Malwarebytes anti-malware sucesfully blocked access to a potentially malicious website

[mani74]

Dears,

I recently downloaded Malwarebytes software and since than I am receiving following message:

“Malwarebytes anti-malware sucesfully blocked access to a potentially malicious website; 83.243.11.171

Type: outgoing”

The last two digits of the IP keeps on changing.

I have run anti virus and anti malware software on the system, however they do not show any infection. I have run DDS on the system, enclosed the log of DDS run.

Thanks in advance for letting me know how can I clean my system.

Thanks

Maneesh

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

Run by RICHA at 14:44:18 on 2013-05-11

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.338 [GMT 2:00]

.

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: Norton Internet Worm Protection *Disabled*

.

============== Running Processes ================

.

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\WINDOWS\system32\igfxext.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe

C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\Apoint\Apoint.exe

C:\program files\real\realplayer\update\realsched.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Apoint\Apntex.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\Program Files\Windows Media Player\WMPNetwk.exe

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k bthsvcs

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uURLSearchHooks: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - <orphaned>

uURLSearchHooks: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - <orphaned>

dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg9\avgssie.dll

BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\14.2.0.1\AVG Secure Search_toolbar.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>

TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\14.2.0.1\AVG Secure Search_toolbar.dll

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe"

mRun: [VAIO Update 3] "c:\program files\sony\vaio update 3\VAIOUpdt.exe" /Stationary

mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe

mRun: [switcher.exe] c:\program files\sony\wireless switch setting utility\Switcher.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [sonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NSU_agent] "c:\program files\nokia\nokia software updater\nsu3ui_agent.exe"

mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles

mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe

mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"

mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey

mRun: [iSBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [iDTSysTrayApp] sttray.exe

mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdMgr.exe

mRun: [DISCover] c:\program files\disc\DISCover.exe

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony corporation\picture package\picture package menu\SonyTray.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoDriveTypeAutoRun = dword:149

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-us\local\search.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game08.zylom.com/activex/zylomgamesplayer.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\14.2.0\ViProtocol.dll

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxdev.dll

Notify: VESWinlogon - VESWinlogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll

.

============= SERVICES / DRIVERS ===============

.

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-22 226016]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-6-22 29712]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-4-2 243152]

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-11-24 33112]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-5-10 418376]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-5-10 701512]

R2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2007-5-15 102463]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]

R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\14.2.0\ToolbarUpdater.exe [2013-2-20 968880]

R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-5-10 22856]

R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-3-16 226304]

S2 LGTF;Security Service;c:\windows\system32\svcd\svchost.exe --> c:\windows\system32\svcd\svchost.exe [?]

S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2006-3-16 29184]

S3 SPC220NC;Philips SPC220NC Webcam;c:\windows\system32\drivers\spc220nc.sys --> c:\windows\system32\drivers\SPC220NC.SYS [?]

S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]

.

=============== File Associations ===============

.

ShellExec: pi11.exe: Open="c:\program files\microsoft digital image 2006\pi.exe" "%1"

.

=============== Created Last 30 ================

.

2013-05-11 10:30:54 60872 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{c7200f37-d22a-4afc-a5c8-a01abf6f77f2}\offreg.dll

2013-05-11 10:06:49 2321288 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\backup\mpengine.dll

2013-05-11 10:06:17 6906960 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{c7200f37-d22a-4afc-a5c8-a01abf6f77f2}\mpengine.dll

2013-05-11 10:06:13 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-05-11 10:05:26 -------- d-----w- C:\1d2360c5866696f3d1757fe1cbe3

2013-05-10 20:16:47 -------- d-----w- c:\documents and settings\richa\application data\Malwarebytes

2013-05-10 20:16:26 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2013-05-10 20:16:24 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-05-10 20:16:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-05-10 19:54:22 17880 ----a-w- c:\program files\mozilla firefox\nsv16.tmp\xpcom.dll

2013-05-10 18:38:37 -------- d-----w- c:\program files\MSECache

2013-05-10 17:52:17 -------- d-----w- c:\program files\Microsoft Download Manager

.

==================== Find3M ====================

.

2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll

2013-03-07 01:32:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-07 00:50:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-03-02 02:06:31 916480 ----a-w- c:\windows\system32\wininet.dll

2013-03-02 02:06:30 43520 ----a-w- c:\windows\system32\licmgr10.dll

2013-03-02 02:06:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2013-03-02 01:25:02 1867264 ----a-w- c:\windows\system32\win32k.sys

2013-03-02 01:08:47 385024 ----a-w- c:\windows\system32\html.iec

2013-02-27 07:56:51 2067456 ----a-w- c:\windows\system32\mstscax.dll

2013-02-20 14:40:10 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-02-12 00:32:23 12928 ------w- c:\windows\system32\drivers\usb8023x.sys

2007-11-24 22:44:48 1606064 ----a-w- c:\program files\googletalk-setup.exe

2007-09-14 18:30:31 1206249 ----a-w- c:\program files\wrar371b1.exe

2007-09-14 18:25:53 269362 ----a-w- c:\program files\pocketrar371b1.exe

.

============= FINISH: 14:45:19.68 ===============

attach.txt

[Maurice Naggar]

Hello Maneesh and welcome to MalwareBytes forums.

Kindly do not "attach" logs going forward. Please do Copy & Paste of all contents directly inside main-body of reply box.

• Download & SAVE to your Desktop Tigzy's RogueKiller >> from here << or
  >> from here <<
  
• Quit all programs that you may have started.
  
• Please disconnect any USB or external drives from the computer before you run this scan!
  
• For Vista or Windows 7 / 8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
  For Windows XP, double-click to start.
  
• Wait until Prescan has finished ...
  
• Then Click on Scan button at upper right of screen.
  
• Wait until the Status box shows "Scan Finished"
  
• Click on Report and copy/paste the content of the Notepad into your next reply.
  
• The log should be found in RKreport[1].txt on your Desktop
  
• Do NOT press any Fix button.
  
• Exit/Close RogueKiller
  

Download Security Check by screen317 from >>here<<.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

It would appear you have installed an old version of AVG. Is it the free or paid version, and kindly advise why you would not be running the 2013 version.

[mani74]

Thanks Maurice for your reply.

below is the log from Rouge killer

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : RICHA [Admin rights]

Mode : Scan -- Date : 05/12/2013 11:10:13

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤

[services][HJNAME] HKLM\[...]\ControlSet001\Services\LGTF (C:\WINDOWS\system32\svcd\svchost.exe) [x] -> FOUND

[services][HJNAME] HKLM\[...]\ControlSet003\Services\LGTF (C:\WINDOWS\system32\svcd\svchost.exe) [x] -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HTS541010G9SA00 +++++

--- User ---

[MBR] cd0a04e99d72ae870b8615e966cf8c7a

[bSP] 01ea6485659fcdd7460e174a89a8945d : Windows XP MBR Code

Partition table:

0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 7169 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 14683410 | Size: 88224 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_05122013_02d1110.txt >>

RKreport[1]_S_05122013_02d1110.txt

Below is the log from Security check:

Results of screen317's Security Check version 0.99.63

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Please wait while WMIC compiles updated MOF files.d

i

s

p

l

a

y

N

a

m

e

ECHO is off.

A

V

G

ECHO is off.

A

n

t

i

V

i

r

u

s

ECHO is off.

F

r

e

ECHO is off.

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Windows Defender

Malwarebytes Anti-Malware version 1.75.0.1300

CCleaner

Java 6 Update 21

Java 6 Update 3

Java 6 Update 5

Java 6 Update 7

Java version out of Date!

Adobe Flash Player 11.2.202.235

Adobe Reader 8 Adobe Reader out of Date!

