Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

nasty rootkit+virus that eludes all antimalware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

nasty rootkit+virus that eludes all antimalware

Unread postby anniyan » May 6th, 2014, 5:49 pm

I have a particularly worst case of malware-system infestation [rootkit I guess, but not sure], which causes unpredicted actions; i cannot open the downloads window [directly as well as using ctrl+j] in IE 11, despite resetting it many times through 'internet options' in the control-panel. also, the moment I connect to the internet, the malware starts exploiting the connection for continuously transferring data [I dunno what; indicated by the continuous blinking of the LEDs in my router] without rest, to some place on the internet I dunno - so much that the internet usage for every month has shot up like ridiculously crazy without a clue - that I dread so much to connect to the internet even for my important purposes. it can't be detected by the signatures of any of the antimalware software I have tried so far - bitdefender, kaspersky, emsisoft, malwarebytes, superantispyware, windows defender, herdprotect, hitmanpro, etc., [I dont use more than 1 real-time-resident-protection at the same time, as is the same for on-demand scanners]. I guess this malware's signature is not yet registered in any malware-database; so, I guessed that manual removal using the help of specialised tools is the only possibility and so I sought help at bleepingcomputer.com as you can refer at
http://www.bleepingcomputer.com/forums/ ... e-problem/
and
http://www.bleepingcomputer.com/forums/ ... f-malware/
but as you can see, I was told that I was out of choices except formatting my hard-disk clean and clean-install the OS, coz this malware-system was highly elusive and sophisticated. my concern is that I have a portable hard-disk to which I have to backup my personal files [documents, photos, movies, etc.], and if I connect it back to my laptop after clean-installing the OS, wont the malware return back? coz I can see for sure clearly that the malware infects any USB drive I connect to my laptop. I am not so much a geek, to interpret the results of tools like GMER, but I have some files under my suspicion [but not sure]:

a) inside "C:\Windows\System32"
[1]
.crusader
[PS: I have not seen a file before with the extension 'crusader' and no name.] whose content is:

<Actions><Group name=""><File path="C:\user files\U\Collection\software\internet software\CoffeeCup HTML Editor 12.6 Build 448 Portable\SKEL\0679f2b994c7952ede4c69955fd421b4169795ff.SharedTA" rootkit="yes" /></Group><Group name=""><File path="C:\user files\U\Collection\software\internet software\CoffeeCup HTML Editor 12.6 Build 448 Portable\SKEL\1b6da2a1fe16536314695069a587fb4008d12786.SharedTA" rootkit="yes" /></Group><Group name=""><File path="C:\user files\U\Collection\software\internet software\CoffeeCup HTML Editor 12.6 Build 448 Portable\SKEL\205139f4bef28987bc4374e3145d52344e53353c.Tls" rootkit="yes" /></Group><Group name=""><File path="C:\user files\U\Collection\software\internet software\CoffeeCup HTML Editor 12.6 Build 448 Portable\SKEL\41cfaca9f4d8be21d5eccacff939bb5dd64b23fc.Tls" rootkit="yes" /></Group></Actions>

[2] PerfStringBackup.INI
[3] HideMyIpSRVOff.ini
[4] NOISE.THA
[5] activity.txt
[6] AdmList.txt
[7] HP_ActiveX_Patch_NOT_DETECTED.txt
[8] gatherNetworkInfo.vbs
[9] onlinesetup.cmd
[10] winrm.cmd
[11] manage-bde.wsf
[12] "C:\Windows\System32\drivers\aq9vzx4r.sys"

b) stubborn files and folders:
[13] "<drive>:\System Volume Information"
[14] "<drive>:\System Volume Information\tracking.log"
[15] "H:\$Extend\$ObjId"

and other files which make safe-removal of USB-mass-storage-devices impossible coz of 'file under use' reason; which have 'hidden' and 'system' attributes - clearing these attributes crashes windows-explorer; where <drive> is C, D, E, (local drives) and H (portable drive).

c) [16] notepad starts up on booting to display this:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787

d) suspicious processes and process-IDs [not sure though]:

[17] 75dff2b7- 6936- 4c06- a8bb- 676a7b00b24b
[18] WLIDSVCM.exe 3040
[19] AB8902B4- 09CA- 4BB6- B78D- A8F59079A8D5
[20] rundll32.exe 995C996E- D918- 4A8C- A302- 45719A6F4EA7

d)not sure about:
[21] "C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0"
[22] "C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0"

I cannot afford to lose my huge collection of personal files. do I have a hope? can anyone help? thanks in advance :(
anniyan
Regular Member
 
