Successfully blocked access to a potentially malicious website; type: outgoing (Malwarebytes)

[kool082]

Guys,

Need help related to the below issue. I am getting this msg everytime I trying to open a new browser window either IE or Chrome.

*****************************

Successfully blocked access to a potentially malicious website 91.218.121.57. Type: outgoing port 52800

*****************************

and port keep on changing. Below are the logs from Malwarebytes:

2012/07/09 18:26:38 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 49972, Process: chrome.exe)

2012/07/09 18:29:29 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 50021, Process: chrome.exe)

2012/07/09 18:29:45 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 50035, Process: chrome.exe)

2012/07/09 18:30:02 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 50045, Process: chrome.exe)

2012/07/09 18:30:02 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 50046, Process: chrome.exe)

2012/07/09 18:30:02 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 50047, Process: chrome.exe)

2012/07/09 18:30:02 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 50056, Process: chrome.exe)

2012/07/09 18:30:02 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 50057, Process: chrome.exe)

2012/07/09 18:30:02 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 50058, Process: chrome.exe)

2012/07/09 18:30:02 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 50060, Process: chrome.exe)

2012/07/09 18:30:02 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 50061, Process: chrome.exe)

2012/07/09 18:33:23 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 50116, Process: chrome.exe)

2012/07/09 18:33:23 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 50122, Process: chrome.exe)

2012/07/09 18:35:48 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 50309, Process: chrome.exe)

2012/07/09 18:45:44 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 50489, Process: chrome.exe)

2012/07/09 18:46:32 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 50592, Process: chrome.exe)

2012/07/09 18:46:32 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 50593, Process: chrome.exe)

2012/07/09 18:46:32 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 50594, Process: chrome.exe)

2012/07/09 18:46:32 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 50603, Process: chrome.exe)

2012/07/09 18:46:32 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 50604, Process: chrome.exe)

2012/07/09 18:46:32 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 50605, Process: chrome.exe)

2012/07/09 20:41:49 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 51462, Process: chrome.exe)

2012/07/09 20:41:59 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 51471, Process: chrome.exe)

2012/07/09 20:47:29 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 51663, Process: chrome.exe)

2012/07/09 20:52:09 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 51839, Process: chrome.exe)

2012/07/09 20:56:26 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 51863, Process: chrome.exe)

2012/07/09 21:00:19 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 51933, Process: iexplore.exe)

2012/07/09 21:00:19 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 51932, Process: iexplore.exe)

2012/07/09 21:00:19 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 51934, Process: iexplore.exe)

2012/07/09 21:07:08 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 51992, Process: iexplore.exe)

2012/07/09 21:07:08 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 51993, Process: iexplore.exe)

2012/07/09 21:07:08 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 51994, Process: iexplore.exe)

2012/07/09 21:07:25 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 52003, Process: iexplore.exe)

2012/07/09 21:07:25 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 52004, Process: iexplore.exe)

2012/07/09 21:07:25 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 52005, Process: iexplore.exe)

2012/07/09 21:08:21 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 52051, Process: chrome.exe)

2012/07/09 21:11:43 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 52226, Process: chrome.exe)

2012/07/09 21:22:39 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 52591, Process: chrome.exe)

2012/07/09 21:49:01 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 52764, Process: chrome.exe)

2012/07/09 21:52:36 +1000 ABHI-HP abhi MESSAGE Starting database refresh

2012/07/09 21:52:36 +1000 ABHI-HP abhi MESSAGE Stopping IP protection

2012/07/09 21:54:45 +1000 ABHI-HP abhi MESSAGE IP Protection stopped

2012/07/09 21:54:58 +1000 ABHI-HP abhi MESSAGE Database refreshed successfully

2012/07/09 21:54:59 +1000 ABHI-HP abhi MESSAGE Starting IP protection

2012/07/09 21:55:01 +1000 ABHI-HP abhi MESSAGE IP Protection started successfully

2012/07/09 21:55:55 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 52843, Process: chrome.exe)

2012/07/09 21:56:52 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 52867, Process: chrome.exe)

2012/07/09 21:58:45 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 52877, Process: chrome.exe)

