Inactive [A] Malicious software uninstalling my programs

Status
Not open for further replies.
C

combatshadow

Posts: 8   +0
Hi, there seems to be a malicious software on my laptop which has messed up the whole system. For the last one week, Google Chrome was acting strange as in it wasn't letting me view sites opened in other tabs and was hogging up a lot of memory. I simply ignored it, thinking it was a problem related to it being an outdated version.

Now since yesterday, I realized that almost all the programs and games have uninstalled itself, leaving most of the shortcuts broken. The application's folder have vanished and the game folders contain few MBs of data. Any application that I try to open gives me an error, saying that it doesn't exist or that I need to reinstall it. I believe some 50GB+ of data (mostly games like CoH, Steam, AoE etc.) got wiped in the process. Personal data, however hasn't been affected.

Anyway, so I then tried restoring the system to an earlier point (2 weeks) to see if that helped. Most applications (not games) were restored but still there was problem running them in most cases and the laptop felt very buggy/laggy. I then again restored to an older restore point (January) to see if it'd solve it but to no avail. I then restored it back to its original point (basically undo whatever I had done) and I am back to sqaure one.

Please suggest what could be the problem and the fix for it. Btw, I only have the default Microsoft Security Essential installed which too is effected by this bug (an error "An error has occured in the program during initilization. If this problem continues, please con...") pops ueverytime I open it.

Thanks
 
Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Btw, I thought I'd let you know. I did a virus scan using AVG before I receieved your reply in which the following Trojan Horses were detected & removed from D drive:
Trojan horse Exploit_c.VOX
Trojan horse Exploit_c.VOH
Trojan horse Exploit_c.VQC
Trojan horse Exploit_c.VOS
Trojan horse Exploit_c.VOZ
Trojan horse Exploit_c.VPK
Trojan horse Exploit_c.VQD
Trojan horse Exploit_c.VNZ
Trojan horse Exploit_c.VOR
Trojan horse Exploit_c.VPI
Trojan horse Exploit_c.VOM
Trojan horse Exploit_c.VPG
Trojan horse Exploit_c.VOL
Trojan horse Exploit_c.VPP
Trojan horse Exploit_c.VPL