Posts: 19
Joined: May 6th, 2014, 12:49 pm
Advertisement
Register to Remove

DDS logs

Unread postby anniyan » May 6th, 2014, 6:23 pm

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.51.2
Run by Naveen Admin at 3:48:44 on 2014-05-07
#Option Extended Search is enabled.
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.91.1033.18.8140.4241 [GMT 5.5:30]
.
AV: Bitdefender Antivirus *Enabled/Updated* {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
SP: Bitdefender Antispyware *Enabled/Updated* {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall *Enabled* {A23392FD-84B9-F933-2C71-81E751F6EF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Program Files\naveen\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\naveen\MalwarebytesAM\mbamscheduler.exe
C:\Program Files\Bitdefender\Bitdefender\BdParentalSysTray.exe
C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\naveen\Unchecky\bin\unchecky_svc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
C:\Program Files (x86)\naveen\Unchecky\bin\unchecky_bg.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\naveen\Diskeeper\DkService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\naveen\IDM\IDMan.exe
C:\Program Files (x86)\naveen\IDM\IEMonitor.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mStart Page = about:blank
mWindow Title = Windows Internet Explorer provided by MSN and Bing
mWinlogon: Userinit = userinit.exe,
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\naveen\IDM\IDMIECC.dll
BHO: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7u51\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\naveen\LastPass\LPToolbar.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7u51\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\naveen\LastPass\LPToolbar.dll
EB: F12 Developer Tools: {28BCCB9A-E66B-463C-82A4-09F320DE94D7} - C:\Program Files (x86)\Internet Explorer\F12Tools.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
uRun: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
uRun: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
uRun: [AccelerometerSysTrayApplet] "C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.Exe"
uRun: [IDMan] C:\Program Files (x86)\naveen\IDM\IDMan.exe /onboot
uRun: [SUPERAntiSpyware] C:\Program Files\naveen\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [ISUSPM] "C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe" -scheduler
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [bdruninstaller] "C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setupdownloader.exe" /args:"/after_restart"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
dRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
dRun: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
dRun: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
dRun: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DontDisplayLockedUserId = dword:1
IE: Download all links with IDM - C:\Program Files (x86)\naveen\IDM\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\naveen\IDM\IEExt.htm
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\naveen\LastPass\LPToolbar.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{649033BA-E433-4C5B-9C62-9A06B557BC2B} : DHCPNameServer = 192.168.0.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
x64-BHO: AutorunsDisabled - <orphaned>
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\naveen\IDM\IDMIECC64.dll
x64-BHO: Bitdefender Wallet : {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\naveen\LastPass\LPToolbar_x64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} -
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\naveen\LastPass\LPToolbar_x64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [Bdagent] "C:\Program Files\Bitdefender\Bitdefender\bdagent.exe"
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\naveen\LastPass\LPToolbar_x64.dll
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {0CE7EBAF-157D-4111-9146-057CB2A4023E} - msiexec /fu {0CE7EBAF-157D-4111-9146-057CB2A4023E} /qn
Hosts: 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
Hosts: 0.0.0.0 media.opencandy.com
Hosts: 0.0.0.0 cdn.opencandy.com
Hosts: 0.0.0.0 tracking.opencandy.com
Hosts: 0.0.0.0 api.opencandy.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Naveen Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jgfn09ly.default\
FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7u51\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7u51\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\naveen\adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
FF - plugin: C:\Program Files (x86)\naveen\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: C:\Program Files (x86)\naveen\LastPass\nplastpass.dll
FF - plugin: C:\Program Files (x86)\naveen\LastPass\nplastpass64.dll
FF - plugin: C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll
FF - plugin: C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin64.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\System32\Adobe\Director\np32dsw_1204144.dll
FF - plugin: C:\Windows\System32\Adobe\Director\np32dsw_1209149.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2014-4-13 893440]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Users\NAVEEN\Desktop\idm\pgm\eek\Run\a2ddax64.sys [2014-5-2 26176]
R1 AntiLog32;AntiLog32;C:\Windows\System32\drivers\AntiLog64.sys [2012-9-2 49240]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [2014-4-14 93600]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2014-4-14 103504]
R1 bdfwfpf_pc;bdfwfpf_pc;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [2014-4-14 121928]
R1 BDVEDISK;BDVEDISK;C:\Windows\System32\drivers\bdvedisk.sys [2014-4-13 76944]
R1 SASDIFSV;SASDIFSV;C:\Program Files\naveen\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\naveen\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\naveen\SUPERAntiSpyware\SASCore64.exe [2013-10-11 144152]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2013-2-10 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-3-14 204288]
R2 BdDesktopParental;Bitdefender Desktop Parental Control;C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [2014-4-14 77632]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2013-12-20 114448]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [2011-8-26 260424]
R2 hmip;hmip;C:\Windows\System32\drivers\hmip64.sys [2014-3-4 30056]
