Jump to content

Recommended Posts

Issue 3/9/2013: My OS is Windows XP. It started happening today, as soon as I try to browse to any web site the IE closes on its own. The only way I can launch the IE to set the home page to black through Kaspersky tool but as soon as I try to navigate to yahoo.com or google.com the browser closes. I also noticed that windows Media player stopped working.

Update on 3/10/2013: Now I cannot connect to any web site using Chrome too, even though Chrome doesn't close on its own like IE does. I also noticed that Malwarebyte program cannot connect to its server to get the latest updates. Same problem with Kaspersky also, it cannot connect to its server. However I can ping www.yahoo.com from command prompt.

Please help!

Update 3/10/2013: when trying to get to google.com from Chrome I get the error msg: Error 324 (net::ERR_EMPTY_RESPONSE): the server closed the connection without sending any data

Hi, 

 

Attached is the hijack this log. Please help!

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 9:26:58 PM, on 3/10/2013

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

e:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\dla\DLACTRLW.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

E:\Program Files\AVAST Software\Avast\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Jit Dutta\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll

O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - e:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - e:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [TDispVol] TDispVol.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe

O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"

O4 - HKLM\..\Run: [avast] "e:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] e:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm

O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab

O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.anandabazar.com/wfplayer/tdserver.cab

O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://laxnotes2.infonet.com/iNotes6W.cab

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {7CBD657F-F647-40EE-BE7A-094704C1379D} (Siebel High Interactivity Framework) - http://172.27.19.176/marketing_enu/21215/applets/SiebelAx_HI_Client.cab

O16 - DPF: {CAFECAFE-0013-0001-0018-ABCDEFABCDEF} (JInitiator 1.3.1.18) - http://devdb02.scl.corp.equinix.com:8008/jinitiator/oajinit.exe

O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - http://www.tvucricket.com/player/vjocx-en-black.cab

O16 - DPF: {DE2C7216-C882-400E-BB47-EBB90237CAD1} (Siebel High Interactivity Framework) - http://laxcrmw80.infonet.com/ecommunications_ENU/19221/applets/SiebelAx_HI_Client.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! Antivirus - AVAST Software - e:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Unknown owner - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

 

--

End of file - 7847 bytes

 

Link to post
Share on other sites

Hi and welcome to Malwarebytes.

You have two active Antivirus apps, Kaspersky & Avast. Having more than 1 active antivirus -will- cause deadlocks and conflicts & actually lead to less protection. icon_twisted.gif

If you did not purchase a license for Kaspersky, then Uninstall it and restart the system fresh.

IF you -do have- a license for Kaspersky, remove Avast and restart the system fresh.

Tell me which one you have removed !

2

Using Internet Explorer browser (only!) go to http://support.microsoft.com/kb/923737

[ignore any DOES NOT APPLY warning as well as the APPLIES TO section],

run the Fix It and then reboot.

Tip: For optimal results, enable the Delete personal settings option.

While in IE, press Shift+CTRL+Delete keys and delete temporary internet cache files.

3

Next, Temporarily turn off your antivirus.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

IF you have Avast installed, Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK

Right click on the Avast Ball and select Avast! Shields Control and Disable Until Computer is Restarted

Please update MBAM, run a Quick Scan, and Copy & Paste & post its log.

4

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

When all done, turn ON the antivirus.

Be sure to do a Preview prior to pressing Add Reply because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Edited by Maurice Naggar
added caution on antivirus !!
Link to post
Share on other sites

Hi Maurice,

I have uninstalled Avast and that allowed Chrome to connect to internet. Thanks for the suggestion!

But at the Microsoft web site when I tried to apply the IE fix (Microsoft fix it 50195) I got the following error: installer has encountered an unexpected error installing this package. This may indicate a problem with this package. error code is 2738.

Please advice.

Link to post
Share on other sites

MBAM log:

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.03.11.09

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Jit Dutta :: JDTOSHIBA [administrator]

3/11/2013 9:21:07 AM

mbam-log-2013-03-11 (09-21-07).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 245649

Time elapsed: 11 minute(s), 19 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702

Run by Jit Dutta at 9:43:58 on 2013-03-11

.

============== Running Processes ================

.

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\dla\DLACTRLW.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uSearch Bar = hxxp://www.google.com/ie

uSearch Page = hxxp://www.google.com

mSearch Bar = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dll

BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll

BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dll

BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [TDispVol] TDispVol.exe

mRun: [dla] c:\windows\system32\dla\DLACTRLW.exe

mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot

mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe"

uPolicies-Explorer: NoDriveTypeAutoRun = dword:323

uPolicies-Explorer: NoDriveAutoRun = dword:67108863

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2013\ie_banner_deny.htm

IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab

DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} - hxxp://www.anandabazar.com/wfplayer/tdserver.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxp://laxnotes2.infonet.com/iNotes6W.cab

DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {7CBD657F-F647-40EE-BE7A-094704C1379D} - hxxp://172.27.19.176/marketing_enu/21215/applets/SiebelAx_HI_Client.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFECAFE-0013-0001-0018-ABCDEFABCDEF} - hxxp://devdb02.scl.corp.equinix.com:8008/jinitiator/oajinit.exe

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.tvucricket.com/player/vjocx-en-black.cab

DPF: {DE2C7216-C882-400E-BB47-EBB90237CAD1} - hxxp://laxcrmw80.infonet.com/ecommunications_ENU/19221/applets/SiebelAx_HI_Client.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 209.18.47.61 209.18.47.62 192.168.1.1

TCP: Interfaces\{5AE64966-27A6-4F7B-9F25-EF8940E65159} : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.1.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: igfxcui - igfxdev.dll

Notify: klogon - c:\windows\system32\klogon.dll

Notify: WRNotifier - WRLogonNTF.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\25.0.1364.160\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

============= SERVICES / DRIVERS ===============

.

R? brfilt;Brother MFC Filter Driver

R? BrSerWDM;Brother Serial driver

R? BrUsbMdm;Brother MFC USB Fax Only Modem

R? BrUsbScn;Brother MFC USB Scanner driver

R? hamachi_oem;PlayLinc Adapter

R? IO_Memory;IO_Memory

R? ISWKL;ZoneAlarm Toolbar ISWKL

R? IswSvc;ZoneAlarm Toolbar IswSvc

R? SVRPEDRV;SVRPEDRV

R? vsdatant;vsdatant

R? WDC_SAM;WD SCSI Pass Thru driver

S? AVP;Kaspersky Anti-Virus Service

S? Iprip;RIP Listener

S? kl1;kl1

S? KLIF;Kaspersky Lab Driver

S? klim5;Kaspersky Anti-Virus NDIS Filter

S? klkbdflt;Kaspersky Lab KLKBDFLT

S? klmouflt;Kaspersky Lab KLMOUFLT

S? kltdi;kltdi

S? kneps;kneps

S? McrdSvc;Media Center Extender Service

.

=============== File Associations ===============

.

ShellExec: FRONTPG.EXE: edit=e:\progra~1\micros~1\office\FRONTPG.EXE

.

=============== Created Last 30 ================

.

2013-03-10 21:06:43 21104 -c--a-w- c:\windows\system32\drivers\mbam.sys

2013-03-09 22:29:39 -------- dc-h--w- c:\windows\ie8

2013-03-02 08:40:09 178688 -c--a-w- c:\windows\system32\unrar.dll

2013-03-01 21:35:30 -------- dc----w- c:\program files\K-Lite Codec Pack

2013-03-01 21:21:03 -------- dc----w- c:\program files\DivX

2013-03-01 21:20:41 -------- dc----w- c:\documents and settings\all users\application data\DivX

2013-02-10 20:29:19 -------- dc----w- C:\3590F75ABA9E485486C100C1A9D4FF06Z.Z..........Z.Z

.

==================== Find3M ====================

.

2013-01-26 03:55:44 552448 -c--a-w- c:\windows\system32\oleaut32.dll

2013-01-25 16:00:40 247920 -c--a-w- c:\windows\system32\avutil-lav-52.dll

2013-01-25 16:00:40 165160 -c--a-w- c:\windows\system32\avresample-lav-1.dll

2013-01-07 01:19:45 2148864 -c--a-w- c:\windows\system32\ntoskrnl.exe

2013-01-07 00:37:01 2027520 -c--a-w- c:\windows\system32\ntkrnlpa.exe

2013-01-04 01:20:00 1867264 -c--a-w- c:\windows\system32\win32k.sys

2013-01-02 06:49:10 1292288 -c--a-w- c:\windows\system32\quartz.dll

2012-12-29 01:00:29 43608 -c--a-w- c:\windows\system32\drivers\kltdi.sys

2012-12-26 20:16:29 916480 -c--a-w- c:\windows\system32\wininet.dll

2012-12-26 20:16:28 43520 -c----w- c:\windows\system32\licmgr10.dll

2012-12-26 20:16:28 1469440 -c----w- c:\windows\system32\inetcpl.cpl

2012-12-24 06:40:59 385024 -c----w- c:\windows\system32\html.iec

2012-12-16 12:23:59 290560 -c--a-w- c:\windows\system32\atmfd.dll

.

============= FINISH: 9:47:37.23 ===============

Link to post
Share on other sites

Please do as much as possible of the following:

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Step 3

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step 4

Download Security Check by screen317 and save it to your Desktop: here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 5
Close all open browsers at this point.
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall
Start Internet Explorer
Using Internet Explorer browser only, go to BitDefender Quickscan website:
http://quickscan.bitdefender.com
and click "Start Scan".
Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.
Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.
If prompted, reply yes to allow it to run.
Press the Allow button and follow prompts.
Press the "Start Scan" once more.
You'll see the EULA in a pop-up window. Click the I accept & then the OK button
Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/
and that QuickScan has no removal capability.
The site boasts a 60-second scan. Do have patience as it likely will take longer.
It may seem to stall at moments, but have patience; it will move on.
You'll see a progress bar at top right of window.
Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.
The log report will show in your text editor. Save the log.
Do a Select ALL, Copy. Then paste contents into your next reply.
Step 6
  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Click on Scan.
  • Click on Report and copy/paste the content of the notepad into your next reply.

Step 7

RE-Enable your antivirus program.

Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & log from Bitdefender & RogueKiller log.

Use separate replies as needed if logs do not fit into one reply box.

Link to post
Share on other sites

checkup.txt:

Results of screen317's Security Check version 0.99.61

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Disabled!

ZoneAlarm Security Suite Antivirus

Kaspersky Internet Security

Antivirus out of date! (On Access scanning disabled!)

`````````Anti-malware/Other Utilities Check:`````````

WinPatrol

Malwarebytes Anti-Malware version 1.70.0.1100

CCleaner

Adobe Flash Player 10 Flash Player out of Date!

Adobe Flash Player 10.2.159.1 Flash Player out of Date!

Google Chrome 25.0.1364.160

Google Chrome 25.0.1364.172