Posting the logs next
 
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.03.02.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kailash Gupta :: ANKIT-DELLLAPTO [administrator]
3/2/2013 4:29:19 PM
mbam-log-2013-03-02 (16-29-19).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 293433
Time elapsed: 6 minute(s), 42 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16450
Run by Kailash Gupta at 23:59:45 on 2013-03-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3959.1391 [GMT 5.5:30]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\NetWorx\networx.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.bigseekpro.com/kastorsoft/{FADF913B-9A7A-4647-A9BE-671C91E0D56C}
uProxyOverride = local;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} -
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} -
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} -
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} -
uRun: [Google Update] "C:\Users\Kailash Gupta\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRunOnce: [Uninstall C:\Users\Kailash Gupta\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416_1] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Kailash Gupta\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416_1"
uRunOnce: [Uninstall C:\Users\Kailash Gupta\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Kailash Gupta\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525"
uRunOnce: [Uninstall C:\Users\Kailash Gupta\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Kailash Gupta\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710"
uRunOnce: [Uninstall C:\Users\Kailash Gupta\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Kailash Gupta\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727"
uRunOnce: [Uninstall C:\Users\Kailash Gupta\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Kailash Gupta\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [C:\Windows\SysWOW64\V0540Ext.ax] C:\Windows\System32\RegSvr32.exe /s C:\Windows\SysWOW64\V0540Ext.ax
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
dRun: [Reasonable NoClone] "C:\Program Files (x86)\Reasonable\Reasonable NoClone 2011 Free\NoClone.exe" null /startup
uPolicies-Explorer: NoDriveTypeAutoRun = dword:32
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} -
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: Interfaces\{404FA70E-26D1-44EE-B726-3509D3E78029} : NameServer = 8.8.8.8
TCP: Interfaces\{6D787035-4073-4330-9666-C26CAEE7E02A} : NameServer = 59.185.0.23,59.185.0.50
TCP: Interfaces\{6D787035-4073-4330-9666-C26CAEE7E02A}\149627C696E6B6 : NameServer = 59.185.0.23,59.185.0.50
TCP: Interfaces\{6D787035-4073-4330-9666-C26CAEE7E02A}\149627C696E6B6 : DHCPNameServer = 192.168.4.1
TCP: Interfaces\{6D787035-4073-4330-9666-C26CAEE7E02A}\4616D6C656 : NameServer = 59.185.0.23,59.185.0.50
TCP: Interfaces\{6D787035-4073-4330-9666-C26CAEE7E02A}\4616D6C656 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{6D787035-4073-4330-9666-C26CAEE7E02A}\76564797F65727F677E63656C6C657C61627 : NameServer = 59.185.0.23,59.185.0.50
TCP: Interfaces\{6D787035-4073-4330-9666-C26CAEE7E02A}\76564797F65727F677E63656C6C657C61627 : DHCPNameServer = 192.168.33.1
TCP: Interfaces\{6D787035-4073-4330-9666-C26CAEE7E02A}\76564797F65727F677E677966696F53656C6C6 : NameServer = 59.185.0.23,59.185.0.50
TCP: Interfaces\{6D787035-4073-4330-9666-C26CAEE7E02A}\76564797F65727F677E677966696F53656C6C6 : DHCPNameServer = 192.168.33.1
TCP: Interfaces\{6D787035-4073-4330-9666-C26CAEE7E02A}\76564797F65727F677E677966696F53656C6C6572716C6 : NameServer = 59.185.0.23,59.185.0.50
TCP: Interfaces\{6D787035-4073-4330-9666-C26CAEE7E02A}\76564797F65727F677E677966696F53656C6C6572716C6 : DHCPNameServer = 192.168.33.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} -
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [C:\Windows\System32\V0540Ext.ax] C:\Windows\System32\RegSvr32.exe /s C:\Windows\System32\V0540Ext.ax
x64-Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [NetWorx] "C:\Program Files\NetWorx\networx.exe" /auto
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-9-23 55280]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2012-9-4 50296]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2012-11-15 42248]
R1 networx;networx;C:\Windows\System32\drivers\networx.sys [2013-1-9 58360]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-9-23 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-10-13 204288]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2012-12-10 1342024]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-12-5 384888]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-9-25 189736]
R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-11-16 527728]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2012-11-15 389488]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-9-23 13336]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 128456]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-9-23 705856]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-1-6 2984832]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]