R2 hmpalert;HitmanPro.Alert Support Driver;C:\Windows\System32\drivers\hmpalert.sys [2014-1-23 93144]
R2 hmpalertsvc;HitmanPro.Alert Service;C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [2014-1-23 1876816]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2013-9-10 270624]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-27 30520]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [2014-3-6 49464]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-14 13592]
R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2014-4-29 175480]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-9-28 212944]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\naveen\MalwarebytesAM\mbamscheduler.exe [2014-1-19 1809720]
R2 SafeBox;SafeBox;C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe [2014-4-13 94624]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2013-12-6 662232]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 Unchecky;Unchecky;C:\Program Files (x86)\naveen\Unchecky\bin\unchecky_svc.exe [2014-5-5 107624]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-3-14 2656536]
R2 UPDATESRV;Bitdefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [2014-4-14 67320]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2014-2-28 271728]
R3 avchv;avchv Function Driver;C:\Windows\System32\drivers\avchv.sys [2014-4-13 261056]
R3 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2014-4-13 635392]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2012-8-3 40432]
R3 DKRtWrt;DKRtWrt;C:\Windows\System32\drivers\DKRtWrt.sys [2012-9-4 44624]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2012-11-8 249584]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2012-11-8 77040]
R3 gzflt;gzflt;C:\Windows\System32\drivers\gzflt.sys [2014-4-14 150256]
R3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-9-13 1098296]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2013-7-9 90112]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-3-14 317440]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2012-3-14 12289472]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-1-19 25816]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-5-31 338536]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-3-14 428136]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2012-3-14 1145448]
R3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\System32\drivers\seehcri.sys [2013-1-16 34032]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\System32\drivers\teamviewervpn.sys [2013-8-16 35112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MBAMService;MBAMService;C:\Program Files (x86)\naveen\MalwarebytesAM\mbamservice.exe [2014-1-19 857912]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2013-6-25 36328]
S3 BDSandBox;BDSandBox;C:\Windows\System32\drivers\bdsandbox.sys [2014-4-13 82824]
S3 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2013-12-20 402192]
S3 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2013-12-20 385808]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2012-5-30 35840]
S3 cleanhlp;cleanhlp;C:\Users\NAVEEN\Desktop\idm\pgm\eek\Run\cleanhlp64.sys [2014-5-2 57024]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2013-7-9 117248]
S3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\System32\drivers\ew_usbenumfilter.sys [2013-7-9 14336]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-10-5 57856]
S3 huawei_cdcacm;huawei_cdcacm;C:\Windows\System32\drivers\ew_jucdcacm.sys [2013-7-9 104960]
S3 huawei_ext_ctrl;huawei_ext_ctrl;C:\Windows\System32\drivers\ew_juextctrl.sys [2013-7-9 30720]
S3 huawei_wwanecm;huawei_wwanecm;C:\Windows\System32\drivers\ew_juwwanecm.sys [2013-7-9 241152]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-11 111616]
S3 MatSvc;Microsoft Automated Troubleshooting Service;C:\Program Files\Microsoft Fix it Center\Matsvc.exe [2011-6-13 343856]
S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2013-12-6 18456]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-3-24 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2012-9-21 31800]
S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-12-6 1229528]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2013-6-25 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2013-6-25 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2013-6-25 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2013-6-25 146920]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-24 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-3-24 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-7 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2013-7-10 14464]
S4 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE [2013-12-16 193696]
S4 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE [2013-12-16 247968]
S4 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-3-3 1363584]
S4 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-3-3 1748608]
S4 CLKMSVC10_38F51D56;CyberLink Product - 2012/06/03 05:29:34;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2012-2-8 244720]
S4 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\naveen\ComodoDragon\dragon_updater.exe [2014-4-24 2135232]
S4 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
S4 HideMyIpSRV;HideMyIpSRV;C:\Program Files (x86)\naveen\Hide My IP\HideMyIpSrv.exe [2014-3-4 3616880]
S4 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe [2011-3-14 346976]
S4 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-2-10 2413056]
S4 MetroServ;WinMetro Service;C:\Program Files (x86)\naveen\WinMetro\MetroSvc.exe [2014-1-10 314176]
S4 Mobile Partner. RunOuc;Mobile Partner. OUC;C:\Program Files (x86)\naveen\huaweiMP\UpdateDog\ouc.exe [2013-7-9 650240]
S4 MoboroboDeviceService;Moborobo Device Service;C:\Program Files (x86)\naveen\Moborobo\MoboroboDeviceService.exe [2013-1-20 71976]
S4 MotoHelper.exe;Motorola Helper;C:\Program Files (x86)\Motorola\Moto Helper Service\MotoHelper.exe [2010-9-14 6656]
S4 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-24 120728]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]
S4 Photon Plus. RunOuc;Photon Plus. OUC;C:\Program Files (x86)\naveen\Photon+\UpdateDog\ouc.exe [2014-4-2 655712]
S4 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2013-2-27 65657]
S4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136]
S4 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S4 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\naveen\TeamViewer9\TeamViewer_Service.exe [2013-12-25 5341536]