````````Process Check: objlist.exe by Laurent````````

WinPatrol winpatrol.exe

Kaspersky Lab Kaspersky Internet Security 2013 avp.exe

BillP Studios WinPatrol winpatrol.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 55% Defragment your hard drive soon! (Do NOT defrag if SSD!)

``````````````````End of Log``````````````````````

Edited by Maurice Naggar
highlights
Link to post
Share on other sites

info.txt:

info.txt logfile of random's system information tool 1.09 2013-03-16 09:04:10

======Uninstall list======

-->C:\Documents and Settings\All Users\Application Data\DivX\DivX7\DivX Codec\DivXCodecUninstall.exe /CODEC

-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}

-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}

-->E:\SiebelAnalytics\UninstallApps2\setup.exe

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL

Adobe Download Manager-->"C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /Get1

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10p_Plugin.exe -maintain plugin

Ashampoo Burning Studio 6 FREE-->"C:\Program Files\Ashampoo\Ashampoo Burning Studio 6 FREE\unins000.exe"

AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"

Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}

Brother MFL-Pro Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}\Setup.exe" -l0x9 Brunin03.dll -removeonly

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

CD/DVD Drive Acoustic Silencer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9

DVD-RAM Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\setup.exe" -l0x9 DVD-RAM Driver

ERUNT 1.1j-->"e:\Program Files\ERUNT\unins000.exe"

FileASSASSIN-->e:\Program Files\FileASSASSIN\uninst.exe

Google Chrome-->"C:\Program Files\Google\Chrome\Application\25.0.1364.172\Installer\setup.exe" --uninstall --multi-install --chrome --system-level

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2

Intel® PRO Network Connections Drivers-->Prounstl.exe

Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe

InterVideo WinDVD Creator 2-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL

InterVideo WinDVD for TOSHIBA-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL

Kaspersky Internet Security 2013-->MsiExec.exe /I{560985FB-4B76-4121-9189-7A2CDC7886D6}

Kaspersky Internet Security 2013-->MsiExec.exe /I{560985FB-4B76-4121-9189-7A2CDC7886D6} REMOVE=ALL

K-Lite Codec Pack 9.7.5 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"

Malwarebytes Anti-Malware version 1.70.0.1100-->"e:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}

mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}

mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Office 2000 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}

mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}

mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}

mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}

mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}

mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}

mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}

mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}

mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}

Office 2003 Trial Assistant-->MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}

Oracle JInitiator 1.3.1.18-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{68249B6E-B714-11D7-88E8-0050DA21757E}\Setup.exe" -l0x9 -uninst

Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"

Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly

SD Secure Module-->MsiExec.exe /X{C45F4811-31D5-4786-801D-F79CD06EDD85}

Security Update for Windows Internet Explorer 8 (KB2510531)-->"C:\WINDOWS\ie8updates\KB2510531-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2618444)-->"C:\WINDOWS\ie8updates\KB2618444-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2744842)-->"C:\WINDOWS\ie8updates\KB2744842-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2792100)-->"C:\WINDOWS\ie8updates\KB2792100-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2797052)-->"C:\WINDOWS\ie8updates\KB2797052-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"

Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}

Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}

Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}

Sothink Movie DVD Maker-->"C:\Program Files\SourceTec\Sothink Movie DVD Maker\unins000.exe"

STB Prospector II-->E:\PROGRA~1\PROSPE~1\UNINST~1.EXE E:\PROGRA~1\PROSPE~1\INSTALL.LOG

Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4497AFF6-98C4-4F49-B073-F48F42BCBF9E} /l1033

TOSHIBA Controls-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe" -l0x9 UNINSTALL

TOSHIBA Hotkey Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64DD71BC-3109-4C88-9AD3-D5422644B722}\setup.exe" -l0x9

Toshiba Media Center Game Console-->MsiExec.exe /I{F21B28BF-8A4D-4F1A-A61B-69DD5B4A9BBA}

TOSHIBA PC Diagnostic Tool-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu"

TOSHIBA Power Saver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\Power Saver\Uninst.isu" -c"C:\WINDOWS\system32\TPSDel.dll"

TOSHIBA SD Memory Card Format-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}\Setup.exe"

TOSHIBA TouchPad ON/Off Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{69BE47C2-36FE-4397-8199-85D8EAE69982}\setup.exe" -l0x9

TOSHIBA Utilities-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}\setup.exe" -l0x9

TOSHIBA Virtual Sound-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B12BA86-ADAC-4BA6-B441-FFC591087252}\Setup.exe" /uninstall

TOSHIBA Zooming Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\Setup.exe"

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Update for Windows Internet Explorer 8 (KB2598845)-->"C:\WINDOWS\ie8updates\KB2598845-IE8\spuninst\spuninst.exe"

VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}

VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}

VC80CRTRedist - 8.0.50727.6195-->MsiExec.exe /I{933B4015-4618-4716-A828-5289FC03165F}

Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}

Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

WinPatrol-->C:\DOCUME~1\ALLUSE~1\APPLIC~1\INSTAL~2\{A62F9~1\Setup.exe /remove /q0

WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: ZoneAlarm Security Suite Antivirus (disabled) (outdated)

AV: Kaspersky Internet Security

FW: ZoneAlarm Firewall (disabled)

FW: Kaspersky Internet Security

======System event log======

Computer Name: JDTOSHIBA

Event Code: 7001

Message: The ZoneAlarm Toolbar IswSvc service depends on the ZoneAlarm Toolbar ISWKL service which failed to start because of the following error:

The system cannot find the file specified.

Record Number: 72360

Source Name: Service Control Manager

Time Written: 20121229125936.000000-480

Event Type: error

User:

Computer Name: JDTOSHIBA

Event Code: 7000

Message: The ZoneAlarm Toolbar ISWKL service failed to start due to the following error:

The system cannot find the file specified.

Record Number: 72359

Source Name: Service Control Manager

Time Written: 20121229125936.000000-480

Event Type: error

User:

Computer Name: JDTOSHIBA

Event Code: 7026

Message: The following boot-start or system-start driver(s) failed to load:

Cdrom

Imapi

redbook

Record Number: 72317

Source Name: Service Control Manager

Time Written: 20121229120631.000000-480

Event Type: error

User:

Computer Name: JDTOSHIBA

Event Code: 7001

Message: The ZoneAlarm Toolbar IswSvc service depends on the ZoneAlarm Toolbar ISWKL service which failed to start because of the following error:

The system cannot find the file specified.

Record Number: 72316

Source Name: Service Control Manager

Time Written: 20121229120630.000000-480

Event Type: error

User:

Computer Name: JDTOSHIBA

Event Code: 7000

Message: The ZoneAlarm Toolbar ISWKL service failed to start due to the following error:

The system cannot find the file specified.

Record Number: 72315

Source Name: Service Control Manager

Time Written: 20121229120630.000000-480

Event Type: error

User:

=====Application event log=====

Computer Name: JDTOSHIBA

Event Code: 1001

Message: Fault bucket -1980436755.

Record Number: 28

Source Name: Application Hang

Time Written: 20130301133028.000000-480

Event Type: error

User:

Computer Name: JDTOSHIBA

Event Code: 1002

Message: Hanging application winpatrol.exe, version 20.0.2011.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 27

Source Name: Application Hang

Time Written: 20130301133024.000000-480

Event Type: error

User:

Computer Name: JDTOSHIBA

Event Code: 1001

Message: Fault bucket 1723119140.

Record Number: 26

Source Name: Application Error

Time Written: 20130301132907.000000-480

Event Type: error

User:

Computer Name: JDTOSHIBA

Event Code: 1000

Message: Faulting application winpatrol.exe, version 20.0.2011.0, faulting module winpatrol.exe, version 20.0.2011.0, fault address 0x000135ca.

Record Number: 25

Source Name: Application Error

Time Written: 20130301132857.000000-480

Event Type: error

User:

Computer Name: JDTOSHIBA

Event Code: 1002

Message: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 19

Source Name: Application Hang

Time Written: 20130301131007.000000-480

Event Type: error

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"NLS_LANG"=AMERICAN_AMERICA.UTF8

"NUMBER_OF_PROCESSORS"=2

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;e:\SiebelAnalytics\server\Bin;e:\SiebelAnalytics\web\bin;e:\SiebelAnalytics\web\catalogmanager

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel

"PROCESSOR_LEVEL"=6

"PROCESSOR_REVISION"=0e08

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"windir"=%SystemRoot%

"SAROOTDIR"=e:\SiebelAnalytics

"SADATADIR"=e:\SiebelAnalyticsData

"SATEMPDIR"=e:\SiebelAnalyticsData\tmp

"tvdumpflags"=8

"PERL5LIB"=

"ORACLE_HOME"=

-----------------EOF-----------------

Edited by Maurice Naggar
Link to post
Share on other sites

log.txt:

Logfile of random's system information tool 1.09 (written by random/random)

Run by Jit Dutta at 2013-03-16 09:03:43

Microsoft Windows XP Professional Service Pack 3

System drive C: has 2 GB (6%) free of 30 GB

Total RAM: 1014 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 9:04:06 AM, on 3/16/2013

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\dla\DLACTRLW.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Jit Dutta\My Documents\Downloads\RSIT.exe

C:\Documents and Settings\Jit Dutta\Desktop\Jit Dutta.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....kId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....kId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....kId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....kId=69157

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll

O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll

O4 - HKLM\..\Run: [TDispVol] TDispVol.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe

O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm

O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...ctlcm.cab

O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.anandabaz...erver.cab

O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://laxnotes2.inf...tes6W.cab

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetwork...TVUAx.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset...anner.cab

O16 - DPF: {7CBD657F-F647-40EE-BE7A-094704C1379D} (Siebel High Interactivity Framework) - http://172.27.19.176...lient.cab

O16 - DPF: {CAFECAFE-0013-0001-0018-ABCDEFABCDEF} (JInitiator 1.3.1.18) - http://devdb02.scl.c...jinit.exe

O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - http://www.tvucricke...black.cab

O16 - DPF: {DE2C7216-C882-400E-BB47-EBB90237CAD1} (Siebel High Interactivity Framework) - http://laxcrmw80.inf...lient.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.ad....6/gp.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Unknown owner - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--

End of file - 7416 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}]

Content Blocker Plugin - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2012-08-17 537528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73455575-E40C-433C-9784-C78DC7761455}]

Virtual Keyboard Plugin - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2012-08-17 811960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}]

Safe Money Plugin - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll [2012-08-17 424888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]

URL Advisor Plugin - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll [2012-08-17 484280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"TDispVol"=C:\WINDOWS\system32\TDispVol.exe [2005-03-11 73728]

"dla"=C:\WINDOWS\system32\dla\DLACTRLW.exe [2005-10-06 122940]

"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2013-01-04 404712]

"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2012-12-28 356376]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

C:\WINDOWS\AGRSMMSG.exe [2005-10-15 88203]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2005-11-27 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]

C:\WINDOWS\system32\klogon.dll [2012-08-17 200632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]

WRLogonNTF.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=1

"NoDriveAutoRun"=67108863

"NoDrives"=0

"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine"

"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Documents and Settings\Jit Dutta\Desktop\utorrent.exe"="C:\Documents and Settings\Jit Dutta\Desktop\utorrent.exe:*:Enabled:µTorrent"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"E:\Program Files\Skype\Phone\Skype.exe"="E:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\Documents and Settings\Jit Dutta\Application Data\Spotify\spotify.exe"="C:\Documents and Settings\Jit Dutta\Application Data\Spotify\spotify.exe:*:Enabled:Spotify"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service"

"C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application"

"C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line"

"C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent"

"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"midimapper"=midimap.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msadpcm"=msadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.trspch"=tssoft32.acm

"vidc.cvid"=iccvid.dll

"vidc.I420"=msh263.drv

"vidc.iv31"=ir32_32.dll

"vidc.iv32"=ir32_32.dll

"vidc.iv41"=ir41_32.ax

"vidc.iyuv"=iyuv_32.dll

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvu9"=tsbyuv.dll

"vidc.yvyu"=msyuv.dll

"wavemapper"=msacm32.drv

"msacm.msg723"=msg723.acm

"vidc.M263"=msh263.drv

"vidc.M261"=msh261.drv

"msacm.msaudio1"=msaud32.acm

"msacm.sl_anet"=sl_anet.acm

"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax

"vidc.iv50"=ir50_32.dll

"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"wave2"=wdmaud.drv

"midi2"=wdmaud.drv

"mixer2"=wdmaud.drv

"aux2"=wdmaud.drv

"msacm.voxacm160"=vct3216.acm

"msacm.scg726"=scg726.acm

"msacm.alf2cd"=alf2cd.acm

"vidc.dvsd"=mcdvd_32.dll

"vidc.mpg4"=mpg4c32.dll

"vidc.mp42"=mpg4c32.dll

"vidc.mp43"=mpg4c32.dll

"aux3"=wdmaud.drv

"vidc.x264"=x264vfw.dll

"vidc.lags"=lagarith.dll

"msacm.ac3filter"=ac3filter.acm

======List of files/folders created in the last 1 month======

2013-03-16 09:03:43 ----DC---- C:\rsit

2013-03-10 14:06:43 ----AC---- C:\WINDOWS\system32\drivers\mbam.sys

2013-03-09 18:55:31 ----AC---- C:\WINDOWS\system32\aswBoot.exe

2013-03-09 15:31:41 ----AC---- C:\WINDOWS\imsins.BAK

2013-03-09 15:29:39 ----HDC---- C:\WINDOWS\ie8