R2 UDisk Monitor;UDisk Monitor;C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe [2013-1-6 405504]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-9-23 2320920]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2010-9-24 20984]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-9-23 172704]
R3 DFX11_1;DFX Audio Enhancer 11.1;C:\Windows\System32\drivers\dfx11_1x64.sys [2012-8-29 28008]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-9-24 56344]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2012-11-15 40712]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S2 BstHdAndroidSvc;BlueStacks Android Service;"C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android --> C:\Program Files (x86)\BlueStacks\HD-Service.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-9-24 53800]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-4-14 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 hwusbdev;Huawei DataCard USB PNP Device;C:\Windows\System32\drivers\ewusbdev.sys [2010-11-16 114304]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2012-9-6 31800]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-9-24 232480]
S3 SwitchBoard;SwitchBoard;"C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" --> C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-17 59392]
S3 TurboBoost;TurboBoost;"C:\Program Files\Intel\TurboBoost\TurboBoost.exe" --> C:\Program Files\Intel\TurboBoost\TurboBoost.exe [?]
S3 V0540Dev;Creative Camera VF0540 Driver;C:\Windows\System32\drivers\V0540Vid.sys [2012-4-26 321376]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-16 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-11 389120]
S3 ztemtusbser;ZTEMT Legacy Serial Communication;C:\Windows\System32\drivers\CT_ZTEMT_U_USBSER.sys [2013-1-6 120704]
S4 wlcrasvc;Windows Live Mesh remote connections service;"C:\Program Files\Windows Live\Mesh\wlcrasvc.exe" --> C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [?]
.
=============== Created Last 30 ================
.
2013-03-02 10:56:11 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-02 10:56:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-02 02:57:23 -------- d-----w- C:\Users\Kailash Gupta\AppData\Roaming\AVG2013
2013-03-02 02:55:52 -------- d--h--w- C:\$AVG
2013-03-02 02:55:52 -------- d-----w- C:\ProgramData\AVG2013
2013-03-02 02:54:48 -------- d-----w- C:\Program Files (x86)\AVG
2013-03-02 02:34:14 -------- d-----w- C:\Users\Kailash Gupta\AppData\Local\MFAData
2013-03-02 02:34:14 -------- d-----w- C:\Users\Kailash Gupta\AppData\Local\Avg2013
2013-03-01 04:40:42 4126720 ----a-w- C:\Program Files (x86)\GUT6623.tmp
2013-03-01 03:15:47 -------- d-sh--w- C:\$RECYCLE.BIN
2013-02-25 14:00:06 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{52DF86CC-7A3A-48EA-8A01-7835DF528724}\offreg.dll
2013-02-24 04:30:38 9162192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{52DF86CC-7A3A-48EA-8A01-7835DF528724}\mpengine.dll
2013-02-03 05:43:02 -------- d-----w- C:\Users\Kailash Gupta\AppData\Local\{1EB48902-0BC3-4296-BC23-82B741B02CA6}
2013-02-01 15:49:02 -------- d-----w- C:\Users\Kailash Gupta\AppData\Local\{06A2EBB6-2863-40FF-B1B7-2488C977ECEF}
.
==================== Find3M ====================
.
2013-03-01 02:58:02 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-01 02:58:02 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 0:00:20.56 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/3/2010 9:20:21 AM
System Uptime: 3/2/2013 11:23:51 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0G62V9
Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz | CPU 1 | 1188/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 301 GiB total, 237.111 GiB free.
D: is FIXED (NTFS) - 150 GiB total, 32.209 GiB free.
F: is CDROM ()
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: BlueStacks Hypervisor
Device ID: ROOT\LEGACY_BSTHDDRV\0000
Manufacturer:
Name: BlueStacks Hypervisor
PNP Device ID: ROOT\LEGACY_BSTHDDRV\0000
Service: BstHdDrv
.
==== System Restore Points ===================
.
RP401: 1/5/2013 5:27:00 PM - Removed Facebook Video Calling 1.2.0.287
RP402: 1/5/2013 5:28:27 PM - Removed Facebook Messenger 2.1.4651.0
RP403: 1/5/2013 5:28:59 PM - Removed Notification Center
RP404: 1/5/2013 5:30:59 PM - Removed PC Remote
RP405: 1/5/2013 5:31:32 PM - Removed Oracle VM VirtualBox 4.1.18
RP407: 1/11/2013 10:18:10 AM - Revo Uninstaller Pro's restore point - 2K Sports
RP408: 1/19/2013 10:35:34 PM - Scheduled Checkpoint
RP410: 1/22/2013 5:40:07 PM - Revo Uninstaller Pro's restore point - to remove duplicates arpit's laptop (my documents)
RP411: 2/14/2013 12:24:49 PM - Scheduled Checkpoint
RP412: 3/1/2013 8:50:51 AM - Restore Operation
RP413: 3/1/2013 9:37:58 AM - Removed Steam
RP414: 3/1/2013 9:41:00 AM - Removed Halo 2 for Windows Vista
RP415: 3/1/2013 9:43:21 AM - Removed WIDCOMM Bluetooth Software
RP416: 3/1/2013 12:40:11 PM - Restore Operation
RP417: 3/1/2013 3:55:32 PM - Removed WIDCOMM Bluetooth Software
RP418: 3/2/2013 8:24:21 AM - Installed AVG 2013
RP419: 3/2/2013 8:24:59 AM - Installed AVG 2013
.
==== Installed Programs ======================
.
µTorrent
64 Bit HP CIO Components Installer