S4 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD Smartware\WDBackupEngine.exe [2014-2-28 1042808]
S4 XMouseButton Launcher;XMouseButton Launcher;C:\Program Files\naveen\X-MouseBtnctrl\XMouseButtonSvc.exe [2012-6-23 87040]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\Notepad.exe=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 60 ================
.
2014-05-06 18:59:05 -------- d-----w- C:\Users\Naveen Admin\AppData\Roaming\Roxio Log Files
2014-05-06 18:56:24 -------- d-----w- C:\Users\Naveen Admin\AppData\Local\SlimWare Utilities Inc
2014-05-06 18:56:20 -------- d-----w- C:\Program Files (x86)\SlimCleaner
2014-05-06 18:27:28 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{185ABDB5-0A19-4148-8F99-588C3452F1AE}\offreg.dll
2014-05-06 18:24:17 -------- d-----w- C:\Users\Naveen Admin\AppData\Local\Secunia PSI
2014-05-06 16:44:48 10651704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{185ABDB5-0A19-4148-8F99-588C3452F1AE}\mpengine.dll
2014-05-05 13:13:59 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2014-05-03 17:04:22 -------- d-----w- C:\Users\Naveen Admin\AppData\Roaming\Wireshark
2014-05-03 14:08:58 -------- d-----w- C:\Users\Naveen Admin\AppData\Roaming\Mythicsoft
2014-05-03 11:02:16 -------- d-----w- C:\Users\Naveen Admin\AppData\Roaming\EurekaLab s.a.s
2014-05-03 03:23:40 165376 ----a-w- C:\Windows\SysWow64\unrar.dll
2014-05-03 03:23:39 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2014-05-03 03:23:32 -------- d-----w- C:\Program Files\Free Opener
2014-05-03 03:20:12 -------- d-----w- C:\Users\Naveen Admin\AppData\Roaming\Zeon
2014-05-03 03:20:11 -------- d-----w- C:\ProgramData\Nuance
2014-05-03 03:20:06 -------- d-----w- C:\Program Files (x86)\Nuance
2014-05-03 03:19:58 -------- d-----w- C:\Users\Naveen Admin\AppData\Local\Downloaded Installations
2014-05-03 00:11:05 -------- d-----w- C:\Program Files (x86)\MSECache
2014-05-02 22:19:06 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-02 22:19:05 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-02 09:48:23 -------- d-----w- C:\Users\Naveen Admin\AppData\Roaming\UploadRabbitforFacebook
2014-05-01 18:49:00 -------- d-----w- C:\Users\Naveen Admin\AppData\Roaming\Outertech
2014-04-29 12:30:39 175480 ----a-w- C:\Windows\System32\drivers\idmwfp.sys
2014-04-27 15:17:22 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2014-04-25 00:11:17 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-04-24 15:24:01 -------- d-s---w- C:\Windows\System32\CompatTel
2014-04-24 15:23:08 465408 ----a-w- C:\Windows\System32\aepdu.dll
2014-04-24 15:23:07 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-04-23 03:30:32 -------- d-----w- C:\Program Files\Reason
2014-04-23 02:33:49 50176 ----a-w- C:\Windows\uninstyler.exe
2014-04-17 14:04:09 -------- d-----w- C:\Users\Naveen Admin\AppData\Local\Mozilla
2014-04-16 22:35:14 -------- d-----w- C:\Users\Naveen Admin\AppData\Local\ElevatedDiagnostics
2014-04-16 22:29:29 -------- d-----w- C:\Users\Naveen Admin\AppData\Roaming\Ditto
2014-04-13 22:16:17 -------- d-----w- C:\Users\Naveen Admin\AppData\Local\HP
2014-04-13 22:15:59 -------- d-----w- C:\Users\Naveen Admin\AppData\Local\AuthenTec
2014-04-13 21:28:57 -------- d-----w- C:\Users\Naveen Admin\AppData\Local\Eraser 6
2014-04-13 21:23:35 -------- d-----w- C:\Users\Naveen Admin\AppData\Local\CrashDumps
2014-04-13 21:04:32 40876 ----a-w- C:\ProgramData\1397423055.bdinstall.bin
2014-04-13 19:57:20 469866 ----a-w- C:\ProgramData\1397418873.bdinstall.bin
2014-04-13 19:55:50 -------- d-----w- C:\Users\Naveen Admin\AppData\Roaming\Bitdefender
2014-04-13 19:55:25 3271472 ---ha-w- C:\bdr-bz01
2014-04-13 19:55:19 389240 ------w- C:\Windows\System32\drivers\trufos.sys
2014-04-13 19:55:18 150256 ------w- C:\Windows\System32\drivers\gzflt.sys
2014-04-13 18:40:20 465052 ----a-w- C:\ProgramData\1397414285.bdinstall.bin
2014-04-13 18:20:29 -------- d-----w- C:\ProgramData\Dumps
2014-04-13 17:23:50 74512 ----a-w- C:\Windows\System32\bdsandboxuiskin32.dll
2014-04-13 17:05:21 2680715 ----a-w- C:\ProgramData\1397407742.bdinstall.bin
2014-04-13 17:01:14 -------- d-----w- C:\ProgramData\BDLogging
2014-04-13 17:01:09 76944 ------w- C:\Windows\System32\drivers\bdvedisk.sys
2014-04-13 17:01:08 93600 ----a-w- C:\Windows\System32\drivers\BdfNdisf6.sys
2014-04-13 17:01:08 82824 ----a-w- C:\Windows\System32\drivers\bdsandbox.sys
2014-04-13 17:01:08 74512 ----a-w- C:\Windows\SysWow64\bdsandboxuiskin32.dll
2014-04-13 17:01:08 511328 ----a-w- C:\Windows\capicom.dll
2014-04-13 17:00:53 893440 ------w- C:\Windows\System32\drivers\avc3.sys
2014-04-13 17:00:53 635392 ------w- C:\Windows\System32\drivers\avckf.sys
2014-04-13 17:00:53 261056 ------w- C:\Windows\System32\drivers\avchv.sys
2014-04-13 16:55:24 84848 ----a-w- C:\Windows\System32\BDSandBoxUISkin.dll
2014-04-13 16:55:24 34384 ----a-w- C:\Windows\System32\BDSandBoxUH.dll
2014-04-13 16:55:24 -------- d-----w- C:\ProgramData\Bitdefender
2014-04-13 16:55:22 -------- d-----w- C:\Program Files\Bitdefender
2014-04-13 16:49:01 -------- d-----w- C:\Users\Naveen Admin\AppData\Roaming\QuickScan
2014-04-13 16:32:54 -------- d-----w- C:\Program Files (x86)\Wunderlist2
2014-04-12 01:17:50 -------- d-----w- C:\Users\Naveen Admin\AppData\Roaming\TeraCopy
2014-04-11 23:58:32 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-04-11 21:14:14 -------- d-sh--w- C:\Users\Naveen Admin\AppData\Local\EmieUserList
2014-04-11 21:14:14 -------- d-sh--w- C:\Users\Naveen Admin\AppData\Local\EmieSiteList
2014-04-11 10:43:07 27584 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2014-04-11 10:42:59 1684928 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2014-04-10 18:29:39 -------- d-----w- C:\Windows\CryptoGuard
2014-04-07 21:28:34 -------- d-----w- C:\Program Files\Western Digital
2014-04-07 21:08:36 -------- d-----w- C:\Program Files\WDCSAM
2014-04-07 21:05:06 -------- d-----w- C:\ProgramData\Western Digital
2014-04-07 20:58:41 -------- d-----w- C:\Program Files (x86)\Western Digital
2014-04-07 12:17:32 714680 ----a-w- C:\Windows\is-M12TU.exe
2014-04-05 08:12:27 -------- d-----w- C:\Program Files (x86)\Belarc
2014-04-03 10:46:11 -------- d-----w- C:\Program Files\Common Files\Bitdefender
2014-04-03 10:45:49 -------- d-----w- C:\Program Files (x86)\Common Files\Bitdefender
2014-04-02 18:20:32 -------- d-----w- C:\Program Files (x86)\SkypeWebPlugin