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

AVG avgwdsvc.exe

AVG avgtray.exe

AVG avgrsx.exe

AVG avgnsx.exe

AVG avgemc.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 2%

````````````````````End of Log``````````````````````

My anti virus is old but have recently updated the browser and virus database. AVG is free version.

thanks

Maneesh

[Maurice Naggar]

Hello Maneesh,

The system appears to have AVG9 which is a very old version. AVG 2013 is the latest one by AVG. Do not make a change yet, but I would recommend a change indeed, perhaps even a switch to Avira instead. But that is for much later. Not now.

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member mani74 only. If you are a casual viewer, do NOT try this on your system!

If you are not mani74 and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

If you have a prior copy of Combofix, delete it now !

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop

If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
• Double click on Combo-Fix.exe accept the EULA & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

-------------------------------------------------------

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh

Reply & Copy / Paste the contents of C:\Combofix.txt log

and tell me, How is the system now

RE-Enable your AntiVirus and AntiSpyware applications.

[mani74]

Hi Maurice,

i finished running combofix on my laptop. it worked and rebooted the system automatically. as of not i am not receiving any message for blocking access to suspected malicious site. will need to monitor it for some time.

below is the log from combofix, difficult for me to understand and trusting your expertise for guiding me the next steps.

ComboFix 13-05-12.01 - RICHA 05/12/2013 22:37:09.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.268 [GMT 2:00]

Running from: c:\documents and settings\RICHA\Desktop\ComboFix_man.exe

AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\Cache

c:\windows\system32\Cache\1ff8fdd9ba3bb260.fb

c:\windows\system32\Cache\26c630d098e22dd5.fb

c:\windows\system32\Cache\272512937d9e61a4.fb

c:\windows\system32\Cache\287204568329e189.fb

c:\windows\system32\Cache\28bc8f716fd76a47.fb

c:\windows\system32\Cache\2c53092c95605355.fb

c:\windows\system32\Cache\31a0997e9a5b5eb3.fb

c:\windows\system32\Cache\32c84fe32bb74d60.fb

c:\windows\system32\Cache\3917078cb68ec657.fb

c:\windows\system32\Cache\590ba23ce359fd0c.fb

c:\windows\system32\Cache\610289e025a3ee9a.fb

c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb

c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb

c:\windows\system32\Cache\6d03dad1035885d3.fb

c:\windows\system32\Cache\91410e0c0723971a.fb

c:\windows\system32\Cache\95f567698be8a182.fb

c:\windows\system32\Cache\a718dc6d17bd7936.fb

c:\windows\system32\Cache\a8556537add6dfc5.fb

c:\windows\system32\Cache\ad10a52aff5e038d.fb

c:\windows\system32\Cache\c1fa887b03019701.fb

c:\windows\system32\Cache\c4d28dca2e7648be.fb

c:\windows\system32\Cache\cdd35c458a5449cd.fb

c:\windows\system32\Cache\d1c9833344a0c8f3.fb

c:\windows\system32\Cache\d201ef9910cd39de.fb

c:\windows\system32\Cache\d2e94710a5708128.fb

c:\windows\system32\Cache\d79b9dfe81484ec4.fb

c:\windows\system32\Cache\e0de16f883bea794.fb

c:\windows\system32\Cache\f998975c9cc711ee.fb

c:\windows\system32\Cache\fff6880bdae2dc32.fb

c:\windows\system32\SET4B.tmp

c:\windows\system32\SET4C.tmp

c:\windows\system32\SET88.tmp

c:\windows\system32\SET8D.tmp

c:\windows\system32\SET94.tmp

c:\windows\system32\SETA1.tmp

c:\windows\system32\svcd

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_LGTF

-------\Service_LGTF

.

.

((((((((((((((((((((((((( Files Created from 2013-04-12 to 2013-05-12 )))))))))))))))))))))))))))))))

.

.

2013-05-11 13:36 . 2013-05-11 13:36 -------- d-----w- c:\program files\CCleaner

2013-05-11 13:19 . 2013-05-11 13:19 -------- d-----w- c:\program files\NT Registry Optimizer

2013-05-11 10:06 . 2007-03-09 09:25 2321288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2013-05-11 10:06 . 2013-04-17 04:31 6906960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{C7200F37-D22A-4AFC-A5C8-A01ABF6F77F2}\mpengine.dll

2013-05-11 10:06 . 2013-05-02 00:06 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-05-10 20:16 . 2013-05-10 20:16 -------- d-----w- c:\documents and settings\RICHA\Application Data\Malwarebytes

2013-05-10 20:16 . 2013-05-10 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2013-05-10 20:16 . 2013-05-10 20:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-05-10 20:16 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-05-10 19:54 . 2012-03-20 07:30 17880 ----a-w- c:\program files\Mozilla Firefox\nsv16.tmp\xpcom.dll

2013-05-10 18:38 . 2013-05-10 18:38 -------- d-----w- c:\program files\MSECache

2013-05-10 18:34 . 2013-05-10 18:34 -------- d-----w- c:\program files\Windows Defender

2013-05-10 17:52 . 2013-05-10 17:52 -------- d-----w- c:\program files\Microsoft Download Manager

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-03-08 08:36 . 2006-03-15 23:56 293376 ----a-w- c:\windows\system32\winsrv.dll

2013-03-07 01:32 . 2006-03-15 23:55 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-07 00:50 . 2004-08-03 22:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-03-02 02:06 . 2006-03-15 23:56 916480 ----a-w- c:\windows\system32\wininet.dll

2013-03-02 02:06 . 2006-03-15 23:55 43520 ----a-w- c:\windows\system32\licmgr10.dll

2013-03-02 02:06 . 2006-03-15 23:55 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2013-03-02 01:25 . 2006-03-15 23:56 1867264 ----a-w- c:\windows\system32\win32k.sys

2013-03-02 01:08 . 2006-03-15 23:55 385024 ----a-w- c:\windows\system32\html.iec

2013-02-27 07:56 . 2006-03-16 01:10 2067456 ----a-w- c:\windows\system32\mstscax.dll

2013-02-20 14:40 . 2012-11-24 20:25 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2013-02-12 00:32 . 2008-06-25 08:19 12928 ------w- c:\windows\system32\drivers\usb8023x.sys

2013-02-12 00:32 . 2006-03-15 23:56 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys

2007-11-24 22:44 . 2007-11-24 22:44 1606064 ----a-w- c:\program files\googletalk-setup.exe

2007-09-14 18:30 . 2007-09-14 18:30 1206249 ----a-w- c:\program files\wrar371b1.exe

2007-09-14 18:25 . 2007-09-14 18:25 269362 ----a-w- c:\program files\pocketrar371b1.exe

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys

[-] 2004-08-10 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

.

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys

.

[-] 2004-08-10 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

.

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys

.

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys

.

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys

[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys

[-] 2004-08-10 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\I386\NTFS.SYS

.

[-] 2004-08-10 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

.

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys

[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys

[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys

[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys

[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys

[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys

.

[-] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\browser.dll

[-] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\dllcache\browser.dll

[-] 2012-07-06 . FC6D1D80588D371F0321E15A75B2F8F2 . 78336 . . [5.1.2600.6260] . . c:\windows\$hf_mig$\KB2705219-v2\SP3QFE\browser.dll

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2705219-v2$\browser.dll

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll

.

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe

.

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll

[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll

.

[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll

[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll

.

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll

.

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll

[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll

[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll

[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll

[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll

.

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe

[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe

[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe

.

[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe

[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe

[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe

[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe

[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe

[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

.

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

.

[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys

[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys

.

[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll

[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll

[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll

[-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[-] 2004-08-10 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL

[-] 2004-08-10 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[-] 2004-08-10 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

.

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll

.

[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll

[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll

[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll

[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll

[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll

[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll

[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll

.

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll

.

[-] 2012-10-03 . 6FE42512AB1B89F32A7407F261B1D2D0 . 990208 . . [5.1.2600.6293] . . c:\windows\system32\kernel32.dll

[-] 2012-10-03 . 6FE42512AB1B89F32A7407F261B1D2D0 . 990208 . . [5.1.2600.6293] . . c:\windows\system32\dllcache\kernel32.dll

[-] 2012-10-03 . 6CBFEEB384F04681AF75F495AA48DD32 . 991744 . . [5.1.2600.6293] . . c:\windows\$hf_mig$\KB2758857\SP3QFE\kernel32.dll

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\$NtUninstallKB2758857$\kernel32.dll

[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll

[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll

[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll

[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll

.

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll

[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll

.

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll

.

[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll

[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll

[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll

[-] 2004-08-10 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\I386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSVCRT.DLL

[-] 2004-08-10 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll

[-] 2004-08-10 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll

.

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll

[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll

[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll

[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll

[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll

[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll

[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll

.

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll

.

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll

.

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll

.

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll

.

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe

.

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll

[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll

.

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll

[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

.

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe

.

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll

.

[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll

[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll

.

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe

[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

.

[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe

[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe

[-] 2004-08-10 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\I386\REGEDIT.EXE

.

[-] 2011-11-01 . 6BAD1BED9872E62049E487FB91AE2F3A . 1288704 . . [5.1.2600.6168] . . c:\windows\system32\ole32.dll

[-] 2011-11-01 . 6BAD1BED9872E62049E487FB91AE2F3A . 1288704 . . [5.1.2600.6168] . . c:\windows\system32\dllcache\ole32.dll

[-] 2011-11-01 . 7D9DDE1AB4B00DDB173F5A16E9206517 . 1289216 . . [5.1.2600.6168] . . c:\windows\$hf_mig$\KB2624667\SP3QFE\ole32.dll

[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\$NtUninstallKB2624667$\ole32.dll

[-] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll

[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll

[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll

[-] 2005-07-26 . A2F755E237FA2CDD748A80BFBE6657F3 . 1285632 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll

[-] 2005-04-28 . 7440D29F257B7E44329343F944F2142C . 1286144 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\ole32.dll

.

[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll

[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll

[-] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll

[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll

[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll

.

[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll

[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll

[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\ksuser.dll

[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ReinstallBackups\0027\DriverFiles\i386\ksuser.dll

.

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

.

[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll

[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll

[-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll

[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll

.

[-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msimg32.dll

[-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\system32\msimg32.dll

.

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll

.

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe

.

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll

.

[-] 2010-12-09 . 15CE4DBC22FAB90B3CA5352AF1FFF81C . 718336 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll

[-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\system32\ntdll.dll

[-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntdll.dll

[-] 2009-02-09 . 911DDF2E16761643A47225F654D811E5 . 714752 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB2393802$\ntdll.dll

[-] 2009-02-09 . B0913005EE3FC15D7F72472D0B8A30EB . 715264 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntdll.dll

[-] 2008-04-14 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntdll.dll

[-] 2004-08-10 . BB5CBFFC096497506167BCE1D9690EF2 . 708096 . . [5.1.2600.2180] . . c:\windows\I386\NTDLL.DLL

[-] 2004-08-10 . BB5CBFFC096497506167BCE1D9690EF2 . 708096 . . [5.1.2600.2180] . . c:\windows\I386\SYSTEM32\NTDLL.DLL

.

[-] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msctfime.ime

[-] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\system32\msctfime.ime

.

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll

.

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys

[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys

.

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll

.

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll

.

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll

.

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll

.

[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll

[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll

.

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll

.

[-] 2004-08-10 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

.

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys

[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys

.

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys

.

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys

.

[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll

[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll

[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll

[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll

[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll

.

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll

.

[-] 2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll

[-] 2005-08-04 02:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll

[-] 2004-08-10 12:00 . 6EAA72FD9EF993EC1FA9A06DE65105DA . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

.

[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll

[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll

.

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll

[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll

.

[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll

[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll

.

[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll

[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll

.

[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll

[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll

.

[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll

[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll

.

[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll

[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll

.

[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll

[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll

.

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll

.

[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll

[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll

.

[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll

[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll

[-] 2006-12-19 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB927802\SP2QFE\wiaservc.dll

.

[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll

[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll

.

[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll

[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll

[-] 2006-06-26 . B5D08C96B2DADAF5171FB69E341B272B . 7680 . . [5.1.2600.2938] . . c:\windows\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll

.

[-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wshtcpip.dll

[-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\wshtcpip.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2013-02-20 14:40 1929392 ----a-w- c:\program files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll" [2013-02-20 1929392]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-02-20 1151152]

"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-01 69632]

"VAIO Update 3"="c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-05-15 551032]

"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]

"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2005-11-24 167936]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-12-14 217088]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-07 7557120]

"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2012-02-28 190768]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]

"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2005-09-27 139320]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-17 98304]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-17 118784]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-17 77824]

"IDTSysTrayApp"="sttray.exe" [2007-09-05 405504]

"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2012-03-12 2077536]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-05-25 296056]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2003-7-29 499773]

Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-15 14:50 12536 ----a-w- c:\windows\system32\avgrsstx.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2005-05-21 01:42 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/22/2008 10:26 AM 226016]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/2/2010 10:22 PM 243152]

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [11/24/2012 10:25 PM 33112]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 4:50 PM 308136]

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [5/10/2013 10:16 PM 418376]

R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]

R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2/20/2013 4:45 PM 968880]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/10/2013 10:16 PM 22856]

R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [3/16/2006 1:57 AM 226304]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/10/2013 10:16 PM 701512]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]

S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [3/16/2006 1:57 AM 29184]

S3 SPC220NC;Philips SPC220NC Webcam;c:\windows\system32\DRIVERS\SPC220NC.SYS --> c:\windows\system32\DRIVERS\SPC220NC.SYS [?]

S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 14:57]

.

2013-05-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3186450140-516228879-150360610-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 15:21]

.

2013-05-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3186450140-516228879-150360610-1007.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 15:21]

.

2013-04-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3186450140-516228879-150360610-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 15:21]

.

2013-05-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3186450140-516228879-150360610-1007.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 15:21]

.

2013-05-11 c:\windows\Tasks\ReclaimerUpdateFiles_RICHA.job

- c:\documents and settings\RICHA\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-26 14:06]

.

2013-05-11 c:\windows\Tasks\ReclaimerUpdateXML_RICHA.job

- c:\documents and settings\RICHA\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-26 14:06]

.

2013-05-12 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_RICHA.job

- c:\documents and settings\RICHA\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-26 14:06]

.

2013-05-12 c:\windows\Tasks\User_Feed_Synchronization-{431C06C0-E1E2-49CB-9087-A82D1E28833D}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]

.

2013-05-12 c:\windows\Tasks\User_Feed_Synchronization-{888763ED-4606-4BF7-8D93-6418F8C40B15}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.178.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game08.zylom.com/activex/zylomgamesplayer.cab

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

Toolbar-10 - (no file)

HKLM-Run-YSearchProtection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe

HKLM-Run-DiscUpdateManager - c:\program files\DISC\DiscUpdMgr.exe

HKLM-Run-DISCover - c:\program files\DISC\DISCover.exe

HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe

SafeBoot-WudfPf

SafeBoot-WudfRd

AddRemove-AirXonix_is1 - c:\program files\AirXonix\unins000.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-05-12 22:53

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(840)

c:\windows\system32\VESWinlogon.dll

.

- - - - - - - > 'explorer.exe'(2604)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\windows\eHome\ehRecvr.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Network Associates\Common Framework\FrameworkService.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe

c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe

c:\windows\system32\IoctlSvc.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\AVG\AVG9\avgnsx.exe

c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe

c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe

c:\program files\Sony\VAIO Event Service\VESMgr.exe

c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

c:\program files\Windows Media Player\WMPNetwk.exe

c:\program files\Canon\CAL\CALMAIN.exe

c:\windows\ehome\mcrdsvc.exe

c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

c:\windows\system32\igfxext.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

c:\windows\system32\wscntfy.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\sttray.exe

c:\windows\system32\rundll32.exe

c:\windows\eHome\ehmsas.exe

c:\program files\Apoint\Apntex.exe

c:\program files\Common Files\Nero\Lib\NMIndexingService.exe

.

**************************************************************************

.

Completion time: 2013-05-12 23:00:37 - machine was rebooted

ComboFix-quarantined-files.txt 2013-05-12 21:00

.

Pre-Run: 59,566,456,832 bytes free

Post-Run: 60,228,231,168 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 8A34E3160DF06193FFC6015C07A5066D

thanks a ton for your help.

Maneesh

[mani74]

just to add.. still getting the same popup's that malwarebytes sucessfully blocked access to potentital malacious site.

[Maurice Naggar]

When the IP "block" shows up, is it "Outgoing" ? yes/no IF yes, what is the IP address noted?

When it happens, do you have running any "instant messenger" program running? yes/ no ?

When it happens, do you have any open browser ? yes/no ?

The last log shows this machine has "McAfeeUpdater" as a supposed leftover service. Go to Control Panel >>Add-or-Remove Programs and

remove any McAfee.

Task 2

Turn OFF the Antivirus

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 / 8 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

IF prompted to update Avast definitions, answer NO.

On the following screen:

uncheck trace disk IO calls at the bottom left

Now, Click the "Scan" button to start scan.

Have patience as it scans.

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me)

Now click save log, save it to your desktop and Copy & Paste in your next reply.

Do NOT click any Fix button.

EXIT the tool.

Task 3

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
  
• Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
  If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
• If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
  Skip and click on Continue
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

Task 4

• Download & SAVE to your Desktop Tigzy's RogueKiller >> from here << or
  >> from here <<
  
• Quit all programs that you may have started.
  
• Please disconnect any USB or external storage drives from the computer before you run this scan!
  
• For Vista or Windows 7 / 8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
  For Windows XP, double-click to start.
  
• When prompted to accept the EULA, please do so.
  
• Wait until Prescan has finished ...
  
• Then Click on Scan button at upper right of screen.
  
• Wait until the Status box shows "Scan Finished"
  
• Click on Report and copy/paste the content of the Notepad into your next reply.
  
• The log should be found in RKreport[1].txt on your Desktop
  
• Do NOT press any Fix button.
  
• Exit/Close RogueKiller

Turn on the Antivirus when all done.

[mani74]

Hi Maurice,

IP block shows the message as outgoing. the IP address is 83.243.11.168 to 177, the host server is a83-243-11-168.deploy.akamaitechnologies.com.

the blocker keeps on appearing irrespective of browser open or not or instant messanger logged in or not.

I could not find any McAfee in my system, checked and even searched my system for it.

Below is the log for Aswmbr, on completion FixMBR button was enabled

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software

Run date: 2013-05-13 20:35:38

-----------------------------

20:35:38.574 OS Version: Windows 5.1.2600 Service Pack 3

20:35:38.574 Number of processors: 2 586 0xE08

20:35:38.574 ComputerName: MANEESH UserName: RICHA

20:35:40.745 Initialize success

20:36:24.055 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e

20:36:24.071 Disk 0 Vendor: HTS541010G9SA00 MBZOC65D Size: 95396MB BusType: 3

20:36:24.071 Disk 1 \Device\Harddisk1\DR3 -> \Device\0000008e

20:36:24.071 Disk 1 Vendor: ( Size: 95396MB BusType: 0

20:36:24.289 Disk 0 MBR read successfully

20:36:24.289 Disk 0 MBR scan

20:36:24.289 Disk 0 Windows XP default MBR code

20:36:24.289 Disk 0 Partition 1 00 12 Compaq diag NTFS 7169 MB offset 63

20:36:24.305 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 88224 MB offset 14683410

20:36:24.321 Disk 0 scanning sectors +195366465

20:36:24.368 Disk 0 scanning C:\WINDOWS\system32\drivers

20:36:35.148 Service scanning

20:36:56.303 Modules scanning

20:37:02.443 Module: C:\WINDOWS\System32\drivers\dxgthk.sys **SUSPICIOUS**

20:37:04.037 Module: C:\WINDOWS\system32\ntdll.dll **SUSPICIOUS**

20:37:04.037 Scan finished successfully

20:37:54.596 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\RICHA\Desktop\MBR.dat"

20:37:54.596 The log file has been saved successfully to "C:\Documents and Settings\RICHA\Desktop\aswMBR.txt"

Below is log of TDS Skiller (No suspicious file was detected during the scan and not prompt for reboot)

20:38:57.0451 1396 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

20:38:57.0983 1396 ============================================================

20:38:57.0983 1396 Current date / time: 2013/05/13 20:38:57.0983

20:38:57.0983 1396 SystemInfo:

20:38:57.0983 1396

20:38:57.0983 1396 OS Version: 5.1.2600 ServicePack: 3.0

20:38:57.0983 1396 Product type: Workstation

20:38:57.0983 1396 ComputerName: MANEESH

20:38:57.0983 1396 UserName: RICHA

20:38:57.0983 1396 Windows directory: C:\WINDOWS

20:38:57.0983 1396 System windows directory: C:\WINDOWS

20:38:57.0983 1396 Processor architecture: Intel x86

20:38:57.0983 1396 Number of processors: 2

20:38:57.0983 1396 Page size: 0x1000

20:38:57.0983 1396 Boot type: Normal boot

20:38:57.0983 1396 ============================================================

20:38:59.0904 1396 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

20:38:59.0904 1396 ============================================================

20:38:59.0920 1396 \Device\Harddisk0\DR0:

20:38:59.0920 1396 MBR partitions:

20:38:59.0920 1396 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xE00D12, BlocksNum 0xAC5012F

20:38:59.0920 1396 ============================================================

20:38:59.0983 1396 C: <-> \Device\Harddisk0\DR0\Partition1

20:38:59.0983 1396 ============================================================

20:38:59.0983 1396 Initialize success

20:38:59.0983 1396 ============================================================

20:39:17.0841 5456 ============================================================

20:39:17.0841 5456 Scan started

20:39:17.0841 5456 Mode: Manual;

20:39:17.0841 5456 ============================================================

20:39:18.0653 5456 ================ Scan system memory ========================

20:39:18.0653 5456 System memory - ok

20:39:18.0653 5456 ================ Scan services =============================

20:39:18.0810 5456 [ 914A9709FC3BF419AD2F85547F2A4832 ] 61883 C:\WINDOWS\system32\DRIVERS\61883.sys

20:39:18.0810 5456 61883 - ok

20:39:18.0810 5456 Abiosdsk - ok

20:39:18.0825 5456 abp480n5 - ok

20:39:18.0934 5456 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

20:39:18.0934 5456 ACPI - ok

20:39:18.0981 5456 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

20:39:18.0981 5456 ACPIEC - ok

20:39:18.0981 5456 adpu160m - ok

20:39:19.0013 5456 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys

20:39:19.0013 5456 aec - ok

20:39:19.0075 5456 [ 12DAFD934641DCF61E446313BC261EC2 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys

20:39:19.0075 5456 AegisP - ok

20:39:19.0153 5456 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys

20:39:19.0153 5456 AFD - ok

20:39:19.0169 5456 Aha154x - ok

20:39:19.0169 5456 aic78u2 - ok

20:39:19.0184 5456 aic78xx - ok

20:39:19.0216 5456 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

20:39:19.0216 5456 Alerter - ok

20:39:19.0247 5456 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe

20:39:19.0247 5456 ALG - ok

20:39:19.0263 5456 AliIde - ok

20:39:19.0263 5456 amsint - ok

20:39:19.0309 5456 [ B21FCBC58CB13BAC70F74B5AC5DA7409 ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

20:39:19.0325 5456 ApfiltrService - ok

20:39:19.0481 5456 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

20:39:19.0481 5456 Apple Mobile Device - ok

20:39:19.0559 5456 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll

20:39:19.0559 5456 AppMgmt - ok

20:39:19.0606 5456 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys

20:39:19.0606 5456 Arp1394 - ok

20:39:19.0622 5456 asc - ok

20:39:19.0622 5456 asc3350p - ok

20:39:19.0638 5456 asc3550 - ok

20:39:19.0763 5456 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

20:39:19.0763 5456 aspnet_state - ok

20:39:19.0778 5456 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

20:39:19.0778 5456 AsyncMac - ok

20:39:19.0825 5456 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

20:39:19.0825 5456 atapi - ok

20:39:19.0825 5456 Atdisk - ok

20:39:19.0856 5456 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

20:39:19.0856 5456 Atmarpc - ok

20:39:19.0888 5456 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

20:39:19.0888 5456 AudioSrv - ok

20:39:19.0950 5456 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

20:39:19.0950 5456 audstub - ok

20:39:19.0981 5456 [ F8E6956A614F15A0860474C5E2A7DE6B ] Avc C:\WINDOWS\system32\DRIVERS\avc.sys

20:39:19.0981 5456 Avc - ok

20:39:20.0044 5456 [ C4D15594DB5BE042D3346EA58DF87D89 ] avg9wd C:\Program Files\AVG\AVG9\avgwdsvc.exe

20:39:20.0075 5456 avg9wd - ok

20:39:20.0122 5456 [ A9F4D19DE72C738759330D10D35C4398 ] AvgLdx86 C:\WINDOWS\system32\Drivers\avgldx86.sys

20:39:20.0122 5456 AvgLdx86 - ok

20:39:20.0169 5456 [ 80FF2B1B7EEDA966394F0BAA895BBF4B ] AvgMfx86 C:\WINDOWS\system32\Drivers\avgmfx86.sys

20:39:20.0169 5456 AvgMfx86 - ok

20:39:20.0216 5456 [ 9A7A93388F503A34E7339AE7F9997449 ] AvgTdiX C:\WINDOWS\system32\Drivers\avgtdix.sys

20:39:20.0216 5456 AvgTdiX - ok

20:39:20.0263 5456 [ CAE7B6E4D7EB17829C526153D19B9C95 ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys

20:39:20.0263 5456 avgtp - ok

20:39:20.0309 5456 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys

20:39:20.0309 5456 Beep - ok

20:39:20.0356 5456 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll

20:39:20.0388 5456 BITS - ok

20:39:20.0403 5456 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll

20:39:20.0419 5456 Browser - ok

20:39:20.0434 5456 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys

20:39:20.0434 5456 BthEnum - ok

20:39:20.0434 5456 [ FCA6F069597B62D42495191ACE3FC6C1 ] BTHMODEM C:\WINDOWS\system32\DRIVERS\bthmodem.sys

20:39:20.0434 5456 BTHMODEM - ok

20:39:20.0466 5456 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys

20:39:20.0466 5456 BthPan - ok

20:39:20.0559 5456 [ 662BFD909447DD9CC15B1A1C366583B4 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys

20:39:20.0575 5456 BTHPORT - ok

20:39:20.0638 5456 [ F4C43C66471B87996D95DB7A3A664A37 ] BthServ C:\WINDOWS\System32\bthserv.dll

20:39:20.0638 5456 BthServ - ok

20:39:20.0669 5456 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys

20:39:20.0669 5456 BTHUSB - ok

20:39:20.0747 5456 [ 58A9FCBB9D3307C27BAE4F39009FFB87 ] BTKRNL C:\WINDOWS\system32\drivers\btkrnl.sys

20:39:20.0809 5456 BTKRNL - ok

20:39:20.0809 5456 [ CBF5A79F3D2177E80CA79C2BC20119DB ] BTSERIAL C:\WINDOWS\system32\drivers\btserial.sys

20:39:20.0825 5456 BTSERIAL - ok

20:39:20.0856 5456 [ 26FA6F56CE3152505D8A44CDEABE002F ] BTSLBCSP C:\WINDOWS\system32\drivers\btslbcsp.sys

20:39:20.0872 5456 BTSLBCSP - ok

20:39:20.0981 5456 [ 09EAE9824FBBB881E7B4D9F5CAFD24F0 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

20:39:20.0981 5456 btwdins - ok

20:39:20.0997 5456 catchme - ok

20:39:21.0028 5456 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

20:39:21.0028 5456 cbidf2k - ok

20:39:21.0169 5456 [ 359E5A91D26D0439933BEF1C29CEDEF7 ] CCALib8 C:\Program Files\Canon\CAL\CALMAIN.exe

20:39:21.0169 5456 CCALib8 - ok

20:39:21.0216 5456 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

20:39:21.0216 5456 CCDECODE - ok

20:39:21.0216 5456 cd20xrnt - ok

20:39:21.0262 5456 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

20:39:21.0262 5456 Cdaudio - ok

20:39:21.0278 5456 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

20:39:21.0278 5456 Cdfs - ok

20:39:21.0294 5456 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

20:39:21.0294 5456 Cdrom - ok

20:39:21.0294 5456 Changer - ok

20:39:21.0341 5456 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe

20:39:21.0341 5456 CiSvc - ok

20:39:21.0356 5456 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

20:39:21.0356 5456 ClipSrv - ok

20:39:21.0403 5456 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:39:21.0481 5456 clr_optimization_v2.0.50727_32 - ok

20:39:21.0512 5456 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys

20:39:21.0512 5456 CmBatt - ok

20:39:21.0512 5456 CmdIde - ok

20:39:21.0575 5456 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys

20:39:21.0575 5456 Compbatt - ok

20:39:21.0575 5456 COMSysApp - ok

20:39:21.0591 5456 Cpqarray - ok

20:39:21.0622 5456 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

20:39:21.0622 5456 CryptSvc - ok

20:39:21.0637 5456 dac2w2k - ok

20:39:21.0637 5456 dac960nt - ok

20:39:21.0747 5456 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

20:39:21.0762 5456 DcomLaunch - ok

20:39:21.0825 5456 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

20:39:21.0825 5456 Dhcp - ok

20:39:21.0856 5456 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

20:39:21.0856 5456 Disk - ok

20:39:21.0856 5456 dmadmin - ok

20:39:21.0934 5456 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

20:39:21.0950 5456 dmboot - ok

20:39:21.0981 5456 [ 526192BF7696F72E29777BF4A180513A ] DMICall C:\WINDOWS\system32\DRIVERS\DMICall.sys

20:39:21.0981 5456 DMICall - ok

20:39:22.0012 5456 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys

20:39:22.0028 5456 dmio - ok

20:39:22.0059 5456 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys

20:39:22.0059 5456 dmload - ok

20:39:22.0091 5456 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll

20:39:22.0106 5456 dmserver - ok

20:39:22.0137 5456 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

20:39:22.0137 5456 DMusic - ok

20:39:22.0184 5456 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

20:39:22.0184 5456 Dnscache - ok

20:39:22.0216 5456 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

20:39:22.0231 5456 Dot3svc - ok

20:39:22.0231 5456 dpti2o - ok

20:39:22.0262 5456 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

20:39:22.0262 5456 drmkaud - ok

20:39:22.0325 5456 [ D57A8FC800B501AC05B10D00F66D127A ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys

20:39:22.0356 5456 E100B - ok

20:39:22.0387 5456 [ 389CF2CDED384BE477C3B3F15747D495 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys

20:39:22.0403 5456 e1express - ok

20:39:22.0419 5456 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll

20:39:22.0419 5456 EapHost - ok

20:39:22.0512 5456 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe

20:39:22.0512 5456 ehRecvr - ok

20:39:22.0559 5456 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll

20:39:22.0559 5456 ERSvc - ok

20:39:22.0622 5456 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe

20:39:22.0622 5456 Eventlog - ok

20:39:22.0684 5456 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll

20:39:22.0684 5456 EventSystem - ok

20:39:22.0762 5456 [ 56DED3ADE453272E6A0AD582D945D1A4 ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

20:39:22.0794 5456 EvtEng - ok

20:39:22.0825 5456 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

20:39:22.0840 5456 Fastfat - ok

20:39:22.0887 5456 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

20:39:22.0887 5456 FastUserSwitchingCompatibility - ok

20:39:22.0903 5456 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys

20:39:22.0903 5456 Fdc - ok

20:39:22.0919 5456 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys

20:39:22.0919 5456 Fips - ok

20:39:22.0934 5456 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys

20:39:22.0934 5456 Flpydisk - ok

20:39:22.0950 5456 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys

20:39:22.0950 5456 FltMgr - ok

20:39:23.0090 5456 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

20:39:23.0090 5456 FontCache3.0.0.0 - ok

20:39:23.0106 5456 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

20:39:23.0106 5456 Fs_Rec - ok

20:39:23.0137 5456 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

20:39:23.0137 5456 Ftdisk - ok

20:39:23.0184 5456 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

20:39:23.0184 5456 GEARAspiWDM - ok

20:39:23.0200 5456 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

20:39:23.0200 5456 Gpc - ok

20:39:23.0231 5456 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

20:39:23.0231 5456 HDAudBus - ok

20:39:23.0309 5456 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

20:39:23.0309 5456 helpsvc - ok

20:39:23.0309 5456 HidServ - ok

20:39:23.0340 5456 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys

20:39:23.0340 5456 hidusb - ok

20:39:23.0387 5456 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

20:39:23.0387 5456 hkmsvc - ok

20:39:23.0387 5456 hpn - ok

20:39:23.0450 5456 [ ACC46DDA7FECE95A253AE88CEA172E12 ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

20:39:23.0465 5456 HSFHWAZL - ok

20:39:23.0575 5456 [ C9F4E7DA78A02623ABF78A4A34CE79B1 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

20:39:23.0590 5456 HSF_DPV - ok

20:39:23.0653 5456 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

20:39:23.0653 5456 HTTP - ok

20:39:23.0669 5456 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

20:39:23.0669 5456 HTTPFilter - ok

20:39:23.0684 5456 i2omgmt - ok

20:39:23.0684 5456 i2omp - ok

20:39:23.0731 5456 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys

20:39:23.0731 5456 i8042prt - ok

20:39:23.0856 5456 [ BC1F1FF8D5800398937966CDB0A97FDC ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

20:39:23.0887 5456 ialm - ok

20:39:23.0965 5456 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

20:39:23.0965 5456 IDriverT - ok

20:39:24.0075 5456 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

20:39:24.0090 5456 idsvc - ok

20:39:24.0122 5456 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

20:39:24.0122 5456 Imapi - ok

20:39:24.0169 5456 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe

20:39:24.0169 5456 ImapiService - ok

20:39:24.0184 5456 ini910u - ok

20:39:24.0184 5456 IntelIde - ok

20:39:24.0247 5456 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys

20:39:24.0247 5456 intelppm - ok

20:39:24.0278 5456 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys

20:39:24.0278 5456 Ip6Fw - ok

20:39:24.0309 5456 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

20:39:24.0309 5456 IpFilterDriver - ok

20:39:24.0325 5456 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

20:39:24.0325 5456 IpInIp - ok

20:39:24.0356 5456 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

20:39:24.0356 5456 IpNat - ok

20:39:24.0497 5456 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

20:39:24.0528 5456 iPod Service - ok

20:39:24.0575 5456 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

20:39:24.0575 5456 IPSec - ok

20:39:24.0606 5456 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

20:39:24.0606 5456 IRENUM - ok

20:39:24.0653 5456 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

20:39:24.0653 5456 isapnp - ok

20:39:24.0840 5456 [ 126A16F569122AE00AD3D12EF831D651 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe

20:39:24.0840 5456 JavaQuickStarterService - ok

20:39:24.0856 5456 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

20:39:24.0856 5456 Kbdclass - ok

20:39:24.0965 5456 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

20:39:24.0981 5456 kmixer - ok

20:39:24.0997 5456 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

20:39:24.0997 5456 KSecDD - ok

20:39:25.0043 5456 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll

20:39:25.0043 5456 lanmanserver - ok

20:39:25.0106 5456 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

20:39:25.0106 5456 lanmanworkstation - ok

20:39:25.0106 5456 lbrtfdc - ok

20:39:25.0137 5456 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

20:39:25.0137 5456 LmHosts - ok

20:39:25.0168 5456 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys

20:39:25.0168 5456 MBAMProtector - ok

20:39:25.0247 5456 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

20:39:25.0262 5456 MBAMScheduler - ok

20:39:25.0309 5456 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

20:39:25.0325 5456 MBAMService - ok

20:39:25.0434 5456 [ 40563EE6FC898B4A56CEB7ED9647DB75 ] McAfeeFramework C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

20:39:25.0481 5456 McAfeeFramework - ok

20:39:25.0512 5456 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe

20:39:25.0528 5456 McrdSvc - ok

20:39:25.0747 5456 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

20:39:25.0747 5456 MDM - ok

20:39:25.0793 5456 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

20:39:25.0793 5456 mdmxsdk - ok

20:39:25.0840 5456 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll

20:39:25.0840 5456 Messenger - ok

20:39:25.0872 5456 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll

20:39:25.0872 5456 MHN - ok

20:39:25.0887 5456 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys

20:39:25.0887 5456 MHNDRV - ok

20:39:25.0918 5456 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

20:39:25.0918 5456 mnmdd - ok

20:39:25.0950 5456 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

20:39:25.0965 5456 mnmsrvc - ok

20:39:26.0012 5456 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys

20:39:26.0012 5456 Modem - ok

20:39:26.0012 5456 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

20:39:26.0012 5456 Mouclass - ok

20:39:26.0059 5456 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

20:39:26.0059 5456 mouhid - ok

20:39:26.0090 5456 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

20:39:26.0090 5456 MountMgr - ok

20:39:26.0090 5456 mraid35x - ok

20:39:26.0106 5456 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

20:39:26.0106 5456 MRxDAV - ok

20:39:26.0184 5456 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

20:39:26.0184 5456 MRxSmb - ok

20:39:26.0340 5456 [ B490BD0678CB6A4890A86020ED106C75 ] MSCSPTISRV C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

20:39:26.0340 5456 MSCSPTISRV - ok

20:39:26.0356 5456 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe

20:39:26.0356 5456 MSDTC - ok

20:39:26.0387 5456 [ 1477849772712BAC69C144DCF2C9CE81 ] MSDV C:\WINDOWS\system32\DRIVERS\msdv.sys

20:39:26.0387 5456 MSDV - ok

20:39:26.0387 5456 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

20:39:26.0387 5456 Msfs - ok

20:39:26.0387 5456 MSIServer - ok

20:39:26.0418 5456 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

20:39:26.0418 5456 MSKSSRV - ok

20:39:26.0418 5456 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

20:39:26.0418 5456 MSPCLOCK - ok

20:39:26.0434 5456 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

20:39:26.0450 5456 MSPQM - ok

20:39:26.0465 5456 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

20:39:26.0497 5456 mssmbios - ok

20:39:26.0622 5456 MSSQL$VAIO_VEDB - ok

20:39:26.0715 5456 [ CB7524C21727404BD3140DCA32DEB7DE ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe

20:39:26.0715 5456 MSSQLServerADHelper - ok

20:39:26.0746 5456 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys

20:39:26.0762 5456 MSTEE - ok

20:39:26.0762 5456 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

20:39:26.0762 5456 Mup - ok

20:39:26.0809 5456 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

20:39:26.0809 5456 NABTSFEC - ok

20:39:26.0856 5456 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll

20:39:26.0871 5456 napagent - ok

20:39:26.0903 5456 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

20:39:26.0903 5456 NDIS - ok

20:39:26.0934 5456 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys

20:39:26.0934 5456 NdisIP - ok

20:39:26.0981 5456 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

20:39:26.0981 5456 NdisTapi - ok

20:39:26.0996 5456 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

20:39:26.0996 5456 Ndisuio - ok

20:39:27.0012 5456 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

20:39:27.0028 5456 NdisWan - ok

20:39:27.0059 5456 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

20:39:27.0059 5456 NDProxy - ok

20:39:27.0200 5456 [ 40D7D0A208EE863BCA8D89E299216F15 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

20:39:27.0231 5456 Nero BackItUp Scheduler 3 - ok

20:39:27.0293 5456 Nero BackItUp Scheduler 4.0 - ok

20:39:27.0340 5456 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

20:39:27.0340 5456 NetBIOS - ok

20:39:27.0371 5456 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

20:39:27.0371 5456 NetBT - ok

20:39:27.0418 5456 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe

20:39:27.0418 5456 NetDDE - ok

20:39:27.0434 5456 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

20:39:27.0434 5456 NetDDEdsdm - ok

20:39:27.0481 5456 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe

20:39:27.0512 5456 Netlogon - ok

20:39:27.0559 5456 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll

20:39:27.0575 5456 Netman - ok

20:39:27.0621 5456 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

20:39:27.0621 5456 NetTcpPortSharing - ok

20:39:27.0668 5456 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys

20:39:27.0668 5456 NIC1394 - ok

20:39:27.0715 5456 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll

20:39:27.0731 5456 Nla - ok

20:39:27.0840 5456 [ EBA1B4BF2E2375ABDADEDB649F283541 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

20:39:27.0840 5456 NMIndexingService - ok

20:39:27.0871 5456 [ F6C40E0A565EE3CE5AEEB325E10054F2 ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys

20:39:27.0871 5456 nmwcd - ok

20:39:27.0903 5456 [ 2A394E9E1FA3565E4B2FEA470FFE4D6B ] nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys

20:39:27.0903 5456 nmwcdc - ok

20:39:27.0965 5456 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

20:39:27.0965 5456 Npfs - ok

20:39:27.0981 5456 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

20:39:27.0996 5456 Ntfs - ok

20:39:28.0012 5456 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

20:39:28.0012 5456 NtLmSsp - ok

20:39:28.0075 5456 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

20:39:28.0075 5456 NtmsSvc - ok

20:39:28.0121 5456 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys

20:39:28.0121 5456 Null - ok

20:39:28.0293 5456 [ 57E81D1FDE97BB98F7373BCE2F4FFB21 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

20:39:28.0356 5456 nv - ok

20:39:28.0403 5456 [ 65BFFC8257C506E8E81170FC9A42D7E1 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe

20:39:28.0403 5456 NVSvc - ok

20:39:28.0434 5456 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

20:39:28.0434 5456 NwlnkFlt - ok

20:39:28.0434 5456 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

20:39:28.0434 5456 NwlnkFwd - ok

20:39:28.0465 5456 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys

20:39:28.0465 5456 ohci1394 - ok

20:39:28.0512 5456 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

20:39:28.0543 5456 ose - ok

20:39:28.0590 5456 [ DCACC2FC7DC0A3D7A60BEB81FA233822 ] PACSPTISVR C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

20:39:28.0606 5456 PACSPTISVR - ok

20:39:28.0668 5456 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys

20:39:28.0668 5456 Parport - ok

20:39:28.0668 5456 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

20:39:28.0668 5456 PartMgr - ok

20:39:28.0746 5456 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

20:39:28.0746 5456 ParVdm - ok

20:39:28.0778 5456 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys

20:39:28.0778 5456 pccsmcfd - ok

20:39:28.0793 5456 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

20:39:28.0809 5456 PCI - ok

20:39:28.0809 5456 PCIDump - ok

20:39:28.0856 5456 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys

20:39:28.0856 5456 PCIIde - ok

20:39:28.0871 5456 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys

20:39:28.0871 5456 Pcmcia - ok

20:39:28.0871 5456 PDCOMP - ok

20:39:28.0887 5456 PDFRAME - ok

20:39:28.0887 5456 PDRELI - ok

20:39:28.0887 5456 PDRFRAME - ok

20:39:28.0903 5456 perc2 - ok

20:39:28.0903 5456 perc2hib - ok

20:39:28.0949 5456 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\WINDOWS\system32\IoctlSvc.exe

20:39:28.0949 5456 PLFlash DeviceIoControl Service - ok

20:39:29.0028 5456 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe

20:39:29.0028 5456 PlugPlay - ok

20:39:29.0028 5456 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

20:39:29.0028 5456 PolicyAgent - ok

20:39:29.0043 5456 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

20:39:29.0043 5456 PptpMiniport - ok

20:39:29.0043 5456 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

20:39:29.0043 5456 ProtectedStorage - ok

20:39:29.0059 5456 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

20:39:29.0059 5456 PSched - ok

20:39:29.0090 5456 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

20:39:29.0090 5456 Ptilink - ok

20:39:29.0106 5456 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys

20:39:29.0106 5456 PxHelp20 - ok

20:39:29.0106 5456 ql1080 - ok

20:39:29.0121 5456 Ql10wnt - ok

20:39:29.0121 5456 ql12160 - ok

20:39:29.0137 5456 ql1240 - ok

20:39:29.0137 5456 ql1280 - ok

20:39:29.0184 5456 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

20:39:29.0184 5456 RasAcd - ok

20:39:29.0231 5456 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll

20:39:29.0231 5456 RasAuto - ok

20:39:29.0262 5456 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

20:39:29.0262 5456 Rasl2tp - ok

20:39:29.0293 5456 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll

20:39:29.0309 5456 RasMan - ok

20:39:29.0340 5456 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

20:39:29.0340 5456 RasPppoe - ok

20:39:29.0356 5456 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

20:39:29.0356 5456 Raspti - ok

20:39:29.0403 5456 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

20:39:29.0403 5456 Rdbss - ok

20:39:29.0418 5456 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

20:39:29.0418 5456 RDPCDD - ok

20:39:29.0465 5456 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys

20:39:29.0465 5456 rdpdr - ok

20:39:29.0543 5456 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

20:39:29.0543 5456 RDPWD - ok

20:39:29.0574 5456 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

20:39:29.0590 5456 RDSessMgr - ok

20:39:29.0637 5456 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

20:39:29.0637 5456 redbook - ok

20:39:29.0778 5456 [ 1B2857EF12D79A9F9ADBA14B0637CBF8 ] RegSrvc C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

20:39:29.0778 5456 RegSrvc - ok

20:39:29.0856 5456 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

20:39:29.0856 5456 RemoteAccess - ok

20:39:29.0903 5456 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll

20:39:29.0903 5456 RemoteRegistry - ok

20:39:29.0981 5456 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys

20:39:29.0981 5456 RFCOMM - ok

20:39:30.0012 5456 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe

20:39:30.0012 5456 RpcLocator - ok

20:39:30.0043 5456 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll

20:39:30.0059 5456 RpcSs - ok

20:39:30.0106 5456 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe

20:39:30.0106 5456 RSVP - ok