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Shockwave Player 11.6
Age of Empires Online
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Media Foundation Decoders
Apple Application Support
Apple Mobile Device Support
ATI AVIVO64 Codecs
AVG 2013
BlueStacks App Player
Bonjour
Call of Duty(R) 2
ccc-utility64
CCleaner
Company of Heroes
Compatibility Pack for the 2007 Office system
Counter-Strike
Creative Live! Cam Video IM/Video Chat (VF0540) (1.01.03.00)
D3DX10
dBpoweramp DSP Effects
dBpoweramp Music Converter
Dell Dock
DFX
Dropbox
DW WLAN Card Utility
Foxit Reader
GameXN GO
Google Earth
Google Talk Plugin
Google Update Helper
Grand Theft Auto: Episodes From Liberty City
GTA San Andreas
Hotspot Shield 2.78
HP Customer Participation Program 13.0
HP Deskjet 1050 J410 series Basic Device Software
HP Deskjet F2200 All-In-One Driver Software 13.0 Rel. 3
HP Imaging Device Functions 13.0
HP Photosmart Essential 3.5
HP Smart Web Printing 4.51
HP Solution Center 13.0
Intel(R) Turbo Boost Technology Monitor
iTunes
Java Auto Updater
Java(TM) 6 Update 18 (64-bit)
Java(TM) 6 Update 20 (64-bit)
Java(TM) 6 Update 37
Junk Mail filter update
Lyrics Plugin for Windows Media Player
Malwarebytes Anti-Malware version 1.70.0.1100
Maryfi - English
MBlaze UI
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Office Enterprise 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Train Simulator
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86_x64
MiniLyrics
MP3 Cutter 1.1.1
MSVC90_x64
MSVCRT
MSVCRT_amd64
NetWorx 5.2.7
Notification Center
Picasa 3
Portal
Quickset64
Railworks 3 Train Simulator 2012 Deluxe
Revo Uninstaller Pro 2.5.8
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Drive Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Similarity 1.7.1
Skype™ 5.10
Steam
swMSM
Synaptics Pointing Device Driver
Team Fortress 2
TuneUp 2.4.6.4
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Visual Studio 2010 x64 Redistributables
Windows 7 Manager
Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (03/24/2010 6.3.0.2501)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Windows Mobile Device Updater Component
YTD Video Downloader 3.9.6
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
.
==== Event Viewer Messages From Past Week ========
.
3/2/2013 7:56:12 AM, Error: Service Control Manager [7030] - The UDisk Monitor service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/2/2013 4:15:28 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified.
3/2/2013 4:13:28 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: StarOpen
3/2/2013 4:13:25 PM, Error: Service Control Manager [7001] - The BlueStacks Android Service service depends on the BlueStacks Hypervisor service which failed to start because of the following error: The system cannot find the file specified.
3/2/2013 4:12:44 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
3/2/2013 4:12:43 PM, Error: Service Control Manager [7000] - The BlueStacks Hypervisor service failed to start due to the following error: The system cannot find the file specified.
3/2/2013 4:12:33 PM, Error: Microsoft-Windows-IIS-APPHOSTSVC [9010] - The Application Host Helper Service encountered an error trying to access the root history directory 'C:\inetpub\history'. The directory either doesn't exist or the permissions on it don't allow the history service to access it. The config history feature is disabled for now and will be re-enabled after the issue is resolved. To resolve this issue, please ensure that the directory exists and that the Administrators group have read and write access to it. The data field contains the error number.
3/2/2013 4:12:28 PM, Error: Service Control Manager [7023] - The Microsoft Antimalware Service service terminated with the following error: %%-2147024894
3/2/2013 4:11:59 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\StarOpen.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
3/2/2013 11:05:55 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
3/1/2013 9:49:52 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
3/1/2013 9:43:53 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {00024500-0000-0000-C000-000000000046}. The error: "2" Happened while starting this command: C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE /automation -Embedding
3/1/2013 9:43:38 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {91493441-5A91-11CF-8700-00AA0060263B}. The error: "2" Happened while starting this command: C:\PROGRA~2\MIF5BA~1\Office12\POWERPNT.EXE /AUTOMATION -Embedding
3/1/2013 9:41:59 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR5.
3/1/2013 1:15:00 PM, Error: Microsoft Antimalware [2001] -
3/1/2013 1:14:51 PM, Error: Service Control Manager [7023] - The BlueStacks Android Service service terminated with the following error: An exception occurred in the service when handling the control request.
2/27/2013 7:03:58 PM, Error: Service Control Manager [7043] - The Microsoft Network Inspection service did not shut down properly after receiving a preshutdown control.
2/25/2013 6:30:17 PM, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
.
==== End Of File ===========================
 