2014-04-02 15:09:42 -------- d-----w- C:\ProgramData\Photon Plus
2014-04-01 23:34:46 -------- d-----w- C:\Users\Naveen Admin\AppData\Local\Hewlett-Packard_Company
2014-04-01 21:42:10 -------- d-----w- C:\Users\Naveen Admin\AppData\Roaming\PotPlayerMini64
2014-04-01 20:27:09 -------- d--h--r- C:\ESD
2014-03-31 15:45:31 -------- dc----w- C:\Users\Naveen Admin\AppData\Local\MigWiz
2014-03-30 15:31:56 -------- d-----w- C:\ProgramData\boost_interprocess
2014-03-30 15:31:27 -------- d-----w- C:\Program Files (x86)\Fenrir Inc
2014-03-30 12:01:20 0 ----a-w- C:\Windows\SysWow64\sho43D9.tmp
2014-03-28 14:23:08 -------- d-----w- C:\Users\Naveen Admin\AppData\Local\Western Digital
2014-03-28 14:23:04 -------- d-----w- C:\Users\Naveen Admin\AppData\Local\Western_Digital_Technolog
2014-03-28 14:15:21 -------- d-----w- C:\Program Files\Common Files\Western Digital
2014-03-28 14:14:38 -------- d-----w- C:\Program Files (x86)\Common Files\Western Digital
2014-03-28 12:33:16 0 ----a-w- C:\Windows\SysWow64\shoCC18.tmp
2014-03-27 12:19:39 0 ----a-w- C:\Windows\SysWow64\shoF5E9.tmp
2014-03-26 17:21:35 -------- d-----w- C:\Users\Naveen Admin\AppData\Local\Comodo
2014-03-26 17:21:32 57096 ----a-w- C:\Windows\System32\certsentry.dll
2014-03-26 17:21:32 48392 ----a-w- C:\Windows\SysWow64\certsentry.dll
2014-03-26 15:27:25 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-03-26 15:02:42 -------- d-----w- C:\Users\Naveen Admin\AppData\Local\Google
2014-03-26 15:02:40 49940480 ----a-w- C:\Program Files (x86)\GUTF7F6.tmp
2014-03-26 15:02:40 -------- d-----w- C:\Program Files (x86)\GUMF7F5.tmp
2014-03-26 13:44:02 -------- d-----w- C:\Users\Naveen Admin\AppData\Roaming\IDM
2014-03-26 13:44:02 -------- d-----w- C:\Users\Naveen Admin\AppData\Roaming\DMCache
2014-03-24 09:58:11 -------- d--h--w- C:\Program Files (x86)\Temp
2014-03-23 21:37:35 6574592 ----a-w- C:\Windows\System32\mstscax.dll
2014-03-23 21:37:35 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-03-23 21:14:23 15360 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-03-23 21:14:18 30208 ------w- C:\Windows\System32\drivers\TsUsbGD.sys
2014-03-23 21:14:18 19456 ------w- C:\Windows\System32\drivers\rdpvideominiport.sys
2014-03-23 21:14:13 3174912 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-03-23 21:14:13 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2014-03-23 21:14:13 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll
2014-03-23 21:14:13 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll
2014-03-23 15:29:22 -------- d-----w- C:\Users\Naveen Admin\AppData\Local\Copernic
2014-03-23 12:45:16 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-03-23 12:45:12 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-03-23 12:45:12 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-03-23 12:45:11 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2014-03-23 12:44:22 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-03-23 12:44:22 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-03-23 12:44:22 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-03-23 12:44:22 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-03-23 12:44:21 484864 ----a-w- C:\Windows\System32\wer.dll
2014-03-23 12:44:21 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-03-23 12:44:15 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-03-23 12:44:15 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-03-23 12:44:10 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-03-23 12:44:10 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-13 14:11:22 -------- d-----w- C:\Users\Naveen Admin\AppData\Roaming\Obvious Idea
2014-03-13 14:03:17 -------- d-----w- C:\Users\Naveen Admin\AppData\Local\Adobe
2014-03-13 14:01:44 -------- d-----w- C:\Users\Naveen Admin\AppData\Roaming\IrfanView
2014-03-13 13:58:27 -------- d-----w- C:\Users\Naveen Admin\AppData\Roaming\PowerISO
2014-03-13 07:02:40 0 ----a-w- C:\Windows\SysWow64\sho1758.tmp
2014-03-12 01:06:57 5777288 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
.
==================== Find6M ====================
.
2014-05-06 18:42:06 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-06 18:42:06 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-04-09 20:23:44 93144 ------w- C:\Windows\System32\drivers\hmpalert.sys
2014-04-09 20:23:44 548424 ------w- C:\Windows\System32\hmpalert.dll
2014-04-09 20:23:44 477008 ------w- C:\Windows\SysWow64\hmpalert.dll
2014-04-03 04:20:58 25816 ------w- C:\Windows\System32\drivers\mbam.sys
2014-03-31 04:05:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34 548352 ------w- C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ------w- C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33 455168 ------w- C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:17:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
2014-02-22 21:46:50 0 ----a-w- C:\Windows\SysWow64\sho14AC.tmp
2014-02-22 18:59:04 13024768 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-02-11 13:14:43 0 ----a-w- C:\Windows\SysWow64\shoB83.tmp
2014-02-04 02:35:56 190912 ----a-w- C:\Windows\System32\drivers\storport.sys
2014-02-04 02:35:49 274880 ----a-w- C:\Windows\System32\drivers\msiscsi.sys
2014-02-04 02:28:36 2048 ----a-w- C:\Windows\System32\iologmsg.dll
2014-02-04 02:00:39 2048 ----a-w- C:\Windows\SysWow64\iologmsg.dll
2014-01-25 18:29:16 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-17 10:54:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2014-01-17 10:54:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-12-10 10:23:39 82816 ----a-w- C:\Windows\System32\drivers\pcouffin.sys
2013-12-09 21:43:26 32768 ----a-w- C:\Windows\NCUNINST.EXe
2013-12-06 14:47:12 18456 ----a-w- C:\Windows\System32\drivers\psi_mf_amd64.sys
2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2013-11-26 09:59:43 27600 ----a-r- C:\Windows\isk3ro.exe
2013-11-26 08:16:50 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-22 22:48:21 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-11-21 03:24:03 1169224 --sha-w- C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
.
============= FINISH: 3:49:40.88 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 05-04-2012 20:32:17
System Uptime: 06-05-2014 17:43:06 (10 hours ago)
.
Motherboard: Hewlett-Packard | | 17F9
Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz | CPU1 | 792/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 673 GiB total, 288.927 GiB free.