2013-03-09 15:20:52 ----AC---- C:\WINDOWS\SchedLgU.Txt

2013-03-09 15:20:28 ----AC---- C:\WINDOWS\system32\FNTCACHE.DAT

2013-03-02 01:40:09 ----AC---- C:\WINDOWS\system32\unrar.dll

2013-03-01 14:35:30 ----DC---- C:\Program Files\K-Lite Codec Pack

2013-03-01 14:21:03 ----DC---- C:\Program Files\DivX

2013-03-01 14:20:41 ----DC---- C:\Documents and Settings\All Users\Application Data\DivX

======List of files/folders modified in the last 1 month======

2013-03-16 09:03:45 ----DC---- C:\WINDOWS\Prefetch

2013-03-16 08:58:32 ----DC---- C:\WINDOWS\ERDNT

2013-03-16 08:14:09 ----DC---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2013-03-16 08:06:23 ----DC---- C:\WINDOWS\system32\inetsrv

2013-03-16 07:54:05 ----DC---- C:\WINDOWS\Temp

2013-03-15 21:50:32 ----DC---- C:\Documents and Settings\Jit Dutta\Application Data\Media Player Classic

2013-03-15 21:08:52 ----DC---- C:\WINDOWS\system32\DLA

2013-03-11 10:11:35 ----ADC---- C:\WINDOWS\system32\drivers

2013-03-11 09:20:00 ----SHDC---- C:\WINDOWS\Installer

2013-03-11 08:51:27 ----DC---- C:\Documents and Settings\All Users\Application Data\AVAST Software

2013-03-11 08:47:58 ----DC---- C:\WINDOWS

2013-03-11 08:47:57 ----SDC---- C:\WINDOWS\Tasks

2013-03-10 13:49:52 ----DC---- C:\WINDOWS\system32\CatRoot2

2013-03-10 13:35:24 ----HDC---- C:\WINDOWS\inf

2013-03-10 13:35:20 ----DC---- C:\WINDOWS\system32\CatRoot

2013-03-10 13:35:19 ----RSHDC---- C:\WINDOWS\system32\dllcache

2013-03-10 13:35:06 ----DC---- C:\WINDOWS\ie8updates

2013-03-10 13:34:26 ----ADC---- C:\WINDOWS\system32

2013-03-10 08:58:04 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI

2013-03-09 18:54:45 ----SHDC---- C:\Config.Msi

2013-03-09 18:54:43 ----DC---- C:\WINDOWS\WinSxS

2013-03-09 18:54:42 ----DC---- C:\Program Files\Common Files\Microsoft Shared

2013-03-09 18:38:19 ----AC---- C:\WINDOWS\win.ini

2013-03-09 18:34:34 ----DC---- C:\Program Files\Windows Media Player

2013-03-09 18:31:31 ----DC---- C:\WINDOWS\Help

2013-03-09 18:31:30 ----DC---- C:\Program Files\Windows Media Connect 2

2013-03-09 15:42:32 ----DC---- C:\Program Files\Internet Explorer

2013-03-09 15:31:29 ----DC---- C:\WINDOWS\WBEM

2013-03-09 15:31:29 ----DC---- C:\WINDOWS\system32\en-us

2013-03-09 15:31:14 ----DC---- C:\WINDOWS\Media

2013-03-09 15:27:12 ----DC---- C:\WINDOWS\Debug

2013-03-09 13:45:46 ----DC---- C:\WINDOWS\system32\LogFiles

2013-03-09 13:21:55 ----DC---- C:\Program Files

2013-03-09 13:14:43 ----DC---- C:\Program Files\Google

2013-03-09 12:47:31 ----DC---- C:\Documents and Settings\Jit Dutta\Application Data\uTorrent

2013-03-09 11:02:24 ----SHD---- C:\WINDOWS\CSC

2013-03-02 13:36:46 ----DC---- C:\Documents and Settings\All Users\Application Data\InstallMate

2013-03-02 09:05:02 ----DC---- C:\Program Files\Common Files

2013-03-02 01:13:01 ----SDC---- C:\WINDOWS\Downloaded Program Files

2013-03-02 01:04:51 ----ADC---- C:\Documents and Settings\All Users\Application Data\TEMP

2013-03-01 14:31:35 ----DC---- C:\Documents and Settings\Jit Dutta\Application Data\DivX

2013-03-01 14:12:08 ----DC---- C:\WINDOWS\ehome

2013-02-22 21:40:00 ----DC---- C:\WINDOWS\SxsCaPendDel

2013-02-22 18:28:39 ----DC---- C:\WINDOWS\Registration

2013-02-22 18:28:36 ----RSDC---- C:\WINDOWS\assembly

2013-02-22 18:28:35 ----DC---- C:\WINDOWS\system32\mui

2013-02-22 18:28:34 ----DC---- C:\WINDOWS\system32\URTTemp

2013-02-22 18:20:30 ----RSDC---- C:\WINDOWS\Fonts

2013-02-17 16:26:33 ----DC---- C:\WINDOWS\Internet Logs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 DRVMCDB;DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [2005-09-12 89264]

R0 kl1;kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [2012-06-19 136024]

R0 KR10N;KR10N; C:\WINDOWS\system32\drivers\KR10N.sys [2005-01-12 204160]

R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]

R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2012-12-28 586584]

R1 kltdi;kltdi; C:\WINDOWS\system32\DRIVERS\kltdi.sys [2012-12-28 43608]

R1 kneps;kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [2012-08-13 144344]

R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-06-02 102384]

R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]

R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-12-31 21275]

R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-10-06 25628]

R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-10-06 2496]

R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-10-06 86524]

R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-10-06 14684]

R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-10-06 6364]

R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-10-06 87036]

R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-10-06 94332]

R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]

R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]

R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-11-15 1122656]

R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-10-10 163328]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-27 1353820]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-12-09 4123136]

R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2012-06-27 35672]

R3 klkbdflt;Kaspersky Lab KLKBDFLT; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [2012-10-25 24408]

R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2012-10-25 24920]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]

R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]

R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-12-16 191936]

R3 tbiosdrv;Toshiba Logical Tbios Device; C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys [2005-08-24 9472]

R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560]

R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]

R3 TVALD;Toshiba Mobile PC Service; C:\WINDOWS\system32\DRIVERS\NBSMI.sys [2005-10-20 6144]

R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2005-11-30 43392]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-04 1428096]

S0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys []

S0 srescan;srescan; C:\WINDOWS\system32\ZoneLabs\srescan.sys []

S2 ISWKL;ZoneAlarm Toolbar ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys []

S3 brfilt;Brother MFC Filter Driver; C:\WINDOWS\System32\Drivers\Brfilt.sys [2001-08-17 2944]

S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295]

S3 BrSerWDM;Brother Serial driver; C:\WINDOWS\System32\Drivers\BrSerWdm.sys [2001-08-17 60416]

S3 BrUsbMdm;Brother MFC USB Fax Only Modem; C:\WINDOWS\System32\Drivers\BrUsbMdm.sys [2001-08-17 11008]

S3 BrUsbScn;Brother MFC USB Scanner driver; C:\WINDOWS\System32\Drivers\BrUsbScn.sys [2001-08-17 10368]

S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]

S3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2005-09-14 179200]

S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys []

S3 hamachi_oem;PlayLinc Adapter; C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-09-27 10664]

S3 IO_Memory;IO_Memory; C:\WINDOWS\system32\drivers\IO_Memory.sys []

S3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]

S3 mf;mf; C:\WINDOWS\system32\DRIVERS\mf.sys [2008-04-13 63744]

S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]

S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []

S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []

S3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]

S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]

S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]

S3 SVRPEDRV;SVRPEDRV; C:\WINDOWS\system32\drivers\SVRPEDRV.sys []

S3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2005-11-25 28800]

S3 tosrfec;Bluetooth ACPI from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 9344]

S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []

S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2010-05-13 532224]

S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]

S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2008-03-29 125328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

R2 AVP;Kaspersky Anti-Virus Service; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2012-12-28 356376]

R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-28 110592]

R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]

R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]

R2 Iprip;RIP Listener; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]

R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]

R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]

R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]

R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-10 19456]

R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]

R2 TAPPSRV;TOSHIBA Application Service; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [2005-12-20 35328]

R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]

S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-19 135664]

S2 IswSvc;ZoneAlarm Toolbar IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe []

S3 getPlusHelper;getPlus® Helper; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]

S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-19 135664]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-10 19456]

S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]

S3 p2pgasvc;Peer Networking Group Authentication; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S3 p2pimsvc;Peer Networking Identity Manager; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S3 p2psvc;Peer Networking; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S3 PNRPSvc;Peer Name Resolution Protocol; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

Link to post
Share on other sites

bitscan log:

QuickScan 32-bit v0.9.9.118

---------------------------

Scan date: Sat Mar 16 09:17:40 2013

Machine ID: 782DCCD2

Scan failed! Couldn't access QuickScan server.

----------------------------------------------

couldn't connect to host

Processes

---------

WinPatrol Monitor 3544 C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe

Drive Letter Access Component 3540 C:\WINDOWS\system32\DLA\DLACTRLW.EXE

DVD-RAM Utility Helper Service 620 C:\WINDOWS\system32\DVDRAMSV.exe

Google Chrome 2936 C:\Program Files\Google\Chrome\Application\chrome.exe

Google Chrome 5928 C:\Program Files\Google\Chrome\Application\chrome.exe

Google Chrome 5784 C:\Program Files\Google\Chrome\Application\chrome.exe

Google Chrome 4976 C:\Program Files\Google\Chrome\Application\chrome.exe

Google Chrome 4484 C:\Program Files\Google\Chrome\Application\chrome.exe

Intel® PROSet/Wireless Event Log 1568 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

Intel® PROSet/Wireless Registry Servi 760 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

Intel® PROSet/Wireless Service 1604 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

Internet Information Services 716 C:\WINDOWS\system32\inetsrv\inetinfo.exe

Kaspersky Anti-Virus 580 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

Kaspersky Anti-Virus 3564 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

Microsoft® Windows® Operating System 1928 C:\WINDOWS\ehome\mcrdsvc.exe

Microsoft® Windows® Operating System 292 C:\WINDOWS\system32\spoolsv.exe

Microsoft® Windows® Operating System 868 C:\WINDOWS\system32\tcpsvcs.exe

Microsoft® Windows® Operating System 5940 C:\WINDOWS\system32\wscntfy.exe

Microsoft® Windows® Operating System 2384 C:\WINDOWS\system32\wuauclt.exe

Microsoft® Windows® Operating System 3600 C:\WINDOWS\system32\wuauclt.exe

TOSHIBA TAPPSRV 1688 C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

(verified) Google Update 768 C:\Program Files\Google\Update\GoogleUpdate.exe

(verified) Microsoft® Windows® Operating System 976 C:\WINDOWS\explorer.exe

(verified) Microsoft® Windows® Operating System 3028 C:\WINDOWS\system32\alg.exe

(verified) Microsoft® Windows® Operating System 1136 C:\WINDOWS\system32\csrss.exe

(verified) Microsoft® Windows® Operating System 3584 C:\WINDOWS\system32\ctfmon.exe

(verified) Microsoft® Windows® Operating System 1224 C:\WINDOWS\system32\lsass.exe

(verified) Microsoft® Windows® Operating System 932 C:\WINDOWS\system32\rundll32.exe

(verified) Microsoft® Windows® Operating System 1212 C:\WINDOWS\system32\services.exe

(verified) Microsoft® Windows® Operating System 1080 C:\WINDOWS\system32\smss.exe

(verified) Microsoft® Windows® Operating System 400 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1512 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1724 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1872 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1468 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1400 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1356 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 4008 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 984 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1160 C:\WINDOWS\system32\winlogon.exe

Network activity

----------------

Process chrome.exe (2936) connected on port 80 (HTTP) --> 74.125.224.173

Process chrome.exe (2936) connected on port 80 (HTTP) --> 74.125.224.70

Process chrome.exe (2936) connected on port 80 (HTTP) --> 37.59.67.149

Process chrome.exe (2936) connected on port 80 (HTTP) --> 72.21.81.253

Process chrome.exe (2936) connected on port 80 (HTTP) --> 184.24.31.139

Process chrome.exe (2936) connected on port 443 (HTTP over SSL) --> 74.125.224.175

Process chrome.exe (2936) connected on port 80 (HTTP) --> 74.125.224.210

Process chrome.exe (2936) connected on port 80 (HTTP) --> 72.21.81.253

Process chrome.exe (2936) connected on port 80 (HTTP) --> 37.59.67.149

Process chrome.exe (2936) connected on port 80 (HTTP) --> 72.21.81.253

Process chrome.exe (2936) connected on port 80 (HTTP) --> 74.125.224.177

Process chrome.exe (2936) connected on port 80 (HTTP) --> 64.94.107.26

Process chrome.exe (2936) connected on port 80 (HTTP) --> 37.59.67.149

Process chrome.exe (2936) connected on port 80 (HTTP) --> 74.125.224.177

Process chrome.exe (2936) connected on port 443 (HTTP over SSL) --> 74.125.224.170

Process chrome.exe (2936) connected on port 80 (HTTP) --> 64.94.107.26

Process chrome.exe (2936) connected on port 80 (HTTP) --> 66.235.142.2

Process chrome.exe (2936) connected on port 80 (HTTP) --> 66.235.142.2

Process chrome.exe (2936) connected on port 80 (HTTP) --> 66.235.142.2

Process chrome.exe (2936) connected on port 80 (HTTP) --> 74.125.224.173

Process chrome.exe (2936) connected on port 443 (HTTP over SSL) --> 74.125.224.174

Process chrome.exe (2936) connected on port 80 (HTTP) --> 66.235.142.2

Process chrome.exe (2936) connected on port 80 (HTTP) --> 74.125.224.142

Process chrome.exe (2936) connected on port 443 (HTTP over SSL) --> 74.125.224.199

Process chrome.exe (2936) connected on port 80 (HTTP) --> 74.125.224.142

Process chrome.exe (2936) connected on port 443 (HTTP over SSL) --> 74.125.224.203

Process chrome.exe (2936) connected on port 443 (HTTP over SSL) --> 74.125.224.210

Process chrome.exe (2936) connected on port 80 (HTTP) --> 23.15.63.139

Process chrome.exe (2936) connected on port 80 (HTTP) --> 74.125.224.205

Process chrome.exe (2936) connected on port 443 (HTTP over SSL) --> 74.125.224.160

Process chrome.exe (2936) connected on port 80 (HTTP) --> 74.125.224.173

Process chrome.exe (2936) connected on port 80 (HTTP) --> 74.125.224.70

Process chrome.exe (2936) connected on port 80 (HTTP) --> 64.94.107.21

Process chrome.exe (2936) connected on port 80 (HTTP) --> 23.15.63.139

Process chrome.exe (2936) connected on port 443 (HTTP over SSL) --> 74.125.129.95

Process chrome.exe (2936) connected on port 80 (HTTP) --> 74.125.224.205