20:39:30.0168 5456 [ 6C5155CC0E805C7BE6028BFF7AC14524 ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

20:39:30.0184 5456 S24EventMonitor - ok

20:39:30.0324 5456 [ 1CC074E0D48383D4E9BFFC6A26C2A58A ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys

20:39:30.0324 5456 s24trans - ok

20:39:30.0356 5456 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe

20:39:30.0356 5456 SamSs - ok

20:39:30.0418 5456 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

20:39:30.0449 5456 SCardSvr - ok

20:39:30.0590 5456 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll

20:39:30.0590 5456 Schedule - ok

20:39:30.0637 5456 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

20:39:30.0637 5456 Secdrv - ok

20:39:30.0668 5456 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll

20:39:30.0668 5456 seclogon - ok

20:39:30.0684 5456 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll

20:39:30.0684 5456 SENS - ok

20:39:30.0731 5456 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys

20:39:30.0731 5456 Serial - ok

20:39:30.0840 5456 [ F31E9531AF225CA25350D5E87E999B31 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

20:39:30.0856 5456 ServiceLayer - ok

20:39:30.0887 5456 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys

20:39:30.0887 5456 Sfloppy - ok

20:39:30.0918 5456 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

20:39:30.0918 5456 SharedAccess - ok

20:39:30.0965 5456 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

20:39:30.0981 5456 ShellHWDetection - ok

20:39:31.0012 5456 [ 716A724A447C559F122EA140D636FA48 ] SI3132 C:\WINDOWS\system32\DRIVERS\SI3132.sys

20:39:31.0012 5456 SI3132 - ok

20:39:31.0027 5456 [ 72CF151FB410E544904DBC7D7F29B796 ] SiFilter C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys

20:39:31.0027 5456 SiFilter - ok

20:39:31.0043 5456 Simbad - ok

20:39:31.0043 5456 [ 62FD549ACF2943F89612A8777295FA57 ] SiRemFil C:\WINDOWS\system32\DRIVERS\SiRemFil.sys

20:39:31.0043 5456 SiRemFil - ok

20:39:31.0074 5456 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys

20:39:31.0074 5456 SLIP - ok

20:39:31.0121 5456 [ BE6038E0A7D2E2FE69107E41A0265831 ] SNC C:\WINDOWS\system32\Drivers\SonyNC.sys

20:39:31.0121 5456 SNC - ok

20:39:31.0231 5456 [ 447AF8EF9C114AF75E252BE2A4E9C4AA ] SonicStageMonitoring C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe

20:39:31.0231 5456 SonicStageMonitoring - ok

20:39:31.0277 5456 [ FB77021110EAA16EA6E0961C844EF0D2 ] SonyImgF C:\WINDOWS\system32\DRIVERS\SonyImgF.sys

20:39:31.0277 5456 SonyImgF - ok

20:39:31.0277 5456 Sparrow - ok

20:39:31.0277 5456 SPC220NC - ok

20:39:31.0324 5456 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys

20:39:31.0324 5456 splitter - ok

20:39:31.0371 5456 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe

20:39:31.0387 5456 Spooler - ok

20:39:31.0418 5456 [ 1B7447278005E38E464B34A7E841D628 ] SPTISRV C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

20:39:31.0434 5456 SPTISRV - ok

20:39:31.0434 5456 SQLAgent$VAIO_VEDB - ok

20:39:31.0449 5456 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

20:39:31.0449 5456 sr - ok

20:39:31.0527 5456 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll

20:39:31.0543 5456 srservice - ok

20:39:31.0731 5456 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

20:39:31.0746 5456 Srv - ok

20:39:31.0746 5456 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

20:39:31.0762 5456 SSDPSRV - ok

20:39:31.0871 5456 [ BBBC5BF9A5F1FB5D57E91B944D2E51A5 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys

20:39:31.0887 5456 STHDA - ok

20:39:31.0949 5456 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll

20:39:31.0965 5456 stisvc - ok

20:39:31.0996 5456 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys

20:39:31.0996 5456 streamip - ok

20:39:32.0027 5456 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

20:39:32.0027 5456 swenum - ok

20:39:32.0043 5456 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

20:39:32.0043 5456 swmidi - ok

20:39:32.0043 5456 SwPrv - ok

20:39:32.0059 5456 symc810 - ok

20:39:32.0059 5456 symc8xx - ok

20:39:32.0059 5456 sym_hi - ok

20:39:32.0074 5456 sym_u3 - ok

20:39:32.0090 5456 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

20:39:32.0090 5456 sysaudio - ok

20:39:32.0121 5456 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

20:39:32.0137 5456 SysmonLog - ok

20:39:32.0168 5456 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

20:39:32.0184 5456 TapiSrv - ok

20:39:32.0215 5456 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

20:39:32.0231 5456 Tcpip - ok

20:39:32.0277 5456 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

20:39:32.0277 5456 TDPIPE - ok

20:39:32.0293 5456 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

20:39:32.0293 5456 TDTCP - ok

20:39:32.0293 5456 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

20:39:32.0293 5456 TermDD - ok

20:39:32.0324 5456 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll

20:39:32.0324 5456 TermService - ok

20:39:32.0387 5456 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll

20:39:32.0387 5456 Themes - ok

20:39:32.0434 5456 [ 26587CE8E6C6F16B8B4E7E2C16FA00BF ] ti21sony C:\WINDOWS\system32\drivers\ti21sony.sys

20:39:32.0449 5456 ti21sony - ok

20:39:32.0543 5456 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe

20:39:32.0559 5456 TlntSvr - ok

20:39:32.0559 5456 TosIde - ok

20:39:32.0637 5456 [ D626E0AF9232D8799D3A449530F3C220 ] tosporte C:\WINDOWS\system32\DRIVERS\tosporte.sys

20:39:32.0637 5456 tosporte - ok

20:39:32.0668 5456 [ 0EC5206059D97A8DC785BE73FB457EC7 ] Tosrfbd C:\WINDOWS\system32\Drivers\tosrfbd.sys

20:39:32.0668 5456 Tosrfbd - ok

20:39:32.0684 5456 [ 33498B8F0B2CA549C2B7FFC1B3C0F1BC ] Tosrfbnp C:\WINDOWS\system32\Drivers\tosrfbnp.sys

20:39:32.0684 5456 Tosrfbnp - ok

20:39:32.0715 5456 [ 5BA1CA3B3CDDB1DDC67DF473F05D1EC2 ] Tosrfcom C:\WINDOWS\system32\Drivers\tosrfcom.sys

20:39:32.0715 5456 Tosrfcom - ok

20:39:32.0746 5456 [ 5DBF390AAB62DD0D4D43A9278614E001 ] Tosrfhid C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys

20:39:32.0746 5456 Tosrfhid - ok

20:39:32.0762 5456 [ C52FD27B9ADF3A1F22CB90E6BCF9B0CB ] tosrfnds C:\WINDOWS\system32\DRIVERS\tosrfnds.sys

20:39:32.0762 5456 tosrfnds - ok

20:39:32.0777 5456 [ C582B7716F0BE7E65505365F4F941587 ] Tosrfusb C:\WINDOWS\system32\Drivers\tosrfusb.sys

20:39:32.0777 5456 Tosrfusb - ok

20:39:32.0824 5456 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll

20:39:32.0824 5456 TrkWks - ok

20:39:32.0855 5456 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

20:39:32.0855 5456 Udfs - ok

20:39:32.0855 5456 ultra - ok

20:39:32.0918 5456 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

20:39:32.0934 5456 Update - ok

20:39:32.0934 5456 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll

20:39:32.0949 5456 upnphost - ok

20:39:32.0980 5456 [ 47F5F9D837D80FFD5882A14DB9DA0A67 ] upperdev C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys

20:39:32.0980 5456 upperdev - ok

20:39:32.0996 5456 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe

20:39:33.0012 5456 UPS - ok

20:39:33.0027 5456 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys

20:39:33.0043 5456 USBAAPL - ok

20:39:33.0059 5456 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys

20:39:33.0059 5456 usbaudio - ok

20:39:33.0090 5456 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

20:39:33.0105 5456 usbccgp - ok

20:39:33.0121 5456 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

20:39:33.0121 5456 usbehci - ok

20:39:33.0184 5456 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

20:39:33.0184 5456 usbhub - ok

20:39:33.0215 5456 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys

20:39:33.0215 5456 usbscan - ok

20:39:33.0230 5456 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\DRIVERS\usbser.sys

20:39:33.0230 5456 usbser - ok

20:39:33.0262 5456 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

20:39:33.0262 5456 usbstor - ok

20:39:33.0293 5456 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys

20:39:33.0293 5456 usbuhci - ok

20:39:33.0340 5456 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys

20:39:33.0340 5456 usbvideo - ok

20:39:33.0387 5456 [ C7F4158EA3915F4194AEE233FF8D4728 ] usbvm321 C:\WINDOWS\system32\Drivers\usbvm321.sys

20:39:33.0387 5456 usbvm321 - ok

20:39:33.0465 5456 [ FB1A8F8CBD361FC1F0D144D5018C97F3 ] VAIO Entertainment TV Device Arbitration Service C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

20:39:33.0465 5456 VAIO Entertainment TV Device Arbitration Service - ok

20:39:33.0668 5456 [ 2B0EAC2B6E5F1C5E007DABAE101028B0 ] VAIO Event Service C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

20:39:33.0668 5456 VAIO Event Service - ok

20:39:33.0809 5456 [ 8A851EE335A459440B69A44C1CD50BDB ] VAIOMediaPlatform-IntegratedServer-AppServer C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe

20:39:33.0855 5456 VAIOMediaPlatform-IntegratedServer-AppServer - ok

20:39:33.0887 5456 [ B74A27540B0B7FE393A882B94B0D2188 ] VAIOMediaPlatform-IntegratedServer-HTTP C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

20:39:33.0902 5456 VAIOMediaPlatform-IntegratedServer-HTTP - ok

20:39:33.0934 5456 [ 4914B65DCCF68CB95C2D1303C7264C8C ] VAIOMediaPlatform-IntegratedServer-UPnP C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

20:39:33.0949 5456 VAIOMediaPlatform-IntegratedServer-UPnP - ok

20:39:33.0965 5456 Vcsw - ok

20:39:34.0012 5456 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

20:39:34.0012 5456 VgaSave - ok

20:39:34.0012 5456 ViaIde - ok

20:39:34.0059 5456 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

20:39:34.0059 5456 VolSnap - ok

20:39:34.0121 5456 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe

20:39:34.0121 5456 VSS - ok

20:39:34.0340 5456 [ 3AD1E72748978D8B0B3B674741E4C3E2 ] vToolbarUpdater14.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe

20:39:34.0387 5456 vToolbarUpdater14.2.0 - ok

20:39:34.0480 5456 [ 0BD64CCEA7B4BF25CA2FB9BF1444DFD9 ] VzCdbSvc C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

20:39:34.0480 5456 VzCdbSvc - ok

20:39:34.0512 5456 [ E81E8C7DC7EBC6CEDE156EAAD5EF9C8E ] VzFw C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

20:39:34.0512 5456 VzFw - ok

20:39:34.0621 5456 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll

20:39:34.0621 5456 W32Time - ok

20:39:34.0746 5456 [ B1F126E7E28877106D60E6FF3998D033 ] w39n51 C:\WINDOWS\system32\DRIVERS\w39n51.sys

20:39:34.0762 5456 w39n51 - ok

20:39:34.0824 5456 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

20:39:34.0824 5456 Wanarp - ok

20:39:34.0887 5456 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys

20:39:34.0887 5456 Wdf01000 - ok

20:39:34.0902 5456 WDICA - ok

20:39:34.0918 5456 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

20:39:34.0933 5456 wdmaud - ok

20:39:34.0965 5456 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll

20:39:34.0980 5456 WebClient - ok

20:39:35.0058 5456 [ C1D5CBD8AA0D674DA1BA1BB189696396 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

20:39:35.0105 5456 winachsf - ok

20:39:35.0199 5456 [ F45DD1E1365D857DD08BC23563370D0E ] WinDefend C:\Program Files\Windows Defender\MsMpEng.exe

20:39:35.0199 5456 WinDefend - ok

20:39:35.0277 5456 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

20:39:35.0293 5456 winmgmt - ok

20:39:35.0340 5456 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll

20:39:35.0340 5456 WmdmPmSN - ok

20:39:35.0402 5456 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll

20:39:35.0418 5456 Wmi - ok

20:39:35.0449 5456 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

20:39:35.0449 5456 WmiApSrv - ok

20:39:35.0637 5456 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe

20:39:35.0777 5456 WMPNetworkSvc - ok

20:39:35.0824 5456 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys

20:39:35.0824 5456 WS2IFSL - ok

20:39:35.0840 5456 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll

20:39:35.0855 5456 wscsvc - ok

20:39:35.0871 5456 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

20:39:35.0871 5456 WSTCODEC - ok

20:39:35.0887 5456 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll

20:39:35.0902 5456 wuauserv - ok

20:39:35.0949 5456 [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys

20:39:35.0949 5456 WudfPf - ok

20:39:35.0996 5456 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys

20:39:35.0996 5456 WudfRd - ok

20:39:36.0027 5456 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll

20:39:36.0027 5456 WudfSvc - ok

20:39:36.0105 5456 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

20:39:36.0121 5456 WZCSVC - ok

20:39:36.0152 5456 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll

20:39:36.0168 5456 xmlprov - ok

20:39:36.0183 5456 ================ Scan global ===============================

20:39:36.0230 5456 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll

20:39:36.0277 5456 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll

20:39:36.0293 5456 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll

20:39:36.0308 5456 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe

20:39:36.0324 5456 [Global] - ok

20:39:36.0324 5456 ================ Scan MBR ==================================

20:39:36.0340 5456 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0

20:39:36.0574 5456 \Device\Harddisk0\DR0 - ok

20:39:36.0574 5456 ================ Scan VBR ==================================

20:39:36.0590 5456 [ 7C0650643B3348B6B5F887B3015E66C8 ] \Device\Harddisk0\DR0\Partition1

20:39:36.0590 5456 \Device\Harddisk0\DR0\Partition1 - ok

20:39:36.0590 5456 ============================================================

20:39:36.0590 5456 Scan finished

20:39:36.0590 5456 ============================================================

20:39:36.0605 5092 Detected object count: 0

20:39:36.0605 5092 Actual detected object count: 0

Below Log from Rougekiller

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : RICHA [Admin rights]

Mode : Scan -- Date : 05/13/2013 20:46:04

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HTS541010G9SA00 +++++

--- User ---

[MBR] cd0a04e99d72ae870b8615e966cf8c7a

[bSP] 01ea6485659fcdd7460e174a89a8945d : Windows XP MBR Code

Partition table:

0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 7169 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 14683410 | Size: 88224 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2]_S_05132013_02d2046.txt >>

RKreport[1]_S_05122013_02d1110.txt ; RKreport[2]_S_05132013_02d2046.txt

Not sure if anything reported, please let me know the next steps & many thanks for your time.

Regards

Maneesh

[Maurice Naggar]

The 3 reports are good. No malwares seen. The ip block for akamai "may" be due to adwares.

Please do as much as possible of the following.

Task 1

Close any open work documents, if any, saving your work.

Make sure to close any other programs that you started before.

Please download Junkware Removal Tool by Thisisu to your Desktop.

• Please close your security software to avoid potential conflicts.
  
• Close -all- your browsers !
  
• Run the tool by double-clicking it. If you are using Windows Vista or 7 or 8, right-mouse click JRT.exe and select Run as administrator.
  
• The tool will open and display information and disclaimer in a Command prompt window.
  
• I'd suggest you close all internet browsers at this point.
  
• Press a key on keyboard to start scanning your system.
  
• Please be very patient as this will take several minutes to complete, depending on your system's specifications.
  
• There are approximatly 12 phases or so in this tool. You will see each phase listed in the Command prompt window.
  
• On completion, a log (JRT.txt) is saved to your Desktop and will automatically open. And the command prompt will have been closed.
  
• Please post the contents of JRT.txt into a new reply.
  

Task 2

Download Dr.Web CureIt to the desktop.

The download is nearly 104.6 MB in size

• Turn OFF your antivirus program.
  How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  
• Turn off any other add-on security app {if you have them} like MBAM File System Protection.
  
• If this system is Windows 8/7 or VISTA, then Right-click on drweb-cureit.exe and select Run as Administrator.
  
• Otherwise, on Windows XP, doubleclick on drweb-cureit.exe file to start the tool.
  
• You will see a screen similar to this:
  
  Click the checkbox to participate, and then click on Continue button.
  
• Next
  
  Click on Select onjects for scanning
  
• Next
  
  Put a checkmark by clicking on the boxes as shown.
  Do not select Temporary files or System Restore points.
  Then click on Start scanning button
  
• The scan in progress will be shown like this
  
  
• IF something is detected, you will see a screen similar to this
  
  For each item "detected", click on the Action column down arrow, like this
  
  Your options will be Cure or Ignore
  IF you see an item that you are very sure is ok, then un-check the checkbox for that item.
  Typically, you will keep the Cure default.
  Then click on the Neutralize button.
  
• When the actions are completed, you will see this
  
  
• Click on the green Open Report line. It will pop-up the report in NOTEPAD.
  Save the report to your desktop. The report will be called Cureit.log
  
• Close Dr.Web Cureit.
  
• Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  
• After reboot, attach the log Cureit.log you saved previously in your next reply.
  

Re-Enable your antivirus program when all done.

Task 3

Please download AdwCleaner © Xplode from >>here<< and save it on your Desktop.

If your are running Windows XP, double click adwcleaner.exe to start it.

Otherwise, Right-click on adwcleaner.exe and select Run As Administrator to launch the application.

Now click on the Search tab.

Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\AdwCleaner[XX].txt where XX Denotes the number of times the application has been ran, so in this should be something like R1.

Task 4

Re-enable your security software.

and tell me, How is the system now

[mani74]

Dear Maurice,

performed the three tasks, it seems results are ok. no infection but still malwarebytes is showing the blocker.

below is the log of JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Microsoft Windows XP x86

Ran by RICHA on Tue 05/14/2013 at 21:53:09.95

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\scripthelper.exe

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\viprotocol.dll

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetupv1.exe

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2504091

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{A057A204-BACC-4D26-9990-79A187E2698F}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{A057A204-BACC-4D26-9990-79A187E26990}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