2012/07/09 22:22:05 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 53253, Process: chrome.exe)

2012/07/09 22:28:15 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 53351, Process: chrome.exe)

2012/07/09 22:30:28 +1000 ABHI-HP abhi MESSAGE Stopping IP protection

2012/07/09 22:32:34 +1000 ABHI-HP abhi MESSAGE IP Protection stopped

2012/07/09 23:36:12 +1000 ABHI-HP abhi MESSAGE Starting IP protection

2012/07/09 23:36:15 +1000 ABHI-HP abhi MESSAGE IP Protection started successfully

2012/07/09 23:36:29 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 52742, Process: chrome.exe)

2012/07/09 23:36:45 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 52748, Process: chrome.exe)

2012/07/09 23:36:53 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 52758, Process: chrome.exe)

2012/07/09 23:37:01 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 52769, Process: chrome.exe)

2012/07/09 23:37:18 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 52786, Process: chrome.exe)

2012/07/09 23:37:42 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 52800, Process: chrome.exe)

2012/07/09 23:43:12 +1000 ABHI-HP abhi IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 52870, Process: chrome.exe)

Attached is the logs from TDSSKiller as well...

Thanks in advance.

TDSSKiller.2.7.45.0_09.07.2012_21.17.37_log.txt

[Maniac]

Hello kool082 and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  

Please follow the instructions here:

http://forums.malwarebytes.org/index.php?showtopic=9573

Post the log files in your next reply. I would like to see and the following log too:

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

In your next reply, post the following log files:

• DDS log with Attach.txt
  
• aswMBR log

[kool082]

Thanks Maniac. I disabled the anti virus and spyware software before running DDS.

Please find attached logs as requested from DDS and aswMBR.

Will wait for next action.

Attach.txt

DDS.txt

aswMBR.txt

[Maniac]

Please read my instructions carefully:

Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

On completion of the scan click save log, save it to your desktop and post in your next reply

In your next reply, post the following log files:

[kool082]

Sorry missed it. So here are the logs:

DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by abhi at 13:19:04 on 2012-07-11

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.1910.603 [GMT 10:00]

.

AV: Internet Security Anti-Virus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}

AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

FW: Internet Security Firewall *Disabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}

FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Sandboxie\SbieSvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

C:\Program Files (x86)\AVG\AVG2012\avgfws.exe

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\PDF Complete\pdfsvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe

C:\Program Files (x86)\VoipDiscount.com\VoipDiscount\VoipDiscount.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Sandboxie\SbieCtrl.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

c:\windows\explorer.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe

C:\Program Files\Sandboxie\SandboxieRpcSs.exe

C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe

C:\Users\abhi\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\abhi\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\abhi\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Sandboxie\SandboxieCrypto.exe

C:\Users\abhi\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\abhi\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\abhi\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Users\abhi\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\abhi\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\abhi\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\abhi\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\abhi\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\abhi\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\abhi\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\abhi\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com.au/

mStart Page = hxxp://home.sweetim.com

uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll

mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll

BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll

BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll

TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll

TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

uRun: [VoipDiscount] "C:\Program Files (x86)\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized

uRun: [googletalk] C:\Users\abhi\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart

uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet

uRun: [sandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Free YouTube Download - C:\Users\abhi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{254BD2EB-50B9-48FE-B24B-23C3161CF292} : NameServer = 10.4.85.135 10.4.176.231

TCP: Interfaces\{25F9088E-BF61-44AA-8F87-712A218529BF} : NameServer = 10.4.176.234 10.4.85.138

TCP: Interfaces\{68DC586A-10F9-4BBB-88D6-48AC49255167} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{68DC586A-10F9-4BBB-88D6-48AC49255167}\458656F53516E64637F5055726C69636F584F6473707F6473723437302 : DhcpNameServer = 192.168.0.1 192.168.0.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll

BHO-X64: Browser Defender BHO - No File

BHO-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll

BHO-X64: Conduit Engine - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll

BHO-X64: BitTorrentBar - No File

BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO-X64: IESpeakDoc - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll

TB-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll

TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll

TB-X64: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun-x64: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe

IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]

R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]

R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]

R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R1 pctgntdi;pctgntdi;\??\C:\Windows\System32\drivers\pctgntdi64.sys --> C:\Windows\System32\drivers\pctgntdi64.sys [?]