Process chrome.exe (2936) connected on port 80 (HTTP) --> 64.94.107.21

Process chrome.exe (2936) connected on port 80 (HTTP) --> 74.125.224.173

Process chrome.exe (2936) connected on port 80 (HTTP) --> 64.94.107.21

Process inetinfo.exe (716) listens on ports: 25 (SMTP), 80 (HTTP), 443 (HTTP over SSL), 1025 (RPC)

Process tcpsvcs.exe (868) listens on ports: 7 (Echo), 9 (Discard), 13 (Daytime), 17 (Quotd), 19 (Chargen)

Process svchost.exe (1468) listens on ports: 135 (RPC)

Autoruns and critical files

---------------------------

WinPatrol Monitor C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe

Drive Letter Access Component C:\WINDOWS\system32\DLA\DLACTRLW.EXE

Intel® Common User Interface C:\WINDOWS\system32\igfxdev.dll

Kaspersky Anti-Virus C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

Kaspersky Anti-Virus C:\WINDOWS\system32\klogon.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\cryptnet.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\CSCDLL.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\sstext3d.scr

Microsoft® Windows® Operating System C:\WINDOWS\system32\upnpui.dll

Microsoft® Windows® Operating System c:\windows\system32\userinit.exe

Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll

TDispVol C:\WINDOWS\system32\TDispVol.exe

Windows Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll

(verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll

(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll

Browser plugins

---------------

Bitdefender QuickScan C:\Documents and Settings\Jit Dutta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.118_0\npqscan.dll

Domino Web Access C:\WINDOWS\Downloaded Program Files\inotes6W.dll

getPlus+® C:\WINDOWS\Downloaded Program Files\gp.ocx

Google Update C:\Documents and Settings\Jit Dutta\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll

Google Update C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

InstallShield Update Service C:\WINDOWS\Downloaded Program Files\isusweb.dll

Java Deployment Toolkit 7.0.90.5 C:\WINDOWS\system32\npDeployJava1.dll

Kaspersky Anti-Virus C:\Documents and Settings\Jit Dutta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin\npUrlAdvisor.dll

Kaspersky Anti-Virus C:\Documents and Settings\Jit Dutta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\plugin\online_banking_npapi.dll

Kaspersky Anti-Virus C:\Documents and Settings\Jit Dutta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\plugin\content_blocker_npapi.dll

Kaspersky Anti-Virus C:\Documents and Settings\Jit Dutta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\plugin\npVKPlugin.dll

Kaspersky Anti-Virus C:\Documents and Settings\Jit Dutta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\plugin\npABPlugin.dll

Kaspersky Anti-Virus c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dll

Kaspersky Anti-Virus c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dll

Kaspersky Anti-Virus c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll

Kaspersky Anti-Virus c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll

Messenger C:\Program Files\Messenger\msmsgs.exe

Microsoft® Windows® Operating System C:\WINDOWS\System32\mswsock.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\pnrpnsp.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll

MWMCli Module C:\WINDOWS\Downloaded Program Files\CONFLICT.1\mwmcli.dll

MWMCli Module C:\WINDOWS\Downloaded Program Files\mwmcli.dll

mwmStd Module C:\WINDOWS\Downloaded Program Files\CONFLICT.1\mwmstd.exe

mwmStd Module C:\WINDOWS\Downloaded Program Files\mwmstd.exe

NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

Siebel High Interactivity Framework C:\WINDOWS\Downloaded Program Files\SiebelAx_HI_Client_19221.dll

Siebel High Interactivity Framework C:\WINDOWS\Downloaded Program Files\SiebelAx_HI_Client_21215.dll

TDServer ActiveX Control Module C:\WINDOWS\Downloaded Program Files\tdserver.ocx

tgctlcm Module C:\WINDOWS\Downloaded Program Files\tgctlcm.dll

TVU Web Player for FireFox C:\WINDOWS\Downloaded Program Files\npTVUAx.dll

WebEx Download Module C:\WINDOWS\Downloaded Program Files\atgpcdec.dll

WebEx Download Module C:\WINDOWS\Downloaded Program Files\atgpcext.dll

WebEx Download Module C:\WINDOWS\Downloaded Program Files\CONFLICT.1\atgpcdec.dll

WebEx Download Module C:\WINDOWS\Downloaded Program Files\CONFLICT.1\atgpcext.dll

WebEx Download Module C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ieatgpc.dll

WebEx Download Module C:\WINDOWS\Downloaded Program Files\ieatgpc.dll

Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll

Yahoo! activeX Plug-in Bridge E:\Program Files\Yahoo!\Common\npyaxmpb.dll

(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll

(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

Missing files

-------------

File not found: WRLogonNTF.dll

--> HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier\"DllName"

Scan

----

MD5: 703bd9edb9065388e1cf0064d0a87390 C:\Documents and Settings\Jit Dutta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin\npUrlAdvisor.dll

MD5: 3a82ee94bbffae6c9f0a06c07ed15d51 C:\Documents and Settings\Jit Dutta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\plugin\online_banking_npapi.dll

MD5: 080349fe383ee89998f82381a8ff9877 C:\Documents and Settings\Jit Dutta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\plugin\content_blocker_npapi.dll

MD5: b86bb3a36759b5f587509b3cc96e0d57 C:\Documents and Settings\Jit Dutta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\plugin\npVKPlugin.dll

MD5: 853e987a635c0008f53e3cc13290af6b C:\Documents and Settings\Jit Dutta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.118_0\npqscan.dll

MD5: 9b168bcb4d8e467f98197ccaca4a2bcc C:\Documents and Settings\Jit Dutta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\plugin\npABPlugin.dll

MD5: b226054bfa3d3a1920f7b95e54f3e87d C:\Documents and Settings\Jit Dutta\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll

MD5: ee0009f5daca10cbef55a2995b998cc8 C:\Program Files\BillP Studios\WinPatrol\PATROLPRO.DLL

MD5: 2c7b219cd45e962c49b1834083c75183 C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll

MD5: 3cc5914797e99032dbdb15cfeebe0774 C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe

MD5: 2133b82cd52f1b62cdea633769819a60 C:\Program Files\Common Files\System\ado\msado15.dll

MD5: 142cedecae89e372ee347681c3fbb257 C:\Program Files\Common Files\System\msadc\msadce.dll

MD5: 81e9041dac0983aace5c8920af73d64e C:\Program Files\Common Files\System\msadc\msadcer.dll

MD5: 1ed4c96ec76c3ddfcabd7644da23f4b6 C:\Program Files\Common Files\System\Ole DB\msdasql.dll

MD5: 8985fcece06a74017e23ddd093e34d4e C:\Program Files\Common Files\System\Ole DB\MSDASQLR.DLL

MD5: 73baffa0b02320690cdc606241078ce4 C:\Program Files\Common Files\System\Ole DB\MSDATL3.dll

MD5: e03524498354b75a1a57e9ea3f131822 C:\Program Files\Google\Chrome\Application\25.0.1364.172\chrome.dll

MD5: 64f111be54e51000f6a6431b0fb82b9a C:\Program Files\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll

MD5: cd9258657e4d5fa377f11f6faa94b8c1 C:\Program Files\Google\Chrome\Application\25.0.1364.172\icudt.dll

MD5: b1206136a14dd37d0050be5486e9bcad C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll

MD5: a1c1cbe2d3e407b8f16910e7f468276a C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll

MD5: b95ac0cdb8f068f0c024cd344b354298 C:\Program Files\Google\Chrome\Application\chrome.exe

MD5: 2e5672eea419a4dc9dacd714632e1dc3 C:\Program Files\Google\Update\1.3.21.135\goopdate.dll

MD5: e0ff893763ba82baabb869a351f0c455 C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

MD5: 56ded3ade453272e6a0ad582d945d1a4 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

MD5: 18697c1fdbe751ae52dd4edb3e9025f9 C:\Program Files\Intel\Wireless\Bin\IntStngs.dll

MD5: f5fcf2b4068dde641d16bf4b2e877c95 C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL

MD5: 2ca3bda4edb557f8426ee46650d2c441 C:\Program Files\Intel\Wireless\Bin\LIBEAY32.dll

MD5: 1175911e055430e3119f06812e1fa8b8 C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll

MD5: 1b2857ef12d79a9f9adba14b0637cbf8 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

MD5: 6c5155cc0e805c7be6028bff7ac14524 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

MD5: f9f696ab4f62d0281ed6380b50c0bdb0 C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL

MD5: 587efd6a3a30a35a27904d21ae1fb882 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

MD5: 517f21cbba33954464e68ecc53f9297b c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dll

MD5: 1d9fdaeaf878506cb826bc9dbdacb3d9 c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dll

MD5: 5dc1c94dbcf4054318da1dd8a10f0f0a c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll

MD5: ee3a2c6b274a7f735b69c7566a3aae5a c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll

MD5: bc83108b18756547013ed443b8cdb31b C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\MSVCP100.dll

MD5: 0e37fbfa79d349d672456923ec5fbbe3 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\MSVCR100.dll

MD5: a90c9e1ef6c156cf25e9ce8b4e2734ab C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\office_antivirus.dll

MD5: d2d1132b2e62116533296025e7f42f4e C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\prloader.dll

MD5: c99fa2d11b120f6475fd6dfb9d6c2cc7 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\prremote.dll

MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe

MD5: 82b57e682c5ba5ce8dd8bb9efae2c189 C:\Program Files\NOS\bin\getPlus_Helper.dll

MD5: 90861642fd6d8fafb1408ee26fa93cb4 C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL

MD5: 1e3eed331f27c4ad80e3304da4986619 C:\WINDOWS\Downloaded Program Files\atgpcdec.dll

MD5: 2be9f9cb7d87eb3639d0ba7a1ed8cb15 C:\WINDOWS\Downloaded Program Files\atgpcext.dll

MD5: 8862b30950a79d8151e1c8226a48e337 C:\WINDOWS\Downloaded Program Files\CONFLICT.1\atgpcdec.dll

MD5: 04ac93db552141ec003532df9e40f2ca C:\WINDOWS\Downloaded Program Files\CONFLICT.1\atgpcext.dll

MD5: b454f37295321536acdb828109b4dc4c C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ieatgpc.dll

MD5: bd8b20532ebf2a59797bd407440d874d C:\WINDOWS\Downloaded Program Files\CONFLICT.1\mwmcli.dll

MD5: 2fab2b7ea037b43f02259165adde61af C:\WINDOWS\Downloaded Program Files\CONFLICT.1\mwmstd.exe

MD5: e4fa3ce97845517523df43e7a21481d8 C:\WINDOWS\Downloaded Program Files\gp.ocx

MD5: b454f37295321536acdb828109b4dc4c C:\WINDOWS\Downloaded Program Files\ieatgpc.dll

MD5: 65c4c5729875e3b5784f9c91956c9bff C:\WINDOWS\Downloaded Program Files\inotes6W.dll

MD5: 3217f1f7d2f34ffaae55f53ac3c4920f C:\WINDOWS\Downloaded Program Files\isusweb.dll

MD5: 4d01c6dc2b718bca8f0bd4509d30347a C:\WINDOWS\Downloaded Program Files\mwmcli.dll

MD5: edda830bf95369c9f60090a14159f086 C:\WINDOWS\Downloaded Program Files\mwmstd.exe

MD5: 3c35a4b98f871a44f38b84733754da68 C:\WINDOWS\Downloaded Program Files\npTVUAx.dll

MD5: 016b63132f6272b0bd2e37c4c1faa5c4 C:\WINDOWS\Downloaded Program Files\SiebelAx_HI_Client_19221.dll

MD5: b692ee34710661bb29c60d24fde73e17 C:\WINDOWS\Downloaded Program Files\SiebelAx_HI_Client_21215.dll

MD5: acabd7a367f26b84bca35c33376bc19d C:\WINDOWS\Downloaded Program Files\tdserver.ocx

MD5: 8fbd7853f0b832408e6f9a4232bac4d6 C:\WINDOWS\Downloaded Program Files\tgctlcm.dll

MD5: 5d1347aa5ae6e2f77d7f4f8372d95ac9 C:\WINDOWS\eHome\ehRecvr.exe

MD5: a53243709439ac2a4c216b817f8d7411 C:\WINDOWS\eHome\ehSched.exe

MD5: 6d280bc969218ae4a72180f907c32913 C:\WINDOWS\eHome\ehTrace.dll

MD5: df0a511f38f16016bf658fca0090cb87 C:\WINDOWS\ehome\mcrdsvc.exe

MD5: c07d5197410aab28d0d93f943f59656d c:\windows\system32\6to4svc.dll

MD5: 11848e7ebaf7d9624fa99b05226db027 C:\WINDOWS\system32\ADMWPROX.dll

MD5: cfd4e51402da9838b5a04ae680af54a0 c:\windows\system32\browser.dll

MD5: 3fb23a33267123ad64cca4a284e85624 C:\WINDOWS\system32\BROWSEUI.dll

MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\comctl32.dll

MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll

MD5: 6bee5d4eff0a0341bcc4a462d81ccfc1 C:\WINDOWS\system32\CRYPT32.dll

MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\System32\cryptnet.dll

MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\System32\CSCDLL.dll

MD5: dd40363abad230a84c5e2178b11efa88 C:\WINDOWS\system32\CSRSRV.dll

MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll

MD5: ee4325becef51b8c32b4329097e4f301 C:\WINDOWS\System32\DLA\DLABOIOM.SYS

MD5: aa193bbd6472e43de2c4e13e91b98c9f C:\WINDOWS\system32\dla\DLACResW.dll

MD5: e3a9c76ad9192c82f80326ecdda21c34 C:\WINDOWS\system32\DLA\DLACTRLW.EXE

MD5: 1e6c6597833a04c2157be7b39ea92ce1 C:\WINDOWS\System32\DLA\DLADResN.SYS

MD5: 752376e109a090970bfa9722f0f40b03 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS

MD5: 62ee7902e74b90bf1ccc4643fc6c07a7 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS

MD5: 5c220124c5afeaee84a9bb89d685c17b C:\WINDOWS\System32\DLA\DLAPoolM.SYS

MD5: 333b770e52d2cea7bd86391120466e43 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS

MD5: 4ebb78d9bbf072119363b35b9b3e518f C:\WINDOWS\System32\DLA\DLAUDFAM.SYS

MD5: 4c45075e9c876b290449172b6fa3e0cd C:\WINDOWS\system32\DLAAPI_W.DLL

MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll

MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll

MD5: 12dafd934641dcf61e446313bc261ec2 C:\WINDOWS\system32\DRIVERS\AegisP.sys

MD5: 1e44bc1e83d8fd2305f8d452db109cf9 C:\WINDOWS\System32\drivers\afd.sys

MD5: b3192376c7a3814b5341efc2202022f8 C:\WINDOWS\system32\DRIVERS\AGRSM.sys

MD5: 4ba311473e0d8557827e6f2fe33a8095 C:\WINDOWS\System32\Drivers\Brfilt.sys

MD5: 92a964547b96d697e5e9ed43b4297f5a C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys

MD5: 8e06cd96e00472c03770a697d04031c0 C:\WINDOWS\System32\Drivers\BrSerWdm.sys

MD5: 37e2d0b12ddf536cd64af6eb3b580ef8 C:\WINDOWS\System32\Drivers\BrUsbMdm.sys

MD5: 1c5f014048e5b2748c1a8ad297c50b6f C:\WINDOWS\System32\Drivers\BrUsbScn.sys

MD5: b5ecadf7708960f1818c7fa015f4c239 C:\WINDOWS\system32\DRIVERS\CVirtA.sys

MD5: d979bebcf7edcc9c9ee1857d1a68c67b C:\WINDOWS\System32\Drivers\DLACDBHM.SYS

MD5: 7ee0852ae8907689df25049dcd2342e8 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS

MD5: fd0f95981fef9073659d8ec58e40aa3c C:\WINDOWS\System32\Drivers\DRVMCDB.SYS

MD5: b4869d320428cdc5ec4d7f5e808e99b5 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS

MD5: 2646883e6dd867cd872d5b51b6036710 C:\WINDOWS\system32\DRIVERS\e100b325.sys

MD5: e1fa10ed8f9f700c1be1eae05a80ef57 C:\WINDOWS\system32\DRIVERS\e1e5132.sys

MD5: c25c70fd4d49391091d9eb8c747f19e6 C:\WINDOWS\system32\DRIVERS\gan_adapter.sys

MD5: bc1f1ff8d5800398937966cdb0a97fdc C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

MD5: 3304732d7f44eac997c781f98e50e034 C:\WINDOWS\system32\DRIVERS\ipwusb.sys

MD5: 6ceb6895f4e0cab1a26e821efe4895a5 C:\WINDOWS\system32\DRIVERS\ipwwdm.sys

MD5: f59c3569a2f2c464bb78cb1bdcdca55e C:\WINDOWS\system32\drivers\iviaspi.sys

MD5: ea26cb00f83686856f2c79673c00c686 C:\WINDOWS\System32\DRIVERS\kl1.sys

MD5: 3d23639c3fdbc082af7016a5c8829329 C:\WINDOWS\system32\DRIVERS\klif.sys

MD5: 05e5504e5e06f75f18bbea7291601fe2 C:\WINDOWS\system32\DRIVERS\klim5.sys

MD5: 7be035a9c20f357dc765d6c7fdcdc964 C:\WINDOWS\system32\DRIVERS\klkbdflt.sys

MD5: a8234a8f67b0565f74753fe88a7bf03d C:\WINDOWS\system32\DRIVERS\klmouflt.sys

MD5: 53c0df6c5139cb78a631e7afcd893730 C:\WINDOWS\system32\DRIVERS\kltdi.sys

MD5: 71a38c123600172511c26bfabd0ef579 C:\WINDOWS\system32\DRIVERS\kneps.sys

MD5: 00c1ea8decf810b8eccb5c5a8186a96e C:\WINDOWS\system32\drivers\KR10N.sys

MD5: 7efac183a25b30fb5d64cc9d484b1eb6 C:\WINDOWS\System32\Drivers\meiudf.sys

MD5: a7da20ab18a1bdae28b0f349e57da0d1 C:\WINDOWS\system32\DRIVERS\mf.sys

MD5: 7f2f1d2815a6449d346fcccbc569fbd6 C:\WINDOWS\system32\DRIVERS\mhndrv.sys