~~~ Files

Successfully deleted: [File] "C:\WINDOWS\system32\conduitengine.tmp"

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\boost_interprocess"

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\trymedia"

Successfully deleted: [Folder] "C:\Documents and Settings\RICHA\Application Data\searchquband"

Successfully deleted: [Folder] "C:\Program Files\software"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Tue 05/14/2013 at 21:57:04.95

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Below Log of awdcleaner:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Microsoft Windows XP x86

Ran by RICHA on Tue 05/14/2013 at 21:53:09.95

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\scripthelper.exe

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\viprotocol.dll

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetupv1.exe

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2504091

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{A057A204-BACC-4D26-9990-79A187E2698F}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{A057A204-BACC-4D26-9990-79A187E26990}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

~~~ Files

Successfully deleted: [File] "C:\WINDOWS\system32\conduitengine.tmp"

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\boost_interprocess"

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\trymedia"

Successfully deleted: [Folder] "C:\Documents and Settings\RICHA\Application Data\searchquband"

Successfully deleted: [Folder] "C:\Program Files\software"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Tue 05/14/2013 at 21:57:04.95

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log of Drweb cureit seems to be big enough to copy past thus am attaching the same.

it seems difficult to find the infection but thanks for your time and let me know if there are other possibilities left.

thanks

Maneesh

[Maurice Naggar]

Again, as before, I need the detail on any Outgoing IP block ....eg, the IP number .....as you reply, each time, give detail of the issue.

Either get the very last summary page of the DrWeb Cure-It or attach that log, please.

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

Please close any of your open windows/programs and exit; saving any open work you have.

Go slow and careful. This is a Custom scan. Have infinite patience while it runs.

Temporarily turn OFF your antivirus program so that it does not interfere. Leave the firewall on

For a how-to-reference, see this How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

I'd like to have you do a special run of OTL to generate some searches & a new log-report.

• Please double-click OTL.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  
• Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  *****************************************************************
  netsvcs
  msconfig
  safebootminimal
  safebootnetwork
  activex
  drivers32
  %ALLUSERSPROFILE%\Application Data\*.
  %ALLUSERSPROFILE%\Application Data\*.exe /s
  %ALLUSERSPROFILE%\Application Data\*.dll /s
  %APPDATA%\*.
  %APPDATA%\*.exe /s
  %SYSTEMDRIVE%\*.exe
  c:|crossride;true;true;true; /FP
  c:|conduit;true;true;true; /FP
  c:|Fun4IM;true;true;true; /FP
  c:|Bandoo;true;true;true; /FP
  c:|Searchn;true;true;true; /FP
  c:|Searchq;true;true;true; /FP
  c:|datamngr;true;true;true; /FP
  c:|iLivid;true;true;true; /FP
  c:|whitesmoke;true;true;true; /FP
  c:|services.ex;true;true;true; /FP
  %USERPROFILE%\..|smtmp;true;true;true /FP
  %systemroot%\*. /mp /s
  *****************************************************************
  
• Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  
• Close any browser(s) windows that may be open.
  
• Using your mouse, click on Run Scan.
  
• The scan won't take long. Have inifinite patience. OTL may appear to stall but it will finish.
  When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
  These are saved in the same location as OTL.
  
• Please Attach the OTL log(s) .
  

[Maurice Naggar]

P.S. You did not get the right log for AdwCleaner

Note: The log can also be located at C:\AdwCleaner[XX].txt where XX Denotes the number of times the application has been ran, so in this should be something like R1.

[mani74]

Hi Maurice,

the problem remains the same. I keep on getting message:

“Malwarebytes anti-malware sucesfully blocked access to a potentially malicious website; 83.243.11.171

Type: outgoing”

IP address rages from: 83.243.11.168 to 177 (all linked to Akt)

I am enclosing log from DrWeb Cureit, adware run which i have run again today & OTL Extra and below log from OTL:

OTL logfile created on: 5/15/2013 9:36:55 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\RICHA\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.11 Mb Total Physical Memory | 568.38 Mb Available Physical Memory | 56.05% Memory free

2.38 Gb Paging File | 1.60 Gb Available in Paging File | 67.29% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 86.16 Gb Total Space | 55.94 Gb Free Space | 64.92% Space Free | Partition Type: NTFS

Computer Name: MANEESH | User Name: RICHA | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/15 21:19:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\RICHA\Desktop\OTL.exe

PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2013/02/20 16:40:08 | 001,151,152 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe

PRC - [2013/02/20 16:40:07 | 000,968,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe

PRC - [2012/05/25 21:48:04 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe

PRC - [2012/03/12 11:11:47 | 002,077,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe

PRC - [2012/03/12 11:05:15 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe

PRC - [2010/10/02 17:12:52 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe

PRC - [2010/07/15 16:50:44 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe

PRC - [2010/07/15 16:50:27 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe

PRC - [2010/07/15 16:49:08 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe

PRC - [2009/09/08 16:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe

PRC - [2008/04/14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/02/28 17:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

PRC - [2008/02/18 16:29:02 | 002,221,352 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

PRC - [2007/05/15 19:46:28 | 000,551,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe

PRC - [2005/12/14 08:43:40 | 000,217,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

PRC - [2005/11/29 00:38:44 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

PRC - [2005/11/29 00:38:42 | 000,167,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

PRC - [2005/11/29 00:38:34 | 000,270,336 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

PRC - [2005/11/24 21:47:34 | 000,167,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

PRC - [2005/09/27 04:06:00 | 000,241,719 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe

PRC - [2005/09/27 04:06:00 | 000,139,320 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

PRC - [2005/09/27 04:06:00 | 000,102,463 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

PRC - [2005/05/21 03:41:42 | 000,153,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

PRC - [2005/03/12 03:55:40 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe

PRC - [2004/11/18 05:47:16 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe

PRC - [2004/08/19 18:40:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe

PRC - [2004/02/21 00:12:34 | 000,032,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe

PRC - [2003/07/29 15:14:16 | 000,499,773 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

========== Modules (No Company Name) ==========

MOD - [2013/02/20 16:40:10 | 000,156,848 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll

MOD - [2013/02/20 16:40:08 | 001,151,152 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe

MOD - [2013/02/20 16:40:07 | 000,968,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe

MOD - [2013/01/02 08:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll

MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll

MOD - [2008/04/14 02:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2008/04/14 02:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll

MOD - [2008/03/25 06:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll

MOD - [2007/09/13 22:42:30 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

MOD - [2005/11/28 21:59:16 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll

MOD - [2005/11/28 21:59:16 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll

MOD - [2005/11/28 21:59:16 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll

MOD - [2005/05/21 03:42:20 | 000,010,752 | ---- | M] () -- C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2013/02/20 16:40:07 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)

SRV - [2012/01/04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2010/07/15 16:50:27 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)

SRV - [2009/09/08 16:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)

SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

SRV - [2006/01/16 20:25:02 | 002,084,864 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)

SRV - [2005/12/21 20:06:28 | 000,155,648 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)

SRV - [2005/11/29 00:38:44 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)

SRV - [2005/11/29 00:38:42 | 000,167,936 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)

SRV - [2005/11/29 00:38:34 | 000,270,336 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)

SRV - [2005/11/26 00:08:54 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)

SRV - [2005/11/25 03:03:22 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)

SRV - [2005/11/25 02:57:44 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)

SRV - [2005/11/25 02:47:30 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)

SRV - [2005/10/11 22:07:50 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP)

SRV - [2005/10/11 22:02:02 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP)

SRV - [2005/09/27 04:06:00 | 000,102,463 | ---- | M] (Network Associates, Inc.) [Auto | Running] -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework)

SRV - [2005/05/21 03:41:42 | 000,153,600 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)

SRV - [2005/03/12 03:55:40 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe -- (SonicStageMonitoring)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SPC220NC.SYS -- (SPC220NC)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix_man\catchme.sys -- (catchme)

DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2013/02/20 16:40:10 | 000,033,112 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)

DRV - [2013/01/19 10:07:05 | 000,226,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2012/03/11 08:35:04 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2012/01/09 17:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2012/01/09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2012/01/09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2011/05/06 10:13:50 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)

DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2006/02/22 04:32:32 | 000,226,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ti21sony.sys -- (ti21sony)

DRV - [2006/02/08 17:33:34 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)

DRV - [2006/02/02 23:16:08 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)

DRV - [2006/01/31 18:35:28 | 000,039,808 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)

DRV - [2005/12/30 04:42:00 | 000,234,496 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbvm321.sys -- (usbvm321)

DRV - [2005/12/28 01:22:10 | 000,029,184 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SonyImgF.sys -- (SonyImgF)

DRV - [2005/12/14 17:07:24 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)

DRV - [2005/12/05 10:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)

DRV - [2005/11/28 22:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)

DRV - [2005/11/24 13:37:36 | 000,047,104 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)

DRV - [2005/11/17 12:40:46 | 001,076,472 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2005/10/18 16:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)

DRV - [2005/10/18 16:52:34 | 000,202,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)

DRV - [2005/10/18 16:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2005/09/21 19:04:56 | 000,067,456 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SI3132.sys -- (SI3132)

DRV - [2005/09/21 01:18:20 | 000,005,248 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiRemFil.sys -- (SiRemFil)

DRV - [2005/08/01 16:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)

DRV - [2005/01/06 13:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)

DRV - [2004/11/22 22:31:10 | 000,108,767 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2004/11/01 22:21:32 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter)

DRV - [2003/07/29 14:43:44 | 001,257,418 | ---- | M] (WIDCOMM, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)

DRV - [2003/07/01 11:29:10 | 000,022,183 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)

DRV - [2003/07/01 11:28:46 | 000,222,876 | ---- | M] (WIDCOMM, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP)

DRV - [2000/12/06 02:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)

DRV - [2000/11/10 05:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...&p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - No CLSID value found

IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.2: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2013/05/14 21:52:58 | 000,000,000 | ---D | M]

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)

FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2012/03/12 10:32:03 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2008/11/12 20:54:16 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011/08/11 10:47:54 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\14.2.0.1 [2013/02/20 16:50:26 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_3.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_3.0 [2012/03/21 18:06:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/25 21:48:29 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/03/21 18:06:31 | 000,000,000 | ---D | M]

[2013/05/10 21:54:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/10/10 13:09:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2007/12/01 14:52:09 | 000,000,000 | ---D | M] (Google Settings) -- C:\Program Files\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com

[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2012/05/25 21:48:11 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll

[2006/09/26 13:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll

[2013/02/20 16:52:28 | 000,003,714 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

O1 HOSTS File: ([2013/05/12 22:53:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.

O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)

O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)

O4 - HKLM..\Run: [iDTSysTrayApp] C:\WINDOWS\sttray.exe (IDT, Inc.)

O4 - HKLM..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)

O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe (Network Associates, Inc.)

O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles File not found

O4 - HKLM..\Run: [NSU_agent] C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [sonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)

O4 - HKLM..\Run: [switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)

O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\Partseal.exe (Sony Electronics Inc)

O4 - HKLM..\Run: [VAIO Update 3] C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe (Sony Corporation)

O4 - HKLM..\Run: [VAIOCameraUtility] C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)

O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()

O4 - HKCU..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (WIDCOMM, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk = File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html File not found

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.micr...loadManager.cab (Microsoft Download Manager ActiveX control)

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game08.zylom....gamesplayer.cab (Zylom Games Player)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7D0E6B2-D810-4A95-B580-E33BE1E83140}: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\RICHA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\RICHA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/12/26 07:37:07 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found

NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)

ActiveX: {14F4D1F6-79E4-4256-A10B-3CCD138698C6} - Microsoft .NET Framework 1.0 Hotfix (KB2656378)

ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {29A43E48-B726-47B6-9EAC-AA2B7B48E133} - Microsoft .NET Framework 1.0 Security Update (KB2698035)

ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)

ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.

ActiveX: {339E9413-F230-4F0F-ADDD-17914D95FD6D} - Microsoft .NET Framework 1.0 Hotfix (KB2604042)

ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4F00D11B-8327-4C55-B7DA-B8D8C10F28A8} - Microsoft .NET Framework 1.0 Hotfix (KB2572066)

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6C298884-91FD-408C-9D90-5A59D2C29FD1} - Microsoft .NET Framework 1.1 Security Update (KB2742597)

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

ActiveX: {8BF1B8CD-9A6C-4382-A454-CC769B913F48} - Microsoft .NET Framework 1.0 Hotfix (KB2656378)

ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023)

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.

ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.

ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {DE895E98-54B2-4180-91E1-7A0020EDF577} - Microsoft .NET Framework 1.0 Security Update (KB2742607)

ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.

ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3

ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/15 21:18:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\RICHA\Desktop\OTL.exe

[2013/05/14 21:58:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RICHA\Doctor Web

[2013/05/14 21:52:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT

[2013/05/14 21:52:51 | 000,000,000 | ---D | C] -- C:\JRT

[2013/05/14 21:42:43 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\RICHA\Desktop\JRT.exe

[2013/05/13 20:25:36 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\RICHA\Desktop\tdsskiller.exe

[2013/05/13 20:23:32 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\RICHA\Desktop\aswMBR.exe

[2013/05/13 20:03:03 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2013/05/12 22:31:46 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2013/05/12 22:29:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2013/05/12 22:29:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2013/05/12 22:29:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2013/05/12 22:29:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2013/05/12 22:28:42 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/05/12 22:28:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt

[2013/05/12 21:11:20 | 005,069,265 | R--- | C] (Swearware) -- C:\Documents and Settings\RICHA\Desktop\ComboFix_man.exe

[2013/05/12 11:06:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RICHA\Desktop\RK_Quarantine

[2013/05/11 15:40:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\RICHA\Recent

[2013/05/11 15:36:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner

[2013/05/11 15:36:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2013/05/11 15:36:06 | 003,309,368 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\RICHA\Desktop\ccsetup401_slim.exe

[2013/05/11 15:19:01 | 000,000,000 | ---D | C] -- C:\Program Files\NT Registry Optimizer

[2013/05/11 15:19:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NT Registry Optimizer