R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\system32\Drivers\PCTSD64.sys --> C:\Windows\system32\Drivers\PCTSD64.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-6-9 98208]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-10-22 106144]

R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2011-11-23 2391832]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]

R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2012-7-8 337872]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-22 103992]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-6-9 13592]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-8 654408]

R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-4-25 1127448]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-9 2320920]

R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-7-9 935480]

R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-10-22 158880]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-3-22 163480]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 XobniService;XobniService;C:\Program Files (x86)\Xobni\XobniService.exe [2011-2-25 62184]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-5 253088]

S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]

S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\system32\drivers\btath_avdt.sys --> C:\Windows\system32\drivers\btath_avdt.sys [?]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]

S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]

S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-13 206072]

S3 pctplsg;pctplsg;\??\C:\Windows\System32\drivers\pctplsg64.sys --> C:\Windows\System32\drivers\pctplsg64.sys [?]

S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]

S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2012-7-8 371472]

S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2012-7-8 1117144]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);C:\Windows\system32\DRIVERS\swnc8ua3.sys --> C:\Windows\system32\DRIVERS\swnc8ua3.sys [?]

S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);C:\Windows\system32\DRIVERS\swumxa3.sys --> C:\Windows\system32\DRIVERS\swumxa3.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-07-09 11:35:25 -------- d-----w- C:\Program Files (x86)\ESET

2012-07-09 11:33:54 -------- d-----w- C:\Users\abhi\AppData\Local\Threat Expert

2012-07-09 11:00:11 -------- d-----w- C:\Users\abhi\AppData\Local\AVG Secure Search

2012-07-08 11:21:58 180488 ----a-w- C:\Windows\System32\drivers\pctplfw64.sys

2012-07-08 11:21:42 119688 ----a-w- C:\Windows\System32\drivers\pctNdis-PacketFilter64.sys

2012-07-08 11:21:41 42968 ----a-w- C:\Windows\System32\drivers\pctNdis-DNS64.sys

2012-07-08 09:49:34 -------- d-----w- C:\Users\abhi\AppData\Local\{3BF38EE6-C82C-11E1-8270-B8AC6F996F26}

2012-07-07 23:07:28 767952 ----a-w- C:\Windows\BDTSupport.dll

2012-07-07 23:07:28 2189264 ----a-w- C:\Windows\PCTBDCore.dll

2012-07-07 23:07:28 1533904 ----a-w- C:\Windows\PCTBDRes.dll

2012-07-07 23:07:28 149456 ----a-w- C:\Windows\SGDetectionTool.dll

2012-07-07 23:06:18 816016 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys

2012-07-07 23:06:18 452872 ----a-w- C:\Windows\System32\drivers\pctDS64.sys

2012-07-07 23:06:17 336512 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys

2012-07-07 23:06:17 141312 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys

2012-07-07 23:06:00 360696 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys

2012-07-07 23:05:47 228392 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys

2012-07-07 23:05:44 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys

2012-07-07 23:05:29 -------- d-----w- C:\ProgramData\PC Tools

2012-07-07 23:05:29 -------- d-----w- C:\Program Files (x86)\PC Tools Security

2012-07-07 23:05:29 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools

2012-07-07 22:41:36 -------- d-----w- C:\Users\abhi\AppData\Local\Apps

2012-07-07 22:41:34 -------- d-----w- C:\Users\abhi\AppData\Local\Deployment

2012-07-07 22:36:48 -------- d-----w- C:\$AVG

2012-07-07 15:03:39 -------- d-----w- C:\Users\abhi\AppData\Roaming\AVG2012

2012-07-07 15:02:53 -------- d-----w- C:\ProgramData\AVG Secure Search

2012-07-07 15:02:48 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search

2012-07-07 15:02:46 -------- d-----w- C:\Program Files (x86)\AVG Secure Search

2012-07-07 15:02:21 -------- d-----w- C:\Windows\SysWow64\drivers\AVG

2012-07-07 15:00:58 -------- d-----w- C:\Windows\System32\drivers\AVG

2012-07-07 15:00:58 -------- d-----w- C:\ProgramData\AVG2012

2012-07-07 15:00:10 -------- d-----w- C:\Program Files (x86)\AVG

2012-07-07 14:22:02 -------- d--h--w- C:\ProgramData\Common Files

2012-07-07 14:18:47 -------- d-----w- C:\ProgramData\MFAData

2012-07-07 14:15:29 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2012-07-07 14:15:26 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-07-07 14:15:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-07 13:16:47 -------- d-----w- C:\Users\abhi\AppData\Roaming\Malwarebytes

2012-07-07 13:16:42 -------- d-----w- C:\ProgramData\Malwarebytes

2012-07-07 12:05:56 -------- d-----w- C:\Users\abhi\AppData\Local\Groove

2012-07-07 12:05:56 -------- d-----w- C:\ProgramData\F4D55F38000089BE00034AE5B4EB2367

2012-07-07 12:05:48 -------- d-----w- C:\Users\abhi\AppData\Roaming\Fyroik

2012-07-07 12:05:48 -------- d-----w- C:\Users\abhi\AppData\Roaming\Dazyu

2012-06-26 08:43:29 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-26 08:42:28 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-26 08:42:02 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-26 08:42:02 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-16 01:40:01 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe

2012-06-13 21:39:29 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

.

==================== Find3M ====================

.

2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-04-22 11:21:51 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-22 11:21:51 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

.

============= FINISH: 13:20:47.47 ===============

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 27/07/2011 7:16:27 PM

System Uptime: 11/07/2012 2:01:23 AM (11 hours ago)

.

Motherboard: Hewlett-Packard | | 3674

Processor: Intel® Pentium® CPU P6300 @ 2.27GHz | CPU | 929/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 283 GiB total, 173.848 GiB free.

D: is FIXED (NTFS) - 14 GiB total, 1.789 GiB free.

E: is CDROM ()

F: is FIXED (FAT32) - 0 GiB total, 0.079 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: PC Tools Data Store

Device ID: ROOT\LEGACY_PCTDS\0000

Manufacturer:

Name: PC Tools Data Store

PNP Device ID: ROOT\LEGACY_PCTDS\0000

Service: pctDS

.

==== System Restore Points ===================

.

RP132: 9/07/2012 11:35:07 PM - ComboFix created restore point

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Adobe AIR

Adobe Community Help

Adobe Media Player

Adobe Photoshop CS5

Adobe Reader X (10.1.2)

Agatha Christie - Peril at End House

Android Sync Manager WiFi

Ann Video Converter 4.5.0

Atheros Driver Installation Program

Bejeweled 2 Deluxe

Bejeweled 3

BitTorrent

BitTorrentBar Toolbar

Blackhawk Striker 2

Blasterball 3

Bounce Symphony

Browser Defender 3.0

Build-a-lot 2

Cake Mania

Chuzzle Deluxe

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Conduit Engine

CyberLink YouCam

D3DX10

Diner Dash 2 Restaurant Rescue

Dora's World Adventure

Energy Star Digital Logo

ESET Online Scanner v3

ESU for Microsoft Windows 7

Evernote v. 4.2.2

Farm Frenzy

FATE - The Traitor Soul

Final Drive Nitro

Free YouTube Download version 3.1.22.319

FreeMind

Google Chrome

Google Talk (remove only)

Google Talk Plugin

Hewlett-Packard ACLM.NET v1.1.2.0

HP Customer Experience Enhancements

HP Documentation

HP Games

HP On Screen Display

HP Power Manager

HP Quick Launch

HP Setup

HP Software Framework

HP Support Assistant

Intel® Control Center

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Intel® Rapid Storage Technology

Java Auto Updater

Java 6 Update 30

Magic ISO Maker v5.5 (build 0272)

Mah Jong Medley

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office 2010

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

MSVCRT

Mystery P.I. - Stolen in San Francisco

Namco All-Stars PAC-MAN

PC Tools Internet Security

PDF Complete Special Edition

PDF Settings CS5

PDFZilla V1.2.9

Penguins!

Plants vs. Zombies - Game of the Year

Poker Superstars III

Polar Bowler

Polar Golfer

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Realtek PCIE Card Reader

Recovery Manager

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Skype™ 5.1

Slingo Supreme

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update Installer for WildTangent Games App

Virtual Villagers 4 - The Tree of Life

Visual Studio 2008 x64 Redistributables

VLC media player 1.1.11

VoipDiscount

WildTangent Games App (HP Games)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinISO 5.3

WinZip 14.5

Xobni

Xobni Core

Yahoo! Software Update

Yahoo!7 Messenger

Zuma Deluxe

.

==== Event Viewer Messages From Past Week ========

.

9/07/2012 11:24:13 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

9/07/2012 11:04:07 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

8/07/2012 9:14:45 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

8/07/2012 8:25:12 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.

8/07/2012 7:45:45 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.

8/07/2012 3:50:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

8/07/2012 3:50:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the sdCoreService service.

8/07/2012 10:56:02 AM, Error: PCTCore [280] - The item store is corrupted: @5255.

8/07/2012 10:22:33 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

7/07/2012 11:24:43 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

7/07/2012 11:20:16 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

7/07/2012 11:12:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

7/07/2012 11:12:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

7/07/2012 11:12:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

7/07/2012 11:12:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

7/07/2012 11:12:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

7/07/2012 11:12:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

7/07/2012 11:12:17 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf

7/07/2012 11:12:16 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/07/2012 11:12:16 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

7/07/2012 11:12:16 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

7/07/2012 11:12:16 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

7/07/2012 11:12:16 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

7/07/2012 11:12:16 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

7/07/2012 11:12:16 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/07/2012 11:12:16 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/07/2012 11:12:16 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

7/07/2012 11:12:16 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

10/07/2012 8:39:48 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.

10/07/2012 8:39:08 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WwanSvc service.

10/07/2012 6:12:46 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ZAtheros Bt&Wlan Coex Agent service.

.

==== End Of File ===========================

aswMBR.txt

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-07-11 14:22:04

-----------------------------

14:22:04.510 OS Version: Windows x64 6.1.7601 Service Pack 1

14:22:04.510 Number of processors: 2 586 0x2505

14:22:04.511 ComputerName: ABHI-HP UserName: abhi

14:22:06.811 Initialize success

14:22:16.970 AVAST engine defs: 12071001

14:22:24.527 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

14:22:24.532 Disk 0 Vendor: WDC_WD32 02.0 Size: 305245MB BusType: 3

14:22:24.550 Disk 0 MBR read successfully

14:22:24.556 Disk 0 MBR scan

14:22:24.565 Disk 0 Windows 7 default MBR code

14:22:24.571 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048

14:22:24.592 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 290258 MB offset 409600

14:22:24.630 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14683 MB offset 594857984

14:22:24.646 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768

14:22:24.702 Disk 0 scanning C:\Windows\system32\drivers

14:22:41.771 Service scanning

14:24:18.280 Modules scanning

14:24:18.296 Disk 0 trace - called modules:

14:24:18.634

14:24:22.659 AVAST engine scan C:\Windows

14:24:51.932 AVAST engine scan C:\Windows\system32

14:30:55.881 AVAST engine scan C:\Windows\system32\drivers

14:31:11.834 AVAST engine scan C:\Users\abhi

14:36:56.199 AVAST engine scan C:\ProgramData

14:39:22.033 Scan finished successfully

14:39:49.142 Disk 0 MBR has been saved successfully to "C:\Users\abhi\Downloads\MBR.dat"

14:39:49.148 The log file has been saved successfully to "C:\Users\abhi\Downloads\aswMBR.txt"

[Maniac]

I couldn't see AVG in your installed programs list. I only see remnants of it. Can you confirm?

[kool082]

Thanks for the quick response. AVG is installed and running. I disabled it when taking DDS logs but its installed fully.

[Maniac]

No, I mean do you have AVG in the list of installed programs? I only see PC Tools in this list.

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!