MD5: 7d304a5eb4344ebeeab53a2fe3ffb9f0 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

MD5: 676db15ddf2e0ff6ec03068dea428b8b C:\WINDOWS\system32\DRIVERS\NBSMI.sys

MD5: 0109c4f3850dfbab279542515386ae22 C:\WINDOWS\system32\DRIVERS\ndistapi.sys

MD5: 444f122e68db44c0589227781f3c8b3f C:\WINDOWS\system32\drivers\pfc.sys

MD5: b12a9fc49cd2765a43829d834f518aed C:\WINDOWS\system32\drivers\RtkHDAud.sys

MD5: 1cc074e0d48383d4e9bffc6a26c2a58a C:\WINDOWS\system32\DRIVERS\s24trans.sys

MD5: 0fa803c64df0914b41f807ea276bf2a6 C:\WINDOWS\system32\DRIVERS\sffdisk.sys

MD5: c17c331e435ed8737525c86a7557b3ac C:\WINDOWS\system32\DRIVERS\sffp_sd.sys

MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\system32\DRIVERS\srv.sys

MD5: e295fffff3aaf9a6a40b29497901908f C:\WINDOWS\system32\DRIVERS\SynTP.sys

MD5: 7147b0575bcc93a6ab7d5c90f47c0b9f C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys

MD5: fc6fe02f400308606a911640e72326b5 C:\WINDOWS\System32\Drivers\tcusb.sys

MD5: 244cfbffdefb77f3df571a8cd108fc06 C:\WINDOWS\system32\drivers\tifm21.sys

MD5: cc069342ee0eae55b32a0ae99cf6185c C:\WINDOWS\system32\DRIVERS\tosrfec.sys

MD5: 8f861eda21c05857eb8197300a92501c C:\WINDOWS\system32\DRIVERS\tunmp.sys

MD5: cc6763889198ef975b143d49789bcfa9 C:\WINDOWS\system32\DRIVERS\Tvs.sys

MD5: b1f126e7e28877106d60e6ff3998d033 C:\WINDOWS\system32\DRIVERS\w39n51.sys

MD5: 0a716c08cb13c3a8f4f51e882dbf7416 C:\WINDOWS\system32\DRIVERS\wanatw4.sys

MD5: c9ffbd6b8edc46cd3d13e3c6db914fb7 C:\WINDOWS\system32\DVDRAMSV.exe

MD5: f5b754cdea20bbb3a31e16a776ede6d6 c:\windows\system32\ESENT.dll

MD5: 5c4c5b46df01a44515059e274439feeb C:\WINDOWS\system32\exstrace.dll

MD5: a2ab8ba0d91306c1aeb4235dd1d16a5e C:\WINDOWS\system32\FCACHDLL.dll

MD5: 53249b2147ddc8212b290acf80570290 C:\WINDOWS\system32\ieframe.dll

MD5: d1b3d1e05bedc8f9b0bbbc03d6033f82 C:\WINDOWS\system32\iertutil.dll

MD5: 41dbc61a675c45f13d09003e4759e2c7 C:\WINDOWS\system32\igfxdev.dll

MD5: 3736acd4d19d362bfca07dff29ca50a9 C:\WINDOWS\system32\igfxsrvc.dll

MD5: cd2dcba9155d7f03001e5b6ee5963638 C:\WINDOWS\system32\IISMAP.dll

MD5: ea77db688f86723ef710f41e56777734 C:\WINDOWS\system32\IisRTL.DLL

MD5: ffc01a72d1c25ccb39f61b202ce60819 C:\WINDOWS\system32\IMAGEHLP.dll

MD5: 8b1520068b9c6bfb58ba63abf8dbe25e C:\WINDOWS\system32\inetsrv\admexs.dll

MD5: 5126ad9453668872d1beb6477bd5c909 C:\WINDOWS\system32\inetsrv\aqueue.dll

MD5: 0e9106a49b72ff5e6c7eed93373a401a C:\WINDOWS\system32\inetsrv\COADMIN.dll

MD5: f005dfd204c96c94d4f1ed32377ef256 C:\WINDOWS\system32\inetsrv\compfilt.dll

MD5: eca78193ab6f44f5b3ddec6c4e069186 C:\WINDOWS\system32\inetsrv\gzip.dll

MD5: c8b87fea6bc1428b1a4a2c5964dc3dc5 C:\WINDOWS\system32\inetsrv\httpext.dll

MD5: 173531318f4a58593cf5c2f06426c3b6 C:\WINDOWS\system32\inetsrv\iisadmin.dll

MD5: 0e64ed5eb846635639b3c658e7711a5e C:\WINDOWS\system32\inetsrv\IISFECNV.dll

MD5: 45ae139a4b7cb1951a37bca3dc6ca372 C:\WINDOWS\system32\inetsrv\iislog.dll

MD5: db3c22745c0da4666f3be31f1af36b2f C:\WINDOWS\system32\inetsrv\inetinfo.exe

MD5: 087c6340b03d82a1ab69d6317e50434b C:\WINDOWS\system32\inetsrv\INFOCOMM.dll

MD5: 415009d769f1651b83f59ad6625fcdd6 C:\WINDOWS\system32\inetsrv\ISATQ.dll

MD5: 1052a30843a752429ab223779d678ab2 C:\WINDOWS\system32\inetsrv\iscomlog.dll

MD5: aa146beca421b20e3319eda983dc17c1 C:\WINDOWS\system32\inetsrv\lonsint.dll

MD5: f0f848ef2fe9107d07422f704eb549e7 C:\WINDOWS\system32\inetsrv\md5filt.dll

MD5: 4b9e117cb68e8486792176c10337e11d C:\WINDOWS\system32\inetsrv\metadata.dll

MD5: d4f0113c084930ef51d37c156a0e3589 C:\WINDOWS\system32\inetsrv\nsepm.dll

MD5: eee6efd0a1861b8322d0bf9b0060a8d5 C:\WINDOWS\system32\inetsrv\ntfsdrv.dll

MD5: 5a1055abbd8909b62ab70ee63ac9ca90 C:\WINDOWS\system32\inetsrv\pwsdata.dll

MD5: c42adc86ac5ef0803de8b92d5ad1a4ad C:\WINDOWS\system32\inetsrv\rpcref.dll

MD5: 6118b7cd42b72de0b1463ce4a20b999b C:\WINDOWS\system32\inetsrv\seo.dll

MD5: 4971c76b967d772850ef693efe4f1fc3 C:\WINDOWS\system32\inetsrv\SMTPSVC.dll

MD5: 0161c94dbbf5b7f478d97235f95040a1 C:\WINDOWS\system32\inetsrv\sspifilt.dll

MD5: 15922de9a8aed8afd48c229673c83938 C:\WINDOWS\system32\inetsrv\svcext.dll

MD5: ab22cad443e9693c59e82d9ec3df1b14 C:\WINDOWS\system32\inetsrv\w3svc.dll

MD5: 1ee883222c4ddc84b4c9a71438e56673 C:\WINDOWS\system32\inetsrv\wamreg.dll

MD5: f08d74ec300b8ba60ca953c58a24d19e c:\windows\system32\iprip.dll

MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll

MD5: 6fe42512ab1b89f32a7407f261b1d2d0 C:\WINDOWS\system32\kernel32.dll

MD5: 92108aea90c5712eb22f041cc297d70b C:\WINDOWS\system32\klogon.dll

MD5: 5677dfe438ec1f009273fc84feed6b10 C:\WINDOWS\system32\localspl.dll

MD5: 7bd2d27143f94b2103ac694ebbb7ce10 C:\WINDOWS\system32\LPRHELP.dll

MD5: ecff42413e9744a6f80ba8f2a77704af C:\WINDOWS\system32\lprmon.dll

MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll

MD5: 5006b5dba7979cdc3481e24dd0c03802 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

MD5: 76848cb1aa5818db47d5f5986e0a7485 C:\WINDOWS\system32\MFC42.DLL

MD5: b7521f69c0a9b29d356157229376fb21 C:\WINDOWS\System32\mhn.dll

MD5: 855f6333e3a4dfc6f3c8b0520c261fcd C:\WINDOWS\system32\msftedit.dll

MD5: d3f72d50de53f9f1f55240115af4d42e C:\WINDOWS\system32\msi.dll

MD5: 9e70016c950b1f8fdeaa6f067e2e25a8 C:\WINDOWS\system32\msjet40.dll

MD5: 7e2b58ce8c4013287371667880b1080d C:\WINDOWS\system32\MSJINT40.DLL

MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\System32\mswsock.dll

MD5: afdc647d16b285b9ae6140335b3b3255 C:\WINDOWS\system32\mswstr10.dll

MD5: acfee2392503dd5e457363a0510b8bcb C:\WINDOWS\system32\msxml3.dll

MD5: 2b8b64aa14f817bdf3e3204fb041a61d C:\WINDOWS\System32\mtxoci.dll

MD5: bbdfdbead1b7a1cfd44bfffd177fb627 C:\WINDOWS\system32\mucltui.dll

MD5: cac752bf84db4666ed3ce0948e6ea937 C:\WINDOWS\system32\netapi32.dll

MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 C:\WINDOWS\system32\NETSHELL.dll

MD5: 2c82d753ef779945977c82a3908da20a C:\WINDOWS\system32\npDeployJava1.dll

MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll

MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll

MD5: 2c288aa87e4723ac9ff4d76a192ec3f8 C:\WINDOWS\system32\odbccp32.dll

MD5: 5ce275cdc5ffb77b1ec29dbdfe4b6689 C:\WINDOWS\system32\odbcji32.dll

MD5: 1b05dcc75fbb903a17e3e0ddaea8d508 C:\WINDOWS\system32\odbcjt32.dll

MD5: 6bad1bed9872e62049e487fb91ae2f3a C:\WINDOWS\system32\ole32.dll

MD5: 20200ee3cfe10e9f0c028d8653be11c6 C:\WINDOWS\system32\OLEACC.dll

MD5: eff03460e542eea6b0abdec6bf19c897 C:\WINDOWS\system32\OLEAUT32.dll

MD5: 937a02981f11b2ce96b1d493c95aed2b C:\WINDOWS\system32\p2pgasvc.dll

MD5: 4a1035cb8f0d57be41873b5183d96cf4 C:\WINDOWS\system32\p2psvc.dll

MD5: af1449ac1d79d37c7026c1d8912dda8e C:\WINDOWS\system32\pnrpnsp.dll

MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll

MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll

MD5: 5d55defb3ab92bc43c4dfd06935fa0f1 C:\WINDOWS\system32\RWNH.dll

MD5: 0f64207b49390c8063c36ae7cbf9c2db C:\WINDOWS\system32\schannel.dll

MD5: 8bcd11d38fce43a519246a91cc40de6a C:\WINDOWS\system32\Security.dll

MD5: 2877fa0be5b45e8a6a5a54c77b9b4db9 C:\WINDOWS\system32\SHDOCVW.dll

MD5: 6843d54bc4a40cc8c5741af750233d10 C:\WINDOWS\system32\SHELL32.dll

MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll

MD5: 9c454cd857b4c0ccf7a614b047616503 C:\WINDOWS\system32\simptcp.dll

MD5: 60c377be6b3cc83f6a8584934b181d2e C:\WINDOWS\System32\snmp.exe

MD5: 80a050795a107a76c2b1cd4cfbe010e6 C:\WINDOWS\System32\snmptrap.exe

MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe

MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll

MD5: d66709f79d595dd378c995c3347349c1 C:\WINDOWS\system32\sstext3d.scr

MD5: 3e3dc22feded0aaff9604a6ea16404fb C:\WINDOWS\system32\STAXMEM.dll

MD5: 3caeae7608f1bd7ba873a3b02895b106 C:\WINDOWS\system32\sti.dll

MD5: 4872275a99bd55a92c43bae8c51fb3c8 C:\WINDOWS\system32\tbtmon.dll

MD5: a27378d30d5208f1f0b6706b9fed22c2 C:\WINDOWS\system32\tbtmon98Language.dll

MD5: 32933b07fc16d9f778bee12545fa1b1a C:\WINDOWS\system32\tcpsvcs.exe

MD5: fc554c13105ad3fa35ab49943df021b2 C:\WINDOWS\system32\TDispVol.exe

MD5: f0ab1904969b2f88e8061c4df43fa43c C:\WINDOWS\system32\TosBdAPI.dll

MD5: 3a7daab953164e0dfc07eaaf01499d79 C:\WINDOWS\system32\TosBtAPI.dll

MD5: 353de1defd41b1e4a1b668320135200b C:\WINDOWS\system32\TosBtHcrpAPI.dll

MD5: 5c4adb808b54126c1ed2fba0eae06c63 C:\WINDOWS\system32\upnpui.dll

MD5: 84a5c7b9b1b82f94a8245781fd44d8ba C:\WINDOWS\system32\urlmon.dll

MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe

MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll

MD5: d7dcfb4d0c58ffb569de93e1681fd37a C:\WINDOWS\system32\WgaLogon.dll

MD5: 291778dfebaa278b451d457b03c10ac1 C:\WINDOWS\system32\win32spl.dll

MD5: 684559a03cbc1d05ba120a18b0d8ba5d C:\WINDOWS\system32\WINHTTP.dll

MD5: d175f91a4c98b8848818c9b5089f88a2 C:\WINDOWS\system32\WININET.dll

MD5: 4a953f13942867ba8fb41f141ec1b80c C:\WINDOWS\system32\WINMM.dll

MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll

MD5: 8c7dca4b158bf16894120786a7a5f366 C:\WINDOWS\system32\winsrv.dll

MD5: d458b738b4c2ce33174cfb2ce12412db C:\WINDOWS\system32\WINTRUST.dll

MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll

MD5: f92e1076c42fcd6db3d72d8cfe9816d5 C:\WINDOWS\system32\wscntfy.exe

MD5: 254d6fa37c3c1884cf41562715f49331 C:\WINDOWS\system32\wscui.cpl

MD5: 60b8c0db5a8e4d7b4712df66d6ff2788 C:\WINDOWS\System32\wship6.dll

MD5: 1a617835452eee5060976c9b9f5fe635 C:\WINDOWS\system32\wuapi.dll

MD5: 2e0b0a051ffaa86e358465bb0880d453 C:\WINDOWS\system32\wuauclt.exe

MD5: c31dd4cec06d2908ae5f212a0b13805b C:\WINDOWS\system32\wuaucpl.cpl

MD5: fc3ec24fce372c89423e015a2ac1a31e C:\WINDOWS\system32\wuaueng.dll

MD5: c88c65df1ed4dfd34cfbd11cdfe519a3 C:\WINDOWS\system32\wucltui.dll

MD5: 3458eda96e30fbd0477a2800d3fb1909 C:\WINDOWS\system32\wups.dll

MD5: bdc0c99e472176c8c2c853a68adc5073 C:\WINDOWS\system32\wups2.dll

MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll

MD5: aeec11fc2b0dbf973f54e30ecf42e73e C:\WINDOWS\system32\ZoneLabs\vsmon.exe

MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MD5: 80776884e7a05d6da5040926f82b0273 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\gdiplus.dll

MD5: 6efe29f123e58a6333f50beca863da42 E:\Program Files\Yahoo!\Common\npyaxmpb.dll

Scan finished - communication took 20 sec

Total traffic - 0.00 MB sent, 0.00 KB recvd

Scanned 634 files and modules - 20 seconds

Edited by Maurice Naggar
removed extraneous formatting
Link to post
Share on other sites

RKreport log:

RogueKiller V8.5.3 [Mar 16 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo...uekiller/

Website : http://tigzy.geeksto...iller.php

Blog : http://tigzyrk.blogs...spot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Jit Dutta [Admin rights]

Mode : Scan -- Date : 03/16/2013 09:23:31

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤

[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HTS541080G9SA00 +++++

--- User ---

[MBR] 571d12b2058707e2487ca3eab56480ea

[bSP] 48418dc489112fbc055cf98cad1b7d16 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 30004 Mo

1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 61448625 | Size: 46061 Mo

3 - [XXXXXX] UNKNOWN (0x88) [VISIBLE] Offset (sectors): 155782305 | Size: 251 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_03162013_02d0923.txt >>

RKreport[1]_S_03162013_02d0923.txt

Edited by Maurice Naggar
Link to post
Share on other sites

Your last posts were un-readable. All had tons of extra formatting.

Please do NOT use Wordpad (IF you did.). ONLY use NOTEPAD to copy all contents of a log.

Start NOTEPAD

Start NOTEPAD. Check and make sure "word wrap" is off.

From Notepad main menu bar, Select F (format) and make sure Word Wrap is NOT checked.

IF it -is- checkmarked, click that one time so that it is un-checked.

PLEASE review your future posts and make sure they do not have junk formats.

When you need to start replies, press the More Reply options button {at bottom right}, and then if you see a two-line toolbar that is on, then click 1 time on the leftside top "light switch"

....then you can paste your reply.

I have edited all your recent posts; but will do no further ones. I just need readable posts.

IF you cannot do that, then please attach the logs.

Your logs showed some peer-to-peer filesharing apps: Uninstall µTorrent and confirm that for me.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

Forum policy on peer-to-peer-programs:

If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

http://forums.malwarebytes.org/index.php?showtopic=97700

There will be more to follow.

Link to post
Share on other sites

Be sure you 1st complete the stuff in my prior reply.

After that, do these next.

You have TWO installed antivirus apps! which will cause confusion, conflicts, and deadlocks.

ZoneAlarm Security Suite Antivirus

Kaspersky Internet Security

Whichever one you did not buy, then Uninstall it &

logoff and restart Windows fresh

and let me know what you have decided & done.

IF you bought neither, then uninstall both and do the following:

Two good antivirus programs free for non-commercial home use are Avira Free Antivirus and Microsoft Security Essentials

Choose one & only one of them.

Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

Task 2

Disable CD-ROM Emulation Software:

Please download the following tool DeFogger to your desktop.

◦Double click DeFogger to run the tool.

◦The application window will appear

◦Click the Disable button to disable your CD Emulation drivers.

◦Click Yes to continue

◦A 'Finished!' message will appear

◦Click OK

◦DeFogger will now ask to reboot the machine - click OK

◦IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

◦Do not re-enable these drivers until otherwise instructed.

Task 3

Download TFC by OldTimer to your desktop

  • Please double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • IF prompted to Reboot, reply "Yes".

Task 4

Go to Start > Run

Type in exactly

iexplore.exe -extoff

& Press Enter. Note that single space after exe ....and the minus symbol before extoff

That should start Internet Explorer in safe mode of IE {sometimes referred to as NOaddon mode }

Then using IE, do what is listed in this MS article

Fix Internet Explorer issues to make IE fast, safe and stable

http://support.microsoft.com/mats/ie_performance_and_safety/

Task 5

To de-install Flash Player

Use Programs and Features (Windows 7 & Vista) or Add-or-Remove Programs (Windows XP) to de-install older versions of Flash Player.

For stubborn cases,

Download and save the Flash Player uninstaller >> uninstall Flash Player for 32-bit Windows<<

If you have Windows 64-bit, use this Flash Player uninstaller >> uninstall Flash Player for 64-bit Windows<<

Close all browsers and instant messenger (IM) programs.

Run the uninstaller.

To get latest Flash Player

Go to http://www.adobe.com/go/getflash

and get the latest Flash Player

Un-Check any checkbox for Google Chrome, or McAfee Security Scan Plus, or any other widget or toolbar or add-on!!!

Reference: How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system

http://support.microsoft.com/kb/827218

Link to post
Share on other sites

I uninstalled muTotrrent.

I also uninstalled zonealarm long time ago, do I need to manually remove the zonealarm folder from program directory?

I have purchased version of Kaspersky.

How do I attach a log file? I don't see an option to attach file...

Thanks!

Link to post
Share on other sites

checkup.txt:

Results of screen317's Security Check version 0.99.61

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Disabled!

ZoneAlarm Security Suite Antivirus

Kaspersky Internet Security

Antivirus out of date! (On Access scanning disabled!)