redtarget.gif
You're running two AV programs, AVG and MSE.
You must uninstall one of them.
If AVG use AVG Remover: http://www.avg.com/us-en/utilities

redtarget.gif
Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
Alternate download: http://www.filehippo.com/download_malwarebytes_anti_malware/
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
 
RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Kailash Gupta [Admin rights]
Mode : Scan -- Date : 03/03/2013 08:20:28
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 12 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{6D787035-4073-4330-9666-C26CAEE7E02A} : NameServer (59.185.0.23,59.185.0.50) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{D521C780-A06A-40A6-890D-B7175F24FBAC} : NameServer (10.228.65.113 116.202.225.33) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{6D787035-4073-4330-9666-C26CAEE7E02A} : NameServer (59.185.0.23,59.185.0.50) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 adobeereg.com
127.0.0.1 www.adobeereg.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 125.252.224.90
127.0.0.1 125.252.224.91
[...]

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BEVT-75A0RT0 +++++
--- User ---
[MBR] 17bedba583e3b59e01d7637893efedbb
[BSP] 20d954291f46ce00319886466cb829f2 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 308238 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 662200320 | Size: 153599 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: Apple iPod USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1]_S_03032013_02d0820.txt >>
RKreport[1]_S_03032013_02d0820.txt
 
RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Kailash Gupta [Admin rights]
Mode : Remove -- Date : 03/03/2013 08:22:45
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 10 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{6D787035-4073-4330-9666-C26CAEE7E02A} : NameServer (59.185.0.23,59.185.0.50) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{D521C780-A06A-40A6-890D-B7175F24FBAC} : NameServer (10.228.65.113 116.202.225.33) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{6D787035-4073-4330-9666-C26CAEE7E02A} : NameServer (59.185.0.23,59.185.0.50) -> NOT REMOVED, USE DNSFIX
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 adobeereg.com
127.0.0.1 www.adobeereg.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 125.252.224.90
127.0.0.1 125.252.224.91
[...]

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BEVT-75A0RT0 +++++
--- User ---
[MBR] 17bedba583e3b59e01d7637893efedbb
[BSP] 20d954291f46ce00319886466cb829f2 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 308238 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 662200320 | Size: 153599 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: Apple iPod USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[2]_D_03032013_02d0822.txt >>
RKreport[1]_S_03032013_02d0820.txt ; RKreport[2]_D_03032013_02d0822.txt
 
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.03.03.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kailash Gupta :: ANKIT-DELLLAPTO [administrator]
3/3/2013 8:27:27 AM
mbam-log-2013-03-03 (08-27-27).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 297377
Time elapsed: 6 minute(s), 4 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
 
I apologize for the delay.
Email notification missed me somehow.

Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
This topic is marked as abandoned and closed due to inactivity.
This member will NOT be eligible to receive any more help in malware removal forum.
 
Status
Not open for further replies.

Similar threads

midian182
Google's AI-powered search can recommend malicious sites, including scams and malware
Replies
6
Views
143
James Ryan
J
D
Epic Games CEO blasts Google for "malicious compliance" with EU's Digital Markets Act
Replies
10
Views
250
Thanthan
Thanthan
A
New variant of "TheMoon" malware enslaves thousands of insecure Asus routers into a malicious proxy
Replies
2
Views
145
Snazz
S

Latest posts

Back