[2013/05/11 14:44:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\RICHA\My Documents\My Videos

[2013/05/11 14:44:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos

[2013/05/11 14:44:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\RICHA\My Documents\My Pictures

[2013/05/11 14:44:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures

[2013/05/11 14:44:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music

[2013/05/11 14:44:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\RICHA\My Documents\My Music

[2013/05/11 14:38:34 | 000,483,809 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\RICHA\Desktop\ntregopt-setup.exe

[2013/05/11 13:11:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RICHA\My Documents\My Downloads

[2013/05/11 12:06:13 | 000,238,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe

[2013/05/11 10:12:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Recorded TV

[2013/05/10 23:06:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\RICHA\Start Menu\Programs\Administrative Tools

[2013/05/10 22:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RICHA\Application Data\Malwarebytes

[2013/05/10 22:16:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/05/10 22:16:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2013/05/10 22:16:24 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2013/05/10 22:16:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2013/05/10 22:03:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RICHA\Desktop\misc photos

[2013/05/10 20:38:37 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache

[2013/05/10 20:34:27 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender

[2013/05/10 19:52:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Download Manager

[2013/05/10 19:52:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Download Manager

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/15 21:41:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{888763ED-4606-4BF7-8D93-6418F8C40B15}.job

[2013/05/15 21:39:41 | 000,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd

[2013/05/15 21:22:27 | 119,760,334 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2013/05/15 21:19:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\RICHA\Desktop\OTL.exe

[2013/05/15 21:05:53 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3186450140-516228879-150360610-1007.job

[2013/05/15 21:05:44 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_RICHA.job

[2013/05/15 21:05:38 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3186450140-516228879-150360610-1005.job

[2013/05/15 21:04:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/05/15 21:04:33 | 1063,440,384 | -HS- | M] () -- C:\hiberfil.sys

[2013/05/14 23:04:12 | 000,000,452 | ---- | M] () -- C:\Documents and Settings\RICHA\My Documents\spider.sav

[2013/05/14 21:52:27 | 119,166,144 | ---- | M] () -- C:\Documents and Settings\RICHA\Desktop\drweb-cureit.exe

[2013/05/14 21:47:11 | 000,628,743 | ---- | M] () -- C:\Documents and Settings\RICHA\Desktop\adwcleaner.exe

[2013/05/14 21:43:02 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\RICHA\Desktop\JRT.exe

[2013/05/14 21:30:17 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{431C06C0-E1E2-49CB-9087-A82D1E28833D}.job

[2013/05/13 20:37:54 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\RICHA\Desktop\MBR.dat

[2013/05/13 20:27:53 | 000,816,128 | ---- | M] () -- C:\Documents and Settings\RICHA\Desktop\RogueKiller.exe

[2013/05/13 20:25:42 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\RICHA\Desktop\tdsskiller.exe

[2013/05/13 20:23:46 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\RICHA\Desktop\aswMBR.exe

[2013/05/12 22:53:35 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2013/05/12 22:31:53 | 000,000,325 | RHS- | M] () -- C:\boot.ini

[2013/05/12 21:11:26 | 005,069,265 | R--- | M] (Swearware) -- C:\Documents and Settings\RICHA\Desktop\ComboFix_man.exe

[2013/05/12 11:06:04 | 000,890,825 | ---- | M] () -- C:\Documents and Settings\RICHA\Desktop\SecurityCheck.exe

[2013/05/11 15:36:45 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

[2013/05/11 15:36:08 | 003,309,368 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\RICHA\Desktop\ccsetup401_slim.exe

[2013/05/11 15:27:19 | 006,029,312 | -H-- | M] () -- C:\Documents and Settings\RICHA\NTUSER.bak

[2013/05/11 15:19:06 | 000,000,695 | ---- | M] () -- C:\Documents and Settings\RICHA\Desktop\NTREGOPT.lnk

[2013/05/11 14:42:01 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_RICHA.job

[2013/05/11 14:38:41 | 000,483,809 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\RICHA\Desktop\ntregopt-setup.exe

[2013/05/11 14:13:21 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_RICHA.job

[2013/05/11 13:37:44 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013/05/11 13:11:32 | 000,002,353 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk

[2013/05/11 10:11:48 | 000,274,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2013/05/10 22:49:24 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3186450140-516228879-150360610-1007.job

[2013/05/10 20:13:51 | 000,000,143 | ---- | M] () -- C:\Documents and Settings\RICHA\default.pls

[2013/05/10 20:11:55 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2013/05/02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe

[2013/05/01 19:30:19 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/14 23:04:12 | 000,000,452 | ---- | C] () -- C:\Documents and Settings\RICHA\My Documents\spider.sav

[2013/05/14 21:51:02 | 119,166,144 | ---- | C] () -- C:\Documents and Settings\RICHA\Desktop\drweb-cureit.exe

[2013/05/14 21:46:41 | 000,628,743 | ---- | C] () -- C:\Documents and Settings\RICHA\Desktop\adwcleaner.exe

[2013/05/13 20:37:54 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\RICHA\Desktop\MBR.dat

[2013/05/13 20:27:51 | 000,816,128 | ---- | C] () -- C:\Documents and Settings\RICHA\Desktop\RogueKiller.exe

[2013/05/12 22:31:53 | 000,000,209 | ---- | C] () -- C:\Boot.bak

[2013/05/12 22:31:49 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2013/05/12 22:29:25 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2013/05/12 22:29:25 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2013/05/12 22:29:25 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2013/05/12 22:29:25 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2013/05/12 22:29:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2013/05/12 11:05:54 | 000,890,825 | ---- | C] () -- C:\Documents and Settings\RICHA\Desktop\SecurityCheck.exe

[2013/05/11 15:36:45 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

[2013/05/11 15:19:06 | 000,000,695 | ---- | C] () -- C:\Documents and Settings\RICHA\Desktop\NTREGOPT.lnk

[2013/05/10 20:34:35 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk

[2013/05/10 19:52:25 | 000,002,353 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk

[2013/05/10 19:50:25 | 000,000,143 | ---- | C] () -- C:\Documents and Settings\RICHA\default.pls

[2013/05/03 09:31:25 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_RICHA.job

[2013/05/03 09:28:39 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_RICHA.job

[2013/05/03 09:28:37 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_RICHA.job

[2012/05/14 10:14:17 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\RICHA\Local Settings\Application Data\fusioncache.dat

[2012/05/14 10:14:14 | 006,029,312 | -H-- | C] () -- C:\Documents and Settings\RICHA\NTUSER.bak

[2012/03/11 08:13:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011/06/28 13:42:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2008/06/24 18:41:05 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2007/12/08 16:41:14 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat

[2007/11/25 00:44:37 | 001,606,064 | ---- | C] () -- C:\Program Files\googletalk-setup.exe

[2007/09/14 20:30:02 | 001,206,249 | ---- | C] () -- C:\Program Files\wrar371b1.exe

[2007/09/14 20:25:43 | 000,269,362 | ---- | C] () -- C:\Program Files\pocketrar371b1.exe

========== ZeroAccess Check ==========

[2006/03/16 03:12:50 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 02:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 14:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 02:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== Custom Scans ==========

< %ALLUSERSPROFILE%\Application Data\*. >

[2008/11/16 14:14:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe

[2007/01/12 02:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL

[2012/03/25 13:43:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple

[2012/05/12 12:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer

[2012/11/24 22:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search

[2011/03/26 20:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar

[2010/04/02 22:19:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2009/08/23 13:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus

[2012/06/22 09:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon_Inc_IC

[2011/03/15 19:46:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2011/06/23 13:01:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation

[2009/08/09 14:07:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations

[2013/02/24 15:02:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google

[2012/05/13 22:08:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations

[2006/03/16 03:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel

[2006/03/29 22:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit

[2013/05/10 22:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2013/05/10 20:34:27 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft

[2009/12/28 12:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero

[2007/10/31 11:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates

[2012/03/21 18:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia

[2011/10/05 19:45:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache

[2009/08/09 16:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic

[2012/04/29 09:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton

[2010/04/05 10:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller

[2006/03/18 02:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NVIDIA

[2009/08/09 15:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite

[2006/09/22 04:53:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime

[2010/04/04 13:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Real

[2006/03/16 03:26:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI

[2010/06/24 10:09:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype

[2007/01/20 18:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SonicStage

[2013/05/10 21:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation

[2010/10/10 13:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun

[2010/04/05 10:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec

[2006/03/29 23:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VAIO Media Platform

[2007/05/17 17:11:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

[2009/12/28 12:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\yahoo!

[2012/06/22 09:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZoomBrowser

[2008/11/09 12:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom

[2012/03/25 13:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

[2009/02/04 12:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DifXInstall32.exe

[2012/03/27 06:59:00 | 000,073,584 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.6.1.7\SetupAdmin.exe

[2007/12/12 02:24:20 | 042,305,440 | R--- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Nokia_PC_Suite_rel_6_85_14_1_EA.exe

[2009/08/09 15:12:03 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Installer\CommonCustomActions\UninstCCD.exe

[2009/08/09 15:12:03 | 000,010,240 | ---- | M] (Nokia) -- C:\Documents and Settings\All Users\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Installer\CommonCustomActions\UninstPCS.exe

[2009/08/09 15:12:03 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Installer\CommonCustomActions\UninstPCSFEMsi.exe

[2012/03/21 11:40:37 | 050,275,072 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NokiaSoftwareUpdaterSetup_EN.exe

[2012/03/21 11:41:21 | 003,351,812 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{7130468A-F53F-4698-8C09-A339EA3B05E6}\Installer\CommonCustomActions\msxml6Exec.exe

[2012/03/21 11:41:19 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{7130468A-F53F-4698-8C09-A339EA3B05E6}\Installer\CommonCustomActions\Sleep.exe

[2012/03/21 11:41:24 | 000,053,248 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{7130468A-F53F-4698-8C09-A339EA3B05E6}\Installer\CommonCustomActions\Sleep2008.exe

[2012/03/21 11:41:27 | 000,053,248 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{7130468A-F53F-4698-8C09-A339EA3B05E6}\Installer\CommonCustomActions\Sleep2010.exe

[2012/03/21 11:41:24 | 004,697,562 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{7130468A-F53F-4698-8C09-A339EA3B05E6}\Installer\CommonCustomActions\vcredist2008Exec.exe

[2012/03/21 11:41:27 | 005,140,754 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{7130468A-F53F-4698-8C09-A339EA3B05E6}\Installer\CommonCustomActions\vcredist2010Exec.exe

[2012/03/21 11:41:19 | 003,203,453 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{7130468A-F53F-4698-8C09-A339EA3B05E6}\Installer\CommonCustomActions\vcredistExec.exe

[2011/04/11 13:24:04 | 034,428,780 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_eng.exe

[2011/04/11 13:24:45 | 000,095,232 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe

[2011/04/11 13:24:45 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe

[2011/04/11 13:24:45 | 000,010,240 | ---- | M] (Nokia) -- C:\Documents and Settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe

[2011/04/11 13:24:45 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe

[2011/09/07 09:10:40 | 001,669,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache\nos_patch.exe

[2012/03/12 16:03:22 | 092,179,016 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}\Installer.exe

[2012/03/21 17:55:43 | 000,125,952 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}\Installer\InstallerService.exe

[2012/03/21 17:55:43 | 000,053,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}\Installer\InstallerServiceExec.exe

[2012/03/21 17:55:43 | 000,054,784 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}\Installer\IsPinned.exe

[2012/05/13 14:23:45 | 000,046,144 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}\Installer\CommonCustomActions\pcswpc.exe

[2012/05/13 14:24:20 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}\Installer\CommonCustomActions\RepairMplatform.exe

[2012/05/13 14:24:24 | 000,077,824 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}\Installer\CommonCustomActions\Run_XML6_SP1.exe

[2012/05/13 14:24:26 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}\Installer\CommonCustomActions\WMF11Runx86.exe

[2012/05/13 14:25:09 | 012,212,040 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe

[2012/03/15 10:24:01 | 002,756,480 | ---- | M] (EasyBits Software AS) -- C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8\Games\8009C35017684284B0BE39D6E4E53955\goxn.exe

[2007/01/12 00:42:18 | 001,834,703 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\315452C5.exe

[2007/01/12 00:43:43 | 002,480,683 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\32636F9B.exe

[2007/01/12 00:45:02 | 000,558,239 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3365647F.exe

[2007/01/12 00:46:43 | 000,156,598 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\34B6490D.EXE

[2007/01/12 00:46:45 | 000,630,170 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\34BC1D06.exe

[2010/07/19 11:19:31 | 027,591,840 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\All Users\Application Data\yahoo!\YUpdater\msgup1000_1270_us_u2.exe

[2008/11/05 21:03:14 | 000,607,472 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\All Users\Application Data\yahoo!\YUpdater\yupdater.exe

[2009/04/06 11:14:26 | 001,974,272 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\petshophop\en-US\PetShopHop.exe

[2009/04/06 11:14:40 | 000,086,016 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\petshophop\en-US\ZylomHost.exe

< %ALLUSERSPROFILE%\Application Data\*.dll /s >

[2006/11/02 05:21:54 | 000,319,456 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DIFxAPI.dll

[2008/04/17 11:12:54 | 000,107,368 | ---- | M] (GEAR Software Inc.) -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\x86\GEARAspi.dll

[2012/04/28 14:28:19 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.2.0.3\components\FF4\toolbarhomewmp.dll

[2012/04/25 20:45:40 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search\9.0.0.18\components\toolbarhomewmp.dll

[2012/04/25 20:45:40 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search\9.0.0.18\components\FF4\toolbarhomewmp.dll

[2010/10/06 11:31:46 | 002,475,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll

[2008/10/10 15:36:02 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll

[2008/10/10 15:36:02 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll

[2008/10/10 15:36:02 | 000,233,984 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll

[2008/10/10 15:36:02 | 000,239,616 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll

[2008/10/10 15:36:02 | 000,245,248 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff2.dll

[2008/10/10 15:36:02 | 000,243,200 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff3.dll

[2013/04/17 06:31:44 | 006,906,960 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{C7200F37-D22A-4AFC-A5C8-A01ABF6F77F2}\mpengine.dll

[2007/03/09 11:25:14 | 002,321,288 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

[2007/03/09 11:25:14 | 002,321,288 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpEngine.dll

[2008/02/08 12:22:34 | 001,347,584 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\All Users\Application Data\Nero\DrWeb\Drweb32.dll

[2012/05/25 21:48:27 | 000,028,160 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome150browserrecordhelper.dll

[2012/05/25 21:48:28 | 000,398,512 | ---- | M] (RealPlayer) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpcommon150browserrecordplugin.dll

[2012/05/25 21:48:29 | 000,035,840 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll

[2012/05/25 21:48:29 | 000,032,256 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordlegacyext.dll

[2012/05/25 21:48:27 | 000,425,680 | ---- | M] (RealPlayer) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

[2012/05/25 21:48:28 | 000,095,744 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[2012/05/25 21:48:28 | 000,019,456 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[2012/05/25 21:48:29 | 000,045,568 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimhtml5.dll

[2012/05/25 21:48:29 | 000,045,568 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll

[2012/05/25 21:48:29 | 000,045,568 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll

[2012/05/25 21:48:30 | 000,045,568 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll

[2012/05/25 21:48:30 | 000,045,568 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll

[2012/03/15 10:24:11 | 000,022,400 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8\Games\53F537B72987463CB06D78F5541A3239\skGamesUpdate.dll

[2006/09/26 13:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

[2006/09/26 13:03:14 | 000,161,976 | ---- | M] (Zylom Games) -- C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll

[2006/04/28 10:21:26 | 001,241,088 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\Babel\en-US\babel.dll

[2005/08/02 15:29:28 | 000,162,304 | ---- | M] (Firelight Technologies Pty, Ltd) -- C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\Babel\en-US\fmod.dll

[2007/03/16 14:13:24 | 000,131,072 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\MyZylomExtension\MyZylomExtension.dll

[2009/04/06 11:14:38 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\petshophop\en-US\ZylomAdapter.dll

[2007/05/24 13:30:06 | 000,200,704 | ---- | M] (Zylom Games) -- C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\PlayfirstExtension\PlayfirstExtension.dll