`````````Anti-malware/Other Utilities Check:`````````

WinPatrol

Malwarebytes Anti-Malware version 1.70.0.1100

CCleaner

Adobe Flash Player 10 Flash Player out of Date!

Adobe Flash Player 10.2.159.1 Flash Player out of Date!

Google Chrome 25.0.1364.160

Google Chrome 25.0.1364.172

````````Process Check: objlist.exe by Laurent````````

WinPatrol winpatrol.exe

Kaspersky Lab Kaspersky Internet Security 2013 avp.exe

BillP Studios WinPatrol winpatrol.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 55% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

Link to post
Share on other sites

info.txt:

info.txt logfile of random's system information tool 1.09 2013-03-16 09:04:10

======Uninstall list======

-->C:\Documents and Settings\All Users\Application Data\DivX\DivX7\DivX Codec\DivXCodecUninstall.exe /CODEC

-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}

-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}

-->E:\SiebelAnalytics\UninstallApps2\setup.exe

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL

Adobe Download Manager-->"C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /Get1

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10p_Plugin.exe -maintain plugin

Ashampoo Burning Studio 6 FREE-->"C:\Program Files\Ashampoo\Ashampoo Burning Studio 6 FREE\unins000.exe"

AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"

Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}

Brother MFL-Pro Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}\Setup.exe" -l0x9 Brunin03.dll -removeonly

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

CD/DVD Drive Acoustic Silencer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9

DVD-RAM Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\setup.exe" -l0x9 DVD-RAM Driver

ERUNT 1.1j-->"e:\Program Files\ERUNT\unins000.exe"

FileASSASSIN-->e:\Program Files\FileASSASSIN\uninst.exe

Google Chrome-->"C:\Program Files\Google\Chrome\Application\25.0.1364.172\Installer\setup.exe" --uninstall --multi-install --chrome --system-level

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2

Intel® PRO Network Connections Drivers-->Prounstl.exe

Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe

InterVideo WinDVD Creator 2-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL

InterVideo WinDVD for TOSHIBA-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL

Kaspersky Internet Security 2013-->MsiExec.exe /I{560985FB-4B76-4121-9189-7A2CDC7886D6}

Kaspersky Internet Security 2013-->MsiExec.exe /I{560985FB-4B76-4121-9189-7A2CDC7886D6} REMOVE=ALL

K-Lite Codec Pack 9.7.5 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"

Malwarebytes Anti-Malware version 1.70.0.1100-->"e:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}

mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}

mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Office 2000 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}

mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}

mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}

mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}

mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}

mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}

mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}

mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}

mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}

Office 2003 Trial Assistant-->MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}

Oracle JInitiator 1.3.1.18-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{68249B6E-B714-11D7-88E8-0050DA21757E}\Setup.exe" -l0x9 -uninst

Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"

Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly

SD Secure Module-->MsiExec.exe /X{C45F4811-31D5-4786-801D-F79CD06EDD85}

Security Update for Windows Internet Explorer 8 (KB2510531)-->"C:\WINDOWS\ie8updates\KB2510531-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2618444)-->"C:\WINDOWS\ie8updates\KB2618444-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2744842)-->"C:\WINDOWS\ie8updates\KB2744842-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2792100)-->"C:\WINDOWS\ie8updates\KB2792100-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2797052)-->"C:\WINDOWS\ie8updates\KB2797052-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"

Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}

Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}

Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}

Sothink Movie DVD Maker-->"C:\Program Files\SourceTec\Sothink Movie DVD Maker\unins000.exe"

STB Prospector II-->E:\PROGRA~1\PROSPE~1\UNINST~1.EXE E:\PROGRA~1\PROSPE~1\INSTALL.LOG

Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4497AFF6-98C4-4F49-B073-F48F42BCBF9E} /l1033

TOSHIBA Controls-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe" -l0x9 UNINSTALL

TOSHIBA Hotkey Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64DD71BC-3109-4C88-9AD3-D5422644B722}\setup.exe" -l0x9

Toshiba Media Center Game Console-->MsiExec.exe /I{F21B28BF-8A4D-4F1A-A61B-69DD5B4A9BBA}

TOSHIBA PC Diagnostic Tool-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu"

TOSHIBA Power Saver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\Power Saver\Uninst.isu" -c"C:\WINDOWS\system32\TPSDel.dll"

TOSHIBA SD Memory Card Format-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}\Setup.exe"

TOSHIBA TouchPad ON/Off Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{69BE47C2-36FE-4397-8199-85D8EAE69982}\setup.exe" -l0x9

TOSHIBA Utilities-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}\setup.exe" -l0x9

TOSHIBA Virtual Sound-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B12BA86-ADAC-4BA6-B441-FFC591087252}\Setup.exe" /uninstall

TOSHIBA Zooming Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\Setup.exe"

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Update for Windows Internet Explorer 8 (KB2598845)-->"C:\WINDOWS\ie8updates\KB2598845-IE8\spuninst\spuninst.exe"

VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}

VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}

VC80CRTRedist - 8.0.50727.6195-->MsiExec.exe /I{933B4015-4618-4716-A828-5289FC03165F}

Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}

Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

WinPatrol-->C:\DOCUME~1\ALLUSE~1\APPLIC~1\INSTAL~2\{A62F9~1\Setup.exe /remove /q0

WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: ZoneAlarm Security Suite Antivirus (disabled) (outdated)

AV: Kaspersky Internet Security

FW: ZoneAlarm Firewall (disabled)

FW: Kaspersky Internet Security

======System event log======

Computer Name: JDTOSHIBA

Event Code: 7001

Message: The ZoneAlarm Toolbar IswSvc service depends on the ZoneAlarm Toolbar ISWKL service which failed to start because of the following error:

The system cannot find the file specified.

Record Number: 72360

Source Name: Service Control Manager

Time Written: 20121229125936.000000-480

Event Type: error

User:

Computer Name: JDTOSHIBA

Event Code: 7000

Message: The ZoneAlarm Toolbar ISWKL service failed to start due to the following error:

The system cannot find the file specified.

Record Number: 72359

Source Name: Service Control Manager

Time Written: 20121229125936.000000-480

Event Type: error

User:

Computer Name: JDTOSHIBA

Event Code: 7026

Message: The following boot-start or system-start driver(s) failed to load:

Cdrom

Imapi

redbook

Record Number: 72317

Source Name: Service Control Manager

Time Written: 20121229120631.000000-480

Event Type: error

User:

Computer Name: JDTOSHIBA

Event Code: 7001

Message: The ZoneAlarm Toolbar IswSvc service depends on the ZoneAlarm Toolbar ISWKL service which failed to start because of the following error:

The system cannot find the file specified.

Record Number: 72316

Source Name: Service Control Manager

Time Written: 20121229120630.000000-480

Event Type: error

User:

Computer Name: JDTOSHIBA

Event Code: 7000

Message: The ZoneAlarm Toolbar ISWKL service failed to start due to the following error:

The system cannot find the file specified.

Record Number: 72315

Source Name: Service Control Manager

Time Written: 20121229120630.000000-480

Event Type: error

User:

=====Application event log=====

Computer Name: JDTOSHIBA

Event Code: 1001

Message: Fault bucket -1980436755.

Record Number: 28

Source Name: Application Hang

Time Written: 20130301133028.000000-480

Event Type: error

User:

Computer Name: JDTOSHIBA

Event Code: 1002

Message: Hanging application winpatrol.exe, version 20.0.2011.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 27

Source Name: Application Hang

Time Written: 20130301133024.000000-480

Event Type: error

User:

Computer Name: JDTOSHIBA

Event Code: 1001

Message: Fault bucket 1723119140.

Record Number: 26

Source Name: Application Error

Time Written: 20130301132907.000000-480

Event Type: error

User:

Computer Name: JDTOSHIBA

Event Code: 1000

Message: Faulting application winpatrol.exe, version 20.0.2011.0, faulting module winpatrol.exe, version 20.0.2011.0, fault address 0x000135ca.

Record Number: 25

Source Name: Application Error

Time Written: 20130301132857.000000-480

Event Type: error

User:

Computer Name: JDTOSHIBA

Event Code: 1002

Message: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 19

Source Name: Application Hang

Time Written: 20130301131007.000000-480

Event Type: error

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"NLS_LANG"=AMERICAN_AMERICA.UTF8

"NUMBER_OF_PROCESSORS"=2

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;e:\SiebelAnalytics\server\Bin;e:\SiebelAnalytics\web\bin;e:\SiebelAnalytics\web\catalogmanager

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel

"PROCESSOR_LEVEL"=6

"PROCESSOR_REVISION"=0e08

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"windir"=%SystemRoot%

"SAROOTDIR"=e:\SiebelAnalytics

"SADATADIR"=e:\SiebelAnalyticsData

"SATEMPDIR"=e:\SiebelAnalyticsData\tmp

"tvdumpflags"=8

"PERL5LIB"=

"ORACLE_HOME"=

-----------------EOF-----------------

Link to post
Share on other sites

log.txt:

Logfile of random's system information tool 1.09 (written by random/random)

Run by Jit Dutta at 2013-03-16 09:03:43

Microsoft Windows XP Professional Service Pack 3

System drive C: has 2 GB (6%) free of 30 GB

Total RAM: 1014 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 9:04:06 AM, on 3/16/2013

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\dla\DLACTRLW.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Jit Dutta\My Documents\Downloads\RSIT.exe

C:\Documents and Settings\Jit Dutta\Desktop\Jit Dutta.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll

O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll

O4 - HKLM\..\Run: [TDispVol] TDispVol.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe

O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm

O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab

O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.anandabazar.com/wfplayer/tdserver.cab

O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://laxnotes2.infonet.com/iNotes6W.cab

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {7CBD657F-F647-40EE-BE7A-094704C1379D} (Siebel High Interactivity Framework) - http://172.27.19.176/marketing_enu/21215/applets/SiebelAx_HI_Client.cab

O16 - DPF: {CAFECAFE-0013-0001-0018-ABCDEFABCDEF} (JInitiator 1.3.1.18) - http://devdb02.scl.corp.equinix.com:8008/jinitiator/oajinit.exe

O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - http://www.tvucricket.com/player/vjocx-en-black.cab

O16 - DPF: {DE2C7216-C882-400E-BB47-EBB90237CAD1} (Siebel High Interactivity Framework) - http://laxcrmw80.infonet.com/ecommunications_ENU/19221/applets/SiebelAx_HI_Client.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Unknown owner - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--

End of file - 7416 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}]

Content Blocker Plugin - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2012-08-17 537528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73455575-E40C-433C-9784-C78DC7761455}]

Virtual Keyboard Plugin - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2012-08-17 811960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}]

Safe Money Plugin - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll [2012-08-17 424888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]

URL Advisor Plugin - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll [2012-08-17 484280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"TDispVol"=C:\WINDOWS\system32\TDispVol.exe [2005-03-11 73728]

"dla"=C:\WINDOWS\system32\dla\DLACTRLW.exe [2005-10-06 122940]

"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2013-01-04 404712]

"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2012-12-28 356376]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

C:\WINDOWS\AGRSMMSG.exe [2005-10-15 88203]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2005-11-27 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]

C:\WINDOWS\system32\klogon.dll [2012-08-17 200632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]

WRLogonNTF.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=1

"NoDriveAutoRun"=67108863

"NoDrives"=0

"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine"

"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Documents and Settings\Jit Dutta\Desktop\utorrent.exe"="C:\Documents and Settings\Jit Dutta\Desktop\utorrent.exe:*:Enabled:µTorrent"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"E:\Program Files\Skype\Phone\Skype.exe"="E:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\Documents and Settings\Jit Dutta\Application Data\Spotify\spotify.exe"="C:\Documents and Settings\Jit Dutta\Application Data\Spotify\spotify.exe:*:Enabled:Spotify"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service"

"C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application"

"C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line"

"C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent"

"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"midimapper"=midimap.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msadpcm"=msadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.trspch"=tssoft32.acm

"vidc.cvid"=iccvid.dll

"vidc.I420"=msh263.drv

"vidc.iv31"=ir32_32.dll

"vidc.iv32"=ir32_32.dll

"vidc.iv41"=ir41_32.ax

"vidc.iyuv"=iyuv_32.dll

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvu9"=tsbyuv.dll

"vidc.yvyu"=msyuv.dll

"wavemapper"=msacm32.drv

"msacm.msg723"=msg723.acm

"vidc.M263"=msh263.drv

"vidc.M261"=msh261.drv

"msacm.msaudio1"=msaud32.acm

"msacm.sl_anet"=sl_anet.acm

"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax

"vidc.iv50"=ir50_32.dll

"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"wave2"=wdmaud.drv

"midi2"=wdmaud.drv

"mixer2"=wdmaud.drv

"aux2"=wdmaud.drv

"msacm.voxacm160"=vct3216.acm

"msacm.scg726"=scg726.acm

"msacm.alf2cd"=alf2cd.acm

"vidc.dvsd"=mcdvd_32.dll

"vidc.mpg4"=mpg4c32.dll

"vidc.mp42"=mpg4c32.dll

"vidc.mp43"=mpg4c32.dll

"aux3"=wdmaud.drv

"vidc.x264"=x264vfw.dll

"vidc.lags"=lagarith.dll

"msacm.ac3filter"=ac3filter.acm

======List of files/folders created in the last 1 month======

2013-03-16 09:03:43 ----DC---- C:\rsit

2013-03-10 14:06:43 ----AC---- C:\WINDOWS\system32\drivers\mbam.sys

2013-03-09 18:55:31 ----AC---- C:\WINDOWS\system32\aswBoot.exe

2013-03-09 15:31:41 ----AC---- C:\WINDOWS\imsins.BAK

2013-03-09 15:29:39 ----HDC---- C:\WINDOWS\ie8

2013-03-09 15:20:52 ----AC---- C:\WINDOWS\SchedLgU.Txt

2013-03-09 15:20:28 ----AC---- C:\WINDOWS\system32\FNTCACHE.DAT

2013-03-02 01:40:09 ----AC---- C:\WINDOWS\system32\unrar.dll

2013-03-01 14:35:30 ----DC---- C:\Program Files\K-Lite Codec Pack

2013-03-01 14:21:03 ----DC---- C:\Program Files\DivX

2013-03-01 14:20:41 ----DC---- C:\Documents and Settings\All Users\Application Data\DivX

======List of files/folders modified in the last 1 month======

2013-03-16 09:03:45 ----DC---- C:\WINDOWS\Prefetch

2013-03-16 08:58:32 ----DC---- C:\WINDOWS\ERDNT

2013-03-16 08:14:09 ----DC---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2013-03-16 08:06:23 ----DC---- C:\WINDOWS\system32\inetsrv

2013-03-16 07:54:05 ----DC---- C:\WINDOWS\Temp

2013-03-15 21:50:32 ----DC---- C:\Documents and Settings\Jit Dutta\Application Data\Media Player Classic

2013-03-15 21:08:52 ----DC---- C:\WINDOWS\system32\DLA

2013-03-11 10:11:35 ----ADC---- C:\WINDOWS\system32\drivers

2013-03-11 09:20:00 ----SHDC---- C:\WINDOWS\Installer

2013-03-11 08:51:27 ----DC---- C:\Documents and Settings\All Users\Application Data\AVAST Software

2013-03-11 08:47:58 ----DC---- C:\WINDOWS

2013-03-11 08:47:57 ----SDC---- C:\WINDOWS\Tasks

2013-03-10 13:49:52 ----DC---- C:\WINDOWS\system32\CatRoot2

2013-03-10 13:35:24 ----HDC---- C:\WINDOWS\inf

2013-03-10 13:35:20 ----DC---- C:\WINDOWS\system32\CatRoot

2013-03-10 13:35:19 ----RSHDC---- C:\WINDOWS\system32\dllcache

2013-03-10 13:35:06 ----DC---- C:\WINDOWS\ie8updates

2013-03-10 13:34:26 ----ADC---- C:\WINDOWS\system32

2013-03-10 08:58:04 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI

2013-03-09 18:54:45 ----SHDC---- C:\Config.Msi

2013-03-09 18:54:43 ----DC---- C:\WINDOWS\WinSxS

2013-03-09 18:54:42 ----DC---- C:\Program Files\Common Files\Microsoft Shared

2013-03-09 18:38:19 ----AC---- C:\WINDOWS\win.ini

2013-03-09 18:34:34 ----DC---- C:\Program Files\Windows Media Player

2013-03-09 18:31:31 ----DC---- C:\WINDOWS\Help

2013-03-09 18:31:30 ----DC---- C:\Program Files\Windows Media Connect 2

2013-03-09 15:42:32 ----DC---- C:\Program Files\Internet Explorer

2013-03-09 15:31:29 ----DC---- C:\WINDOWS\WBEM

2013-03-09 15:31:29 ----DC---- C:\WINDOWS\system32\en-us

2013-03-09 15:31:14 ----DC---- C:\WINDOWS\Media

2013-03-09 15:27:12 ----DC---- C:\WINDOWS\Debug

2013-03-09 13:45:46 ----DC---- C:\WINDOWS\system32\LogFiles

2013-03-09 13:21:55 ----DC---- C:\Program Files

2013-03-09 13:14:43 ----DC---- C:\Program Files\Google

2013-03-09 12:47:31 ----DC---- C:\Documents and Settings\Jit Dutta\Application Data\uTorrent

2013-03-09 11:02:24 ----SHD---- C:\WINDOWS\CSC

2013-03-02 13:36:46 ----DC---- C:\Documents and Settings\All Users\Application Data\InstallMate

2013-03-02 09:05:02 ----DC---- C:\Program Files\Common Files

2013-03-02 01:13:01 ----SDC---- C:\WINDOWS\Downloaded Program Files

2013-03-02 01:04:51 ----ADC---- C:\Documents and Settings\All Users\Application Data\TEMP

2013-03-01 14:31:35 ----DC---- C:\Documents and Settings\Jit Dutta\Application Data\DivX

2013-03-01 14:12:08 ----DC---- C:\WINDOWS\ehome

2013-02-22 21:40:00 ----DC---- C:\WINDOWS\SxsCaPendDel

2013-02-22 18:28:39 ----DC---- C:\WINDOWS\Registration

2013-02-22 18:28:36 ----RSDC---- C:\WINDOWS\assembly

2013-02-22 18:28:35 ----DC---- C:\WINDOWS\system32\mui

2013-02-22 18:28:34 ----DC---- C:\WINDOWS\system32\URTTemp

2013-02-22 18:20:30 ----RSDC---- C:\WINDOWS\Fonts

2013-02-17 16:26:33 ----DC---- C:\WINDOWS\Internet Logs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 DRVMCDB;DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [2005-09-12 89264]

R0 kl1;kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [2012-06-19 136024]

R0 KR10N;KR10N; C:\WINDOWS\system32\drivers\KR10N.sys [2005-01-12 204160]

R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]

