scan is complete

If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

If threats were found

click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

close program

copy and paste the report here

Kevin.

Luffy_zoro · October 11, 2013

this is the report from combofix...i will Report of eset scan in a while its taking much time...

ComboFix 13-10-09.01 - Swamy 11-Oct-13 23:16:00.4.4 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.1134 [GMT 5.5:30]

Running from: c:\users\Swamy\Desktop\ComboFix.exe

AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Previous Run -------

.

c:\users\Swamy\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix\chrome.manifest

c:\users\Swamy\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix\chrome\content\addlist.js

c:\users\Swamy\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix\chrome\content\em.xul

c:\users\Swamy\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix\chrome\content\hashtable.js

c:\users\Swamy\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix\chrome\content\overlay.xul

c:\users\Swamy\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix\chrome\content\update.js

c:\users\Swamy\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix\chrome\skin\mozilla-logo.png

c:\users\Swamy\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix\install.rdf

c:\users\Swamy\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix\tcookies.dat

.

-- Previous Run --

.

Infected copy of c:\windows\system32\userinit.exe was found and disinfected

Restored copy from - c:\windows\erdnt\cache\userinit.exe

.

--------

.

((((((((((((((((((((((((( Files Created from 2013-09-11 to 2013-10-11 )))))))))))))))))))))))))))))))

.

2013-10-11 17:51 . 2013-10-11 17:51 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-10-11 17:28 . 2013-10-11 17:51 -------- d-----w- c:\users\Swamy\AppData\Local\temp