D: is FIXED (NTFS) - 21 GiB total, 1.831 GiB free.
E: is FIXED (FAT32) - 4 GiB total, 1.073 GiB free.
F: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VirtualBox Host-Only Ethernet Adapter
Device ID: ROOT\NET\0001
Manufacturer: Oracle Corporation
Name: VirtualBox Host-Only Ethernet Adapter
PNP Device ID: ROOT\NET\0001
Service: VBoxNetAdp
.
==== System Restore Points ===================
.
RP536: 05-05-2014 17:03:44 - Windows Update
RP537: 07-05-2014 03:15:38 - Installed PC Matic Plugin
.
==== Hosts File Hijack ======================
.
Hosts: 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
Hosts: 0.0.0.0 media.opencandy.com
Hosts: 0.0.0.0 cdn.opencandy.com
Hosts: 0.0.0.0 tracking.opencandy.com
Hosts: 0.0.0.0 api.opencandy.com
Hosts: 0.0.0.0 installer.betterinstaller.com
Hosts: 0.0.0.0 installer.filebulldog.com
Hosts: 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
Hosts: 0.0.0.0 inno.bisrv.com
Hosts: 0.0.0.0 nsis.bisrv.com
Hosts: 0.0.0.0 cdn.file2desktop.com
Hosts: 0.0.0.0 cdn.goateastcach.us
Hosts: 0.0.0.0 cdn.guttastatdk.us
Hosts: 0.0.0.0 cdn.inskinmedia.com
Hosts: 0.0.0.0 cdn.insta.oibundles2.com
Hosts: 0.0.0.0 cdn.insta.playbryte.com
Hosts: 0.0.0.0 cdn.llogetfastcach.us
Hosts: 0.0.0.0 cdn.montiera.com
Hosts: 0.0.0.0 cdn.msdwnld.com
Hosts: 0.0.0.0 cdn.mypcbackup.com
Hosts: 0.0.0.0 cdn.ppdownload.com
Hosts: 0.0.0.0 cdn.riceateastcach.us
Hosts: 0.0.0.0 cdn.shyapotato.us
Hosts: 0.0.0.0 cdn.solimba.com
Hosts: 0.0.0.0 cdn.tuto4pc.com
Hosts: 0.0.0.0 cdn.appround.biz
Hosts: 0.0.0.0 cdn.bigspeedpro.com
Hosts: 0.0.0.0 cdn.bispd.com
Hosts: 0.0.0.0 cdn.bisrv.com
Hosts: 0.0.0.0 cdn.cdndp.com
Hosts: 0.0.0.0 cdn.download.sweetpacks.com
Hosts: 0.0.0.0 cdn.dpdownload.com
Hosts: 0.0.0.0 cdn.visualbee.net
.
==== Installed Programs ======================
.
Acronis Drive Monitor
Active@ ISO Burner
Adobe AIR
Adobe Creative Cloud
Adobe Download Assistant
Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
Adobe Shockwave Player 12.1
Advanced Renamer
AMD APP SDK Runtime
AMD Catalyst Install Manager
AntiLogger
APK Downloader 1.5.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applian Director
ArcSoft Panorama Maker 4
Ashampoo Burning Studio 14 v.14.0.1
Asoftech Photo Recovery
AuthenTec TrueAPI
Avanquest update
Battle Realms Winter of the Wolf (2 IN 1) Full
Bazooka Scanner
Belarc Advisor 8.4
Better Explorer
Bing Bar
Bitdefender Total Security
Bloom
BlueStacks App Player
BlueStacks Notification Center
Bonjour
BurnAware Professional
Camfrog Video Chat 6.2
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CD Speed
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Comodo Dragon
Compiled Driver Disc (Full) 1.0
Compiled Driver Disk (Samsung) 1.0
Compiled Driver Disk(Motorola) 1.0
Copernic Desktop Search 4
CrystalDiskInfo 6.1.8 Shizuku Edition
CursorFX Plus
CyberLink DVD Suite
CyberLink PowerDVD
CyberLink YouCam
D3DX10
Data Lifeguard Diagnostic for Windows 1.25
Daum PotPlayer 1.5.44465 x64 Edition
Digital Janitor
Direct Folders
DiskCheckup v3.2
Diskeeper 2011
Ditto
DoubleKiller Pro
DoWar2R
Dual-Core Optimizer
Duplicate File Remover
Duplicate Photo Cleaner
Emicsoft MKV Converter
Eraser 6.0.10.2620
ESET Online Scanner v3
ESU for Microsoft Windows 7 SP1
Evernote v. 4.2.3
Everything 1.2.1.371
FastPreview
File Uploader
FileAlyzer 2
FileLocator Pro x64
FileMenu Tools
Folder Size for Windows
Fotobounce 3.7.2
Free Opener
Fresco Logic USB3.0 Host Controller
FVD Suite 3.0.3
Genymotion version 2.0.3
GetDiz
Gmail Keeper
Google Chrome
Google Chrome Frame
Google Earth Plug-in
Google Talk (remove only)
Google Talk Plugin
Google Update Helper
gpedt.msc 1.0
Growl for Windows
herdProtect Anti-Malware Scanner
Hewlett-Packard ACLM.NET v1.2.1.1
Hide My IP 5.4
HitmanPro 3.7
HitmanPro.Alert
HP 3D DriveGuard
HP Application Assistant
HP Auto
HP Client Services
HP Connection Manager
HP CoolSense
HP Customer Experience Enhancements
HP Documentation
HP Launch Box
HP MovieStore
HP On Screen Display
HP Power Manager
HP Quick Launch
HP QuickWeb
HP Recovery Manager
HP Security Assistant
HP Setup
HP Setup Manager
HP SimplePass 2012
HP Software Framework
HP Support Solutions Framework
HPISDataManager
iCloud
IDT Audio
ILLUSION Sexy Beach ZERO
ImgBurn
Intel(R) Control Center
Intel(R) Display Audio Driver
Intel(R) Identity Protection Technology 1.2.22.0
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Internet Download Manager
IrfanView (remove only)
IsoBuster 3.0
iTunes
Java 7 Update 51
Java 8 Update 5 (64-bit)
Java Auto Updater
Junk Mail filter update
K-Lite Codec Pack 7.0.0 (Standard)
LastPass (uninstall only)
MailStore Home 8.1.0.9075
Malwarebytes Anti-Malware version 2.0.1.1004
MatroskaProp (remove only)
MediaInfo 0.7.65
MetroTextual version 1.8
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Filter Pack 2.0
Microsoft Fix it Center
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft WSE 3.0 Runtime
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Mobile Partner
mobile PhoneTools
MOBILedit! PhoneCopier ver. 6.6.0.2757
MOBILedit! Support Libraries
MOBILedit! ver. 6.9.0.2848
Moborobo 2.1.1.660
Monitor Off Utility 1.0
Moto Helper Service
MotoHelper MergeModules
Motorola Device Manager
Motorola Device Software Update
Motorola Mobile Drivers Installation 5.9.0
Mototools Software Update
Movie Maker
Mozilla Firefox 29.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 24.2.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
my Picturetown Utility
Nero 11 DiscSpeed
Nero 12
Nero Audio Pack 1
Nero BackItUp
Nero BackItUp Help (CHM)
Nero Blu-ray Player
Nero Blu-ray Player Help (CHM)
Nero Burning ROM
Nero Burning ROM Help (CHM)
Nero ControlCenter
Nero ControlCenter Help (CHM)
Nero Core Components
Nero Disc Menus Basic
Nero DiscSpeed 11
Nero DiscSpeed 11 Help (CHM)
Nero Effects Basic
Nero Express
Nero Express Help (CHM)
Nero Kwik Media
Nero Kwik Media Help (CHM)
Nero Kwik Themes Basic
Nero PiP Effects Basic
Nero Recode
Nero Recode Help (CHM)
Nero RescueAgent
Nero RescueAgent Help (CHM)
Nero SharedVideoCodecs
Nero Update
Nero Video
Nero Video Help (CHM)
nero.prerequisites.msi
neroxml
Nikon Message Center
Nikon Transfer
Notepad++
Nuance PDF Reader
NVIDIA PhysX
opensource
Oracle VM VirtualBox 4.2.12
Pamela Pro 4.8
Path Scanner 1.1.0.20
PC Matic Plugin
PDF Settings CS6
Photo Common
Photo Gallery
Photon Plus
Pixlr-o-matic
PlayReady PC Runtime x86
PMW
PowerISO
Prerequisite installer