R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2012-12-28 586584]

R1 kltdi;kltdi; C:\WINDOWS\system32\DRIVERS\kltdi.sys [2012-12-28 43608]

R1 kneps;kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [2012-08-13 144344]

R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-06-02 102384]

R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]

R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-12-31 21275]

R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-10-06 25628]

R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-10-06 2496]

R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-10-06 86524]

R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-10-06 14684]

R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-10-06 6364]

R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-10-06 87036]

R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-10-06 94332]

R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]

R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]

R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-11-15 1122656]

R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-10-10 163328]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-27 1353820]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-12-09 4123136]

R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2012-06-27 35672]

R3 klkbdflt;Kaspersky Lab KLKBDFLT; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [2012-10-25 24408]

R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2012-10-25 24920]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]

R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]

R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-12-16 191936]

R3 tbiosdrv;Toshiba Logical Tbios Device; C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys [2005-08-24 9472]

R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560]

R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]

R3 TVALD;Toshiba Mobile PC Service; C:\WINDOWS\system32\DRIVERS\NBSMI.sys [2005-10-20 6144]

R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2005-11-30 43392]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-04 1428096]

S0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys []

S0 srescan;srescan; C:\WINDOWS\system32\ZoneLabs\srescan.sys []

S2 ISWKL;ZoneAlarm Toolbar ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys []

S3 brfilt;Brother MFC Filter Driver; C:\WINDOWS\System32\Drivers\Brfilt.sys [2001-08-17 2944]

S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295]

S3 BrSerWDM;Brother Serial driver; C:\WINDOWS\System32\Drivers\BrSerWdm.sys [2001-08-17 60416]

S3 BrUsbMdm;Brother MFC USB Fax Only Modem; C:\WINDOWS\System32\Drivers\BrUsbMdm.sys [2001-08-17 11008]

S3 BrUsbScn;Brother MFC USB Scanner driver; C:\WINDOWS\System32\Drivers\BrUsbScn.sys [2001-08-17 10368]

S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]

S3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2005-09-14 179200]

S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys []

S3 hamachi_oem;PlayLinc Adapter; C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-09-27 10664]

S3 IO_Memory;IO_Memory; C:\WINDOWS\system32\drivers\IO_Memory.sys []

S3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]

S3 mf;mf; C:\WINDOWS\system32\DRIVERS\mf.sys [2008-04-13 63744]

S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]

S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []

S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []

S3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]

S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]

S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]

S3 SVRPEDRV;SVRPEDRV; C:\WINDOWS\system32\drivers\SVRPEDRV.sys []

S3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2005-11-25 28800]

S3 tosrfec;Bluetooth ACPI from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 9344]

S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []

S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2010-05-13 532224]

S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]

S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2008-03-29 125328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

R2 AVP;Kaspersky Anti-Virus Service; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2012-12-28 356376]

R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-28 110592]

R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]

R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]

R2 Iprip;RIP Listener; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]

R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]

R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]

R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]

R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-10 19456]

R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]

R2 TAPPSRV;TOSHIBA Application Service; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [2005-12-20 35328]

R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]

S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-19 135664]

S2 IswSvc;ZoneAlarm Toolbar IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe []

S3 getPlusHelper;getPlus® Helper; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]

S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-19 135664]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-10 19456]

S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]

S3 p2pgasvc;Peer Networking Group Authentication; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S3 p2pimsvc;Peer Networking Identity Manager; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S3 p2psvc;Peer Networking; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S3 PNRPSvc;Peer Name Resolution Protocol; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

Link to post
Share on other sites

Report:

QuickScan 32-bit v0.9.9.118

---------------------------

Scan date: Sat Mar 16 09:17:40 2013

Machine ID: 782DCCD2

Scan failed! Couldn't access QuickScan server.

----------------------------------------------

couldn't connect to host

Processes

---------

WinPatrol Monitor 3544 C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe

Drive Letter Access Component 3540 C:\WINDOWS\system32\DLA\DLACTRLW.EXE

DVD-RAM Utility Helper Service 620 C:\WINDOWS\system32\DVDRAMSV.exe

Google Chrome 2936 C:\Program Files\Google\Chrome\Application\chrome.exe

Google Chrome 5928 C:\Program Files\Google\Chrome\Application\chrome.exe

Google Chrome 5784 C:\Program Files\Google\Chrome\Application\chrome.exe

Google Chrome 4976 C:\Program Files\Google\Chrome\Application\chrome.exe

Google Chrome 4484 C:\Program Files\Google\Chrome\Application\chrome.exe

Intel® PROSet/Wireless Event Log 1568 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

Intel® PROSet/Wireless Registry Servi 760 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

Intel® PROSet/Wireless Service 1604 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

Internet Information Services 716 C:\WINDOWS\system32\inetsrv\inetinfo.exe

Kaspersky Anti-Virus 580 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

Kaspersky Anti-Virus 3564 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

Microsoft® Windows® Operating System 1928 C:\WINDOWS\ehome\mcrdsvc.exe

Microsoft® Windows® Operating System 292 C:\WINDOWS\system32\spoolsv.exe

Microsoft® Windows® Operating System 868 C:\WINDOWS\system32\tcpsvcs.exe

Microsoft® Windows® Operating System 5940 C:\WINDOWS\system32\wscntfy.exe

Microsoft® Windows® Operating System 2384 C:\WINDOWS\system32\wuauclt.exe

Microsoft® Windows® Operating System 3600 C:\WINDOWS\system32\wuauclt.exe

TOSHIBA TAPPSRV 1688 C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

(verified) Google Update 768 C:\Program Files\Google\Update\GoogleUpdate.exe

(verified) Microsoft® Windows® Operating System 976 C:\WINDOWS\explorer.exe

(verified) Microsoft® Windows® Operating System 3028 C:\WINDOWS\system32\alg.exe

(verified) Microsoft® Windows® Operating System 1136 C:\WINDOWS\system32\csrss.exe

(verified) Microsoft® Windows® Operating System 3584 C:\WINDOWS\system32\ctfmon.exe

(verified) Microsoft® Windows® Operating System 1224 C:\WINDOWS\system32\lsass.exe

(verified) Microsoft® Windows® Operating System 932 C:\WINDOWS\system32\rundll32.exe

(verified) Microsoft® Windows® Operating System 1212 C:\WINDOWS\system32\services.exe

(verified) Microsoft® Windows® Operating System 1080 C:\WINDOWS\system32\smss.exe

(verified) Microsoft® Windows® Operating System 400 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1512 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1724 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1872 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1468 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1400 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1356 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 4008 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 984 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1160 C:\WINDOWS\system32\winlogon.exe

Network activity

----------------

Process chrome.exe (2936) connected on port 80 (HTTP) --> 74.125.224.173

Process chrome.exe (2936) connected on port 80 (HTTP) --> 74.125.224.70

Process chrome.exe (2936) connected on port 80 (HTTP) --> 37.59.67.149

Process chrome.exe (2936) connected on port 80 (HTTP) --> 72.21.81.253

Process chrome.exe (2936) connected on port 80 (HTTP) --> 184.24.31.139

Process chrome.exe (2936) connected on port 443 (HTTP over SSL) --> 74.125.224.175

Process chrome.exe (2936) connected on port 80 (HTTP) --> 74.125.224.210

Process chrome.exe (2936) connected on port 80 (HTTP) --> 72.21.81.253

Process chrome.exe (2936) connected on port 80 (HTTP) --> 37.59.67.149

Process chrome.exe (2936) connected on port 80 (HTTP) --> 72.21.81.253

Process chrome.exe (2936) connected on port 80 (HTTP) --> 74.125.224.177

Process chrome.exe (2936) connected on port 80 (HTTP) --> 64.94.107.26

Process chrome.exe (2936) connected on port 80 (HTTP) --> 37.59.67.149

Process chrome.exe (2936) connected on port 80 (HTTP) --> 74.125.224.177

Process chrome.exe (2936) connected on port 443 (HTTP over SSL) --> 74.125.224.170

Process chrome.exe (2936) connected on port 80 (HTTP) --> 64.94.107.26

Process chrome.exe (2936) connected on port 80 (HTTP) --> 66.235.142.2

Process chrome.exe (2936) connected on port 80 (HTTP) --> 66.235.142.2

Process chrome.exe (2936) connected on port 80 (HTTP) --> 66.235.142.2

Process chrome.exe (2936) connected on port 80 (HTTP) --> 74.125.224.173

Process chrome.exe (2936) connected on port 443 (HTTP over SSL) --> 74.125.224.174

Process chrome.exe (2936) connected on port 80 (HTTP) --> 66.235.142.2

Process chrome.exe (2936) connected on port 80 (HTTP) --> 74.125.224.142

Process chrome.exe (2936) connected on port 443 (HTTP over SSL) --> 74.125.224.199

Process chrome.exe (2936) connected on port 80 (HTTP) --> 74.125.224.142

Process chrome.exe (2936) connected on port 443 (HTTP over SSL) --> 74.125.224.203

Process chrome.exe (2936) connected on port 443 (HTTP over SSL) --> 74.125.224.210

Process chrome.exe (2936) connected on port 80 (HTTP) --> 23.15.63.139

Process chrome.exe (2936) connected on port 80 (HTTP) --> 74.125.224.205

Process chrome.exe (2936) connected on port 443 (HTTP over SSL) --> 74.125.224.160

Process chrome.exe (2936) connected on port 80 (HTTP) --> 74.125.224.173

Process chrome.exe (2936) connected on port 80 (HTTP) --> 74.125.224.70

Process chrome.exe (2936) connected on port 80 (HTTP) --> 64.94.107.21

Process chrome.exe (2936) connected on port 80 (HTTP) --> 23.15.63.139

Process chrome.exe (2936) connected on port 443 (HTTP over SSL) --> 74.125.129.95

Process chrome.exe (2936) connected on port 80 (HTTP) --> 74.125.224.205

Process chrome.exe (2936) connected on port 80 (HTTP) --> 64.94.107.21

Process chrome.exe (2936) connected on port 80 (HTTP) --> 74.125.224.173

Process chrome.exe (2936) connected on port 80 (HTTP) --> 64.94.107.21

Process inetinfo.exe (716) listens on ports: 25 (SMTP), 80 (HTTP), 443 (HTTP over SSL), 1025 (RPC)

Process tcpsvcs.exe (868) listens on ports: 7 (Echo), 9 (Discard), 13 (Daytime), 17 (Quotd), 19 (Chargen)

Process svchost.exe (1468) listens on ports: 135 (RPC)

Autoruns and critical files

---------------------------

WinPatrol Monitor C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe

Drive Letter Access Component C:\WINDOWS\system32\DLA\DLACTRLW.EXE

Intel® Common User Interface C:\WINDOWS\system32\igfxdev.dll

Kaspersky Anti-Virus C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

Kaspersky Anti-Virus C:\WINDOWS\system32\klogon.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\cryptnet.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\CSCDLL.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\sstext3d.scr

Microsoft® Windows® Operating System C:\WINDOWS\system32\upnpui.dll

Microsoft® Windows® Operating System c:\windows\system32\userinit.exe

Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll

TDispVol C:\WINDOWS\system32\TDispVol.exe

Windows Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll

(verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll

(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll

Browser plugins

---------------

Bitdefender QuickScan C:\Documents and Settings\Jit Dutta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.118_0\npqscan.dll

Domino Web Access C:\WINDOWS\Downloaded Program Files\inotes6W.dll

getPlus+® C:\WINDOWS\Downloaded Program Files\gp.ocx

Google Update C:\Documents and Settings\Jit Dutta\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll

Google Update C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

InstallShield Update Service C:\WINDOWS\Downloaded Program Files\isusweb.dll

Java Deployment Toolkit 7.0.90.5 C:\WINDOWS\system32\npDeployJava1.dll

Kaspersky Anti-Virus C:\Documents and Settings\Jit Dutta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin\npUrlAdvisor.dll

Kaspersky Anti-Virus C:\Documents and Settings\Jit Dutta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\plugin\online_banking_npapi.dll

Kaspersky Anti-Virus C:\Documents and Settings\Jit Dutta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\plugin\content_blocker_npapi.dll

Kaspersky Anti-Virus C:\Documents and Settings\Jit Dutta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\plugin\npVKPlugin.dll

Kaspersky Anti-Virus C:\Documents and Settings\Jit Dutta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\plugin\npABPlugin.dll

Kaspersky Anti-Virus c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dll

Kaspersky Anti-Virus c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dll

Kaspersky Anti-Virus c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll

Kaspersky Anti-Virus c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll

Messenger C:\Program Files\Messenger\msmsgs.exe

Microsoft® Windows® Operating System C:\WINDOWS\System32\mswsock.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\pnrpnsp.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll

MWMCli Module C:\WINDOWS\Downloaded Program Files\CONFLICT.1\mwmcli.dll

MWMCli Module C:\WINDOWS\Downloaded Program Files\mwmcli.dll

mwmStd Module C:\WINDOWS\Downloaded Program Files\CONFLICT.1\mwmstd.exe

mwmStd Module C:\WINDOWS\Downloaded Program Files\mwmstd.exe

NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

Siebel High Interactivity Framework C:\WINDOWS\Downloaded Program Files\SiebelAx_HI_Client_19221.dll

Siebel High Interactivity Framework C:\WINDOWS\Downloaded Program Files\SiebelAx_HI_Client_21215.dll

TDServer ActiveX Control Module C:\WINDOWS\Downloaded Program Files\tdserver.ocx

tgctlcm Module C:\WINDOWS\Downloaded Program Files\tgctlcm.dll

TVU Web Player for FireFox C:\WINDOWS\Downloaded Program Files\npTVUAx.dll

WebEx Download Module C:\WINDOWS\Downloaded Program Files\atgpcdec.dll

WebEx Download Module C:\WINDOWS\Downloaded Program Files\atgpcext.dll

WebEx Download Module C:\WINDOWS\Downloaded Program Files\CONFLICT.1\atgpcdec.dll

WebEx Download Module C:\WINDOWS\Downloaded Program Files\CONFLICT.1\atgpcext.dll

WebEx Download Module C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ieatgpc.dll

WebEx Download Module C:\WINDOWS\Downloaded Program Files\ieatgpc.dll

Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll

Yahoo! activeX Plug-in Bridge E:\Program Files\Yahoo!\Common\npyaxmpb.dll

(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll

(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

Missing files

-------------

File not found: WRLogonNTF.dll

--> HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier\"DllName"

Scan

----

MD5: 703bd9edb9065388e1cf0064d0a87390 C:\Documents and Settings\Jit Dutta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin\npUrlAdvisor.dll

MD5: 3a82ee94bbffae6c9f0a06c07ed15d51 C:\Documents and Settings\Jit Dutta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\plugin\online_banking_npapi.dll

MD5: 080349fe383ee89998f82381a8ff9877 C:\Documents and Settings\Jit Dutta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\plugin\content_blocker_npapi.dll

MD5: b86bb3a36759b5f587509b3cc96e0d57 C:\Documents and Settings\Jit Dutta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\plugin\npVKPlugin.dll

MD5: 853e987a635c0008f53e3cc13290af6b C:\Documents and Settings\Jit Dutta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.118_0\npqscan.dll

MD5: 9b168bcb4d8e467f98197ccaca4a2bcc C:\Documents and Settings\Jit Dutta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\plugin\npABPlugin.dll

MD5: b226054bfa3d3a1920f7b95e54f3e87d C:\Documents and Settings\Jit Dutta\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll

MD5: ee0009f5daca10cbef55a2995b998cc8 C:\Program Files\BillP Studios\WinPatrol\PATROLPRO.DLL

MD5: 2c7b219cd45e962c49b1834083c75183 C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll

MD5: 3cc5914797e99032dbdb15cfeebe0774 C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe

MD5: 2133b82cd52f1b62cdea633769819a60 C:\Program Files\Common Files\System\ado\msado15.dll

MD5: 142cedecae89e372ee347681c3fbb257 C:\Program Files\Common Files\System\msadc\msadce.dll

MD5: 81e9041dac0983aace5c8920af73d64e C:\Program Files\Common Files\System\msadc\msadcer.dll

MD5: 1ed4c96ec76c3ddfcabd7644da23f4b6 C:\Program Files\Common Files\System\Ole DB\msdasql.dll

MD5: 8985fcece06a74017e23ddd093e34d4e C:\Program Files\Common Files\System\Ole DB\MSDASQLR.DLL

MD5: 73baffa0b02320690cdc606241078ce4 C:\Program Files\Common Files\System\Ole DB\MSDATL3.dll

MD5: e03524498354b75a1a57e9ea3f131822 C:\Program Files\Google\Chrome\Application\25.0.1364.172\chrome.dll

MD5: 64f111be54e51000f6a6431b0fb82b9a C:\Program Files\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll

MD5: cd9258657e4d5fa377f11f6faa94b8c1 C:\Program Files\Google\Chrome\Application\25.0.1364.172\icudt.dll

MD5: b1206136a14dd37d0050be5486e9bcad C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll

MD5: a1c1cbe2d3e407b8f16910e7f468276a C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll

MD5: b95ac0cdb8f068f0c024cd344b354298 C:\Program Files\Google\Chrome\Application\chrome.exe

MD5: 2e5672eea419a4dc9dacd714632e1dc3 C:\Program Files\Google\Update\1.3.21.135\goopdate.dll