[2005/02/03 10:34:42 | 000,163,840 | ---- | M] (Zylom Games) -- C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\PopcapExtension\PopcapExtension.dll

[2008/07/02 11:31:50 | 000,589,824 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\Zuma\en-US\Zuma.dll

[2007/07/06 16:49:34 | 000,086,016 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\ZylomDeluxeInstaller\ZylomDeluxeInstaller.dll

[2006/07/17 12:40:00 | 000,126,976 | ---- | M] (Zylom Games) -- C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\ZylomExtension\ZylomExtension.dll

< %APPDATA%\*. >

[2012/05/20 19:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RICHA\Application Data\Adobe

[2013/02/02 18:30:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RICHA\Application Data\Apple Computer

[2012/05/15 14:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RICHA\Application Data\AVG Secure Search

[2012/06/22 10:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RICHA\Application Data\CANON INC

[2013/01/19 12:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RICHA\Application Data\InterVideo

[2012/05/14 10:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RICHA\Application Data\Macromedia

[2013/05/10 22:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RICHA\Application Data\Malwarebytes

[2012/11/28 20:52:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\RICHA\Application Data\Microsoft

[2013/05/10 21:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RICHA\Application Data\Mozilla

[2012/05/14 10:15:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RICHA\Application Data\Nero

[2012/05/14 10:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RICHA\Application Data\PC Suite

[2012/12/19 11:29:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RICHA\Application Data\Real

[2013/05/10 21:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RICHA\Application Data\Sony Corporation

[2012/05/14 11:15:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RICHA\Application Data\Sun

[2012/12/19 12:30:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RICHA\Application Data\ZoomBrowser EX

< %APPDATA%\*.exe /s >

[2006/03/29 22:55:43 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\RICHA\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe

[2013/01/19 10:05:43 | 000,449,176 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\RICHA\Application Data\Real\Update\temp\~Upg0\rnupgagent.exe

[2013/03/26 16:06:36 | 000,448,592 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\RICHA\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe

[2013/05/03 09:36:30 | 038,454,704 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\RICHA\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\stub_data\RealPlayer.exe

[2013/05/03 09:31:49 | 000,766,128 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\RICHA\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\stub_exe\RealPlayer.exe

< %SYSTEMDRIVE%\*.exe >

< c:|crossride;true;true;true; /FP >

< c:|conduit;true;true;true; /FP >

[2012/03/21 17:17:44 | 000,000,000 | ---D | M] -- c:\Documents and Settings\PuneetB\Local Settings\Application Data\Conduit

[2012/03/21 15:22:18 | 000,000,000 | ---D | M] -- c:\Documents and Settings\PuneetB\Local Settings\Application Data\Conduit\Community Alerts

< c:|Fun4IM;true;true;true; /FP >

< c:|Bandoo;true;true;true; /FP >

< c:|Searchn;true;true;true; /FP >

< c:|Searchq;true;true;true; /FP >

< c:|datamngr;true;true;true; /FP >

< c:|iLivid;true;true;true; /FP >

< c:|whitesmoke;true;true;true; /FP >

< c:|services.ex;true;true;true; /FP >

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %systemroot%\*. /mp /s >

< >

< End of report >

hope this will help in identifying the problem.

thanks

Maneesh

cureit.log

AdwCleanerR4.txt

Extras.Txt

[Maurice Naggar]

Uninstall these outdated & insecure Java versions:

J2SE Runtime Environment 5.0 Update 6

Java 6 Update 3

Java 6 Update 5

Java 6 Update 7

Java 6 Update 21

Java Auto Updater

Java vulnerabilities are a never ending occurence. Bottom line is, if your system does not have an installed 3rd-party application that needs it, then unistall it.

If you do have that dependency, then turn off Java in your browsers.

If somehow, you have a often-used website that needs Java to display all information, then just use a specific browser and only allow Java in that one.

• A: If you decide to keep Java:
  The Java runtime components are typically located at
  C:\Program Files \Java\jre7\bin
  Locate javacpl.exe the Java control panel.
  Right click and select Open
  Click on the Update tab
  Put a checkmark at "Check for updates automatically"
  On the General tab, under Temporary Internet Files, click the Settings button.
  Next, click on the Delete Files button
  Checkmark (select) all boxes you can & Click OK on Delete Temporary Files Window.
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  Click OK to leave the Temporary Files Window
  Click on the Advanced tab
  Expand Miscellaneous:
  Un-check "place Java icon in system tray"
  Un-check "Java quick starter"
  Exit/close
  You need to remove older versions of Java runtime. Do this:
  Download & Save to your Desktop or a new folder Javara.zip
  Extract the contents of the zip file. Then double click Javara.exe to run it.
  JavaRa is a simple tool that does a simple job: it removes old and redundant versions of the Java Runtime Environment (JRE).
  
• B: If you want to disable Java in your browser:
  How to disable Java in various browsers : http://blog.eset.com/2012/08/29/disabling-java-a-safer-way-to-browse
  Also see No, Seriously, Just Disable Java in Your Browser Right Now
  

As noted by Brian Krebs,

Most consumers can get by without Java installed, or least not plugged into the browser. Because of the prevalence of threats targeting Java installations, I’d urge these users to remove Java or unplug it from the browser. If this is too much trouble, consider adopting a dual-browser approach, keeping Java unplugged from your main browser, and plugged in to a secondary browser that you only use to visit sites that require the plugin.

Also see How to protect your computer against dangerous Java Applets

2

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member only. If you are a casual viewer, do NOT try this on your system!

If you are not and have a similar problem, do NOT post here; start your own topic

• Temporarily disable your antivirus program and close any programs that you started.
  How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  
• Download the attached file ManOTL.txt and SAVE to your DESKTOP
  
• Start NOTEPAD
  Start NOTEPAD. Check and make sure "word wrap" is off.
  From Notepad main menu bar, Select F (format) and make sure Word Wrap is NOT checked.
  IF it -is- checkmarked, click that one time so that it is un-checked.
  
• Open the ManOTL.txt that you saved
  
• Copy ALL the lines to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
• Please double-click OTL.exe to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  
• Right click in the window (under the aqua-blue bar) and choose Paste.
  
• Close any browser(s) windows that may be open.
  
• Using your mouse, click on the red-lettered button .
  
• Once you see a message box "Fix complete! Click OK to open the fix log."
  Click the OK button
  
• The log will open in Notepad (your default text editor).
  
• Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

3

• Close any open documents/programs & all internet browsers you have running.
  
• Please start AdwCleaner
  
• Click on Delete button.
  
• Confirm each time with OK.
  
• Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
  
• Note: You can find the logfile at C:\AdwCleaner[s1]

4

Your system has an old version (also insecure) of Adobe Reader. You need to uninstall Adobe Reader.

Consider getting an alternate tool like Sumatra PDF as mentioned by Corrine on her Security Garden blog.

http://securitygarden.blogspot.com/2013/02/replacing-adobe-reader-with-sumatra-pdf.html

5

Close all open browsers at this point.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Start Internet Explorer

Using Internet Explorer browser only, go to BitDefender Quickscan website:

http://quickscan.bitdefender.com

and click "Start Scan".

Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.

Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.

If prompted, reply yes to allow it to run.

Press the Allow button and follow prompts.

Press the "Start Scan" once more.

You'll see the EULA in a pop-up window. Click the I accept & then the OK button

Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/

and that QuickScan has no removal capability.

The site boasts a 60-second scan. Do have patience as it likely will take longer.

It may seem to stall at moments, but have patience; it will move on.

You'll see a progress bar at top right of window.

Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.

The log report will show in your text editor. Save the log.

Do a Select ALL, Copy. Then paste contents into your next reply.

When all done, Re-Enable your antivirus program.

ManOtl.txt

[mani74]

Thanks Maurice,

Will run this and revert back next week as will be travelling. just one question, should i run OLT and adware with internet on or disconnected?

thanks

Maneesh

[Maurice Naggar]

To answer above question, being internet connected is OK when running those report tools.

[mani74]

Hi Maurice,

I deleted the Java files and removed adobe. have run all the three scans, enclosing the logs. OLT asked for system reboot. bitdefender result was that the system is clean.

I was using trial version of malwarebytes and the trial period expired, thus now will not know if the problem is resolved or not as will not have online protection from malware.

Thanks

Maneesh

All processes killed

========== OTL ==========

Service McAfeeFramework stopped successfully!

Service McAfeeFramework deleted successfully!

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\ not found.

File 68F1-403E-B40E-20066696354B} not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\ not found.

File 55A5-4EB7-A673-4ED3E9456D39} not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\McAfeeUpdaterUI deleted successfully.

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe moved successfully.

========== FILES ==========

c:\Documents and Settings\PuneetB\Local Settings\Application Data\Conduit\Community Alerts\Log folder moved successfully.

c:\Documents and Settings\PuneetB\Local Settings\Application Data\Conduit\Community Alerts\LanguagePacks folder moved successfully.

c:\Documents and Settings\PuneetB\Local Settings\Application Data\Conduit\Community Alerts\Feeds folder moved successfully.

c:\Documents and Settings\PuneetB\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light folder moved successfully.

c:\Documents and Settings\PuneetB\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark folder moved successfully.

c:\Documents and Settings\PuneetB\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images folder moved successfully.

c:\Documents and Settings\PuneetB\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog folder moved successfully.

c:\Documents and Settings\PuneetB\Local Settings\Application Data\Conduit\Community Alerts\Dialogs folder moved successfully.

c:\Documents and Settings\PuneetB\Local Settings\Application Data\Conduit\Community Alerts folder moved successfully.

c:\Documents and Settings\PuneetB\Local Settings\Application Data\Conduit folder moved successfully.

File\Folder c:\Documents and Settings\PuneetB\Local Settings\Application Data\Conduit\Community Alerts not found.

C:\Documents and Settings\All Users\Application Data\Azureus folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{EB7A94EB-8511-434B-B514-6CF6D69ECE56} folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{C9837AC7-CB7D-4A9C-B043-0019F47A10E0} folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{83F2D566-9F0C-4B37-BE7A-C3F1AFC2BD4F} folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{69101E1D-BF51-41F1-8AB1-388EEFC77122} folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{38F2C797-3E88-49B9-9072-8598CB13CF70} folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 499 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

User: PuneetB

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 182218801 bytes

->Java cache emptied: 87860049 bytes

->Google Chrome cache emptied: 23856815 bytes

->Flash cache emptied: 4377030 bytes

User: RICHA

->Temp folder emptied: 1139692 bytes

->Temporary Internet Files folder emptied: 28509656 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 9860016 bytes

->Flash cache emptied: 843 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 19569 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 288000 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 822723 bytes

Total Files Cleaned = 323.00 mb

[EMPTYFLASH]

User: Administrator

->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: PuneetB

->Flash cache emptied: 0 bytes

User: RICHA

->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: PuneetB

->Java cache emptied: 0 bytes

User: RICHA

->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 05252013_214644

Files\Folders moved on Reboot...

File\Folder C:\WINDOWS\temp\Perflib_Perfdata_66c.dat not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

# AdwCleaner v2.300 - Logfile created 05/25/2013 at 21:57:24

# Updated 28/04/2013 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : RICHA - MANEESH

# Boot Mode : Normal

# Running from : C:\Documents and Settings\RICHA\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

Stopped & Deleted : vToolbarUpdater14.2.0

***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search

Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar

Folder Deleted : C:\Documents and Settings\PuneetB\Application Data\AVG Secure Search

Folder Deleted : C:\Documents and Settings\PuneetB\Local Settings\Application Data\AVG Secure Search

Folder Deleted : C:\Documents and Settings\PuneetB\Local Settings\Application Data\AVG Security Toolbar

Folder Deleted : C:\Documents and Settings\RICHA\Application Data\AVG Secure Search

Folder Deleted : C:\Documents and Settings\RICHA\Local Settings\Application Data\AVG Secure Search

Folder Deleted : C:\Documents and Settings\RICHA\Local Settings\Application Data\AVG Security Toolbar

Folder Deleted : C:\Documents and Settings\RICHA\Local Settings\Application Data\PackageAware

Folder Deleted : C:\Program Files\AVG Secure Search

Folder Deleted : C:\Program Files\Common Files\AVG Secure Search

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search

Key Deleted : HKCU\Software\AVG Security Toolbar

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\Software\AskBarDis

Key Deleted : HKLM\Software\AVG Secure Search

Key Deleted : HKLM\Software\AVG Security Toolbar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}

Key Deleted : HKLM\Software\Description

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\SOFTWARE\Software

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Documents and Settings\PuneetB\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\RICHA\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6091 octets] - [14/05/2013 22:18:08]

AdwCleaner[R2].txt - [6151 octets] - [14/05/2013 22:19:18]

AdwCleaner[R3].txt - [6211 octets] - [14/05/2013 22:24:49]

AdwCleaner[R4].txt - [6271 octets] - [15/05/2013 21:28:03]

AdwCleaner[s1].txt - [6567 octets] - [25/05/2013 21:57:24]

########## EOF - C:\AdwCleaner[s1].txt - [6627 octets] ##########

Report 2013-05-25 22.12.02.txt

[Maurice Naggar]

Bitdefender Quickscan found nothing. So that is quite good.

For future reference, always do a Copy >>Paste of contents of logs and -not- attach. Copy & paste in-line within main-body of reply.

If you wish the real-time online protection, I would recommend that you buy the MBAM Pro license. The cost is low and is only a one-time cost and it is good forever, and there is no yearly renewal.

The AVG9 is realy and truly an older version of their product. The latest is AVG 2013.

But personally I would recommend you remove AVG9 and get Avira free antivirus OR MS Security Essentials.

( AVG is past it's old/glory days, imho )

I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used.

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it ComboFix_man ), put that name in the RUN box stated just below.

The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.

Note the space after exe and before the slash mark.

The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

• Click Start, then click Run.
  In the text box that opens, type or copy/paste
  c:\documents and settings\RICHA\Desktop\ComboFix_man.exe /uninstall
  and then click OK.

IF in the case Combofix un-install has an issue, skip that step.

• Download OTC to your desktop and run it
  
• Click Yes to beginning the Cleanup process and remove these components, including this application.
  
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  

ERUNT you should keep and use on a periodic basis to backup Windows registry.

Delete the following if still present:

roguekiller.exe

securitycheck.exe

aswmbr.exe

tdsskiller.exe

jrt.exe

DrWeb Cure-It

adwcleaner.exe

Use Control Panel >>Add-or-Remove Programs and uninstall BitDefender Quickscan

Safer practices & malware prevention

• Have a hardware router between the incoming internet-modem and your computer.
  
• Use a Standard user account rather than an administrator-rights account when "surfing" the web.
  
• Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.
  
• Check in at Windows Update and install any Important Updates offered.
  
• Make certain that Automatic Updates is enabled.
  How to configure and use Automatic Updates in Windows
  http://support.microsoft.com/kb/306525
  
• Check on other update issues as well, by getting, installing and using Secunia Personal Software Inspector (OSI) on a monthly basis.
  See How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector
  
• Download, install, and keep updated Spyware Blaster (free): http://www.javacoolsoftware.com/spywareblaster.html (all Protections should be enabled at all times)
  Tutorial for Spywareblaster: Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware
  
• I'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm
  See the FAQ page http://mvps.org/winhelp2002/hostsfaq.htm
  That would help to keep your browser away from known spyware/malware sites.
  
• Make regular backups of your system to removable media: DVD, USB external hard drive, etc.
  Having a total image backup of your system stored on DVD/CD is highly important.
  Get and make use of imaging-backup utilities and save them to offline media. That way you have something to fall back to if another disaster hits.
  Examples of image backup software: Acronis True Image, or the free (for personal use) Macrium Reflect http://www.macrium.com/reflectfree.asp
  or Paragon Backup & Recovery http://www.paragon-software.com/home/br-free/download.html
  
• Consider using Web of Trust WOT add-on for your browser(s)
  http://www.mywot.com/en/download
  http://www.mywot.com/en/faq/add-on
  
• Take extreme care if you share USB-flash/thumb drives from other people {even from friends, roommates, relatives}
  Don't plug in an unknown flash/thumb drive into your PC.
  IF you must do so, hold down the SHIFT-key when you insert the drive.
  Scan any file with your Antivirus prior to opening or using.
  On some regular schedule, it is a good idea to do an online scan for viruses and malware. Here is a very short list of sites where this may be done:
  
  ESET Online Scanner
  BitDefender Quickscan
  Trend Micro Housecall
  F-Secure Online Scanner
  Microsoft Safety Scanner
  Panda ActiveScan
  
  
• See Six tips to help you stay safer online
  
• Never, ever download free games, free tools, videos, mutli-media files or anything free unless you can be absolutely sure the source is safe !
  

We are finished here. Best regards.

Edited May 25, 2013 by Maurice Naggar

[mani74]

Thanks Maurice for your help. its highly appreciated.

Regards

Maneesh

[Maurice Naggar]

You are very welcome. Cheers.

As this is resolved, I will now close this.