PX Profile Update
QuickTime 7
Rainmeter
Raptr
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
REALTEK Wireless LAN Driver
Recuva
RegAlyzer
Replay Video Capture 6
Revo Uninstaller Pro 2.5.8
RunAlyzer
Samsung Kies
Samsung PC Studio 3 USB Driver Installer
SAMSUNG USB Driver for Mobile Phones
save2pc Ultimate 5.21
SeaTools for Windows
Secunia PSI (3.0.0.9016)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
SES Driver
Skype Click to Call
Skype Web Plugin
Skype™ 6.14
Sleipnir Version 5.1.0
SliderDock
SlimCleaner
Smart File Advisor 1.1.1
Speccy
Spider-Man 3 (TM)
Spider-Man 3(TM)
STDU Viewer version 1.6.313.0
SUPERAntiSpyware
SuperHeroes Arena
Supreme Commander
swMSM
Synaptics TouchPad Driver
SyncCell 3.0
System Requirements Lab for Intel
TeamViewer 9
TeraCopy 2.3
Terminator Salvation - The Videogame
The Incredible Hulk
Tiny Burner 1
Transformers - War for Cybertron
Tweaking.com - Windows Repair (All in One)
Types
Ultra Port Scanner
Unchecky v0.2.14
Uniblue ProcessQuickLink 2
Unlocker 1.9.1-x64
Validity WBF DDK
ViceVersa Pro 2.5 (Build 2511)
ViceVersa Pro 2.5 64-bit (Build 2512)
VIP Access SDK (1.1.0.4)
Visual C++ 2008 Runtime (x64)
VSO Inspector 2.0.2
VVEngine 2.1 (Build 2104)
WD Drive Utilities
WD Quick View
WD SES Driver Setup
WD SmartWare
WD SmartWare Installer
Welcome App (Start-up experience)
WinDFT
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (03/06/2009 1.0.0008.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinMetro
WinPcap 4.1.3
WinRAR 5.01 (64-bit)
Wireshark 1.10.7 (64-bit)
Wunderlist
X-Mouse Button Control 2.5
Xvid MPEG-4 Video Codec
Yahoo! Messenger
Zero Assumption Recovery Version 9
.
==== Event Viewer Messages From Past Week ========
.
06-05-2014 17:47:25, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TrueSuiteService service to connect.
06-05-2014 17:47:25, Error: Service Control Manager [7000] - The TrueSuiteService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
06-05-2014 17:44:50, Error: Service Control Manager [7022] - The Bitdefender Virus Shield service hung on starting.
06-05-2014 17:02:37, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
06-05-2014 17:02:36, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
06-05-2014 17:02:36, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
06-05-2014 17:02:36, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
06-05-2014 17:02:36, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
06-05-2014 17:02:35, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
06-05-2014 17:02:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
06-05-2014 17:02:10, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avc3 BdfNdisf bdfwfpf bdfwfpf_pc BDVEDISK DfsC discache gzflt NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL SCDEmu spldr sptd tdx VBoxDrv VBoxUSBMon vwififlt Wanarpv6 WfpLwf ws2ifsl
06-05-2014 17:02:09, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
06-05-2014 17:02:09, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
06-05-2014 17:02:09, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
06-05-2014 17:02:09, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
06-05-2014 17:02:09, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
06-05-2014 17:02:09, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
06-05-2014 17:02:09, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
06-05-2014 17:02:09, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
06-05-2014 17:02:09, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
06-05-2014 17:02:09, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
06-05-2014 17:01:44, Error: sptd [4] - Driver detected an internal error in its data structures for .
06-05-2014 15:41:45, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
06-05-2014 15:41:45, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
06-05-2014 15:41:45, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
06-05-2014 15:41:45, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
06-05-2014 15:41:45, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
06-05-2014 15:41:45, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
06-05-2014 15:41:45, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
06-05-2014 15:41:45, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
05-05-2014 16:02:34, Error: volmgr [46] - Crash dump initialization failed!
03-05-2014 05:57:54, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
03-05-2014 05:43:29, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The paging file is too small for this operation to complete.
03-05-2014 05:43:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1455" attempting to start the service VSS with arguments "" in order to run the server: {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F}
03-05-2014 05:43:24, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F}
03-05-2014 05:43:21, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
03-05-2014 05:43:21, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
03-05-2014 05:09:13, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR4.
03-05-2014 04:47:37, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {FE9617F6-E606-42AA-BECC-0E9CDA246D63}. The error: "8" Happened while starting this command: C:\Windows\system32\igfxsrvc.exe -Embedding
02-05-2014 23:39:21, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {ECF5BF46-E3B6-449A-B56B-43F58F867814}. The error: "8" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
02-05-2014 23:39:21, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {56EA1054-1959-467F-BE3B-A2A787C4B6EA}. The error: "8" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
02-05-2014 23:39:18, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {ECF5BF46-E3B6-449A-B56B-43F58F867814}. The error: "1455" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
02-05-2014 23:39:18, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {56EA1054-1959-467F-BE3B-A2A787C4B6EA}. The error: "1455" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
02-05-2014 23:38:53, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}. The error: "8" Happened while starting this command: C:\Windows\system32\igfxsrvc.exe -Embedding
02-05-2014 15:08:00, Error: Application Popup [1060] - \??\C:\Users\NAVEEN~1\AppData\Local\Temp\mbr.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
.
==== End Of File ===========================
anniyan
Regular Member
 