MD5: e0ff893763ba82baabb869a351f0c455 C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

MD5: 56ded3ade453272e6a0ad582d945d1a4 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

MD5: 18697c1fdbe751ae52dd4edb3e9025f9 C:\Program Files\Intel\Wireless\Bin\IntStngs.dll

MD5: f5fcf2b4068dde641d16bf4b2e877c95 C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL

MD5: 2ca3bda4edb557f8426ee46650d2c441 C:\Program Files\Intel\Wireless\Bin\LIBEAY32.dll

MD5: 1175911e055430e3119f06812e1fa8b8 C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll

MD5: 1b2857ef12d79a9f9adba14b0637cbf8 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

MD5: 6c5155cc0e805c7be6028bff7ac14524 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

MD5: f9f696ab4f62d0281ed6380b50c0bdb0 C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL

MD5: 587efd6a3a30a35a27904d21ae1fb882 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

MD5: 517f21cbba33954464e68ecc53f9297b c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dll

MD5: 1d9fdaeaf878506cb826bc9dbdacb3d9 c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dll

MD5: 5dc1c94dbcf4054318da1dd8a10f0f0a c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll

MD5: ee3a2c6b274a7f735b69c7566a3aae5a c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll

MD5: bc83108b18756547013ed443b8cdb31b C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\MSVCP100.dll

MD5: 0e37fbfa79d349d672456923ec5fbbe3 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\MSVCR100.dll

MD5: a90c9e1ef6c156cf25e9ce8b4e2734ab C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\office_antivirus.dll

MD5: d2d1132b2e62116533296025e7f42f4e C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\prloader.dll

MD5: c99fa2d11b120f6475fd6dfb9d6c2cc7 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\prremote.dll

MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe

MD5: 82b57e682c5ba5ce8dd8bb9efae2c189 C:\Program Files\NOS\bin\getPlus_Helper.dll

MD5: 90861642fd6d8fafb1408ee26fa93cb4 C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL

MD5: 1e3eed331f27c4ad80e3304da4986619 C:\WINDOWS\Downloaded Program Files\atgpcdec.dll

MD5: 2be9f9cb7d87eb3639d0ba7a1ed8cb15 C:\WINDOWS\Downloaded Program Files\atgpcext.dll

MD5: 8862b30950a79d8151e1c8226a48e337 C:\WINDOWS\Downloaded Program Files\CONFLICT.1\atgpcdec.dll

MD5: 04ac93db552141ec003532df9e40f2ca C:\WINDOWS\Downloaded Program Files\CONFLICT.1\atgpcext.dll

MD5: b454f37295321536acdb828109b4dc4c C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ieatgpc.dll

MD5: bd8b20532ebf2a59797bd407440d874d C:\WINDOWS\Downloaded Program Files\CONFLICT.1\mwmcli.dll

MD5: 2fab2b7ea037b43f02259165adde61af C:\WINDOWS\Downloaded Program Files\CONFLICT.1\mwmstd.exe

MD5: e4fa3ce97845517523df43e7a21481d8 C:\WINDOWS\Downloaded Program Files\gp.ocx

MD5: b454f37295321536acdb828109b4dc4c C:\WINDOWS\Downloaded Program Files\ieatgpc.dll

MD5: 65c4c5729875e3b5784f9c91956c9bff C:\WINDOWS\Downloaded Program Files\inotes6W.dll

MD5: 3217f1f7d2f34ffaae55f53ac3c4920f C:\WINDOWS\Downloaded Program Files\isusweb.dll

MD5: 4d01c6dc2b718bca8f0bd4509d30347a C:\WINDOWS\Downloaded Program Files\mwmcli.dll

MD5: edda830bf95369c9f60090a14159f086 C:\WINDOWS\Downloaded Program Files\mwmstd.exe

MD5: 3c35a4b98f871a44f38b84733754da68 C:\WINDOWS\Downloaded Program Files\npTVUAx.dll

MD5: 016b63132f6272b0bd2e37c4c1faa5c4 C:\WINDOWS\Downloaded Program Files\SiebelAx_HI_Client_19221.dll

MD5: b692ee34710661bb29c60d24fde73e17 C:\WINDOWS\Downloaded Program Files\SiebelAx_HI_Client_21215.dll

MD5: acabd7a367f26b84bca35c33376bc19d C:\WINDOWS\Downloaded Program Files\tdserver.ocx

MD5: 8fbd7853f0b832408e6f9a4232bac4d6 C:\WINDOWS\Downloaded Program Files\tgctlcm.dll

MD5: 5d1347aa5ae6e2f77d7f4f8372d95ac9 C:\WINDOWS\eHome\ehRecvr.exe

MD5: a53243709439ac2a4c216b817f8d7411 C:\WINDOWS\eHome\ehSched.exe

MD5: 6d280bc969218ae4a72180f907c32913 C:\WINDOWS\eHome\ehTrace.dll

MD5: df0a511f38f16016bf658fca0090cb87 C:\WINDOWS\ehome\mcrdsvc.exe

MD5: c07d5197410aab28d0d93f943f59656d c:\windows\system32\6to4svc.dll

MD5: 11848e7ebaf7d9624fa99b05226db027 C:\WINDOWS\system32\ADMWPROX.dll

MD5: cfd4e51402da9838b5a04ae680af54a0 c:\windows\system32\browser.dll

MD5: 3fb23a33267123ad64cca4a284e85624 C:\WINDOWS\system32\BROWSEUI.dll

MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\comctl32.dll

MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll

MD5: 6bee5d4eff0a0341bcc4a462d81ccfc1 C:\WINDOWS\system32\CRYPT32.dll

MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\System32\cryptnet.dll

MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\System32\CSCDLL.dll

MD5: dd40363abad230a84c5e2178b11efa88 C:\WINDOWS\system32\CSRSRV.dll

MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll

MD5: ee4325becef51b8c32b4329097e4f301 C:\WINDOWS\System32\DLA\DLABOIOM.SYS

MD5: aa193bbd6472e43de2c4e13e91b98c9f C:\WINDOWS\system32\dla\DLACResW.dll

MD5: e3a9c76ad9192c82f80326ecdda21c34 C:\WINDOWS\system32\DLA\DLACTRLW.EXE

MD5: 1e6c6597833a04c2157be7b39ea92ce1 C:\WINDOWS\System32\DLA\DLADResN.SYS

MD5: 752376e109a090970bfa9722f0f40b03 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS

MD5: 62ee7902e74b90bf1ccc4643fc6c07a7 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS

MD5: 5c220124c5afeaee84a9bb89d685c17b C:\WINDOWS\System32\DLA\DLAPoolM.SYS

MD5: 333b770e52d2cea7bd86391120466e43 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS

MD5: 4ebb78d9bbf072119363b35b9b3e518f C:\WINDOWS\System32\DLA\DLAUDFAM.SYS

MD5: 4c45075e9c876b290449172b6fa3e0cd C:\WINDOWS\system32\DLAAPI_W.DLL

MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll

MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll

MD5: 12dafd934641dcf61e446313bc261ec2 C:\WINDOWS\system32\DRIVERS\AegisP.sys

MD5: 1e44bc1e83d8fd2305f8d452db109cf9 C:\WINDOWS\System32\drivers\afd.sys

MD5: b3192376c7a3814b5341efc2202022f8 C:\WINDOWS\system32\DRIVERS\AGRSM.sys

MD5: 4ba311473e0d8557827e6f2fe33a8095 C:\WINDOWS\System32\Drivers\Brfilt.sys

MD5: 92a964547b96d697e5e9ed43b4297f5a C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys

MD5: 8e06cd96e00472c03770a697d04031c0 C:\WINDOWS\System32\Drivers\BrSerWdm.sys

MD5: 37e2d0b12ddf536cd64af6eb3b580ef8 C:\WINDOWS\System32\Drivers\BrUsbMdm.sys

MD5: 1c5f014048e5b2748c1a8ad297c50b6f C:\WINDOWS\System32\Drivers\BrUsbScn.sys

MD5: b5ecadf7708960f1818c7fa015f4c239 C:\WINDOWS\system32\DRIVERS\CVirtA.sys

MD5: d979bebcf7edcc9c9ee1857d1a68c67b C:\WINDOWS\System32\Drivers\DLACDBHM.SYS

MD5: 7ee0852ae8907689df25049dcd2342e8 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS

MD5: fd0f95981fef9073659d8ec58e40aa3c C:\WINDOWS\System32\Drivers\DRVMCDB.SYS

MD5: b4869d320428cdc5ec4d7f5e808e99b5 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS

MD5: 2646883e6dd867cd872d5b51b6036710 C:\WINDOWS\system32\DRIVERS\e100b325.sys

MD5: e1fa10ed8f9f700c1be1eae05a80ef57 C:\WINDOWS\system32\DRIVERS\e1e5132.sys

MD5: c25c70fd4d49391091d9eb8c747f19e6 C:\WINDOWS\system32\DRIVERS\gan_adapter.sys

MD5: bc1f1ff8d5800398937966cdb0a97fdc C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

MD5: 3304732d7f44eac997c781f98e50e034 C:\WINDOWS\system32\DRIVERS\ipwusb.sys

MD5: 6ceb6895f4e0cab1a26e821efe4895a5 C:\WINDOWS\system32\DRIVERS\ipwwdm.sys

MD5: f59c3569a2f2c464bb78cb1bdcdca55e C:\WINDOWS\system32\drivers\iviaspi.sys

MD5: ea26cb00f83686856f2c79673c00c686 C:\WINDOWS\System32\DRIVERS\kl1.sys

MD5: 3d23639c3fdbc082af7016a5c8829329 C:\WINDOWS\system32\DRIVERS\klif.sys

MD5: 05e5504e5e06f75f18bbea7291601fe2 C:\WINDOWS\system32\DRIVERS\klim5.sys

MD5: 7be035a9c20f357dc765d6c7fdcdc964 C:\WINDOWS\system32\DRIVERS\klkbdflt.sys

MD5: a8234a8f67b0565f74753fe88a7bf03d C:\WINDOWS\system32\DRIVERS\klmouflt.sys

MD5: 53c0df6c5139cb78a631e7afcd893730 C:\WINDOWS\system32\DRIVERS\kltdi.sys

MD5: 71a38c123600172511c26bfabd0ef579 C:\WINDOWS\system32\DRIVERS\kneps.sys

MD5: 00c1ea8decf810b8eccb5c5a8186a96e C:\WINDOWS\system32\drivers\KR10N.sys

MD5: 7efac183a25b30fb5d64cc9d484b1eb6 C:\WINDOWS\System32\Drivers\meiudf.sys

MD5: a7da20ab18a1bdae28b0f349e57da0d1 C:\WINDOWS\system32\DRIVERS\mf.sys

MD5: 7f2f1d2815a6449d346fcccbc569fbd6 C:\WINDOWS\system32\DRIVERS\mhndrv.sys

MD5: 7d304a5eb4344ebeeab53a2fe3ffb9f0 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

MD5: 676db15ddf2e0ff6ec03068dea428b8b C:\WINDOWS\system32\DRIVERS\NBSMI.sys

MD5: 0109c4f3850dfbab279542515386ae22 C:\WINDOWS\system32\DRIVERS\ndistapi.sys

MD5: 444f122e68db44c0589227781f3c8b3f C:\WINDOWS\system32\drivers\pfc.sys

MD5: b12a9fc49cd2765a43829d834f518aed C:\WINDOWS\system32\drivers\RtkHDAud.sys

MD5: 1cc074e0d48383d4e9bffc6a26c2a58a C:\WINDOWS\system32\DRIVERS\s24trans.sys

MD5: 0fa803c64df0914b41f807ea276bf2a6 C:\WINDOWS\system32\DRIVERS\sffdisk.sys

MD5: c17c331e435ed8737525c86a7557b3ac C:\WINDOWS\system32\DRIVERS\sffp_sd.sys

MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\system32\DRIVERS\srv.sys

MD5: e295fffff3aaf9a6a40b29497901908f C:\WINDOWS\system32\DRIVERS\SynTP.sys

MD5: 7147b0575bcc93a6ab7d5c90f47c0b9f C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys

MD5: fc6fe02f400308606a911640e72326b5 C:\WINDOWS\System32\Drivers\tcusb.sys

MD5: 244cfbffdefb77f3df571a8cd108fc06 C:\WINDOWS\system32\drivers\tifm21.sys

MD5: cc069342ee0eae55b32a0ae99cf6185c C:\WINDOWS\system32\DRIVERS\tosrfec.sys

MD5: 8f861eda21c05857eb8197300a92501c C:\WINDOWS\system32\DRIVERS\tunmp.sys

MD5: cc6763889198ef975b143d49789bcfa9 C:\WINDOWS\system32\DRIVERS\Tvs.sys

MD5: b1f126e7e28877106d60e6ff3998d033 C:\WINDOWS\system32\DRIVERS\w39n51.sys

MD5: 0a716c08cb13c3a8f4f51e882dbf7416 C:\WINDOWS\system32\DRIVERS\wanatw4.sys

MD5: c9ffbd6b8edc46cd3d13e3c6db914fb7 C:\WINDOWS\system32\DVDRAMSV.exe

MD5: f5b754cdea20bbb3a31e16a776ede6d6 c:\windows\system32\ESENT.dll

MD5: 5c4c5b46df01a44515059e274439feeb C:\WINDOWS\system32\exstrace.dll

MD5: a2ab8ba0d91306c1aeb4235dd1d16a5e C:\WINDOWS\system32\FCACHDLL.dll

MD5: 53249b2147ddc8212b290acf80570290 C:\WINDOWS\system32\ieframe.dll

MD5: d1b3d1e05bedc8f9b0bbbc03d6033f82 C:\WINDOWS\system32\iertutil.dll

MD5: 41dbc61a675c45f13d09003e4759e2c7 C:\WINDOWS\system32\igfxdev.dll

MD5: 3736acd4d19d362bfca07dff29ca50a9 C:\WINDOWS\system32\igfxsrvc.dll

MD5: cd2dcba9155d7f03001e5b6ee5963638 C:\WINDOWS\system32\IISMAP.dll

MD5: ea77db688f86723ef710f41e56777734 C:\WINDOWS\system32\IisRTL.DLL

MD5: ffc01a72d1c25ccb39f61b202ce60819 C:\WINDOWS\system32\IMAGEHLP.dll

MD5: 8b1520068b9c6bfb58ba63abf8dbe25e C:\WINDOWS\system32\inetsrv\admexs.dll

MD5: 5126ad9453668872d1beb6477bd5c909 C:\WINDOWS\system32\inetsrv\aqueue.dll

MD5: 0e9106a49b72ff5e6c7eed93373a401a C:\WINDOWS\system32\inetsrv\COADMIN.dll

MD5: f005dfd204c96c94d4f1ed32377ef256 C:\WINDOWS\system32\inetsrv\compfilt.dll

MD5: eca78193ab6f44f5b3ddec6c4e069186 C:\WINDOWS\system32\inetsrv\gzip.dll

MD5: c8b87fea6bc1428b1a4a2c5964dc3dc5 C:\WINDOWS\system32\inetsrv\httpext.dll

MD5: 173531318f4a58593cf5c2f06426c3b6 C:\WINDOWS\system32\inetsrv\iisadmin.dll

MD5: 0e64ed5eb846635639b3c658e7711a5e C:\WINDOWS\system32\inetsrv\IISFECNV.dll

MD5: 45ae139a4b7cb1951a37bca3dc6ca372 C:\WINDOWS\system32\inetsrv\iislog.dll

MD5: db3c22745c0da4666f3be31f1af36b2f C:\WINDOWS\system32\inetsrv\inetinfo.exe

MD5: 087c6340b03d82a1ab69d6317e50434b C:\WINDOWS\system32\inetsrv\INFOCOMM.dll

MD5: 415009d769f1651b83f59ad6625fcdd6 C:\WINDOWS\system32\inetsrv\ISATQ.dll

MD5: 1052a30843a752429ab223779d678ab2 C:\WINDOWS\system32\inetsrv\iscomlog.dll

MD5: aa146beca421b20e3319eda983dc17c1 C:\WINDOWS\system32\inetsrv\lonsint.dll

MD5: f0f848ef2fe9107d07422f704eb549e7 C:\WINDOWS\system32\inetsrv\md5filt.dll

MD5: 4b9e117cb68e8486792176c10337e11d C:\WINDOWS\system32\inetsrv\metadata.dll

MD5: d4f0113c084930ef51d37c156a0e3589 C:\WINDOWS\system32\inetsrv\nsepm.dll

MD5: eee6efd0a1861b8322d0bf9b0060a8d5 C:\WINDOWS\system32\inetsrv\ntfsdrv.dll

MD5: 5a1055abbd8909b62ab70ee63ac9ca90 C:\WINDOWS\system32\inetsrv\pwsdata.dll

MD5: c42adc86ac5ef0803de8b92d5ad1a4ad C:\WINDOWS\system32\inetsrv\rpcref.dll

MD5: 6118b7cd42b72de0b1463ce4a20b999b C:\WINDOWS\system32\inetsrv\seo.dll

MD5: 4971c76b967d772850ef693efe4f1fc3 C:\WINDOWS\system32\inetsrv\SMTPSVC.dll

MD5: 0161c94dbbf5b7f478d97235f95040a1 C:\WINDOWS\system32\inetsrv\sspifilt.dll

MD5: 15922de9a8aed8afd48c229673c83938 C:\WINDOWS\system32\inetsrv\svcext.dll

MD5: ab22cad443e9693c59e82d9ec3df1b14 C:\WINDOWS\system32\inetsrv\w3svc.dll

MD5: 1ee883222c4ddc84b4c9a71438e56673 C:\WINDOWS\system32\inetsrv\wamreg.dll

MD5: f08d74ec300b8ba60ca953c58a24d19e c:\windows\system32\iprip.dll

MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll

MD5: 6fe42512ab1b89f32a7407f261b1d2d0 C:\WINDOWS\system32\kernel32.dll

MD5: 92108aea90c5712eb22f041cc297d70b C:\WINDOWS\system32\klogon.dll

MD5: 5677dfe438ec1f009273fc84feed6b10 C:\WINDOWS\system32\localspl.dll

MD5: 7bd2d27143f94b2103ac694ebbb7ce10 C:\WINDOWS\system32\LPRHELP.dll

MD5: ecff42413e9744a6f80ba8f2a77704af C:\WINDOWS\system32\lprmon.dll

MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll

MD5: 5006b5dba7979cdc3481e24dd0c03802 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

MD5: 76848cb1aa5818db47d5f5986e0a7485 C:\WINDOWS\system32\MFC42.DLL

MD5: b7521f69c0a9b29d356157229376fb21 C:\WINDOWS\System32\mhn.dll

MD5: 855f6333e3a4dfc6f3c8b0520c261fcd C:\WINDOWS\system32\msftedit.dll

MD5: d3f72d50de53f9f1f55240115af4d42e C:\WINDOWS\system32\msi.dll

MD5: 9e70016c950b1f8fdeaa6f067e2e25a8 C:\WINDOWS\system32\msjet40.dll

MD5: 7e2b58ce8c4013287371667880b1080d C:\WINDOWS\system32\MSJINT40.DLL

MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\System32\mswsock.dll

MD5: afdc647d16b285b9ae6140335b3b3255 C:\WINDOWS\system32\mswstr10.dll

MD5: acfee2392503dd5e457363a0510b8bcb C:\WINDOWS\system32\msxml3.dll

MD5: 2b8b64aa14f817bdf3e3204fb041a61d C:\WINDOWS\System32\mtxoci.dll

MD5: bbdfdbead1b7a1cfd44bfffd177fb627 C:\WINDOWS\system32\mucltui.dll

MD5: cac752bf84db4666ed3ce0948e6ea937 C:\WINDOWS\system32\netapi32.dll

MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 C:\WINDOWS\system32\NETSHELL.dll

MD5: 2c82d753ef779945977c82a3908da20a C:\WINDOWS\system32\npDeployJava1.dll

MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll

MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll

MD5: 2c288aa87e4723ac9ff4d76a192ec3f8 C:\WINDOWS\system32\odbccp32.dll

MD5: 5ce275cdc5ffb77b1ec29dbdfe4b6689 C:\WINDOWS\system32\odbcji32.dll

MD5: 1b05dcc75fbb903a17e3e0ddaea8d508 C:\WINDOWS\system32\odbcjt32.dll

MD5: 6bad1bed9872e62049e487fb91ae2f3a C:\WINDOWS\system32\ole32.dll

MD5: 20200ee3cfe10e9f0c028d8653be11c6 C:\WINDOWS\system32\OLEACC.dll

MD5: eff03460e542eea6b0abdec6bf19c897 C:\WINDOWS\system32\OLEAUT32.dll

MD5: 937a02981f11b2ce96b1d493c95aed2b C:\WINDOWS\system32\p2pgasvc.dll

MD5: 4a1035cb8f0d57be41873b5183d96cf4 C:\WINDOWS\system32\p2psvc.dll

MD5: af1449ac1d79d37c7026c1d8912dda8e C:\WINDOWS\system32\pnrpnsp.dll

MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll

MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll

MD5: 5d55defb3ab92bc43c4dfd06935fa0f1 C:\WINDOWS\system32\RWNH.dll

MD5: 0f64207b49390c8063c36ae7cbf9c2db C:\WINDOWS\system32\schannel.dll

MD5: 8bcd11d38fce43a519246a91cc40de6a C:\WINDOWS\system32\Security.dll

MD5: 2877fa0be5b45e8a6a5a54c77b9b4db9 C:\WINDOWS\system32\SHDOCVW.dll

MD5: 6843d54bc4a40cc8c5741af750233d10 C:\WINDOWS\system32\SHELL32.dll

MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll

MD5: 9c454cd857b4c0ccf7a614b047616503 C:\WINDOWS\system32\simptcp.dll

MD5: 60c377be6b3cc83f6a8584934b181d2e C:\WINDOWS\System32\snmp.exe

MD5: 80a050795a107a76c2b1cd4cfbe010e6 C:\WINDOWS\System32\snmptrap.exe

MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe

MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll

MD5: d66709f79d595dd378c995c3347349c1 C:\WINDOWS\system32\sstext3d.scr

MD5: 3e3dc22feded0aaff9604a6ea16404fb C:\WINDOWS\system32\STAXMEM.dll

MD5: 3caeae7608f1bd7ba873a3b02895b106 C:\WINDOWS\system32\sti.dll

MD5: 4872275a99bd55a92c43bae8c51fb3c8 C:\WINDOWS\system32\tbtmon.dll

MD5: a27378d30d5208f1f0b6706b9fed22c2 C:\WINDOWS\system32\tbtmon98Language.dll

MD5: 32933b07fc16d9f778bee12545fa1b1a C:\WINDOWS\system32\tcpsvcs.exe

MD5: fc554c13105ad3fa35ab49943df021b2 C:\WINDOWS\system32\TDispVol.exe

MD5: f0ab1904969b2f88e8061c4df43fa43c C:\WINDOWS\system32\TosBdAPI.dll

MD5: 3a7daab953164e0dfc07eaaf01499d79 C:\WINDOWS\system32\TosBtAPI.dll

MD5: 353de1defd41b1e4a1b668320135200b C:\WINDOWS\system32\TosBtHcrpAPI.dll

MD5: 5c4adb808b54126c1ed2fba0eae06c63 C:\WINDOWS\system32\upnpui.dll

MD5: 84a5c7b9b1b82f94a8245781fd44d8ba C:\WINDOWS\system32\urlmon.dll

MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe

MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll

MD5: d7dcfb4d0c58ffb569de93e1681fd37a C:\WINDOWS\system32\WgaLogon.dll

MD5: 291778dfebaa278b451d457b03c10ac1 C:\WINDOWS\system32\win32spl.dll

MD5: 684559a03cbc1d05ba120a18b0d8ba5d C:\WINDOWS\system32\WINHTTP.dll

MD5: d175f91a4c98b8848818c9b5089f88a2 C:\WINDOWS\system32\WININET.dll

MD5: 4a953f13942867ba8fb41f141ec1b80c C:\WINDOWS\system32\WINMM.dll

MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll

MD5: 8c7dca4b158bf16894120786a7a5f366 C:\WINDOWS\system32\winsrv.dll

MD5: d458b738b4c2ce33174cfb2ce12412db C:\WINDOWS\system32\WINTRUST.dll

MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll

MD5: f92e1076c42fcd6db3d72d8cfe9816d5 C:\WINDOWS\system32\wscntfy.exe

MD5: 254d6fa37c3c1884cf41562715f49331 C:\WINDOWS\system32\wscui.cpl

MD5: 60b8c0db5a8e4d7b4712df66d6ff2788 C:\WINDOWS\System32\wship6.dll

MD5: 1a617835452eee5060976c9b9f5fe635 C:\WINDOWS\system32\wuapi.dll

MD5: 2e0b0a051ffaa86e358465bb0880d453 C:\WINDOWS\system32\wuauclt.exe

MD5: c31dd4cec06d2908ae5f212a0b13805b C:\WINDOWS\system32\wuaucpl.cpl

MD5: fc3ec24fce372c89423e015a2ac1a31e C:\WINDOWS\system32\wuaueng.dll

MD5: c88c65df1ed4dfd34cfbd11cdfe519a3 C:\WINDOWS\system32\wucltui.dll

MD5: 3458eda96e30fbd0477a2800d3fb1909 C:\WINDOWS\system32\wups.dll

MD5: bdc0c99e472176c8c2c853a68adc5073 C:\WINDOWS\system32\wups2.dll

MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll

MD5: aeec11fc2b0dbf973f54e30ecf42e73e C:\WINDOWS\system32\ZoneLabs\vsmon.exe

MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MD5: 80776884e7a05d6da5040926f82b0273 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\gdiplus.dll

MD5: 6efe29f123e58a6333f50beca863da42 E:\Program Files\Yahoo!\Common\npyaxmpb.dll

Scan finished - communication took 20 sec

Total traffic - 0.00 MB sent, 0.00 KB recvd

Scanned 634 files and modules - 20 seconds

==============================================================================

Link to post
Share on other sites

RKreport:

RogueKiller V8.5.3 [Mar 16 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Jit Dutta [Admin rights]

Mode : Scan -- Date : 03/16/2013 09:23:31

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤

[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HTS541080G9SA00 +++++

--- User ---

[MBR] 571d12b2058707e2487ca3eab56480ea

[bSP] 48418dc489112fbc055cf98cad1b7d16 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 30004 Mo

1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 61448625 | Size: 46061 Mo

3 - [XXXXXX] UNKNOWN (0x88) [VISIBLE] Offset (sectors): 155782305 | Size: 251 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_03162013_02d0923.txt >>

RKreport[1]_S_03162013_02d0923.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.