Posts: 19
Joined: May 6th, 2014, 12:49 pm

Re: nasty rootkit+virus that eludes all antimalware

Unread postby Gary R » May 6th, 2014, 6:36 pm

OK, first of all gringo, the guy who helped you at Bleeping Computers, was trained here at MWR, so I know that if your computer was capable of being cleaned, he would have cleaned it for you.

The fact that he has advised you to reformat tells me that it's highly unlikely that there is any other real solution. Further investigation of your infection is IMO a waste of both your time and ours.

So, the problem as I see it, is really one of how to back up your personal files and folders to an external disk, without transferring your "problem" to that disk.

Questions ...

  1. Do you have access to another uninfected computer which we can use to create a bootable disk ?
  2. Have you tried seeing whether you can boot your infected computer from a Linux distro like Puppy ?
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: nasty rootkit+virus that eludes all antimalware

Unread postby anniyan » May 7th, 2014, 6:19 am

i am ok with reformatting my HDD, but as you have put it, "So, the problem as I see it, is really one of how to back up your personal files and folders to an external disk, without transferring your "problem" to that disk. " is true. but i am clueless about how to do it.
answering your questions, 'no' to both.
1. this is a home computer, no other PC i have.
2. can booting up with a linux distro help me transfer my personal files without transferring the problem? if yes, can i know what to do? any USB storage device i connect to my PC gets infected, without any exception. and i am totally unfamiliar with linux, never saw one.

PS. IMHO, also, my dds log shows many problems. can you identify the infection? and some rootkit tools like GMER have not been tried yet; or can i run some tool like SYSINTERNALS which lists all entities active when running my laptop, so that you can check the logs for unfamiliar/suspicious items and suggest manual removal. anyways my system files are corrupted already and i am gonna reinstall the OS, so no problem about the accuracy of your hunch, even if your suspicion involves deleting 1 or 2 unimportant system files [though i am 100% confident in your expertise, no offence please]. i just want to transfer my personal files clean. but this is just my opinion. i am open to any help that you can offer. thanks in advance.
anniyan
Regular Member
 
Posts: 19
Joined: May 6th, 2014, 12:49 pm

Re: nasty rootkit+virus that eludes all antimalware

Unread postby Gary R » May 7th, 2014, 7:28 am

The trouble we're going to have is that you don't have access to another computer, and that limits what we can do considerably. You won't be able to boot from a Linux disk since we'd need another computer to create the Linux boot disk on, and you don't have access to one.

If you can get access to another computer, then details for how to recover your files using a Linux distro can be found in the following article ... viewtopic.php?p=618146#p618146

Advice on what level of risk different types of files may pose with relation to re-infecting a system can be found in the following post ... viewtopic.php?p=628778#p628778
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: nasty rootkit+virus that eludes all antimalware

Unread postby anniyan » May 8th, 2014, 2:44 pm

1. backing up my personal files to an external disk using a bootable thumb-drive with linux distro, wont transferring the infection to that disk?

2. you have not opined about that i have posted under [PS.] in my previous post, can i know your suggestion about it? do you think it is a Remote Access Infection (RAI) ?

3. as a last alternative, if all else fails, is there a chance that i move all my personal files to my portable harddisk, repave my laptop, and do not connect my portable harddisk until an antimalware company discovers the signatures for the malware in my system? is that feasible? if yes, how long can it roughly take?

thanks in advance.
anniyan
Regular Member
 
Posts: 19
Joined: May 6th, 2014, 12:49 pm

Re: nasty rootkit+virus that eludes all antimalware

Unread postby Gary R » May 8th, 2014, 3:36 pm

Because you're booting from an external media when you boot from a linux distro, your infection (if there is one) cannot be active, since it is "stored" on an entirely different OS (Windows 7), therefore as long as you only transfer your personal files to your external disk (making sure you don't include any executable file types), then the transfer process should be reasonably secure and safe.

It's not clear from your DDS logs what the source of your problem actually is, and since gringo at Bleeping Computers spent a whole lot of time, and ran a whole lot of scans in an unsuccessful attempt to narrow things down, I don't exactly feel inclined to spend an equal amount of my own time in the same pursuit. If there was a definite infection to be identified, then I'm confident that gringo would have found it, he's a very experienced helper.

It's not necessary to wait for an Anti-Malware company to develop new detection algorithms before re-installing you personal files onto your computer once you've reformatted it, since the files that you should backup should only be of data file types, and they are not likely to carry infection. As a precaution you should of course scan them with an AV prior to re-installation, but that's all.

To be honest, it's not clear that your problems are as a result of a deep seated infection, and it may be just as likely that they are caused by a corrupted OS, which is another reason why I believe that using a Linux distro might be the best solution to you being able to transfer your personal files.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: nasty rootkit+virus that eludes all antimalware

Unread postby anniyan » May 10th, 2014, 11:56 am

1.
[EDIT TO 1ST POST] - [20]
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8C-A302-45719A6F4EA7}

taskeng.exe {365DA1CE-E7CD-4E36-BDDE-964A1910AABC} AND taskeng.exe {985CFF65-E056-4FD2-9BE9-B0B51BEED3C9}

C:\Windows\System32\WUDFHOST.EXE" -HOSTGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-f57200a8-c758-4a2e-940e-ef36749bd67b -SystemEventPortName:HostProcess-a589f9e8-c880-4a71-8a14-26ac1cb62624 -IoCancelEventPortName:HostProcess-1550

C:\Windows\System32\WUDFHOST.EXE" -HOSTGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-c643434b-e49e-4cea-8c6d-b841027c245b -SystemEventPortName:HostProcess-748b5531-b644-47bd-a1bf-e16979121555 -IoCancelEventPortName:HostProcess-2434

DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

taskhost.exe $(Arg0)

especially i dunno why memory(private working set) of dllhost.exe goes to about 65,00,000K often [as noted in windows taskmanager], thus slowing down my PC to a crawl, which i have to 'end-process' to regain that memory. so i opine that some malware executes using system-files.

2. the bitdefender total security that i currently have now, has a RESCUE MODE which when clicked, reboots in FLUFF LINUX environment and runs a full-scan on the system [though it did not find anything]. can that linux help for what you have said?
Last edited by anniyan on May 10th, 2014, 12:18 pm, edited 1 time in total.
anniyan
Regular Member
 
Posts: 19
Joined: May 6th, 2014, 12:49 pm

Re: nasty rootkit+virus that eludes all antimalware

Unread postby Gary R » May 10th, 2014, 12:11 pm

anniyan wrote:..... the bitdefender total security that i currently have now, has a RESCUE MODE which when clicked, reboots in FLUFF LINUX environment and runs a full-scan on the system [though it did not find anything]. can that linux help for what you have said?


I would not imagine that the Rescue Mode environment is a complete OS, but rather just one that allows limited operations like running a scan. However I do not have any direct experience with it, so it may be worth asking on the Bit Defender forum.

http://forum.bitdefender.com/
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: nasty rootkit+virus that eludes all antimalware

Unread postby Gary R » May 14th, 2014, 11:02 am

Since there has been no further replies to this topic within 3 days of the last post, I will presume you have no further problems, and therefore .... This topic is closed
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 128 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware